from:"Misagh Moayyed"

[cas-user] Re: CAS Subs: New mailing list details

2021-10-18 Thread Misagh Moayyed



> (Quarterly reminder)
>
> Hello, 
>
> The CAS project management committee has availed a new mailing list 
> for Apereo CAS subscribers. This new forum will be used as a 
> trusted-contacts list to share security release updates, vulnerability 
> details, etc early on, should a security patch release become 
> available. The new group will not be a special support channel in any 
> other way and existing community support channels (lists, chatrooms, 
> etc) will remain and function as they do today. 
>
> If you and/or your institution are a member of the Apereo Foundation 
> *and* a subscriber to the CAS project, you can join the list by 
> contacting me (I am at mm1844 [at] gmail dot com) from your 
> institutional email account with the subject "CAS Sub: list membership 
> request". To keep list maintenance and management overhead to a 
> minimum, please nominate one account per organization. It's best for 
> the nominee to be either involved in day-to-day CAS Ops or be a member 
> of your organization's security team, so please choose your contact 
> carefully. 
>
> This new list should be (we hope) fairly low traffic and, needless to 
> say, membership is entirely optional. I will be sending this message 
> periodically as a reminder for anyone who might have missed it, so 
> apologies for the noise beforehand. If you have any other questions or 
> concerns, please feel free to contact me all the same. 
>
> Thank you, 
> Misagh Moayyed, on behalf of CAS PMC 


 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/418bcb92-7ed6-4b81-861f-a7c4f8028797n%40apereo.org.

[cas-user] Re: Finally Finish My College

2021-05-25 Thread Misagh Moayyed

You are very welcome. Congratulations! 

On Friday, May 21, 2021 at 8:43:40 AM UTC+4 Andy Ng wrote:

> Hi Irvan, Congrats on your achievement! Glad we helped :)  Cheers! -Andy
>
> On Wednesday, 19 May 2021 at 02:11:45 UTC+8 irvans...@gmail.com wrote:
>
>> Hi Guys,
>>
>> On April 20, 2021. I finally finished my final project. The image below 
>> is of me holding a monitor that says "Terimakasih". In Indonesian 
>> "Terimakasih" means "Thank you". And I want to thank all of you who have 
>> helped me in solving the problems I have found, to Mr. Misagh Moayed, Andy 
>> Ng, Ray Bon, and anyone else that I can't mention.
>>
>> Cheers,
>> Irvan :)
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e06ca91a-d73f-4ad7-b406-6004688b06a2n%40apereo.org.

[cas-user] Re: CAS Subs: New mailing list details

2021-05-18 Thread Misagh Moayyed

(Quarterly reminder)

Hello, 

The CAS project management committee has availed a new mailing list 
for Apereo CAS subscribers. This new forum will be used as a 
trusted-contacts list to share security release updates, vulnerability 
details, etc early on, should a security patch release become 
available. The new group will not be a special support channel in any 
other way and existing community support channels (lists, chatrooms, 
etc) will remain and function as they do today. 

If you and/or your institution are a member of the Apereo Foundation 
*and* a subscriber to the CAS project, you can join the list by 
contacting me (I am at mm1844 [at] gmail dot com) from your 
institutional email account with the subject "CAS Sub: list membership 
request". To keep list maintenance and management overhead to a 
minimum, please nominate one account per organization. It's best for 
the nominee to be either involved in day-to-day CAS Ops or be a member 
of your organization's security team, so please choose your contact 
carefully. 

This new list should be (we hope) fairly low traffic and, needless to 
say, membership is entirely optional. I will be sending this message 
periodically as a reminder for anyone who might have missed it, so 
apologies for the noise beforehand. If you have any other questions or 
concerns, please feel free to contact me all the same. 

Thank you, 
Misagh Moayyed, on behalf of CAS PMC 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1072e106-8b2d-4514-b64e-79e05599698cn%40apereo.org.

[cas-user] Re: CAS 5.3.x WebUI to support login history, remote logout, etc.?

2021-03-05 Thread Misagh Moayyed

There is none AFAIK. There are projects like Spring Boot Admin that present 
UI over standard Spring Boot actuator endpoints. You could use that as a 
baseline and build your own.


On Wednesday, February 10, 2021 at 6:53:46 PM UTC+4 Yan Zhou wrote:

> Hi there,
>
> I am aware of the CAS dashboard UI, I am looking for a user-oriented UI 
> that provide common security mitigations.
>
> remote logout,  login history 
>
> For instance, when user no longer has access to a device (mobile phone), 
> he can initiate logout from another device. And, he or an admin user can 
> see his login history.
>
> Is there Web UI that either comes with CAS 5.3 or another project that 
> provides visibility into CAS and provide these following?
>
> Thx!
> Yan
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ec4538c5-781c-47f7-928a-4883b973e802n%40apereo.org.

[cas-user] Re: CAS 6.2.x - Impersonate Mechanism Question

2021-03-05 Thread Misagh Moayyed

If by possible you mean OOTB, then no. The session established via 
impersonation is scoped to the surrogate user.


On Monday, February 1, 2021 at 12:22:17 PM UTC+4 Marcel Fromkorth wrote:

> Hello CAS-Community,
>
> I'm using the CAS-Version 6.2.5 and have a question about the surrogate 
> authentication feature:
>
> Is it possible, that I can visit a service as primary user, while I'm 
> authenticated over an impersonate session?
>
> To make it more clear:
>
> I have two defined services. Both with SSO enabled and I'm logged ins as 
> an impersonated user. For example: surrogate user: "user" and primary user 
> "admin".
>
> If the surrogate user "user" doesn't have permission to access the second 
> service (so he has only access to the first service), is it possible to 
> configure that he will see the second service as primary user "admin" 
> (because the primary user has access to this service)? 
>
> I hope, I explained this in a way which everyone can understand.
>
> Thank you,
>
> Marcel Fromkorth
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/88a6eee0-ee1f-4ae3-a9f3-709e7bddd25an%40apereo.org.

[cas-user] Re: Initializr pulling a target version

2021-03-05 Thread Misagh Moayyed

Initializr always produces a build for the latest cas version. This might 
become configurable at some point but I wouldn't count on it. If you want 
to change the version, go into the properties for the build and change the 
version. Might work for versions prior to 6.3 but YMMV.




On Wednesday, March 3, 2021 at 7:35:08 PM UTC+4 ro...@mun.ca wrote:

> Trying to start using initializr and I noticed that there is a “version” 
> variable in the http request.  Is the intention that variable to allow 
> pulling of different versions of CAS?  It seems like currently the variable 
> doesn’t do anything.
>
>  
>
> curl -k http://casinit.herokuapp.com/starter.tgz -d type=cas-overlay -d 
> baseDir=cas-server -d version=6.3
>
>  
>
> Still pulls 6.4.0-RC1.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5c3c8763-e23f-4b80-8b91-c81d1ef50ea1n%40apereo.org.

[cas-user] Re: Per Service Ticket Expiration in 5.2.x?

2021-03-05 Thread Misagh Moayyed

There exists no such thing. What do you ultimately wish to accomplish with 
this setting?  

Often what you really should be doing is modifying the application itself 
to manage its own session for 8 hours.  CAS is not a session manager, and 
generally has no say when it comes to the application session. 



On Friday, March 5, 2021 at 12:17:52 AM UTC+4 Bill Scully wrote:

> Hi,
>
> Does anyone know if the "The expiration policy of ticket granting tickets 
> can be conditionally decided on a per-application basis" in 5.2.x?
>
> I see that is available in 6.3.x:
>
>
> https://apereo.github.io/cas/6.3.x/ticketing/Configuring-Ticket-Expiration-Policy.html#per-service
>
> and I am specifically interested in increasing the ticket expiration for a 
> given service, not the default:
>
> "org.apereo.cas.services.DefaultRegisteredServiceTicketGrantingTicketExpirationPolicy",
>  
> "maxTimeToLiveInSeconds": 5
>
> If not, is there a potential workaround where I could extend the life of a 
> ticket to 8 hours for a registered service?
>
> Thanks for your time!
>
> Bill
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2f9cacf1-9026-4237-a029-40fb5cf2dd4bn%40apereo.org.

[cas-user] Re: CAS Subs: New mailing list details

2021-02-11 Thread Misagh Moayyed

(Quarterly reminder)

Hello, 

The CAS project management committee has availed a new mailing list 
for Apereo CAS subscribers. This new forum will be used as a 
trusted-contacts list to share security release updates, vulnerability 
details, etc early on, should a security patch release become 
available. The new group will not be a special support channel in any 
other way and existing community support channels (lists, chatrooms, 
etc) will remain and function as they do today. 

If you and/or your institution are a member of the Apereo Foundation 
*and* a subscriber to the CAS project, you can join the list by 
contacting me (I am at mm1844 [at] gmail dot com) from your 
institutional email account with the subject "CAS Sub: list membership 
request". To keep list maintenance and management overhead to a 
minimum, please nominate one account per organization. It's best for 
the nominee to be either involved in day-to-day CAS Ops or be a member 
of your organization's security team, so please choose your contact 
carefully. 

This new list should be (we hope) fairly low traffic and, needless to 
say, membership is entirely optional. I will be sending this message 
periodically as a reminder for anyone who might have missed it, so 
apologies for the noise beforehand. If you have any other questions or 
concerns, please feel free to contact me all the same. 

Thank you, 
Misagh Moayyed, on behalf of CAS PMC 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/dbe31e01-4ccb-4e06-a478-3b46d21c63f9n%40apereo.org.

[cas-user] Re: Memcache exception after restart cas 6.3.1 & 6.4.0-RC1

2021-02-05 Thread Misagh Moayyed

Could you reproduce this with a unit test? 

On Thursday, February 4, 2021 at 8:00:07 PM UTC+4 John Bond wrote:

>
> Hello all,
>
> We are currently using memcached to store store tickets using the 
> following configuration
>
> ```
> cas.ticket.registry.memcached.servers=localhost:11213
> cas.ticket.registry.memcached.transcoder=KRYO
> ```
> After a recent upgrade from cas 6.2.7 -> 6.3.1 i noticed that, after cas 
> is restarted, it is unable to de-serialize tickets.  
>
> When using cas 6.3.1 we see the following error
>
> Caused by: java.util.concurrent.ExecutionException: 
> com.esotericsoftware.kryo.KryoException: 
> com.esotericsoftware.kryo.KryoException: Invalid ordinal for enum 
> "org.apereo.cas.validation.ValidationResponseType": 16Caused by: 
> java.util.concurrent.ExecutionException: 
> com.esotericsoftware.kryo.KryoException: 
> com.esotericsoftware.kryo.KryoException: Invalid ordinal for enum 
> "org.apereo.cas.validation.ValidationResponseType": 16 
> (full trace avalible here: 
> https://phabricator.wikimedia.org/T273867#6803365)
>
> When using cas 6.4.0-RC1 we get a slightly different error:
>
> java.lang.ClassCastException: class 
> org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult 
> cannot be cast to class org.apereo.cas.ticket.Ticket 
> (org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult 
> and org.apereo.cas.ticket.Ticket are in unnamed module of loader 
> org.apache.catalina.loader.ParallelWebappClassLoader @686449f9)
> (full stack here: https://phabricator.wikimedia.org/T273867#6803717)
>
> In both cases, a naive look at the error, suggests it related to unpacking 
> the memcache stored value.  This also looks like it may be related to an 
> issue reported early with 6.3.0-RC3 (
> https://groups.google.com/u/1/g/jasig-cas-user/c/v2VTr1y_X8M/m/_gieSp0lDAAJ). 
>
>
> Its also worth noting that logging out works i.e. cas can delete the 
> memcache value.  Finnaly i tested all the other transcoders and the issues 
> is only present in the KYRO transcoder.  6.3.1 and 6.4.0-RC1 both work fine 
> with the SERIAL, WHALIN and WHALINV1 trancoders
>
> Any guidence or pointers to help troubleshoot this issue would be most 
> welcome.  we also have a test environment to try out any fixes. 
>
> The cas-overlay-template we are using is avlible here:
>* 
> https://gerrit.wikimedia.org/g/operations/software/cas-overlay-template/+/refs/heads/master
> and we are tracking this issues in our own phabricator ticket here:
>   * https://phabricator.wikimedia.org/T273867#6803717
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a7716b2a-4007-4910-99e6-2437c360f37fn%40apereo.org.

[cas-user] Re: Convert ADFS service to CAS??

2021-02-04 Thread Misagh Moayyed

Could you share an example for one that does cause headaches? 

On Wednesday, February 3, 2021 at 2:24:41 AM UTC+4 Keith Alston (Staff) 
wrote:

> I've got services I want to convert from ADFS to CAS. Many are simple but 
> a few give me nothing but headaches.
> Anyone have a methodology(or tool) to go about this?
>
> Keith Alston
> Regent University
> IT Department
> kei...@regent.edu
> 757.352.4081 <(757)%20352-4081>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c42dc960-24f1-48ce-ac87-76621bc0f9d5n%40apereo.org.

[cas-user] Re: CAS 6.3.x, WebAuthn - How to set residentKey option?

2021-02-04 Thread Misagh Moayyed

On Monday, February 1, 2021 at 9:06:50 PM UTC+4 thorste...@gmail.com wrote:

> Can you guys tell me, if it is possible to set this option and how?
>

Hello, if by possible you mean out of the box, then no and not yet. 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e9188666-a08a-461e-ac81-3a9c799002d1n%40apereo.org.

[cas-user] Re: Specifying TLS protocols and ciphers?

2021-02-04 Thread Misagh Moayyed

That depends on whether you are running embedded or external. If external, 
you should be changes to tomcat yourself and manually and you should review 
the tomcat documentation. If embedded, then you should consider using 
`server.ssl.enabled-protocols=` which is a setting provided by Spring Boot 
to CAS that controls the enabled protocols and auto-configures the embedded 
tomcat.


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b865a483-8388-4dcd-b12e-31a4d5efecc1n%40apereo.org.

[cas-user] Re: Help with AbstractJdbcUsernamePasswordAuthenticationHandler

2020-11-06 Thread Misagh Moayyed

You need to include the module that contains 
`AbstractJdbcUsernamePasswordAuthenticationHandler` in your build, and the 
module must be tagged and available for compile-time access. Look up the 
class in the repo, find the module and include it in the build.

On Saturday, October 24, 2020 at 10:05:29 PM UTC+4 jeffrey...@gmail.com 
wrote:

> Hello -
>
> I am stuck trying to use the 
> "AbstractJdbcUsernamePasswordAuthenticationHandler" as shown below which is 
> used in sources like "SearchModeSearchDatabaseAuthenticationHandler.java" 
> but not found on javadoc.
>
> : error: cannot find symbol
> public class MyAuthenticationHandler extends 
> AbstractJdbcUsernamePasswordAuthenticationHandler {
>  ^
>   symbol: class AbstractJdbcUsernamePasswordAuthenticationHandler
> 1 error
>
> I am referencing sources at the link below and if that's no longer 
> accurate, what is?
>
>
> https://github.com/apereo/cas/blob/6.2.x/support/cas-server-support-jdbc-authentication/src/main/java/org/apereo/cas/adaptors/jdbc/SearchModeSearchDatabaseAuthenticationHandler.java
>
> Thanks,
> -Jeff  
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ba7cd607-c22a-44ee-93fd-616f48acee8cn%40apereo.org.

[cas-user] Re: What am I missing.?...Exclusive Authentication Source for a Service...bonus for Attribute Repository Answer ;-)

2020-11-06 Thread Misagh Moayyed

What I suspect you're missing is that you are running (as you report) CAS 
6.2.3, and yet the "excludedAuthenticationHandlers" piece is only available 
in 6.3.x

Compare:
https://apereo.github.io/cas/6.2.x/services/Configuring-Service-AuthN-Policy.html

With:
https://apereo.github.io/cas/development/services/Configuring-Service-AuthN-Policy.html

Big red box, top of the page. The table the contains the parameters should 
be the main delta.

On Thursday, October 29, 2020 at 1:28:27 AM UTC+4 C Ryan wrote:

> Reposting essentially again as I just cannot make this go. My heartfelt 
> apologies that I'm circling to the list again on this.
>
> As before. I want to be able to specifically require an exclusive 
> Authentication Resource per Service definition. I cannot seem to make this 
> work. 
>
>
> CAS 6.2.3
>
>
> LDAP Resource Definition
>
> ==
>
>
> cas.authn.ldap[0].name=LDAP
> cas.authn.ldap[0].order=0
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldap-url=ldap://100.10.1.230:3131
> cas.authn.ldap[0].bind-dn=cn=
> cas.authn.ldap[0].search-filter=(&(uid={user})(inetuserstatus=active))
> cas.authn.ldap[0].base-dn=o=isp
> cas.authn.ldap[0].bind-credential=
> cas.authn.ldap[0].principal-attribute-id=uid
> cas.authn.ldap[0].principal-attribute=uid
> cas.authn.ldap[0].principal-attribute-list=uid,sn,cn:commonName,givenName,inetUserStatus,dn
> cas.authn.ldap[0].use-ssl=false
> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=false
> cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
>
>
> Radius:
>
> =
>
> cas.authn.radius.name=Radius
> cas.authn.radius.server.protocol=PAP
> cas.authn.radius.server.retries=1
> cas.authn.radius.client.authenticationPort=1645
> cas.authn.radius.client.sharedSecret=zz
> cas.authn.radius.client.inetAddress=100.10.1.184
> cas.authn.radius.client.accountingPort=1646
> cas.authn.radius.principal-attribute: username
> cas.authn.radius.principal-attribute-id: username
>
>
> Service Definition (Using HTTP Generic)
>
> 
>
> {
>  "@class" : "org.apereo.cas.services.RegexRegisteredService",
>  "serviceId" : "^(https|imaps)://.*",
>  "name" : "HTTPS and IMAPS",
>  "id" : 1001,
> "evaluationOrder": 9,
> "authenticationPolicy":
>   {
> "@class": 
> "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy",
> "requiredAuthenticationHandlers": ["java.util.TreeSet", ["Radius"]],
> "excludedAuthenticationHandlers": ["java.util.TreeSet", ["LDAP"]]
>   },
>  "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>   }
> }
>
>
> It just doesn't work. If I enter a credential set that fails in Radius it 
> will still fall into LDAP and succeed.
>
>
> Also I'm trying to use LDAP attribute repository to round out the 
> attribute response from said Radius authentication. Again debug logging of 
> the the various elements implies that it should work but I'm not even 
> seeing the LDAP query for the attributes. Maybe I'm missing the point on 
> how it all works? For example how do you define that attributes that link 
> the PrincipalID etc etc.
>
>
> ^[[36m2020-10-28 14:59:16,984 DEBUG 
> [org.apereo.cas.config.CasPersonDirectoryConfiguration] -  are fetched from [ldap://100.10.1.230:3131] via filter [uid=z]>^[[m
> ^[[36m2020-10-28 14:59:16,986 DEBUG 
> [org.apereo.cas.config.CasPersonDirectoryConfiguration] -  attribute mapping for [ldap://100.10.1.230:3131] to be [{cn=commonName, 
> dn=dn, inetUserStatus=inetUserStatus, uid=uid, mail=mail}]>^[[m
> ^[[36m2020-10-28 14:59:16,990 DEBUG 
> [org.apereo.cas.config.CasPersonDirectoryConfiguration] -  attributes [[objectGUID, objectSid]]>^[[m
> ^[[36m2020-10-28 14:59:16,990 DEBUG 
> [org.apereo.cas.config.CasPersonDirectoryConfiguration] -  searching for [ldap://100.10.1.230:3131]>^[[m
> ^[[36m2020-10-28 14:59:16,990 DEBUG 
> [org.apereo.cas.config.CasPersonDirectoryConfiguration] -  attribute source for [ldap://100.10.1.230:3131]>^[[m
>
>
>
> Configurations
>
> ** Enabling ePerson stuff?
>
> cas.person-directory.attribute-resolution-enabled: true
> cas.personDirectory.activeAttributeRepositoryIds: LDAPAttr
> cas.person-directory.return-null=false
> cas.person-directory.principal-attribute=uid
>
> cas.authn.attributeRepository.expirationTime=30
> cas.authn.attributeRepository.expirationTimeUnit=seconds
> cas.authn.attributeRepository.merger=MULTIVALUED
>
> ** Configuration the LDAP store (log output above seems to imply it's 
> picking this up)
>
> cas.authn.attribute-repository.ldap[0].id=LDAPAttr
> cas.authn.attribute-repository.ldap[0].order=0
> cas.authn.attribute-repository.ldap[0].attributes.uid=uid
> cas.authn.attribute-repository.ldap[0].attributes.cn=commonName
> cas.authn.attribute-repository.ldap[0].attributes.dn=dn
> cas.authn.attribute-repository.ldap[0].attributes.mail=mail
>

[cas-user] Re: Suppres DDL

2020-11-06 Thread Misagh Moayyed

See 
https://apereo.github.io/cas/6.1.x/configuration/Configuration-Properties-Common.html#ddl-configuration

and

cas.ticket.registry.jpa.ddl-auto=none

On Monday, November 2, 2020 at 8:12:05 PM UTC+4 joeman...@gmail.com wrote:

> Using CAS 6.1 with  cas.authn.pac4j.oauth2  and jpa registry with the 
> following configuration  .
>
> All the required default database tables are manually created
> While starting tomcat after deploying the war, DDL gets executed and 
> throws sql exception ("table already exist".) Application works without 
> any error though.
>
> How do we suppress the DDL execution at start of application?
>
> I do have the following in cas.properties
> cas.jdbc.genDdl=false
> cas.ticket.registry.jpa.user=user
> cas.ticket.registry.jpa.password=password
> cas.ticket.registry.jpa.url=url
> cas.ticket.registry.jpa.dialect=org.hibernate.dialect.Oracle10gDialect
> cas.ticket.registry.jpa.jpaLockingTimeout=60
> cas.ticket.registry.jpa.autocommit=true
> cas.jdbc.genDdl=false
>
> Thanks in advance
> Joe
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7b8a6460-5b7b-4455-aa82-fc314632d992n%40apereo.org.

[cas-user] Re: Custom 403 page for unauthorized access to service

2020-11-06 Thread Misagh Moayyed

You would be better off just setting up an external web page somewhere.

On Wednesday, November 4, 2020 at 1:43:14 AM UTC+4 waldbiec wrote:

> I want to use the accessStrategy -> unauthorizedRedirectUrl in my service 
> registry if a user authenticates but doesn't have the required 
> entitlement.  I think I can use the attributeReleasePolicy and 
> accessStrategy to accomplish this, but if a user is not authorized, I want 
> the web browser to be redirected to a static "Unauthorized" page that 
> explains that the user is not authorized for this service.
>
> Is that something I can do using CAS views?  Or would I be better off just 
> setting up an external web page somewhere?
>
> Thanks,
> Carl Waldbieser
> ITS
> Lafayette College
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ed16ac1a-5fd9-4d38-b3c8-590a4c6d6542n%40apereo.org.

[cas-user] Re: groovyScript: expecting String concatenation, getting array?

2020-05-07 Thread Misagh Moayyed

Try:

"groovy { return attributes['wcWhitmanId'][0] + '@whitman.edu' }"

"wcWhitmanId'" is resolved internally as a multi-valued attribute.


On Thursday, May 7, 2020 at 6:03:11 AM UTC+4:30, Mike Osterman wrote:
>
> Hi all,
>
> I'm setting up a SAML2 service and running into unexpected behavior with 
> the syntax for building the PrincipalID using 
> the GroovyRegisteredServiceUsernameProvider. Here's what I'm attempting to 
> do:
>
> [snip]
> "requiredNameIdFormat": 
> "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
> "usernameAttributeProvider" : {
> "@class" : 
> "org.apereo.cas.services.GroovyRegisteredServiceUsernameProvider",
> "groovyScript" : "groovy { return attributes['wcWhitmanId'] + '@
> whitman.edu' }",
> "canonicalizationMode" : "NONE"
>   }
> [snip]
>
> Based on the documentation 
> .
>  
> I'm expecting this to concatenate the wcWhitmanId attribute with the text "@
> whitman.edu" as a string of format "123...@whitman.edu" (where 124356 is 
> a sample value of the wcWhitmanId attribute.
>
> Instead, what's being built and sent is this:
> principal=SimplePrincipal(id=[123456, @whitman.edu]
>
> Which looks like an array to me. 
>
> What am I doing wrong here?
>
> Thanks!
> Mike 
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d2fd82f9-056f-4b2f-a9d2-6c40bc97d76c%40apereo.org.

[cas-user] Re: cas with Office 365

2020-02-14 Thread Misagh Moayyed

Have you looked at this?

https://apereo.github.io/2018/12/06/cas53-office365-saml2-integration/

On Thursday, January 30, 2020 at 9:14:55 AM UTC+4, Mahmoud Elnahrawy wrote:
>
> hi everybody
>
> i have oracle access manager implemented with Azure office 365 . i need to 
> implement azure office 365 with cas also i want to make it in backup plan 
> if oracle access manager down i can use it so i need clear instructions how 
> configure azure office 365 from portal to can able to connect with cas 
> directly , please anyone can help .
>
> Note: cas already implemented and configure with AD with attributes :- uid 
> , samaccount , mail
>
> Thanks
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8d530ca6-13a4-4326-89e3-409964bc706c%40apereo.org.

[cas-user] Re: webflowcrypto release

2020-02-14 Thread Misagh Moayyed

Release schedule is, and has always been, on Github: 

https://github.com/apereo/cas/milestones

On Wednesday, February 12, 2020 at 5:35:17 PM UTC+4, John Bond wrote:
>
> Hi All,
>
> after the blog post below i was hoping to see a 6.5.1 release to fix the 
> webflowcrypto issues.  I see releases for the 6.0.* and 5.3.* branches but 
> not the 6.1.* and  6.2.* branches. 
>   https://apereo.github.io/2020/02/08/webflowcrypto/
>
> Is anyone able to provide a time line when theses wil be releases. Im not 
> sure if this is the best place to ask, if not perhaps some one could 
> directly me to a better place.  
>
> Thanks
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/704a0e6b-b67b-4df1-8392-2c77b0dfcf8d%40apereo.org.

[cas-user] Re: Jackson Kotlin Warning on Startup

2020-02-14 Thread Misagh Moayyed

You need not be concerned about this.

On Friday, February 14, 2020 at 1:44:36 AM UTC+4, jeremy.wickham wrote:
>
> I am looking upgrade our CAS environment to 6.1.x and I am currently 
> ironing out all of my errors/warnings. There is one warning I’m receiving 
>
>  
>
> WARN [org.springframework.http.converter.json.Jackson2ObjectMapperBuilder] 
> -  "com.fasterxml.jackson.module:jackson-module-kotlin" to the classpath>
>
>  
>
> Is this something I should be concerned about? I see this warning on 
> startup. I see that the class is used in some tests, but not in actual 
> code. Just want to put my mind at ease as I’m upgrading our production 
> environment. 
>
>  
>
> Cheers, 
>
>  -Jeremy
>
> **
>
> *Jeremy Wickham*
>
> Senior Systems Analyst
>
> Mississippi State University
>
> jeremy.wick...@msstate.edu
>
>  
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b696e73b-bc40-4ef2-846d-b450262c0881%40apereo.org.

[cas-user] Re: SAML Delegation in 6.2.0-RC2

2020-01-29 Thread Misagh Moayyed


>
> I don't know what to look for. I know there's a  tag on the 
> request standard for SAML, but the documentation is not clear about this 
> subject.
>
> Can you guys give me some advice or point me in the right direction?
>

There is no issuer tag in the saml2 response you get back from the identity 
provider, because your attempt at authentication has somehow failed there. 
The IdP is sending you an error response. You need to look into your IdP 
and figure out what is causing it to error out.  Or examine the CAS logs to 
see what that response looks like before it's parsed. 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bcd6d987-b8f6-496d-9c92-156569b1a485%40apereo.org.

[cas-user] Re: Adding cas.properties file to source control

2020-01-29 Thread Misagh Moayyed


>
> I would like to add my cas.properties file for a standalone deployment to 
> source control. I'd like to know if there is a way to put certain settings 
> that would necessarily be different between our dev & prod environments 
> someplace external to the main properties file so I don't need to maintain 
> the common properties in multiple places. An example of one of the 
> properties I'd like to manage this way is 
> cas.ticket.registry.hazelcast.cluster.members.
>

You need to use deployment profiles.  Keep your cas.properties file, then 
create a dev.properties file and a prod.properties file. Put the relevant 
settings for each tier in those, and keep the common stuff in the 
cas.properties file. Then activate the profile at runtime with 
"-Dspring.profiles.include=dev|prod"

Then manage the configuration files as you like with source control. 

Blog post that conceptually outlines the same strategy: 
https://apereo.github.io/2018/11/02/cas6-groovy-config-slurper/

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b2305ee7-1020-435a-871d-df04e6e39af2%40apereo.org.

[cas-user] Re: How to unpack the cas war (5.3.x) with Jetty

2020-01-29 Thread Misagh Moayyed



>
>
> Does any one know how to make CAS unpack the war file to the temp 
> directory with embedded Jetty ?
>

That is not how "embedded" works. An "embedded" container is not a 
repackaged version of the server distribution stuffed into the CAS web 
application artifact.  You won't find a "real jetty" if you unpacked CAS. 
Embedded container only means that you are getting a server that is able to 
run the CAS webapp automatically without extra manual/download work, 
regardless of how and to what effect. 

If you want to actually use a real jetty instance, download it first, 
remove the embedded jetty from the CAS webapp build and deploy the 
now-made-vanialla/plain webapp there as you normally would with any other 
webapp. With embedded, you lose control at the expense of 
auto-configuration, automation and comfort. If you prefer manual work for 
deployments, embedded is not the right option for you. 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/19f28f84-0c22-45b9-8c96-2df22954be3f%40apereo.org.

[cas-user] Re: [CAS 6.1.3]: OAuth2 Implict Grant - Passed state isn't returned correctly

2020-01-29 Thread Misagh Moayyed

Just wanted to note the patch/fix is now merged.

Thank you David!

On Friday, January 24, 2020 at 1:06:47 PM UTC+4, David Albrecht wrote:
>
> Hi all,
>
> when using the implict grant and passing a state parameter which contains 
> special characters the state parameter in the returned redirect doesn't 
> match.
>
> Example:
>
>
> https://localhost:25443/ffauth/oauth2.0/authorize?response_type=token_id=swagger_uri=http%3A%2F%2Flocalhost%3A24080%2Fffwebservices%2Fswagger%2Foauth2-redirect.html=write%20read=RnJpIEphbiAyNCAyMDIwIDA5OjQ4OjM3IEdNVCswMTAwIChNaXR0ZWxldXJvcMOkaXNjaGUgTm9ybWFsemVpdCk%3D
>
> leads to a redirect to:
>
>
> http://localhost:24080/ffwebservices/swagger/oauth2-redirect.html#access_token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.ZXlKNmFYQWlPaUpFUlVZaUxDSmhiR2NpT2lKa2FYSWlMQ0psYm1NaU9pSkJNVEk0UTBKRExVaFRNalUySWl3aVkzUjVJam9pU2xkVUlpd2lkSGx3SWpvaVNsZFVJbjAuLml6NjUycnV5LV9IRXN4RTBNckRudEEuWUFmNThMN2FjanM5cExoVVpjR1hma3pYc1lrSnpFUkQtSmp6V0VyTDNMUW0tSEdVZV9Pa3FESEhnalRySVMweDhoRkhQb2JCQy12RGJnWWlxT2wyUTJONGNVMTZ3bEJCcjlMUEg3Qjk4MUUzQ1ltN0Vlb2pCa2N3VjlwZ3J3TDIwVndnc0xIbmNFc1VPZV9ic1NidnRURVM3RElxVWJfbjVUUk1OYy01TmROTGRjd2Z1V3VGNTRkcXpCMGQ3R3ZieTNqdXZJNEkwMHNpOTEyMGRoNGRsU1hxMEdDV0VwOWE3cWVaTnZSa1hWYlRrcFZHaFRNbUFBOXBkT2k2dWlrb3ZfSFNwYVRKczBkMnN3REN5ejhzVk4xUEJfamRDU3dla0dxanR5WkxZcTdnNktGMEtIZGFlakZhTzVfdk9rNkYyODNBQ2RHcmVhSjBXNjhJc2dhQkYwVUhHMUNXYzdlNDB3LTEzQk1ZTW9SazhOLVoxR092TTVreTN5elJLUnZ1OTRXelFXd0dsYl9aWmNYLW11Wldsd0JyNVFUaTItZlpDeUVFNXZuMG9zcy5jQ0xnMkYwUGdMOC1ENHl0V091djNn.n2rpw9_bXKx78LdxjSyET6xCkN5je9q-KJD_M_llMmOaDH5XZzpKTIl1cLzjz-5Ewg6WQYvM1oufkLMPeZSOKg_type=bearer_in=86400=RnJpIEphbiAyNCAyMDIwIDA5OjQ4OjM3IEdNVCswMTAwIChNaXR0ZWxldXJvcMOkaXNjaGUgTm9ybWFsemVpdCk%253D
>
>
> As you can see the '%' is returned URL encoded as '%25'. This leads to 
> errors like:
>
> *auth warning*Authorization may be unsafe, passed state was changed in 
> server Passed state wasn't returned from auth server.
>
> In addition it seems to violate 
> https://tools.ietf.org/html/rfc6749#section-4.2.1
>
> Regards
> David
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9b112418-2107-4473-aaf3-fa49b6113406%40apereo.org.

[cas-user] Re: Trying to determine why CAS is returning an encoded attribute to SAML SP

2020-01-29 Thread Misagh Moayyed


>
>
> None of this would be a big deal if we hadn't run into a bizarre problem 
> that the encoded attribute being sent *CHANGED*. 
>

It would be helpful to describe the steps you took to create/duplicate this 
scenario.
 

>
> So my two questions:
> 1) Is there any chance that the google apps keys have somehow superseded 
> the ones that general SAML services were using previously, such that my 
> non-Google SAML service switched to using the Google keys instead? This is 
> the only reason why I can fathom that the NameID attribute value suddenly 
> changed.
>


No. 

However, please note that the Google Apps for Education integration allows 
CAS to act as a miniaturized SAML2 identity provider, for deployments that 
may not be prepared to turn on and allow CAS to fully act as a SAML2 
identity provider. This feature is deprecated and is scheduled to be 
removed in the future. It does not make much sense to turn on and use both 
features (Google Apps + SAML2 IDP) in CAS at the same time, as one outranks 
the other and it is likely that using both features in CAS simultaneously 
would interfere with the functionality of both. If you can, consider using 
the SAML2 identity provider functionality in CAS to handle this integration 
as you would any other SAML2 service provider.

Big blue box here: 
https://apereo.github.io/cas/6.1.x/integration/Google-Apps-Integration.html

I am not saying using both at the same time is causing this issue; just 
that if your deployment qualifies for that sort of condition, you're 
inviting additional complexity with no real benefits to your deployment.

 

>
> 2) Does anyone have ideas of how to disable the signing/encoding of the 
> NameID attribute so I can get visibility into what's getting sent? Or is 
> that happening at the direction of the SAML SP?
>

Unless your SAML2 SP is asking/forcing CAS to use encrypted NameIDs or 
Transient NameIDs, I don't think this is happening. IIRC, this indication 
will be instructed to CAS via the SP metadata. If you want to see what's 
happening, turn up TRACE logging for org.apereo.cas and comb through the 
logs.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6cefe6fb-bce7-4e9a-bf34-241c4f7eaae8%40apereo.org.

[cas-user] Re: CAS 6.1.3 PM password reset link question.

2020-01-29 Thread Misagh Moayyed


>
> Not sure the service needs to be on this link. As I understand it, the 
> transient service ticket is a one shot directed at the password reset 
> component, so I am uncertain why the service would be necessary as the link 
> also works with the ?service portion removed.
>
> Is this something that ought to be removed from the link?
>

No. 

Let's say you start with Service A and attempt to login via CAS, and then 
you are forced to reset your password. When you have completed the password 
flow, the service parameter is re-collected again to redirect you back to 
Service A, so you can resume.

The service parameter is always optional, whether you're resetting 
passwords or doing anything else. 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6eb52038-7a0e-4060-b0e6-df6fa13fb722%40apereo.org.

Re: [cas-user] Service Registry - Store in MySQL database

2020-01-29 Thread Misagh Moayyed


Something along the following lines should work:

cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.json.location=file:/etc/cas/config/services

- Then, make sure your JSON files are in the above noted directory.
- Then, make sure your overlay contains a reference to the JPA service 
registry

(You do not need to include the JSON service registry, IIRC, in the overlay)

Then, on startup, CAS will import your JSON files from that directory over 
to the real (JPA) service registry.

YMMV.


On Wednesday, January 29, 2020 at 12:56:11 AM UTC+4, rbon wrote:
>
> Bob,
>
> We are using the 5.1.5 version of cas management. You only need to upgrade 
> it if you want newer features, etc.
> I also have grumblings about the 6.x version. I put off upgrading cas 
> management until it settles. 
>
> Ray
>
> On Tue, 2020-01-28 at 12:34 -0800, Bob wrote:
>
> Hi Ray,
>
> No, I'm currently just using the cas overlay (6.1.x).
> I did try to get cas management working but had some issue with a 
> pre-defined service registry in some kind of git repo.
> Whenever I tried to enter a service via cas management, there was no 
> option to save it to my database. All it ever did was show this 1 entry 
> from a git repo.
> SInce I did get it working (reading my json file and store it in MySQL 
> database) without cas management for version 5.3.9, I assumed it would work 
> for version 6 as well.
> Do you think cas management is the only way to get it stored in the 
> database? I might have another look at it then.
> Thanks,
>
> Bob
>
>
> On Tuesday, January 28, 2020 at 8:31:44 PM UTC+1, rbon wrote: 
>
> Bob,
>
> Are you using the cas management server, 
> https://github.com/apereo/cas-management-overlay?
> If you are, what do the logs say when you try to save?
>
> Ray
>
> On Tue, 2020-01-28 at 03:50 -0800, Bob wrote:
>
> Hello,
>
> We are upgrading to CAS 6.1.x.
> Most things seem to work fine (LDAP and reading Service Registry from json 
> file) but we cannot get it to save the Service Registry in a MySQL casdb.
> Is there a way to manually enter a Service Registry into a MySQL database?
>
> Running CAS has created 3 tables in our MySQL database:
>
> regex_registered_service
> regex_registered_service_regex_registered_service_property
> regex_registered_service_registered_service_impl_contact
>
>
> Table regex_registered_service has the following columns:
>
> +--+
> | COLUMN_NAME  |
> +--+
> | access_strategy  |
> | attribute_release|
> | description  |
> | environments |
> | evaluation_order |
> | expiration_policy|
> | expression_type  |
> | id   |
> | information_Url  |
> | logo |
> | logout_type  |
> | logout_url   |
> | mfa_policy   |
> | name |
> | privacy_Url  |
> | proxy_policy |
> | proxy_ticket_expiration_policy   |
> | public_key   |
> | required_handlers|
> | response_Type|
> | service_Id   |
> | service_ticket_expiration_policy |
> | sso_participation_policy |
> | theme|
> | username_attr|
> +--+
> 25 rows in set (0.00 sec)
>
> How would I get the following json into this table?
>
> {
>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>   "serviceId" : "https://localhost:9000/dashboard;,
>   "name" : "My App",
>   "id" : 10001000,
>   "description" : "My Dashboard App",
>   "attributeReleasePolicy" : {
> "@class" : 
> "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
> "allowedAttributes" : {
>   "@class" : "java.util.TreeMap",
>   "memberOf" : "authorities"
> }
>   },
>   "evaluationOrder" : 100,
>   "accessStrategy" : {
> "@class" : 
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
> "enabled" : true,
> "ssoEnabled" : true
>   }
> }
>
> Thanks in advance!
>
> Bob
>
> -- 
>
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | rb...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the 
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
> WSÁNEĆ Nations.
>
>
> On Tuesday, January 28, 2020 at 8:31:44 PM UTC+1, rbon wrote: 
>
> Bob,
>
> Are you using the cas management server, 
> https://github.com/apereo/cas-management-overlay?
> If you are, what do the logs say when you try to save?
>
> Ray
>
> On Tue, 2020-01-28 at 03:50 -0800, Bob wrote:
>
> Hello,
>
> We are upgrading to CAS 6.1.x.
> Most things seem to work fine (LDAP and reading Service Registry from json 
> file) but we

[cas-user] Re: private git Service Registry authentication not working

2019-10-29 Thread Misagh Moayyed

Are you still seeing this with 6.1.0?

On Saturday, October 12, 2019 at 12:07:47 AM UTC+4, Robert Bond wrote:
>
> Getting an error when using a private git repo for cas service registry. 
> It works correctly if I remove the username and password config options are 
> use a public repo.
>
> Here is my config for the registry:
> cas.serviceRegistry.git.repositoryUrl=
> https://gitlab.example.edu/cas-service-registry.git
> cas.serviceRegistry.git.branchesToClone=dev
> cas.serviceRegistry.git.activeBranch=dev
> cas.serviceRegistry.git.username=asdf
> cas.serviceRegistry.git.password=asdf
> cas.serviceRegistry.git.cloneDirectory=file:/tmp/cas-service-registry
> cas.serviceRegistry.git.pushChanges=false
>
>
> And here is the error I am getting:
> 2019-10-11 19:03:29,837 ERROR 
> [org.springframework.scheduling.support.TaskUtils$LoggingErrorHandler] - 
> 
> org.eclipse.jgit.api.errors.TransportException: 
> https://gitlab.example.edu/cas-service-registry.git: Authentication is 
> required but no CredentialsProvider has been registered
>
> Any thoughts?
>
> I used our internal gitlab and tried using a github account also, tested 
> the credentials are working.
>
> I tried looking at the cas code for the gitServiceRegistry and it seems 
> like it has the options for specifying a username and password. 
>
> Attached full log output also.
>
> Thanks!
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/811d628a-9011-4037-946e-b74c5e3bb74e%40apereo.org.

[cas-user] Re: 6.1.0: Cannot find state with id 'casExpiredPassView' in flow 'login'

2019-10-29 Thread Misagh Moayyed

Consider switching to 6.1.0 to see if you experience the same behavior.

On Thursday, October 17, 2019 at 10:57:12 PM UTC+4, Michael Lazar wrote:
>
> Hello all,
>
> I just updated my war overlay project from master, and going through my 
> testing an exception is being thrown with expired passwords.
> I'm using a groovy script to determine display of the warning or expired 
> pages. The warning worked out but I'm setting the expiration with
>  throw new javax.security.auth.login.CredentialExpiredException()
>
> I did my development work with 6.1.0-RC4-SNAPSHOT, and after my pull/merge 
> I'm now building off 6.1.0-SNAPSHOT.
> There are no views in my overlay, it's just branding objects.
>
> Specifically the error I'm getting is:
>
> Caused by: java.lang.IllegalArgumentException: Cannot find state with id 
> 'casExpiredPassView' in flow 'login' -- Known state ids are 
> 'array['initializeLoginForm', 'viewRedirectToUnauthorizedUrlView', 
> 'viewServiceErrorView', 'redirectView', 'postView', 'headerView', 
> 'viewGenericLoginSuccess', 'showWarningView', 'finalizeWarning', 
> 'endWebflowExecution', 'serviceUnauthorizedCheck', 'serviceCheck', 'warn', 
> 'gatewayRequestCheck', 'hasServiceCheck', 'renewRequestCheck', 'realSubmit', 
> 'initialAuthenticationRequestValidationCheck', 'createTicketGrantingTicket', 
> 'sendTicketGrantingTicket', 'generateServiceTicket', 
> 'gatewayServicesManagementCheck', 'serviceAuthorizationCheck', 'redirect', 
> 'handleAuthenticationFailure', 'terminateSession', 
> 'ticketGrantingTicketCheck', 'viewLoginForm', 
> 'showAuthenticationWarningMessages', 'proceedFromAuthenticationWarningView', 
> 'mfa-composite', 'compositeMfaProviderSelectedAction', 'mfaUnavailable', 
> 'mfaDenied', 'mfa-duo']'
>   at 
> org.springframework.webflow.engine.Flow.getStateInstance(Flow.java:343)
>   at 
> org.springframework.webflow.engine.support.DefaultTargetStateResolver.resolveTargetState(DefaultTargetStateResolver.java:60)
>   at 
> org.springframework.webflow.engine.Transition.execute(Transition.java:218)
>   at 
> org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
>   at 
> org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
>   at 
> org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
>   at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
>
>
> Is there something I'm missing or should I be doing something different to 
> trigger the "Your password has expired" view?
> I look forward to any data the group has on this.
> Thanks,
> -Michael.
>
> (reposted from the jasig-cas-user group)
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3dd3919a-e591-4588-8dbf-fd819b500fff%40apereo.org.

[cas-user] Re: CAS 6.0.5.1 and RADIUS Auth.

2019-10-29 Thread Misagh Moayyed


>
>
>
> When I look at the build.gradle of the CAS source I seem to see an 
> directive in there that switches from using standard getopt libraries to 
> java-getopt but since the overlay just pulls that I’m not sure if that is 
> doing anything, is a red herring or whatever.
>

You likely need to apply the same *trick*. JRadius does not publish 
artifacts to a repository and the things it depends on are generally 
outdated or replaced. Following the same approach in your overlay should do 
the trick.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6f2fe71b-ac8d-465a-a5a6-c178aec5a7e2%40apereo.org.

[cas-user] Re: remove MFA DUO Monitoring from CAS 6.0.5 heath check actuator url

2019-10-29 Thread Misagh Moayyed

I realize you're on 6.0.5 but, this *might* work for you:
https://apereo.github.io/2019/02/07/cas61-healthstatus-springboot/#health-indicators

Otherwise, switch to 6.1.0 or port back.

On Monday, October 28, 2019 at 8:55:00 PM UTC+4, n99 wrote:
>
> Hello
>
> We have enabled MFA using Duo at the global level and have also 
> implemented a global OPEN failure policy. 
>
> This works as expected when we contrive a test with Duo being unavailable.
>
> However we have also noticed, during our test, that calling the Actuator 
> Health Check url also causes CAS to be marked as DOWN when Duo is DOWN.
>
> Given we use the health check url on our Load Balancer to check nodes are 
> up, this is not ideal, as all nodes are marked as DOWN, and we can't fall 
> back to the MFA global OPEN failure policy.
>
> There are docs about enabling/disabling monitoring in the health check but 
> none on MFA/Duo.
>
> Can we exclude Duo monitoring from the actuator health check?
>
> Thanks
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/45bb907a-38c0-4c01-a09f-1c97fe1f8d32%40apereo.org.

[cas-user] CAS 6.1.0 Release Annoucement

2019-10-28 Thread Misagh Moayyed

CAS 6.1.0 is released:
https://github.com/apereo/cas/releases/tag/v6.1.0


-- Misagh

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a6b1e8e2-e86c-4c4c-aef4-aa7c94494085%40Spark.

[cas-user] Re: Apereo CAS Deployer Survey: 2019 Edition

2019-10-09 Thread Misagh Moayyed

Survey results are now published:
https://apereo.github.io/2019/10/09/cas-survey-results2019/

On Tuesday, September 3, 2019 at 9:10:41 PM UTC+4, Misagh Moayyed wrote:
>
> Survey is now closed. Thank you all for participating. Aggregated, 
> anonymized results as well as a brief post-mortem analysis will be posted 
> on the Apereo blog shortly, with a link to follow-up here.
>
> On Wednesday, August 28, 2019 at 2:10:35 PM UTC+4:30, Misagh Moayyed wrote:
>>
>> Final reminder; The survey will close in less than a week. Thank you to 
>> all who have submitted answers so far.
>>
>> If you have not participated in the survey, please consider doing so by 
>> next Monday EOD. If you do need more time, please reach out to me directly.
>>
>>
>> On Monday, July 15, 2019 at 10:36:19 AM UTC+3, Misagh Moayyed wrote:
>> > CAS Community,
>> > 
>> > 
>> > The CAS project management committee has prepared a survey to request 
>> feedback from CAS deployers:
>> > 
>> > 
>> > http://bit.ly/2XJAJRh
>> > 
>> > 
>> > The intention is to help clarify specific areas in the CAS ecosystem 
>> that need attention, understand user demographics and common use cases and 
>> explore opportunities to support and prioritize funding of development 
>> activities.
>> > 
>> > 
>> > There is no due date yet though ideally, it would be best to finalize 
>> the results before September and periodically, I will send out reminders to 
>> the list here.
>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/79adfa21-276a-4f3d-b8d4-1e43b720cc26%40apereo.org.

[cas-user] CAS 6.1 RC6 Release Announcement

2019-10-07 Thread Misagh Moayyed

CAS 6.1 RC6 is released:
https://github.com/apereo/cas/releases/tag/v6.1.0-RC6

-- Misagh

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/37a9b60a-a687-4f71-8ef1-6f1b3cda2fd9%40Spark.

[cas-user] Re: About SP metadata generation in CAS

2019-09-19 Thread Misagh Moayyed


>
>
> So my question is:
> 1) can we generate the SP metadata from CAS itself without using any Idp 
> metadata?
>

Yes. Modify it by hand, or create your own. CAS does not "need" the IdP 
metadata to generate the SP metadata. 
 

> 2) do you think we need to change our current pac4j implementation?
>

No.
 

> 3) In such cases, does the SAML Request/Response need to be customized?
>

No.
 

> 4) How should the authentication flow work in this case?
>

Same as before.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/67270286-7964-4526-b363-c62e5b30acc0%40apereo.org.

[cas-user] Re: About CAS flow diagram

2019-09-19 Thread Misagh Moayyed

No, they represent application cookie/session. One/First app is a Java 
application, presumably protected by the Java CAS client, and the second 
application is one protected by mod-auth-cas.

On Thursday, September 19, 2019 at 7:35:56 AM UTC+4:30, Jeff Wang wrote:
>
> I start to study CAS recently. 
>
> When I read the document CAS flow diagram, I have some confusion.
>
> https://apereo.github.io/cas/5.2.x/images/cas_flow_diagram.png 
> 
>
> I don't understand that what is the difference between the cookie JSESSION 
> in the first access and cookie MOD_AUTH_CAS_S in the first access to second 
> application.
>
> Is that represent Service Ticket?
>
> Thanks.
>
>
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3cd14abd-76bf-4559-b516-849965f73ef1%40apereo.org.

[cas-user] Re: Inquiring CAS commercial support

2019-09-12 Thread Misagh Moayyed

Clarification: while this should in no way affect your decision, I should 
point out that as of July 5th, I am no longer a Unicon employee.

On Tuesday, September 10, 2019 at 6:19:52 PM UTC+4:30, William E. wrote:
>
> We have been using Unicon  for a few years now. 
> Misagh, who I consider the main CAS developer, works for them.  We're happy 
> with their support.
>
> -William
>
>
> On Monday, September 9, 2019 at 1:38:05 PM UTC-5, Yan Zhou wrote:
>>
>> Hi,
>>
>> We use CAS 4.1.9 and CAS 5.3. It has been running well in PROD., We are 
>> in health-care industry and would like to look into commercial CAS support. 
>>
>> One of my biggest unknowns and fear is gaining visibility into CAS ticket 
>> registry, hazelcast.  If some of PROD users cannot login, it seems that 
>> usually this is because the ticket validation failed. It seems difficult 
>> gaining visibility into troubleshooting that in PROD traffic.
>>
>> I am not sure whether I would better off getting Hazelcast commercial 
>> support of CAS commercial support. 
>>
>> I looked up the CAS documentation, the membership fee is for academic 
>> organizations, so we do not qualify. With the list of commercial 
>> organizations providing CAS support, anyone has experience with any of them?
>>
>>
>>
>> Thx!
>> Yan
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ed338a1-aee8-4a0d-ac34-937d1a73ed05%40apereo.org.

[cas-user] CAS 6.0.5 Release Announcement

2019-09-10 Thread Misagh Moayyed

CAS 6.0.5 is released:
https://github.com/apereo/cas/releases/tag/v6.0.5 


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/310352F4-921F-41A1-BEB2-FCBFABFBE016%40gmail.com.

[cas-user] Re: SAML Response Destination

2019-09-09 Thread Misagh Moayyed

Can you try this with 5.3.12?

On Thursday, September 5, 2019 at 6:46:44 PM UTC+4:30, Josh G wrote:
>
> Apologies for the bump - just wanted to see if anyone else has run into 
> this before?
>
> On Wednesday, August 21, 2019 at 11:44:03 AM UTC, Josh G wrote:
>>
>> Hi all -
>>
>> We are working on integrating a service (dmp.cdlib.org) in our CAS 5.2.x 
>> environment, but are having trouble accommodating a specific requirement, 
>> specifically setting the Destination in the SAML response.
>>
>> In order to validate our configuration, the vendor offers a test 
>> Shibboleth SP instance at https://dmptool.org/cgi-bin/PrintShibInfo.pl.
>>
>> Upon logging into the service, we are receiving the following error:
>>
>> opensaml::BindingException 
>>
>> The system encountered an error at Wed Aug 21 04:40:17 2019
>>
>> To report this problem, please contact the site administrator at 
>> u...@ucop.edu. 
>>
>> Please include the following message in any email:
>>
>> opensaml::BindingException at (
>> https://uc3-dmpx2-prd-2c.cdlib.org/Shibboleth.sso/SAML2/POST)
>>
>> SAML message delivered with POST to incorrect server URL.
>>
>> The issue appears to be the SAML Response Destination is incorrect:
>>
>>
>> *Here is an example of the SAML Request:*
>>
>> > AssertionConsumerServiceURL="
>> https://dmptool.org/Shibboleth.sso/SAML2/POST;
>> Destination="https://> URL>.edu/cas/idp/profile/SAML2/Redirect/SSO"
>> ID="_16cb2cd64c7aab9b86d5766ec9a86cf9"
>> IssueInstant="2019-08-20T18:19:10Z"
>> 
>> ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
>> Version="2.0"
>> >
>> 
>> https://dmp.cdlib.org
>> 
>> 
>>
>> *Here is a snipped of the SAML Response:*
>>
>> > *Destination="https://dmp.cdlib.org/Shibboleth.sso/SAML2/POST 
>> "*
>>  ID="_1919448364467476034"
>>  InResponseTo="_16cb2cd64c7aab9b86d5766ec9a86cf9"
>>  IssueInstant="2019-08-20T18:19:10.862Z"
>>  Version="2.0"
>>  xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
>>  >
>>
>>
>>
>> The item in red above is incorrect, the Destination should be https://
>> dmptool.org/Shibboleth.sso/SAML2/POST.
>>
>> Is there a way in CAS to specify the Destination redirect?
>>
>> This is possible to do natively in Shibboleth IdP, however we run all of 
>> our InCommon SAML configuration (this is an InCommon Federated service) 
>> through CAS.
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1458c7b4-4725-452d-b847-c60f7bb95413%40apereo.org.

[cas-user] Re: Apereo CAS Deployer Survey: 2019 Edition

2019-09-03 Thread Misagh Moayyed

Survey is now closed. Thank you all for participating. Aggregated, 
anonymized results as well as a brief post-mortem analysis will be posted 
on the Apereo blog shortly, with a link to follow-up here.

On Wednesday, August 28, 2019 at 2:10:35 PM UTC+4:30, Misagh Moayyed wrote:
>
> Final reminder; The survey will close in less than a week. Thank you to 
> all who have submitted answers so far.
>
> If you have not participated in the survey, please consider doing so by 
> next Monday EOD. If you do need more time, please reach out to me directly.
>
>
> On Monday, July 15, 2019 at 10:36:19 AM UTC+3, Misagh Moayyed wrote:
> > CAS Community,
> > 
> > 
> > The CAS project management committee has prepared a survey to request 
> feedback from CAS deployers:
> > 
> > 
> > http://bit.ly/2XJAJRh
> > 
> > 
> > The intention is to help clarify specific areas in the CAS ecosystem 
> that need attention, understand user demographics and common use cases and 
> explore opportunities to support and prioritize funding of development 
> activities.
> > 
> > 
> > There is no due date yet though ideally, it would be best to finalize 
> the results before September and periodically, I will send out reminders to 
> the list here.
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5c11b333-a96a-42dc-ae3c-a919964e1a4c%40apereo.org.

[cas-user] CAS 6.1 RC5 Release Announcement

2019-09-02 Thread Misagh Moayyed

CAS 6.1 RC5 is released:
https://github.com/apereo/cas/releases/tag/v6.1.0-RC5

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8C9190B0-5351-4CDF-ACD3-677BD962A525%40gmail.com.

[cas-user] Re: Apereo CAS Deployer Survey: 2019 Edition

2019-08-28 Thread Misagh Moayyed

Final reminder; The survey will close in less than a week. Thank you to all who 
have submitted answers so far.

If you have not participated in the survey, please consider doing so by next 
Monday EOD. If you do need more time, please reach out to me directly.


On Monday, July 15, 2019 at 10:36:19 AM UTC+3, Misagh Moayyed wrote:
> CAS Community,
> 
> 
> The CAS project management committee has prepared a survey to request 
> feedback from CAS deployers:
> 
> 
> http://bit.ly/2XJAJRh
> 
> 
> The intention is to help clarify specific areas in the CAS ecosystem that 
> need attention, understand user demographics and common use cases and explore 
> opportunities to support and prioritize funding of development activities.
> 
> 
> There is no due date yet though ideally, it would be best to finalize the 
> results before September and periodically, I will send out reminders to the 
> list here.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c84fd347-0ea0-4e90-85c5-6cb9dc3725b4%40apereo.org.

Re: [cas-user] CAS 6.1-RC4 OIDC configuration

2019-08-28 Thread Misagh Moayyed

Are you certain your configuration values are not overridden by something else?

> On Aug 28, 2019, at 1:30 AM, 'Mallory, Erik' via CAS Community 
>  wrote:
> 
> Yes.
> # OpenID Authentication
> cas.authn.oidc.issuer=http://cas-dev.wichita.edu/cas/oidc 
> <http://cas-dev.wichita.edu/cas/oidc>
> # Skew ID tokens in minutes
> cas.authn.oidc.skew=5
>  
> cas.authn.oidc.jwksFile=file:/etc/cas/config/keystore.jwks
> cas.authn.oidc.jwksCacheInMinutes=60
>  
> #cas.authn.oidc.dynamicClientRegistrationMode=OPEN|PROTECTED
> cas.authn.oidc.dynamicClientRegistrationMode=PROTECTED
>  
> cas.authn.oidc.subjectTypes=public,pairwise
>  
> Erik Mallory
> Server Analyst 
> Wichita State University
> 316.978.3502
>  
>  
> From: mailto:cas-user@apereo.org>> on behalf of Misagh 
> Moayyed mailto:misagh.moay...@gmail.com>>
> Reply-To: "cas-user@apereo.org <mailto:cas-user@apereo.org>" 
> mailto:cas-user@apereo.org>>
> Date: Tuesday, August 27, 2019 at 2:59 AM
> To: CAS Community mailto:cas-user@apereo.org>>
> Subject: Re: [cas-user] CAS 6.1-RC4 OIDC configuration
>  
> Have you defined an issuer? 
> https://apereo.github.io/cas/development/configuration/Configuration-Properties.html#openid-connect
>  
> <https://apereo.github.io/cas/development/configuration/Configuration-Properties.html#openid-connect>
> 
> 
>> On Aug 27, 2019, at 2:23 AM, 'Mallory, Erik' via CAS Community 
>> mailto:cas-user@apereo.org>> wrote:
>>  
>> Hello,
>> I'm trying to configure oAuth/OIDC and I'm running into a head scratcher.
>> The CAS oidc/.well-known endpoint returns cas.example.org:8443 
>> <http://cas.example.org:8443/> for all of the related endpoints. 
>> Example:
>> {"issuer":"http://cas-dev.wichita.edu/cas/oidc 
>> <http://cas-dev.wichita.edu/cas/oidc>","scopes_supported":["openid","profile","email","address","phone","offline_access"],"response_types_supported":["code","token","id_token
>>  
>> token"],"subject_types_supported":["public","pairwise"],"claim_types_supported":["normal"],"claims_supported":["sub","name","preferred_username","family_name","given_name","middle_name","given_name","profile","picture","nickname","website","zoneinfo","locale","updated_at","birthdate","email","email_verified","phone_number","phone_number_verified","address","gender"],"grant_types_supported":["authorization_code","password","client_credentials","refresh_token"],"id_token_signing_alg_values_supported":["none","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512","HS256","HS384","HS512"],"id_token_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW"],"id_token_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"userinfo_signing_alg_values_supported":["none","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512","HS256","HS384","HS512"],"userinfo_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW"],"userinfo_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"introspection_endpoint_auth_methods_supported":["client_secret_basic"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt"],"claims_parameter_

Re: [cas-user] CAS 6.1-RC4 OIDC configuration

2019-08-27 Thread Misagh Moayyed

Have you defined an issuer?
https://apereo.github.io/cas/development/configuration/Configuration-Properties.html#openid-connect
 


> On Aug 27, 2019, at 2:23 AM, 'Mallory, Erik' via CAS Community 
>  wrote:
> 
> Hello,
> I'm trying to configure oAuth/OIDC and I'm running into a head scratcher.
> The CAS oidc/.well-known endpoint returns cas.example.org:8443 for all of the 
> related endpoints. 
> Example:
> {"issuer":"http://cas-dev.wichita.edu/cas/oidc","scopes_supported":["openid","profile","email","address","phone","offline_access"],"response_types_supported":["code","token","id_token
>  
> token"],"subject_types_supported":["public","pairwise"],"claim_types_supported":["normal"],"claims_supported":["sub","name","preferred_username","family_name","given_name","middle_name","given_name","profile","picture","nickname","website","zoneinfo","locale","updated_at","birthdate","email","email_verified","phone_number","phone_number_verified","address","gender"],"grant_types_supported":["authorization_code","password","client_credentials","refresh_token"],"id_token_signing_alg_values_supported":["none","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512","HS256","HS384","HS512"],"id_token_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW"],"id_token_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"userinfo_signing_alg_values_supported":["none","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512","HS256","HS384","HS512"],"userinfo_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW"],"userinfo_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"introspection_endpoint_auth_methods_supported":["client_secret_basic"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt"],"claims_parameter_supported":true,"request_parameter_supported":false,"authorization_endpoint":"https://cas.example.org:8443/cas/oidc/authorize","token_endpoint":"https://cas.example.org:8443/cas/oidc/accessToken","userinfo_endpoint":"https://cas.example.org:8443/cas/oidc/profile","registration_endpoint":"https://cas.example.org:8443/cas/oidc/register","end_session_endpoint":"https://cas.example.org:8443/cas/oidc/logout","introspection_endpoint":"https://cas.example.org:8443/cas/oidc/introspect","revocation_endpoint":"https://cas.example.org:8443/cas/oidc/revoke","jwks_uri":"https://cas.example.org:8443/cas/oidc/jwks"}
> 
> 
> I thought this value was controlled by the cas.server.name property. But I 
> guess it's elsewhere?
> 
> server.context-path=/cas
> server.port=443
> cas.server.name=https://cas-dev.wichita.edu
> cas.server.prefix=https://cas-dev.wichita.edu/cas
> cas.host.name=cas-dev.wichita.edu
> 
> Hopefully someone can shine a light on this for me. 
> Thanks,
> Erik Mallory
> Server Analyst 
> Wichita State University
> 
> 
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3B7E953C-586C-41E3-BB3A-73A53D433AB0%40wichita.edu.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/375F9DAF-027B-4CE0-A5F3-AE84255B3C99%40gmail.com.

[cas-user] Re: Apereo CAS Deployer Survey: 2019 Edition

2019-08-15 Thread Misagh Moayyed

Another gentle biweekly reminder; If you have not participated in the 
survey, please consider doing so in the next couple of weeks.

On Monday, July 15, 2019 at 12:06:19 PM UTC+4:30, Misagh Moayyed wrote:
>
> CAS Community,
>
> The CAS project management committee has prepared a survey to request 
> feedback from CAS deployers:
>
> http://bit.ly/2XJAJRh
>
> The intention is to help clarify specific areas in the CAS ecosystem that 
> need attention, understand user demographics and common use cases and 
> explore opportunities to support and prioritize funding of development 
> activities.
>
> There is no due date yet though ideally, it would be best to finalize the 
> results before September and periodically, I will send out reminders to the 
> list here.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/01ac32c1-96ff-4bac-924f-77544142318a%40apereo.org.

Re: [cas-user] Return uid in attribute list?

2019-08-15 Thread Misagh Moayyed

Apologies for the rather quick response; I realize you have certainly 
looked at that flag and relevant page in the docs. I think you're only 
missing that construct in your release policy. My example should help, I 
hope.

On Thursday, August 15, 2019 at 10:32:28 AM UTC+4:30, Misagh Moayyed wrote:
>
>
>
> So I can see why it's mapping to the principal id and would not release by 
> default, but I can't discern from the documentation how to change the 
> default behavior to release it as part of the attribute list.
>
> Any ideas?
>
>
> Have you looked at “principalIdAttribute”?
>
>
> https://apereo.github.io/cas/5.3.x/integration/Attribute-Release-Policies.html
>
> Perhaps:
>
> "attributeReleasePolicy" : {
>"@class" : 
> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
>"allowedAttributes" : [ "java.util.ArrayList", [ "mail", "uid" ] ],
>“principalIdAttribute”: "uid"
> }
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9f626b0c-3804-4d88-bcc3-4bea6215a85f%40apereo.org.

Re: [cas-user] Return uid in attribute list?

2019-08-15 Thread Misagh Moayyed



> So I can see why it's mapping to the principal id and would not release by 
> default, but I can't discern from the documentation how to change the default 
> behavior to release it as part of the attribute list.
> 
> Any ideas?

Have you looked at “principalIdAttribute”?

https://apereo.github.io/cas/5.3.x/integration/Attribute-Release-Policies.html 


Perhaps:

"attributeReleasePolicy" : {
   "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
   "allowedAttributes" : [ "java.util.ArrayList", [ "mail", "uid" ] ],
   “principalIdAttribute”: "uid"
}

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/03569FD4-238B-46E2-8BBF-30DAC6EEB78C%40gmail.com.

Re: [cas-user] Negative "evaluationOrder" for registered services

2019-08-08 Thread Misagh Moayyed



> On Aug 8, 2019, at 7:35 PM, Yauheni Sidarenka  
> wrote:
> 
> Hello all,
> 
> I have a question about "evaluationOrder" property of a registered 
> service:https://apereo.github.io/cas/6.0.x/services/Service-Management.html#registered-services
>  
> 
> 
> Official documentation does not put any restriction on this field, but from 
> CAS code (and one of topics here) I know that it should be in Java's 
> Integer.MIN_VALUE..Integer.MAX_VALUE range (signed 32 bit integer).
> 
> Is it allowed to have negative value like in service configuration below?

Yes negative values are allowed.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1726E0E1-8266-4A24-8F1A-C19ABA193689%40gmail.com.

Re: [cas-user] CAS 6.1 RC 4 configuration issues Hazelcast service registry OIDC and OAuth

2019-08-01 Thread Misagh Moayyed

You’re quite welcome, and no worries. I been guilty of the same sort of mistake 
many many times :) It happens. 

All credit for the management app should go to Travis Schmidt; He’s done an 
excellent job, and we’ll continue to fine-tune the app to add more “management” 
type functionality in addition to application registrations. 

> On Aug 1, 2019, at 6:43 PM, 'Mallory, Erik' via CAS Community 
>  wrote:
> 
> Yes I did ☺ Thanks for your time and sorry for the noise. I know you’re busy. 
> I was able to get it going just now.  I’ll try the same with the oidc and 
> oauth config. I’ll message back if I have issues.
> BTW Great work on the management interface!  It’s a massive improvement from 
> 5.1 . It might be my exposure to cas, but 6.1 has been easier to set up than 
> other versions. Thanks for all of that.
>  
>  
> Erik Mallory
> Server Analyst 
> Wichita State University
>  
>  
> From: mailto:cas-user@apereo.org>> on behalf of Misagh 
> Moayyed mailto:misagh.moay...@gmail.com>>
> Reply-To: "cas-user@apereo.org <mailto:cas-user@apereo.org>" 
> mailto:cas-user@apereo.org>>
> Date: Thursday, August 1, 2019 at 8:46 AM
> To: CAS Community mailto:cas-user@apereo.org>>
> Subject: Re: [cas-user] CAS 6.1 RC 4 configuration issues Hazelcast service 
> registry OIDC and OAuth
>  
> Judging by your snippet below it looks like you did miss a few. This is 
> correct (compare with yours):
>  
> cas.serviceRegistry.stream.hazelcast.duration=PT1M
>  
> cas.serviceRegistry.stream.hazelcast.config.cluster.evictionPolicy=LRU
> cas.serviceRegistry.stream.hazelcast.config.cluster.maxNoHeartbeatSeconds=300
> cas.serviceRegistry.stream.hazelcast.config.cluster.loggingType=slf4j
> cas.serviceRegistry.stream.hazelcast.config.cluster.portAutoIncrement=false
> cas.serviceRegistry.stream.hazelcast.config.cluster.maxHeapSizePercentage=85
> cas.serviceRegistry.stream.hazelcast.config.cluster.backupCount=1
> cas.serviceRegistry.stream.hazelcast.config.cluster.asyncBackupCount=0
> cas.serviceRegistry.stream.hazelcast.config.cluster.maxSizePolicy=USED_HEAP_PERCENTAGE
> cas.serviceRegistry.stream.hazelcast.config.cluster.timeout=5
> cas.serviceRegistry.stream.hazelcast.config.cluster.members=10.0.79.37,10.0.79.38
> cas.serviceRegistry.stream.hazelcast.config.cluster.instanceName=cas-dev-svcs
> cas.serviceRegistry.stream.hazelcast.config.cluster.port=5703
>  
> 
> 
>> On Aug 1, 2019, at 1:06 AM, 'Mallory, Erik' via CAS Community 
>> mailto:cas-user@apereo.org>> wrote:
>>  
>> Yes, I tried it both ways.
>> cas.serviceRegistry.stream.hazelcast.config.duration=PT1M
>> cas.serviceRegistry.stream.hazelcast.config.cluster.evictionPolicy=LRU
>> cas.serviceRegistry.stream.hazelcast.config.cluster.maxNoHeartbeatSeconds=300
>> cas.serviceRegistry.stream.hazelcast.config.cluster.loggingType=slf4j
>> cas.serviceRegistry.stream.hazelcast.config.cluster.portAutoIncrement=false
>> cas.serviceRegistry.stream.hazelcast.config.cluster.maxHeapSizePercentage=85
>> cas.serviceRegistry.stream.hazelcast.config.cluster.backupCount=1
>> cas.serviceRegistry.stream.hazelcast.config.cluster.asyncBackupCount=0
>> cas.serviceRegistry.stream.hazelcast.config.maxSizePolicy=USED_HEAP_PERCENTAGE
>> cas.serviceRegistry.stream.hazelcast.config.timeout=5
>> cas.serviceRegistry.stream.hazelcast.config.cluster.members=10.0.79.37,10.0.79.38
>> cas.serviceRegistry.stream.hazelcast.config.cluster.instanceName=cas-dev-svcs
>> cas.serviceRegistry.stream.hazelcast.config.cluster.port=5703
>>  
>>  
>> Erik Mallory
>> Server Analyst 
>> Wichita State University
>> 316.978.3502
>>  
>>  
>> From: mailto:cas-user@apereo.org>> on behalf of Misagh 
>> Moayyed mailto:misagh.moay...@gmail.com>>
>> Reply-To: "cas-user@apereo.org <mailto:cas-user@apereo.org>" 
>> mailto:cas-user@apereo.org>>
>> Date: Wednesday, July 31, 2019 at 3:02 PM
>> To: CAS Community mailto:cas-user@apereo.org>>
>> Subject: Re: [cas-user] CAS 6.1 RC 4 configuration issues Hazelcast service 
>> registry OIDC and OAuth
>>  
>> Post your settings please. 
>>  
>> Chances are, you are using:
>> cas.serviceRegistry.stream.hazelcast.cluster.instanceName=blah
>>  
>> where it should be:
>> cas.serviceRegistry.stream.hazelcast.config.cluster.instanceName=blah
>>  
>> Key being, quite literally, “cas.serviceRegistry.stream.hazelcast.config” as 
>> the starting prefix which you pasted below.
>> 
>> 
>> 
>>> On Jul 31, 2019, at 11:53 PM, 'Mallory, Erik' via CAS Community 
>>> mailto:cas-user@apereo.org>

Re: [cas-user] CAS 6.1 RC 4 configuration issues Hazelcast service registry OIDC and OAuth

2019-08-01 Thread Misagh Moayyed

Judging by your snippet below it looks like you did miss a few. This is correct 
(compare with yours):

cas.serviceRegistry.stream.hazelcast.duration=PT1M

cas.serviceRegistry.stream.hazelcast.config.cluster.evictionPolicy=LRU
cas.serviceRegistry.stream.hazelcast.config.cluster.maxNoHeartbeatSeconds=300
cas.serviceRegistry.stream.hazelcast.config.cluster.loggingType=slf4j
cas.serviceRegistry.stream.hazelcast.config.cluster.portAutoIncrement=false
cas.serviceRegistry.stream.hazelcast.config.cluster.maxHeapSizePercentage=85
cas.serviceRegistry.stream.hazelcast.config.cluster.backupCount=1
cas.serviceRegistry.stream.hazelcast.config.cluster.asyncBackupCount=0
cas.serviceRegistry.stream.hazelcast.config.cluster.maxSizePolicy=USED_HEAP_PERCENTAGE
cas.serviceRegistry.stream.hazelcast.config.cluster.timeout=5
cas.serviceRegistry.stream.hazelcast.config.cluster.members=10.0.79.37,10.0.79.38
cas.serviceRegistry.stream.hazelcast.config.cluster.instanceName=cas-dev-svcs
cas.serviceRegistry.stream.hazelcast.config.cluster.port=5703


> On Aug 1, 2019, at 1:06 AM, 'Mallory, Erik' via CAS Community 
>  wrote:
> 
> Yes, I tried it both ways.
> cas.serviceRegistry.stream.hazelcast.config.duration=PT1M
> cas.serviceRegistry.stream.hazelcast.config.cluster.evictionPolicy=LRU
> cas.serviceRegistry.stream.hazelcast.config.cluster.maxNoHeartbeatSeconds=300
> cas.serviceRegistry.stream.hazelcast.config.cluster.loggingType=slf4j
> cas.serviceRegistry.stream.hazelcast.config.cluster.portAutoIncrement=false
> cas.serviceRegistry.stream.hazelcast.config.cluster.maxHeapSizePercentage=85
> cas.serviceRegistry.stream.hazelcast.config.cluster.backupCount=1
> cas.serviceRegistry.stream.hazelcast.config.cluster.asyncBackupCount=0
> cas.serviceRegistry.stream.hazelcast.config.maxSizePolicy=USED_HEAP_PERCENTAGE
> cas.serviceRegistry.stream.hazelcast.config.timeout=5
> cas.serviceRegistry.stream.hazelcast.config.cluster.members=10.0.79.37,10.0.79.38
> cas.serviceRegistry.stream.hazelcast.config.cluster.instanceName=cas-dev-svcs
> cas.serviceRegistry.stream.hazelcast.config.cluster.port=5703
>  
>  
> Erik Mallory
> Server Analyst 
> Wichita State University
> 316.978.3502
>  
>  
> From: mailto:cas-user@apereo.org>> on behalf of Misagh 
> Moayyed mailto:misagh.moay...@gmail.com>>
> Reply-To: "cas-user@apereo.org <mailto:cas-user@apereo.org>" 
> mailto:cas-user@apereo.org>>
> Date: Wednesday, July 31, 2019 at 3:02 PM
> To: CAS Community mailto:cas-user@apereo.org>>
> Subject: Re: [cas-user] CAS 6.1 RC 4 configuration issues Hazelcast service 
> registry OIDC and OAuth
>  
> Post your settings please. 
>  
> Chances are, you are using:
> cas.serviceRegistry.stream.hazelcast.cluster.instanceName=blah
>  
> where it should be:
> cas.serviceRegistry.stream.hazelcast.config.cluster.instanceName=blah
>  
> Key being, quite literally, “cas.serviceRegistry.stream.hazelcast.config” as 
> the starting prefix which you pasted below.
> 
> 
>> On Jul 31, 2019, at 11:53 PM, 'Mallory, Erik' via CAS Community 
>> mailto:cas-user@apereo.org>> wrote:
>>  
>> Hello,
>> I have CAS-6.1-RC4 installed and it mostly works.  I’ve noticed that some of 
>> the configuration properties don’t work and are “left unbound”.  for 
>> example, trying to configure hazelcast for service definition replication, I 
>> up date the dependency section in build.gradle, and rebuild the cas.war file 
>> then I add the config properties from 
>> https://apereo.github.io/cas/development/configuration/Configuration-Properties-Common.html#hazelcast-configuration
>>  
>> <http://linkscanner2.wichita.edu:32224/?dmVyPTEuMDAxJiZmZDdiZDRhZDE2OTc2ZjI3Nj01RDQxRjQ0RF81NzczNl83OTczXzEmJmM0MThlODM3ODg4YzEzZD0xMjIzJiZ1cmw9aHR0cHMlM0ElMkYlMkZhcGVyZW8lMkVnaXRodWIlMkVpbyUyRmNhcyUyRmRldmVsb3BtZW50JTJGY29uZmlndXJhdGlvbiUyRkNvbmZpZ3VyYXRpb24tUHJvcGVydGllcy1Db21tb24lMkVodG1sJTIzaGF6ZWxjYXN0LWNvbmZpZ3VyYXRpb24=>
>> Using the key cas.serviceRegistry.stream.hazelcast.config.
>> I replace the cas.war file and restart.
>>  
>> I get the following errors.
>> Origin: "cas.serviceRegistry.stream.hazelcast.cluster.backupCount" from 
>> property source "bootstrapProperties"
>> Reason: The elements 
>> [cas.serviceregistry.stream.hazelcast.cluster.backupcount,cas.serviceregistry.stream.hazelcast.cluster.evictionpolicy,cas.serviceregistry.stream.hazelcast.cluster.instancename,cas.serviceregistry.stream.hazelcast.cluster.loggingtype,cas.serviceregistry.stream.hazelcast.cluster.maxheapsizepercentage,cas.serviceregistry.stream.hazelcast.cluster.maxnoheartbeatseconds,cas.serviceregistry.stream.hazelcast.cluster.members,cas.serviceregistry.stream.hazelcast.cluster.port,cas.serviceregistry.strea

Re: [cas-user] CAS 6.1 RC 4 configuration issues Hazelcast service registry OIDC and OAuth

2019-07-31 Thread Misagh Moayyed

Post your settings please.

Chances are, you are using:
cas.serviceRegistry.stream.hazelcast.cluster.instanceName=blah

where it should be:
cas.serviceRegistry.stream.hazelcast.config.cluster.instanceName=blah

Key being, quite literally, “cas.serviceRegistry.stream.hazelcast.config” as 
the starting prefix which you pasted below.

> On Jul 31, 2019, at 11:53 PM, 'Mallory, Erik' via CAS Community 
>  wrote:
> 
> Hello,
> I have CAS-6.1-RC4 installed and it mostly works.  I’ve noticed that some of 
> the configuration properties don’t work and are “left unbound”.  for example, 
> trying to configure hazelcast for service definition replication, I up date 
> the dependency section in build.gradle, and rebuild the cas.war file then I 
> add the config properties from 
> https://apereo.github.io/cas/development/configuration/Configuration-Properties-Common.html#hazelcast-configuration
>  
> 
> Using the key cas.serviceRegistry.stream.hazelcast.config.
> I replace the cas.war file and restart.
>  
> I get the following errors.
> Origin: "cas.serviceRegistry.stream.hazelcast.cluster.backupCount" from 
> property source "bootstrapProperties"
> Reason: The elements 
> [cas.serviceregistry.stream.hazelcast.cluster.backupcount,cas.serviceregistry.stream.hazelcast.cluster.evictionpolicy,cas.serviceregistry.stream.hazelcast.cluster.instancename,cas.serviceregistry.stream.hazelcast.cluster.loggingtype,cas.serviceregistry.stream.hazelcast.cluster.maxheapsizepercentage,cas.serviceregistry.stream.hazelcast.cluster.maxnoheartbeatseconds,cas.serviceregistry.stream.hazelcast.cluster.members,cas.serviceregistry.stream.hazelcast.cluster.port,cas.serviceregistry.stream.hazelcast.cluster.portautoincrement,cas.serviceregistry.stream.hazelcast.maxsizepolicy]
>  were left unbound.
> Property: cas.serviceregistry.stream.hazelcast.cluster.evictionpolicy
> Value: LRU
> Origin: "cas.serviceRegistry.stream.hazelcast.cluster.evictionPolicy" 
> from property source "bootstrapProperties"
> Reason: The elements 
> [cas.serviceregistry.stream.hazelcast.cluster.backupcount,cas.serviceregistry.stream.hazelcast.cluster.evictionpolicy,cas.serviceregistry.stream.hazelcast.cluster.instancename,cas.serviceregistry.stream.hazelcast.cluster.loggingtype,cas.serviceregistry.stream.hazelcast.cluster.maxheapsizepercentage,cas.serviceregistry.stream.hazelcast.cluster.maxnoheartbeatseconds,cas.serviceregistry.stream.hazelcast.cluster.members,cas.serviceregistry.stream.hazelcast.cluster.port,cas.serviceregistry.stream.hazelcast.cluster.portautoincrement,cas.serviceregistry.stream.hazelcast.maxsizepolicy]
>  were left unbound.
> Property: cas.serviceregistry.stream.hazelcast.cluster.instancename
> Value: cas-dev-svcs
> Origin: "cas.serviceRegistry.stream.hazelcast.cluster.instanceName" from 
> property source "bootstrapProperties"
> Reason: The elements 
> [cas.serviceregistry.stream.hazelcast.cluster.backupcount,cas.serviceregistry.stream.hazelcast.cluster.evictionpolicy,cas.serviceregistry.stream.hazelcast.cluster.instancename,cas.serviceregistry.stream.hazelcast.cluster.loggingtype,cas.serviceregistry.stream.hazelcast.cluster.maxheapsizepercentage,cas.serviceregistry.stream.hazelcast.cluster.maxnoheartbeatseconds,cas.serviceregistry.stream.hazelcast.cluster.members,cas.serviceregistry.stream.hazelcast.cluster.port,cas.serviceregistry.stream.hazelcast.cluster.portautoincrement,cas.serviceregistry.stream.hazelcast.maxsizepolicy]
>  were left unbound.
> Property: cas.serviceregistry.stream.hazelcast.cluster.loggingtype
> Value: slf4j
>  
> I get similar errors when attempting to configure oauth or oidc.
> I figure this is something that is still under development.  Or I missed 
> something. Either way any information that can be provided would be apricated.
>  
> Thanks,
> Erik Mallory
> Server Analyst 
> Wichita State University
> 
> -- 
> - Website: https://apereo.github.io/cas 
> - Gitter Chatroom: https://gitter.im/apereo/cas 
> - List Guidelines: https://goo.gl/1VRrw7 
> - Contributions: https://goo.gl/mh7qDG 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org 
> .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/4F3C07B0-D4CC-40C7-90BD-44DA77024C99%40wichita.edu
>  
> .

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines:

[cas-user] Re: Apereo CAS Deployer Survey: 2019 Edition

2019-07-31 Thread Misagh Moayyed


Biweekly reminder; If you have not participated in the survey, please 
consider doing so in the next couple of weeks.


CAS Community,
>
> The CAS project management committee has prepared a survey to request 
> feedback from CAS deployers:
>
> http://bit.ly/2XJAJRh
>
> The intention is to help clarify specific areas in the CAS ecosystem that 
> need attention, understand user demographics and common use cases and 
> explore opportunities to support and prioritize funding of development 
> activities.
>
> There is no due date yet though ideally, it would be best to finalize the 
> results before September and periodically, I will send out reminders to the 
> list here.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f5ee1891-e2c1-4b36-8461-07f95d5517a9%40apereo.org.

[cas-user] Apereo CAS Deployer Survey: 2019 Edition

2019-07-15 Thread Misagh Moayyed

CAS Community,

The CAS project management committee has prepared a survey to request feedback 
from CAS deployers:

http://bit.ly/2XJAJRh 

The intention is to help clarify specific areas in the CAS ecosystem that need 
attention, understand user demographics and common use cases and explore 
opportunities to support and prioritize funding of development activities.

There is no due date yet though ideally, it would be best to finalize the 
results before September and periodically, I will send out reminders to the 
list here.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/38EF2D2D-BAB0-4836-9A5C-C22A98AAD920%40gmail.com.

Re: [cas-user] How to evaluate user expiry date/time during database authentication?

2019-07-09 Thread Misagh Moayyed


>
>
>
> Is there any way that I can manually expire TGTs for users that are 
> expired based on the user expiry date/time? It's my understanding that CAS 
> will automatically send out logout messages to registered services after a 
> user manually logs out. I can handle these messages in those services, but 
> I'm not sure how to initiate the process manually for an expired user. 
>

This might help:
https://apereo.github.io/cas/development/installation/Configuring-SSO-Session-Cookie.html#administrative-endpoints

See "ssoSessions". You could design it as an out-of-band process to fetch 
the user id for the expired account, locate the TGT for that user id, and 
send it as a DELETE op to that endpoint, to initiate SLO...or catch the 
"user is expired" error somewhere in the webflow from the handler and do 
the same there.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/61d5495f-3aa6-4fe5-8ff3-88b800ec3869%40apereo.org.

Re: [cas-user] How to evaluate user expiry date/time during database authentication?

2019-06-28 Thread Misagh Moayyed



> 
> However, I'm stuck on the following 2 issues:
> Which authentication handler would be the best one to extend in this case? 

AbstractJdbcUsernamePasswordAuthenticationHandler

> How do I include the userExpiry column data from my database in my custom 
> authentication handler?
> 


Take a look at how QueryDatabaseAuthenticationHandler does things, and then 
model yours the same way.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/461DF081-63B0-4E46-A419-AD8E44E7765A%40gmail.com.

[cas-user] Re: CAS 6.1.0 - questions about java version and EOL

2019-06-24 Thread Misagh Moayyed




In the maintenance policy page (
> https://apereo.github.io/cas/developer/Maintenance-Policy.html), it is 
> writtent that the EOL for CAS Server 6.1.0 is the June 1st, 2020.
> It is the last version though, 
>

It's not the last version. It's the last version for which there is an EOL. 
As soon as folks start working on a new version and we have a tentative 
release date for it, that would also be listed on the page. These things 
are planned in small and incremental ways, given the size of the developer 
community.
 

> why does it have an EOL date? can it be wrong and postponed?
>

It's not wrong. 

It may be postponed pending time, money, availability, interest, frequency 
of contributions, severity of patches, volunteer effort and enthusiasm, 
etc. For instance the maintenance cycle for the 5.3.x release line was 
extended quite a few times because there were folks who needed the patch 
release or there were folks who financially sponsored the effort to make it 
happen. 
 

> And why the 5.3.X version has a better EOL date than the 6.1.0 version?
>

The policy was voted on and changed around the time of CAS 6's initial 
development kickoff to more or less align itself with the Java release 
cadence (though this was not the only reason for the change and 
realistically, the least important). Older versions are not affected by the 
new policy change and will continue to be maintained under the old process 
within the specified dates. 
 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ebf6fa47-19c8-49c3-8ad7-6b980ff449a3%40apereo.org.

[cas-user] CAS 6.1.0-RC4 Release Annoucement

2019-06-10 Thread Misagh Moayyed

CAS 6.1.0-RC4 is released: 

https://github.com/apereo/cas/releases/tag/v6.1.0-RC4 

--Misagh 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1125805844.1745674.1560185011336.JavaMail.zimbra%40unicon.net.

Re: [cas-user] CAS 6.x - Bypass Approval Prompt

2019-05-23 Thread Misagh Moayyed

Hi Christian, Can you indicate the exact version number (RC) and the commit id 
that you're using in 6.1? 

--Misagh 

> From: "Christian Schmidt" 
> To: "CAS Community" 
> Sent: Wednesday, May 22, 2019 8:11:55 AM
> Subject: [cas-user] CAS 6.x - Bypass Approval Prompt

> Hi,

> I'm currently working on CAS in version 6.1.

> I have enabled OIDC and created a service which is working.

> The problem I'm having is, that on every login the User gets redirected to an
> approval/consent screen where he has to allow the service the access.

> Accoring to the documentation, a OidcRegisteredService extends the
> OAuthRegisteredService and the available configuration parameters for the 
> OAuth
> Service also apply to the OIDC service.

> Therefore, I used the parameter "bypassApprovalPrompt" : true

> Unfortuantly this didn't work at all.

> On further investigation I found the configuration class
> org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy where I
> set the key "enabled" to false - this also didn't work.

> According to the log, CAS is bypassing the screen:

> 2019-05-17 16:38:54,041 TRACE
> [org.apereo.cas.support.oauth.web.views.OAuth20ConsentApprovalViewResolver] -
>  [OidcRegisteredService(super=OAuthRegisteredService(super=AbstractRegisteredService(serviceId=^http://(onlineservice2|ncvosproxy2-.+)\.company\.de(:[0-9]+)?(/.*)?,
> name=Onlineservice, theme=null, informationUrl=null, privacyUrl=null,
> responseType=null, id=2010,
> expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false,
> notifyWhenDeleted=false, expirationDate=null),
> proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1,
> proxyTicketExpirationPolicy=null, serviceTicketExpirationPolicy=null,
> singleSignOnParticipationPolicy=null, evaluationOrder=0,
> usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2,
> logoutType=BACK_CHANNEL, requiredHandlers=[], environments=[],
> attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null,
> principalAttributesRepository=DefaultPrincipalAttributesRepository(),
> consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=false,
> excludedAttributes=null, includeOnlyAttributes=null),
> authorizedToReleaseCredentialPassword=false,
> authorizedToReleaseProxyGrantingTicket=false, excludeDefaultAttributes=false,
> authorizedToReleaseAuthenticationAttributes=true, principalIdAttribute=null,
> order=0)),
> multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[],
> failureMode=UNDEFINED, principalAttributeNameTrigger=null,
> principalAttributeValueToMatch=null, bypassEnabled=false),
> logo=./images/onlineservice.svg, logoutUrl=null,
> accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, enabled=true,
> ssoEnabled=true, unauthorizedRedirectUrl=null,
> delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[],
> permitUndefined=true), requireAllAttributes=true, requiredAttributes={},
> rejectedAttributes={}, caseInsensitive=false), publicKey=null, properties={},
> contacts=[]), clientSecret=xx, clientId=onlineservice,
> bypassApprovalPrompt=true, generateRefreshToken=false, jwtAccessToken=false,
> supportedGrantTypes=[], supportedResponseTypes=[]), jwks=null,
> jwksAuthenticationMethod=client_secret_basic, signIdToken=true,
> encryptIdToken=true, idTokenEncryptionAlg=null, idTokenSigningAlg=null,
> idTokenEncryptionEncoding=null, sectorIdentifierUri=null, applicationType=web,
> subjectType=public, dynamicallyRegistered=false, implicit=false,
> dynamicRegistrationDateTime=null, scopes=[])]: [null]>
> 2019-05-17 16:38:54,042 TRACE
> [org.apereo.cas.support.oauth.web.views.OAuth20ConsentApprovalViewResolver] -
>  [https://sso2.company.de:8443/cas/oidc/authorize?response_type=code=openid_id=onlineservice=Ev9kuSd-M6eB7inyzc8MimIBP9Q_uri=http%3A%2F%2Fonlineservice2.company.de%2Fsecure%2Fredirect_uri=H_n_BDMb3scnes75g-qra5pzKvUL-O1zYs_HlnoM8T8]>
> May someone please give me a hint?

> Best regards,
> Christian

> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups "CAS
> Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email
> to cas-user+unsubscr...@apereo.org .
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a94d635b-4993-4bbf-a8dc-6c0ad534816f%40apereo.org
> .

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS

[cas-user] Re: Ranking Providers for step-up authentication

2019-05-20 Thread Misagh Moayyed

This might get you started in the right direction: 
https://apereo.github.io/2019/05/13/cas61x-mfa-selection-strategies/

On Monday, May 20, 2019 at 4:09:19 AM UTC-7, Fabio Martelli wrote:
>
> Hi All, I'd like to exploit "Ranking Providers" feature [1] in order to 
> implement a step-up authentication.
>
> My scenario is exactly the following:
>
>- CAS has achieved an SSO session, but a separate request now requires 
>step-up authentication with another provider of a greater "rank".
>
> Can someone address me in this direction? I didn't find any documentation 
> for implementing this feature.
>
> Thank you in advance.
>
> Regards,
>
> F.
>
> [1] 
> https://apereo.github.io/cas/5.2.x/installation/Configuring-Multifactor-Authentication.html#ranking-providers
>
> -- 
> Fabio 
> Martellihttps://it.linkedin.com/pub/fabio-martelli/1/974/a44http://blog.tirasa.net/author/fabio/index.html
>
> Tirasa - Open Source 
> Excellencehttp://www.tirasa.net/index.html?pk_campaign=email_kwd=fm
>
> Apache Syncope PMChttp://people.apache.org/~fmartelli/
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/75d6257e-e144-411c-b708-b0e906fd68dd%40apereo.org.

Re: [cas-user] Excluding system generated attributes in SAML response

2019-05-15 Thread Misagh Moayyed

https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#protocol-attributes
 

cas.authn.releaseProtocolAttributes=false 
cas.authn.authenticationAttributeRelease.neverRelease=A,B,C,D 

--Misagh 

> From: "Dustin Luck" 
> To: "CAS Community" 
> Sent: Wednesday, May 15, 2019 11:25:59 AM
> Subject: [cas-user] Excluding system generated attributes in SAML response

> I have set up an SP in my service registry in CAS 5.3.2. All of the 
> attributes I
> have included via the attributeReleasePolicy are being included in the
> response, however, many attributes that I didn't specify are being included as
> well. This is causing an error with the SP because the attributes are
> unexpected. Is there any way to exclude them? How would I do so?

> These are the attributes in question:

> * credentialType
> * samlAuthenticationStatementAuthMethod
> * isFromNewLogin
> * bypassMultifactorAuthentication
> * authenticationDate
> * authenticationMethod
> * authnContextClass
> * successfulAuthenticationHandlers
> * longTermAuthenticationRequestTokenUsed

> Thanks
> -Dustin

> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups "CAS
> Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email
> to cas-user+unsubscr...@apereo.org .
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/44a76c02-0a44-4adf-b4cf-0658185c450a%40apereo.org
> .

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1267976638.979817.1557945191769.JavaMail.zimbra%40unicon.net.

[cas-user] CAS 6.1 RC3 Release Annoucement

2019-04-29 Thread Misagh Moayyed

CAS 6.1 RC3 is released: 
https://github.com/apereo/cas/releases/tag/v6.1.0-RC3 

--Misagh 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/205766402.885568.1556563758154.JavaMail.zimbra%40unicon.net.

[cas-user] Re: 6.0.x Actuator endpoint security for cas config server

2019-04-26 Thread Misagh Moayyed

This doesn't exist, beyond what spring security natively allows with Boot 
v2 via properties, etc. The project focuses on the CAS server development 
with limited attention to peripheral projects as nice-to-haves. If you need 
to secure the config server in fancier ways, you may talk to the Spring 
Cloud project, ask for the feature and/or contribute or take inspiration 
from what the CAS server does and emulate the same behavior in the config 
server with code.

On Wednesday, April 24, 2019 at 6:48:17 AM UTC-7, Juna Grosse Lengerich 
wrote:
>
> Thank you Robert. 
> But that works because of the configuration adapter class that is included 
> in the cas server webapp, but not in the cas config server or cas bootadmin 
> server webapp.
> Which is our problem. 
>
> On Wednesday, 24 April 2019 15:34:35 UTC+2, Robert Bond wrote:
>>
>>
>> Here is a blog post by Misagh Moayyed about it: 
>> https://apereo.github.io/2018/11/06/cas6-admin-endpoints-security/
>>
>> On Wednesday, April 24, 2019 at 8:29:05 AM UTC-5, Juna Grosse Lengerich 
>> wrote:
>>>
>>> Hi,
>>>
>>> we're having a problem with the actuator configuration for our cas 
>>> config server.
>>> Since Spring Boot 2 the actuator endpoint security can't be configured 
>>> by properties anymore.
>>> But the cas server properties that allow security configuration seem to 
>>> be missing for both the config and admin server.
>>>
>>> The spring configuration adapters are defined in this class:
>>>
>>> https://github.com/apereo/cas/blob/6.0.x/webapp/cas-server-webapp-config/src/main/java/org/apereo/cas/web/security/CasWebSecurityConfigurerAdapter.java
>>>
>>> But the cas server webapp config dependency has conflicts with bean 
>>> definitions, so it can't just be included.
>>>
>>> Has anyone found a solution to this problem? We need unrestricted access 
>>> to the health endpoint for a health check
>>>
>>> Any help would be really appreciated
>>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1e54da6e-7241-4ed2-b07c-1f591de83000%40apereo.org.

[cas-user] Re: Dynamic data in webflow

2019-04-26 Thread Misagh Moayyed

This might help: 
https://apereo.github.io/2019/04/25/cas61x-webflow-decorations/

On Monday, April 22, 2019 at 2:37:59 PM UTC-7, Michael MacEachran wrote:
>
> all,
>
>   I need to inject dynamic data  (Message of the Day)  into the 
> casLoginView.html  
>
>   I have a basic understanding of thymleaf, but I am not sure where in cas 
> do I put a data model?
>
> Michael
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b11f39d-6018-4cd5-b0b5-a1fca3a3b87d%40apereo.org.

Re: [cas-user] CAS 6.x delegated auth chanied with different attributeRepository

2019-04-26 Thread Misagh Moayyed

This isn't quite possible to do as you describe it today. I'd suggest you 
wait until 6.1 RC4 as this is being somewhat worked. Otherwise, you might 
need to write your authentication handler and in there decide how to fetch 
attributes based on the client, etc.

On Tuesday, April 16, 2019 at 2:33:04 AM UTC-7, Julien Gribonvald wrote:
>
> Hi, 
>
> Sorry to re-run the question but how can I do that ? I've found how to 
> define a policy with authenticationHandlers but it doesn't help to chain 
> with an attributeRepository. 
>
> Is it possible to do what I want or I should chain all delegated 
> authenticationHandlers with all attributeResolver ? 
>
> Thanks, 
>
> Julien 
>
>
> Le 12/04/2019 à 11:24, Julien Gribonvald a écrit : 
> > Hi, 
> > 
> > Is there something already existing to map to a specific authn 
> > configuration a specific authn.attributeRepository ? 
> > 
> > I have several kind of external auth system and so the attribute 
> > resolution locally (local LDAP) should be done by different LDAP 
> > search request (and so attributeRepository), each authn system should 
> > have his own attributeRepository, and I need to avoid to chain all 
> > attributeRepository. Is it possible or should I implement something ? 
> > 
> > If I should implement something could you tell me what is the best way 
> > (and where to look) ? 
> > 
> > I'm following the CAS master branch. 
> > 
> > Thanks, 
> > 
> -- 
> Julien Gribonvald 
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1c38d176-bd4f-4fbc-80dd-12c33924df04%40apereo.org.

[cas-user] Re: CAS REST Password management 404

2019-04-26 Thread Misagh Moayyed

You are expected to write and design the API. 

On Monday, April 22, 2019 at 6:55:38 PM UTC-7, casuser wrote:
>
> Hello everyone, 
>
> we are using cas 5.3.8 in prod. I was trying to enable the rest password 
> management. I have added the dependencies and the required cas.properties 
> but getting a 404 response from CAS. 
>
> My cas.properties are as following:
>
> cas.authn.pm.rest.
> endpointUrlEmail=https://cas1.myschool.edu/cas/reset-email
> cas.authn.pm.rest.endpointUrlSecurityQuestions=
> https://cas1.myschool.edu/cas/reset-sq
> cas.authn.pm.rest.endpointUrlChange=
> https://cas1.myschool.edu/cas/change-password
>
>
> The response from cas was as follows:
>
> {
>   "timestamp": 1555313983769,
>   "status": 404,
>   "error": "Not Found",
>   "message": "No message available",
>   "path": "/cas/reset-sq"
> }
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4a0f6717-8134-42c5-bf5a-50e03ef8bc3c%40apereo.org.

[cas-user] Re: cas/p3/login ?

2019-04-26 Thread Misagh Moayyed

This might help: 
https://apereo.github.io/2017/06/23/cas-protocol-compatibility/

On Tuesday, April 23, 2019 at 9:23:51 AM UTC-7, Mukunthini Jeyakumar wrote:
>
> I've ended up with the situation same as yours when I was configuring 
> libauth with CAS v5.  Have you find the way to solve this?
>
> Thanks
>
> On Thursday, September 14, 2017 at 9:02:55 AM UTC-4, atilling wrote:
>
>> I'm configuring an application that was designed to work with version 2 
>> protocol but with the modification to release attributes.
>>
>> The application has one location to add the cas context path if I set the 
>> path to /cas the application logs in fine but can't get the attributes, if 
>> I set the path to /cas/p3 the application tries to redirect to 
>> /cas/p3/login?service=xxx which fails because that path isn't right for the 
>> login page.
>>
>> Is there a way to make /cas/p3/login, /cas/p3/logout etc redirect to the 
>> correct URL? It looks like I could change the URL in CasProtocolConstants 
>> but that would break other applications.
>>
>> I would suggest to make the redirect or some sort of alias standard to 
>> support these applications because I believe there are a lot of them.
>>
>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c447a32f-a937-48f7-9a7f-3aaecd49de9d%40apereo.org.

[cas-user] CAS 6.0.3 Release Annoucement

2019-04-09 Thread Misagh Moayyed

CAS 6.0.3 is released: 
https://github.com/apereo/cas/releases/tag/v6.0.3 

--Misagh 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1773834547.12495164.1554836532690.JavaMail.zimbra%40unicon.net.

[cas-user] Re: New install of Cas 6.1.0, json service not working

2019-03-29 Thread Misagh Moayyed

Is your client application sending a SAML1 authentication request to CAS? 

On Friday, March 29, 2019 at 3:05:23 PM UTC-7, Pablo Vidaurri wrote:
>
> Btw, i do see the service being loaded every minute in the log: registered service [.*]>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cbb7649c-55fb-4c87-90ea-2a2d6fe8052d%40apereo.org.

[cas-user] Re: CAS 5.3.x CAS Services Management and attribute uir like urn:oid:...

2019-03-29 Thread Misagh Moayyed

You may want to try the next SNAPSHOT, 5.3.10-SNAPSHOT.

On Friday, March 22, 2019 at 1:06:22 PM UTC-7, Christian Poirier wrote:
>
> Hi everybody
>
> I have an error using CAS Services Management 5.3.x when I try to save a 
> SAML2 service containing 
>
> "attributeFriendlyNames": {
> "@class": "java.util.HashMap",
> "urn:oid:1.3.6.1.4.1.5923.1.1.1.10": "eduPersonTargetedID",
> "urn:oid:1.3.6.1.4.1.5923.1.1.1.6": "eduPersonPrincipalName",
> "urn:oid:2.5.4.3": "cn",
> "urn:oid:2.5.4.4": "sn",
> "urn:oid:0.9.2342.19200300.100.1.3": "mail",
> "urn:oid:2.5.4.42": "givenName",
> "urn:oid:1.3.6.1.4.1.5923.1.1.1.9": "eduPersonScopedAffiliation",
> "urn:oid:1.3.6.1.4.1.5923.1.1.1.1": "eduPersonAffiliation",
> "urn:oid:2.16.840.1.113730.3.1.241": "displayName",
> "urn:oid:1.3.6.1.4.1.5923.1.1.1.7": "eduPersonEntitlement",
> "urn:oid:2.16.840.1.113730.3.1.39": "preferredLanguage",
> "urn:oid:1.3.6.1.4.1.5923.1.5.1.1": "isMemberOf"
>   },
>   "attributeNameFormats": {
> "@class": "java.util.HashMap",
> "urn:oid:1.3.6.1.4.1.5923.1.1.1.10": "uri",
> "urn:oid:1.3.6.1.4.1.5923.1.1.1.6": "uri",
> "urn:oid:2.5.4.3": "uri",
> "urn:oid:2.5.4.4": "uri",
> "urn:oid:0.9.2342.19200300.100.1.3": "uri",
> "urn:oid:2.5.4.42": "uri",
> "urn:oid:1.3.6.1.4.1.5923.1.1.1.9": "uri",
> "urn:oid:1.3.6.1.4.1.5923.1.1.1.1": "uri",
> "urn:oid:2.16.840.1.113730.3.1.241": "uri",
> "urn:oid:1.3.6.1.4.1.5923.1.1.1.7": "uri",
> "urn:oid:2.16.840.1.113730.3.1.39": "uri",
> "urn:oid:1.3.6.1.4.1.5923.1.5.1.1": "uri",
> "eduPersonTargetedID": "unspecified",
> "eduPersonPrincipalName": "unspecified",
> "email": "unspecified",
> "cn": "unspecified",
> "sn": "unspecified",
> "mail": "unspecified",
> "givenName": "unspecified",
> "eduPersonScopedAffiliation": "unspecified",
> "eduPersonAffiliation": "unspecified",
> "displayName": "unspecified",
> "eduPersonEntitlement": "unspecified",
> "preferredLanguage": "unspecified",
> "memberOf": "unspecified"
>   }
>
>
>
> The error is :
> =
> WHO: xxx
> WHAT: Map key urn:oid:0.9.2342.19200300.100.1.3 contains dots but no 
> replacement was configured! Make sure map keys don't contain dots in the 
> first place or configure an appropriate re
> placement!
> ACTION: SAVE_SERVICE_FAILED
> APPLICATION: CAS_Management
> WHEN: Fri Mar 22 16:02:17 EDT 2019
> CLIENT IP ADDRESS: 999.999.999.999
> SERVER IP ADDRESS: 999.999.999.999
> =
> 2019-03-22 16:02:17,055 ERROR 
> [org.apereo.cas.mgmt.services.web.AbstractManagementController] - Map key 
> urn:oid:0.9.2342.19200300.100.1.3 contains dots but no replacement was 
> configure
> d! Make sure map keys don't contain dots in the first place or configure 
> an appropriate replacement!
> org.springframework.data.mapping.model.MappingException: Map key urn:oid:
> 0.9.2342.19200300.100.1.3 contains dots but no replacement was configured! 
> Make sure map keys don't contain dot
> s in the first place or configure an appropriate replacement!
> at 
> org.springframework.data.mongodb.core.convert.MappingMongoConverter.potentiallyEscapeMapKey(MappingMongoConverter.java:725)
>  
> ~[spring-data-mongodb-1.10.15.RELEASE.jar:?]
>
>
>
>
> *Is the any way to resolve this error?*
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b0a0b433-c86b-4a29-a4e4-dcea3fd7ccea%40apereo.org.

[cas-user] Re: broken repository

2019-03-29 Thread Misagh Moayyed

The jasig repository was retired about 2-3 months ago; (almost) everything 
you'd need is already in maven central, bintray or various other public 
repos. 

On Wednesday, March 20, 2019 at 5:54:50 AM UTC-7, Fernando Gómez wrote:
>
> Hello the Jasig developer repository is broken recently, you know why I can 
> replace it, I need among other things to use: pac4j and can not download it 
> when I do make dev in maven
>
>   jasig-developer-repo   
> Jasig developer repository 
> http://developer.jasig.org/repo/content/groups/m2-legacy/  
> true 
> 
>   false
> 
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a74bd4a7-da1b-40c3-963c-c83d17efb140%40apereo.org.

[cas-user] Re: CAS 5.3.9 and Azure OIDC Delegation - ClassCastException in pac4j

2019-03-29 Thread Misagh Moayyed

You may want to try your luck with the next SNAPSHOT, 5.3.10-SNAPSHOT, and 
sidestep dependency changes.

On Thursday, March 28, 2019 at 1:31:38 PM UTC-7, Paul Bransford wrote:
>
> Thank you, this does the trick!
>
> There's some other concern around how to appropriately accomplish this in 
> my reply on the other group. I meant to put that all here instead of over 
> there, but what's sent is sent so I'll leave it be. If anyone else finds 
> this thread and needs to see that context, check out that other thread 
> here: https://groups.google.com/d/msg/pac4j-users/RlZ98-KhaXY/gytfPjojBQAJ
>
> Thank you once again!
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4f571186-8edd-4381-8a45-af6517d7d1e7%40apereo.org.

[cas-user] Re: Configure single datasource

2019-03-14 Thread Misagh Moayyed

The only way I know how, besides writing code, is if you setup a data 
source via JNDI and then set the name of that data source in CAS settings 
for authentications and audits.

https://apereo.github.io/cas/6.0.x/configuration/Configuration-Properties-Common.html#container-based-jdbc-connections

On Thursday, March 7, 2019 at 5:14:14 AM UTC-7, Diego Henrique Pagani wrote:
>
> Hello guys,
>
> I'm setting up CAS 6.0.1 searching for users on a database and also 
> configured the audit, which can use the same connection pool as the 
> database. 
> I'm trying to configure is that a single datasource, with connection pool 
> sharing between this two modules (and maybe others) functionalities of CAS, 
> but I'm not able to find how can I do it.
>
> What am I missing ? 
>
> Thanks!
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7e57115b-9938-4736-b365-f23261ff762e%40apereo.org.

[cas-user] CAS 6.1.0-RC2 Release Annoucement

2019-03-04 Thread Misagh Moayyed

CAS 6.1.0-RC2 is released: 
https://github.com/apereo/cas/releases/tag/v6.1.0-RC2 

- Since the release is still rather brand new, it might take a bit for 
artifacts to find their own into Maven Central. If you are eager to try, please 
wait until at least tomorrow morning MST before switching your overlay to RC2. 
- This release switched to and was performed using the "new" maven-publishing" 
Gradle plugin internally to get around some issues related to artifact signing 
with Gradle 5.2.1. If you run into issues with fetching newly released modules 
from central when the release becomes available, please speak up. 

--Misagh 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1002737109.9726632.1551738948069.JavaMail.zimbra%40unicon.net.

[cas-user] CAS 6.0.2 Release Annoucement

2019-03-04 Thread Misagh Moayyed

CAS 6.0.2 is released: 
https://github.com/apereo/cas/releases/tag/v6.0.2 

--Misagh 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1974783340.9703980.1551726779799.JavaMail.zimbra%40unicon.net.

[cas-user] CAS 5.3.9 Release Annoucement

2019-03-04 Thread Misagh Moayyed

CAS 5.3.9 is released: 
https://github.com/apereo/cas/releases/tag/v5.3.9 

--Misagh 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1676695701.9690927.1551721197334.JavaMail.zimbra%40unicon.net.

[cas-user] Re: Shibboleth IDP, CAS, Shibcas and authnContext

2019-02-22 Thread Misagh Moayyed

shib-cas-authn3 3.2.3 does not support handling authn context classes 
received from CAS. Switch to a more recent version such as a 3.2.4.beta4 
please. The readme also provides an example of how one can map MFA on CAS 
to the REFEDS profile, which might serve as inspiration for you.

On Friday, February 15, 2019 at 9:04:36 AM UTC-7, Mickaël wrote:
>
> Hi everybody,
>
> I have a Shibboleth IDP v3.4.3 with the plugin shibcas 3.2.3 for 
> delegating authentification to my CAS server in version 5.3.3.
> On my CAS server, for specific service, users should do an authentication 
> by login/password AND Google OTP.
>
> My problem is the next, my CAS return a strange value to my shibcas :
>
> 2019-02-15 16:17:54,149 - DEBUG 
> [net.unicon.idp.externalauth.ShibcasAuthServlet:44] - principalName found 
> and being passed on: XX
> 2019-02-15 16:17:54,150 - DEBUG 
> [net.unicon.idp.externalauth.ShibcasAuthServlet:94] - Added attribute 
> credentialType with values [UsernamePasswordCredential, 
> GoogleAuthenticatorTokenCredential]
> 2019-02-15 16:17:54,150 - DEBUG 
> [net.unicon.idp.externalauth.ShibcasAuthServlet:94] - Added attribute 
> samlAuthenticationStatementAuthMethod with values 
> [urn:oasis:names:tc:SAML:1.0:am:password, 
> urn:oasis:names:tc:SAML:1.0:am:unspecified]
> 2019-02-15 16:17:54,150 - DEBUG 
> [net.unicon.idp.externalauth.ShibcasAuthServlet:94] - Added attribute uid 
> with values XXX
> 2019-02-15 16:17:54,151 - DEBUG 
> [net.unicon.idp.externalauth.ShibcasAuthServlet:94] - Added attribute 
> isFromNewLogin with values true
> 2019-02-15 16:17:54,151 - DEBUG 
> [net.unicon.idp.externalauth.ShibcasAuthServlet:94] - Added attribute 
> bypassMultifactorAuthentication with values false
> 2019-02-15 16:17:54,151 - DEBUG 
> [net.unicon.idp.externalauth.ShibcasAuthServlet:94] - Added attribute 
> authenticationDate with values 2019-02-15T16:17:53.562+01:00[Europe/Paris]
> 2019-02-15 16:17:54,152 - DEBUG 
> [net.unicon.idp.externalauth.ShibcasAuthServlet:94] - Added attribute 
> authenticationMethod with values [LdapAuthenticationHandler, 
> GoogleAuthenticatorAuthenticationHandler]
> 2019-02-15 16:17:54,152 - DEBUG 
> [net.unicon.idp.externalauth.ShibcasAuthServlet:94] - Added attribute 
> authnContextClass with values mfa-gauth
> 2019-02-15 16:17:54,152 - DEBUG 
> [net.unicon.idp.externalauth.ShibcasAuthServlet:94] - Added attribute 
> successfulAuthenticationHandlers with values [LdapAuthenticationHandler, 
> GoogleAuthenticatorAuthenticationHandler]
> 2019-02-15 16:17:54,159 - DEBUG 
> [net.unicon.idp.externalauth.ShibcasAuthServlet:94] - Added attribute 
> longTermAuthenticationRequestTokenUsed with values false
> 2019-02-15 16:17:54,160 - DEBUG 
> [net.unicon.idp.externalauth.ShibcasAuthServlet:51] - Found attributes from 
> CAS. Processing...
>
> So my Shibboleth sent to the SP : 
> urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
>
> Is there a missing configuration on my CAS to send the right SAML 
> assertion ?
>
> Thanks for response.
>
> Sincerely, Mickaël
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b4e89992-0acd-4b69-afb3-12ea5324aa82%40apereo.org.

[cas-user] Re: CAS-5.3.8 displays cas login page before rediecting to openid provider login screen

2019-02-22 Thread Misagh Moayyed

The redirect is handled by a Javascript snippet: you can remove other 
elements on the screen to "blank" things out, or move the redirect call 
into something more immediate; maybe a meta-refresh tag.

On Thursday, February 21, 2019 at 2:10:24 AM UTC-7, john wrote:
>
> Hi , I upgraded Cas from 5.2.3 to 5.3.8 and when i try to use the url 
> http://localhost:8080/cas/oauth2.0/authorize?response_type=code_id=
> _uri=http://localhost:8080/test, cas displays default 
> login page(For a second) before redirecting to OpenId provider login 
> screen. I have set autoredirect to true for openid in cas.properties.
>
> Any idea how to redirect to openid login screen without displaying cas 
> login page.
>
>
> Thanks
>
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/64ffd74b-37ca-4e7c-bee1-57ac0523c157%40apereo.org.

Re: [cas-user] Re: How to register a service in CAS while using SAM2.0 protocol

2019-02-22 Thread Misagh Moayyed

Just to clarify: service identifiers can be a regex.

On Friday, February 22, 2019 at 5:07:16 AM UTC-7, Matthew Uribe wrote:
>
> I don't think you can use regex in the service id for SAML services. You 
> have to specify the service name exactly.
>
> On Fri, Feb 22, 2019, 2:31 AM Pameliya Mukherjee <
> pameliya.mukherj...@gmail.com> wrote:
>
>> I am using CAS 5.3.8.
>>
>> I have created the service like below and kept the file in 
>> etc\cas\services:
>>
>> {
>>"@class" : "org.apereo.cas.services.RegexRegisteredService",
>>   "serviceId" : "^https://.+;,
>>   "name" :  "SAML Authentication Request",
>>   "id" : 20190219131300,
>>   "accessStrategy" : {
>> "@class" : 
>> "org.apereo.cas.services.RemoteEndpointServiceAccessStrategy",
>> "endpointUrl" : "
>> https://cas.example.org/idp/profile/SAML2/Redirect/SSO;,
>> "acceptableResponseCodes" : "200,202"
>>   }
>> }
>>   
>> CAS properties like:
>> cas.authn.samlIdp.entityId=https://cas.example.org/cas/idp
>> cas.authn.samlIdp.scope=example.org
>>
>>
>> On Friday, February 22, 2019 at 12:40:16 PM UTC+5:30, Pameliya Mukherjee 
>> wrote:
>>>
>>> While I am hitting an endpoint like : "
>>> https://localhost:8443/cas/login?service=https://cas.example.org/cas/idp/profile/SAML2/Redirect/SSO=https://cas.org.example/cas/idp
>>>  
>>> 
>>> "
>>>
>>> I am getting error like: 
>>>
>>> 2019-02-22 12:31:13,015 WARN 
>>> [org.apereo.cas.web.flow.ServiceAuthorizationCheck] -<*Service 
>>> Management: missing service. Service 
>>> [https://cas.example.org/cas/idp/profile/SAML2/Redirect/SSO 
>>> ]
>>>  
>>> is not found in service registry.>*
>>> 2019-02-22 12:31:13,017 WARN 
>>> [org.apereo.cas.services.web.RegisteredServiceThemeResolver] - <*No 
>>> registered service is found to match 
>>> [AbstractWebApplicationService(id=https://cas.example.org/cas/idp/profile/SAML2/Redirect/SSO
>>>  
>>> ,
>>>  
>>> originalUrl=https://cas.example.org/cas/idp/profile/SAML2/Redirect/SSO 
>>> ,
>>>  
>>> artifactId=null, principal=null, source=service, loggedOutAlready=false, 
>>> format=XML, attributes={})] or access is denied. Using default theme 
>>> [cas-theme-default]>*
>>>
>>> *Please Help. I am new to this.*
>>>
>>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0b51dd1e-4034-41f1-8f6e-5fe257db29d7%40apereo.org.

[cas-user] Re: Custom encoder with cas 5.3

2019-02-22 Thread Misagh Moayyed

This might be of service to 
you: 
https://apereo.github.io/2017/02/22/cas51-dbauthn-tutorial/#password-encoding

On Thursday, February 21, 2019 at 8:10:37 PM UTC-7, Ngô Hữu Tiến wrote:
>
> How to custom encoderpassword with cas 5.3 ?
> hepl me 
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d995e4f0-9314-423e-b519-027c30f8d1f2%40apereo.org.

[cas-user] Re: CAS 5.3 OAuth2 NullPointerException

2019-02-22 Thread Misagh Moayyed

This seems like a side-effect of this pull 
request: https://github.com/apereo/cas/pull/3782 

This should be fixed in 5.3.9-SNAPSHOT, if you want to switch and try again.

On Friday, February 22, 2019 at 11:36:13 AM UTC-7, Rodrigo Siqueira wrote:
>
> Hi all,
>
> I'm having a small trouble with OAuth protocol. While all redirections 
> works as expected, after authenticating I'm getting a NPE in some internal 
> mechanism I didn't quite understand...
>
> Following stacktrace for reference:
> (Please, ask me for more info where possible, I'm clueless about where to 
> look this time...)
>
> 2019-02-22 14:26:30,067 ERROR 
> [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]]
>  
> -  [/cas] threw exception [Request processing failed; nested exception is 
> java.lang.NullPointerException] with root cause>
> java.lang.NullPointerException: null
> at 
> org.apereo.cas.support.oauth.profile.ClientIdAwareProfileManager.lambda$retrieveAll$0(ClientIdAwareProfileManager.java:40)
>  
> ~[cas-server-support-oauth-5.3.8.jar!/:5.3.8]
> at 
> java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:174) 
> ~[?:1.8.0_161]
> at java.util.Iterator.forEachRemaining(Iterator.java:116) ~[?:1.8.0_161]
> at 
> java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801)
>  
> ~[?:1.8.0_161]
> at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) 
> ~[?:1.8.0_161]
> at 
> java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) 
> ~[?:1.8.0_161]
> at 
> java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) 
> ~[?:1.8.0_161]
> at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) 
> ~[?:1.8.0_161]
> at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499) 
> ~[?:1.8.0_161]
> at 
> org.apereo.cas.support.oauth.profile.ClientIdAwareProfileManager.retrieveAll(ClientIdAwareProfileManager.java:41)
>  
> ~[cas-server-support-oauth-5.3.8.jar!/:5.3.8]
> at org.pac4j.core.profile.ProfileManager.getAll(ProfileManager.java:59) 
> ~[pac4j-core-3.4.0.jar!/:?]
> at 
> org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:130)
>  
> ~[pac4j-core-3.4.0.jar!/:?]
> at 
> org.pac4j.springframework.web.SecurityInterceptor.preHandle(SecurityInterceptor.java:65)
>  
> ~[spring-webmvc-pac4j-3.0.0.jar!/:?]
> at 
> org.apereo.cas.support.oauth.web.OAuth20HandlerInterceptorAdapter.preHandle(OAuth20HandlerInterceptorAdapter.java:41)
>  
> ~[cas-server-support-oauth-5.3.8.jar!/:5.3.8]
> at 
> org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:133)
>  
> ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
> at 
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:962)
>  
> ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
> at 
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
>  
> ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
> at 
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
>  
> ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
> at 
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
>  
> ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:665) 
> ~[javax.servlet-api-4.0.1.jar!/:4.0.1]
> at 
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
>  
> ~[spring-webmvc-4.3.20.RELEASE.jar!/:4.3.20.RELEASE]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750) 
> ~[javax.servlet-api-4.0.1.jar!/:4.0.1]
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
>  
> ~[tomcat-catalina-8.5.37.jar!/:8.5.37]
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>  
> ~[tomcat-catalina-8.5.37.jar!/:8.5.37]
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) 
> ~[tomcat-embed-websocket-8.5.37.jar!/:8.5.37]
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>  
> ~[tomcat-catalina-8.5.37.jar!/:8.5.37]
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>  
> ~[tomcat-catalina-8.5.37.jar!/:8.5.37]
> at 
> org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:30)
>  
> ~[cas-server-core-web-api-5.3.8.jar!/:5.3.8]
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>  
> ~[tomcat-catalina-8.5.37.jar!/:8.5.37]
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>  
> ~[tomcat-catalina-8.5.37.jar!/:8.5.37]
> at 
>

[cas-user] CAS 5.3.8 Release Annoucement

2019-02-13 Thread Misagh Moayyed

CAS 5.3.8 is released: 
https://github.com/apereo/cas/releases/tag/v5.3.8 

--Misagh 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1651870135.8254483.1550075422289.JavaMail.zimbra%40unicon.net.

[cas-user] CAS 5.3.7 Release Announcement

2019-01-02 Thread Misagh Moayyed

CAS 5.3.7 is released: 
https://github.com/apereo/cas/releases/tag/v5.3.7 

--Misagh 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1834949235.4638504.1546453583022.JavaMail.zimbra%40unicon.net.

[cas-user] Re: JWTs and Microservice

2018-12-04 Thread Misagh Moayyed

It shouldn't have to be registered, and no it's not considered "correct 
practice" to share in most cases.

On Thursday, November 29, 2018 at 2:26:10 AM UTC-7, Giuseppe Infurna wrote:
>
> Hi, 
> I have a web application connected with Cas 5.3.5 and it works.
> After logging into Cas, I return to my application with 
> redirect=true=eiyece . in url address
> Web application validates the jwt and creates a session cookie as 
> explained here.
>
> https://apereo.github.io/cas/5.3.x/installation/Configure-ServiceTicket-JWT.html
>
>
> Now, from my application I want to invoke remote microservices on a my 
> third app passing the jwt (ticket) that cas had provided me. 
> This  remote app valid the jwt and ok, but it should be registered on cas? 
> is it a correct practice?
>
> Regards
> Giuseppe
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/078b5a19-9857-4fa8-8df9-3968dae41f6e%40apereo.org.

[cas-user] CAS 5.2.9 Release Annoucement

2018-11-28 Thread Misagh Moayyed

CAS 5.2.9 has been released: 
https://github.com/apereo/cas/releases/tag/v5.2.9 

--Misagh 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/976157189.1757764.1543438788354.JavaMail.zimbra%40unicon.net.

[cas-user] CAS 5.3.6 Release Annoucement

2018-11-28 Thread Misagh Moayyed

CAS 5.3.6 has been released: 
https://github.com/apereo/cas/releases/tag/v5.3.6 

--Misagh 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1306731136.1757571.1543438751161.JavaMail.zimbra%40unicon.net.

Re: [cas-user] embedded tomcat request params

2018-11-07 Thread Misagh Moayyed

Bad curl command. Try: 

curl -k https://localhost:8443/cas/p3/serviceValidate?service=abc'&'ticket=123 

Note the single-quotes around &. 

--Misagh 

> From: "Bergner, Arnold" 
> To: cas-user@apereo.org
> Sent: Wednesday, November 7, 2018 4:19:14 AM
> Subject: [cas-user] embedded tomcat request params

> Hi,

> I’m trying to use CAS 6.0.0-RC4-SNAPSHOT, war-overlay, with embedded tomcat.

> Accessing the serviceValidate (and any other) endpoints, CAS only registers 
> the
> first request parameter (access log).

> curl -k https://localhost:8443/cas/p3/serviceValidate?service=abc=123

> response:

> 

> service and ticket 
> parameters
> are both required

> 

> access_log:

> 127.0.0.1 "GET /cas/p3/serviceValidate?service=abc HTTP/1.1" 200 (18878 ms)

> Switching around yields removal of the “service” parameter.

> I failed to configure the extended Access Log for more information, but I 
> doubt
> there would be any.

> Is anyone else experiencing this? Any hints?

> Regards,

> Arnold

> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups "CAS
> Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email
> to cas-user+unsubscr...@apereo.org .
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/9b518faf4caf4f3a96d9290bc1077986%40hrz.tu-darmstadt.de
> .

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1412258237.15107936.1541608296774.JavaMail.zimbra%40unicon.net.

[cas-user] Re: Error SAML 2.0 + Access Strategy

2018-10-31 Thread Misagh Moayyed

I can't recall specifically, but I do know this has been fixed in later 
versions of 5.3.x.

On Tuesday, October 30, 2018 at 7:48:43 PM UTC+3:30, Alexi Pascual wrote:
>
> hi,
>
> We have a SAML 2.0 integration with Coursera and it works well. However, 
> when I add an access rule, the following error appears:
>
> URL: 
> https://server.cl/cas/idp/profile/SAML2/Callback.+?entityId=https%3A%2F%2Fshibboleth.coursera.org%2Fsp=PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6QXV0aG5SZXF1ZXN0IHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0iaHR0cHM6Ly93d3cuY291cnNlcmEub3JnL2FwaS9zYW1sTG9naW4udjEvbG9naW4iIERlc3RpbmF0aW9uPSJodHRwczovL3Nzby51Yy5jbC9jYXMvaWRwL3Byb2ZpbGUvU0FNTDIvUmVkaXJlY3QvU1NPIiBGb3JjZUF1dGhuPSIwIiBJRD0ieUhsVjEwYWVTOS14YjhQLW5sUVhkZyIgSXNzdWVJbnN0YW50PSIyMDE4LTEwLTMwVDE2OjA5OjA3WiIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1QT1NUIiBWZXJzaW9uPSIyLjAiPjxzYW1sOklzc3VlciB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL3NoaWJib2xldGguY291cnNlcmEub3JnL3NwPC9zYW1sOklzc3Vlcj48c2FtbHA6TmFtZUlEUG9saWN5IEFsbG93Q3JlYXRlPSIxIi8%2BPC9zYW1scDpBdXRoblJlcXVlc3Q%2B=ST-1586-5sU7YpMxhVf22toid1e1msEd8oM-sso-prod3
>
> org.jasig.cas.client.validation.TicketValidationException: 
> UNAUTHORIZED_SERVICE
>   at 
> org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:84)
>   at 
> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:201)
>   at 
> org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController.validateRequestAndBuildCasAssertion(SSOSamlProfileCallbackHandlerController.java:149)
>   at 
> org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController.handleCallbackProfileRequest(SSOSamlProfileCallbackHandlerController.java:115)
>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>   at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>   at java.lang.reflect.Method.invoke(Method.java:498)
>   at 
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
>   at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
>   at 
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:741)
>   at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>   at 
> org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
>   at 
> org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
>   at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
>   at 
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673)
>   at 
> org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController$$EnhancerBySpringCGLIB$$4a57c9b7.handleCallbackProfileRequest()
>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>   at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>   at java.lang.reflect.Method.invoke(Method.java:498)
>   at 
> org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
>   at 
> org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133)
>   at 
> org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97)
>   at 
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827)
>   at 
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738)
>   at 
> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
>
> The rule is as follows:
>
> "requiredAttributes" : {
> "@class" : "java.util.HashMap",
> "employeeType" : [ 
> "java.util.HashSet", 
> [ 
> "1", 
> "2", 
> "3"
> ]
> ]
> }
>
> We can not continue with the integration without

[cas-user] Re: Problem with SAML2 delegated administration

2018-10-31 Thread Misagh Moayyed

If you mean the SP metadata, can you not modify that manually with the 
right URLs to match your proxy?

On Wednesday, October 31, 2018 at 12:09:52 PM UTC+3:30, Fabio Martelli 
wrote:
>
> Dear All, I have to ask for your help in order to achieve a specific 
> requirement.
>
> I have *2 **CAS 5.2 **instances  behind a proxy*. Unfortunately, *this 
> proxy could be referenced with two different names*.
>
> No problem in general as you can imagine except for *SAML delegated 
> administration*: in this case IdP provider URLs seem to be generated by 
> using what has been configured into cas.properties as 
> cas.server.name/cas.server.prefix.
>
> You know, in this specific case *assertionConsumerServiceURLs* are really 
> important. If this reference is not correct the *authentication fails*.
>
> Is there a way to achieve this requirement? If I have to override 
> something, could you address me where I have to change the behavior?
>
> Finally, if you think it could be a bug, please let me know if, in case, I 
> have to provide a PR.
>
> Thank you in advance.
>
> Best regards,
>
> F.
>
> -- 
> Fabio Martelli
> Tel 
> +393204726071https://it.linkedin.com/pub/fabio-martelli/1/974/a44http://blog.tirasa.net/author/fabio/index.html
>
> Tirasa S.r.l.
> Viale D'Annunzio 267 - 65127 Pescara
> Tel +39 0859116307 / FAX +39 085973http://www.tirasa.net
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0d853b00-fb47-4d80-ba3d-6c2fae734ace%40apereo.org.

[cas-user] CAS 5.3.x/5.2.x Release Announcements

2018-10-08 Thread Misagh Moayyed

CAS 5.3.4 is released: 
https://github.com/apereo/cas/releases/tag/v5.3.4 

CAS 5.2.8 is released: 
https://github.com/apereo/cas/releases/tag/v5.2.8 

--Misagh 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/246599216.12269499.1539034213033.JavaMail.zimbra%40unicon.net.

[cas-user] Re: authentication interrupt + delegated authentication = bug

2018-09-28 Thread Misagh Moayyed

This is fixed in the most recent 5.3.4-SNAPSHOT.

On Tuesday, July 17, 2018 at 8:06:14 PM UTC+4:30, Chia-Ying Yang wrote:
>
> I found that authentication interrupt (interrupt notifications) does not 
> work with delegated authentication.  Preliminary debugging suggests the 
> interrupt flow is attached to the realSubmit state, which delegated 
> authentication does not flow through at all.  I am on the 5.3.x branch. 
>
> Unfortunately fixing this bug requires good understanding of spring web 
> flow, and I am not qualified.  I am willing to offer whatever other 
> assistance is needed.  Would anyone want to team up? 
>
> Thank you, 
>
> David 
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/168fc23a-6f9e-4b9a-a771-3dc22ad5d39a%40apereo.org.

[cas-user] Re: One Active Session

2018-09-28 Thread Misagh Moayyed

This 
maybe: 
https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#unique-principal
 
?

On Friday, August 10, 2018 at 11:01:38 AM UTC+4:30, Ramakrishna G wrote:
>
> Hello All,
>
> I want to disable multiple session login with same user id from different 
> browser or machine or mobile app.
>
> In short, I want recently created session to continue with SSO system and 
> his previous session get invalidated automatically.
>
> How do I achieve it? Can someone help me.
>
> Thanks
> Ramakrishna G
> +91 8729114542
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/04cfb7d5-9ff5-445b-8a39-43bb41fe47c3%40apereo.org.

[cas-user] Re: How do I enable encryption of attributes

2018-09-28 Thread Misagh Moayyed

Not a rookie question at all. I don't think encrypted attributes are 
supported, individually or not. You will likely need to put together code 
that does that for you using OpenSAML and related CAS components.

On Friday, August 24, 2018 at 10:22:28 PM UTC+4:30, Ash wrote:
>
> hi,
>
> Rookie question
>
> How do I enable/disable encryption of individual attributes? 
> encryptAssertions 
> works fine for encrypting the assertion. But I'm looking to only encrypt 
> the attribute value. Not the whole assertion.
>
> Appreciate any input
>
> Thanks
>
> Ash
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4290398f-d9a6-47c2-a5f7-e3a9bfa1%40apereo.org.

[cas-user] Re: Indexed Salesforce Properties

2018-09-28 Thread Misagh Moayyed

No this isn't supported; You will need to manually add the integrations to 
your service registry or submit a pull request to take care of the indexed 
settings.

On Thursday, September 6, 2018 at 9:03:24 PM UTC+4:30, Siddharth 
Bhattacharjee wrote:
>
> Hello,
>
> I am trying to setup CAS as the Identity provider across multiple 
> salesforce sandboxes. 
>
> If we can place metadata from the individual sandboxes in the SAML 
> directory, can we have these properties indexed in any way?
>
> I'm thinking on these lines.
>
> # SAML 2.0 integration with Salesforce
> cas.samlSp.salesforce[0].metadata=/etc/cas/saml/sandbox1.xml
> cas.samlSp.salesforce[0].name=sandbox1
> cas.samlSp.salesforce[0].description=sandbox1 Integration
> cas.samlSp.salesforce[0].attributes=mail,eduPersonPrincipalName
>
> cas.samlSp.salesforce[1].metadata=/etc/cas/saml/sandbox2.xml
> cas.samlSp.salesforce[1].name=sandbox2
> cas.samlSp.salesforce[1].description=sandbox2 Integration
> cas.samlSp.salesforce[1].attributes=mail,eduPersonPrincipalName
>
> Any help on this is deeply appreciated.
>
> Regards,
> Sid
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a44c7763-f38e-4439-945b-9f6e447525c8%40apereo.org.

Re: [cas-user] Implementing a GRPC interface for CAS

2018-09-27 Thread Misagh Moayyed

You are more than welcome to contribute. Turn it into a CAS module and shoot a 
pull request. 

Some additional rants on the matter: 
https://apereo.github.io/2017/09/10/stop-writing-code/ 

--Misagh 

> From: "Jac Fitzgerald" 
> To: "CAS Community" 
> Sent: Thursday, September 27, 2018 2:24:15 PM
> Subject: [cas-user] Implementing a GRPC interface for CAS

> I would like to use CAS in our existing multi-service environment, where the
> default communication is through grpc. I was thinking that I could implement a
> grpc alternative to the existing REST Protocol
> (https://apereo.github.io/cas/5.0.x/protocol/REST-Protocol.html), and I can do
> it as an overlay but this also seems to fit well into the category of code not
> to write.

> Is grpc a common enough scenario that this belongs as a contribution to the 
> cas
> repo, or should I just go ahead and implement it as an overlay?

> (https://grpc.io/)

> cheers,
> Jac

> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups "CAS
> Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email
> to cas-user+unsubscr...@apereo.org .
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/49e93ae8-2893-49de-8515-6e5aa2b15939%40apereo.org
> .

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1041537298.11538920.1538083676132.JavaMail.zimbra%40unicon.net.

Re: [cas-user] Re: CAS 5.3 build erro

2018-09-27 Thread Misagh Moayyed

Your issue is: 
No cached version of com.google.code.findbugs:annotations:2.0.0 available for 
offline mode. 

And yet you're using the --offline flag. Remove the flag and try again. 

--Misagh 

> From: "JF Poulin" 
> To: "CAS Community" 
> Sent: Thursday, September 27, 2018 2:18:37 PM
> Subject: [cas-user] Re: CAS 5.3 build error

> The issue with google zxing and ANDROID_HOME seems to only happen when 
> building
> on Windows. I couldn't find a solid answer as to the impact on the final build
> or any workarounds. I ended up moving my build environment to linux to get
> building working much more smoothly and without errors.

> On Thursday, September 27, 2018 at 12:22:15 PM UTC-4, Yan Zhou wrote:
>> Hello,
>> I followed the build process on CAS page, doing the build on Windows.

>> This is my command, running from cas-server directory: gradlew build install
>> --parallel -x test -x javadoc -x check -offline

>> Here is the error.

>> > Task :webapp:cas-server-webapp-eureka-server:compileJava
>> Errors occurred while build effective model from
>> C:\Users\zhou_y\.m3\repository\com\google\zxing\core\3.3.2\core-3.3.2.pom:
>> 'dependencyManagement.dependencies.dependency.systemPath' for
>> com.google.android:android:jar must specify an absolute path but is
>> /${env.ANDROID_HOME}/platf
>> orms/android-22/android.jar in com.google.zxing:core:3.3.2

>> > Task :webapp:cas-server-webapp-bootadmin-server:war FAILED
>> > Task :webapp:cas-server-webapp-eureka-server:compileJava UP-TO-DATE

>> > Task :api:cas-server-core-api-configuration-model:compileJava
>> Note: Some input files use unchecked or unsafe operations.
>> Note: Recompile with -Xlint:unchecked for details.

>> FAILURE: Build failed with an exception.

>> * What went wrong:
>> Could not resolve all files for configuration
>> ':webapp:cas-server-webapp-bootadmin-server:runtimeClasspath'.
>> > Could not resolve com.google.code.findbugs:annotations:2.0.0.
>> Required by:
>> project :webapp:cas-server-webapp-bootadmin-server >
>> com.netflix.zuul:zuul-core:1.3.0 > com.netflix.archaius:archaius-core:0.6.0
>> project :webapp:cas-server-webapp-bootadmin-server >
>> com.netflix.zuul:zuul-core:1.3.0 > com.netflix.servo:servo-core:0.7.2
>>> No cached version of com.google.code.findbugs:annotations:2.0.0 available 
>>> for
>> > offline mode.
>>> No cached version of com.google.code.findbugs:annotations:2.0.0 available 
>>> for
>> > offline mode.
>>> No cached version of com.google.code.findbugs:annotations:2.0.0 available 
>>> for
>> > offline mode.
>>> No cached version of com.google.code.findbugs:annotations:2.0.0 available 
>>> for
>> > offline mode.
>>> No cached version of com.google.code.findbugs:annotations:2.0.0 available 
>>> for
>> > offline mode.
>>> No cached version of com.google.code.findbugs:annotations:2.0.0 available 
>>> for
>> > offline mode.
>>> No cached version of com.google.code.findbugs:annotations:2.0.0 available 
>>> for
>> > offline mode.
>>> No cached version of com.google.code.findbugs:annotations:2.0.0 available 
>>> for
>> > offline mode.
>>> No cached version of com.google.code.findbugs:annotations:2.0.0 available 
>>> for
>> > offline mode.

>> * Try:
>> Run with --stacktrace option to get the stack trace. Run with --info or 
>> --debug
>> option to get more log output. Run with --scan to get full insights.

>> * Get more help at https://help.gradle.org

>> BUILD FAILED in 3m 30s
>> 1040 actionable tasks: 12 executed, 1028 up-to-date

> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups "CAS
> Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email
> to cas-user+unsubscr...@apereo.org .
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/2a30e80f-8ef7-461d-b476-d977c523126c%40apereo.org
> .

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/121504925.11538246.1538083284527.JavaMail.zimbra%40unicon.net.

[cas-user] Re: SAML2 SLO SP initiated

2018-09-25 Thread Misagh Moayyed

Your analysis is correct. I believe more recent versions of 6 handle this 
scenario.

On Thursday, September 13, 2018 at 12:41:08 PM UTC+4:30, Fabio Martelli 
wrote:
>
> Il 12/09/2018 17:20, Fabio Martelli ha scritto:
>
> Hi All, I have some trouble with SAML2 SLO. 
>
> It seems that my IdP CAS 5.2.X does not provide any SAML logout response 
> to the SP sending SLO request to it. 
>
> What am I missing? Is there any particular configuration to be provided? 
> Does not CAS IdP support SP initiated? 
>
> Thank you in advance for your help. 
>
> Kind regards, 
>
> F. 
>
> Hi, looking into the code I found the abstract class 
> AbstractSamlSLOProfileHandlerController 
> [1].
>
> If I correctly interpreted its implementation, the SLO request handling 
> will result into a redirect to the path /cas/logout.
>
> In this way, a logout response will never be provided to the calling SP. 
> As far as I know, this is in contrast with SAML2 SLO specifications.
>
> Assuming that my analysis is correct, is there the possibility that this 
> behavior will be fixed in the future? I'm a bit worried about the fact that 
> the master provides the same implementation ...
>
> Please, let me have your feedback about.
>
> Regards,
>
> F.
>
> [1] 
> https://github.com/apereo/cas/blob/v5.2.7/support/cas-server-support-saml-idp/src/main/java/org/apereo/cas/support/saml/web/idp/profile/slo/AbstractSamlSLOProfileHandlerController.java#L101
>
> -- 
> Fabio 
> Martellihttps://it.linkedin.com/pub/fabio-martelli/1/974/a44http://blog.tirasa.net/author/fabio/index.html
>
> Tirasa - Open Source 
> Excellencehttp://www.tirasa.net/index.html?pk_campaign=email_kwd=fm
>
> Apache Syncope PMChttp://people.apache.org/~fmartelli/
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8f573ae4-6e7c-4c2d-9138-9b6949aed7e2%40apereo.org.

[cas-user] Re: A rumor about CAS loosing ADFS integration

2018-09-25 Thread Misagh Moayyed

The CAS integration with ADFS is fine. Though "Perfectly" is perhaps too 
strong a word :) But seriously, there is no basis to the rumor AFAIK. 
You're probably thinking of the Azure MFA SDK, whose integration is one 
that was removed from CAS about 8-9 months ago.

On Friday, September 7, 2018 at 6:59:21 PM UTC+4:30, Toby Archer wrote:
>
> There is a rumor roaming around my office right now that Microsoft is 
> terminating some SDK that CAS uses to integrate with ADFS. I can't seem to 
> get to the root of it, as with all rumors everyone heard it from some one 
> else, and some one heard it from an official blog post, though no one knows 
> which one. I've searched around the internet and haven't found anything. So 
> I figured I would ask here for clarification: Is there any validity to said 
> rumor? Or is CAS's integration with ADFS perfectly fine?
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fddcd24a-a684-481a-b175-76a000b3cef6%40apereo.org.

[cas-user] CAS 6 RC2: Release Announcement

2018-09-17 Thread Misagh Moayyed

CAS 6 RC2 is released: 
https://github.com/apereo/cas/releases/tag/v6.0.0-RC2 

--Misagh 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1346678157.10587516.1537184657256.JavaMail.zimbra%40unicon.net.

Re: [cas-user] security questions read but not managed?

2018-08-10 Thread Misagh Moayyed

Your best bet is to simply add the missing pieces where they belong. Items get 
completed based on availability, time, funding, interest, money and use case. 
If you find something missing, ideally you would do the work to build it in. 

Or start from zero. 

--Misagh

- Original Message -
> From: "Trenton D. Adams" 
> To: cas-user@apereo.org, "Misagh Moayyed" 
> Sent: Thursday, August 9, 2018 2:34:42 PM
> Subject: Re: [cas-user] security questions read but not managed?

> That's just odd.  I do not understand why a feature using challenge
> questions would be added without the ability to manage those questions.
> 
> So, should I be writing this feature completely separate from CAS then?
> I'm thinking probably yes, because CAS does seem to change significantly
> over time.
> 
> 
> On 2018-08-09 02:40 PM, Misagh Moayyed wrote:
>> That is true.
>>
>> --Misagh
>>
>> - Original Message -
>>> From: "Trenton D. Adams" 
>>> To: "CAS Community" 
>>> Sent: Thursday, August 9, 2018 1:17:04 PM
>>> Subject: [cas-user] security questions read but not managed?
>>> Hi Guys,
>>>
>>> I'm a bit confused about something.  It appears that CAS does not
>>> support management of challenge questions, but only using them, is that
>>> true?
>>>
>>> Thanks.
>>>
>>> --
>>> Trenton D. Adams
>>> Senior Systems Analyst/Web Software Developer
>>> Applications Unit - ITS
>>> Athabasca University
>>> (780) 675-6195
>>>
>>> It is only when you are surrounded by a supportive team, that you can 
>>> achieve
>>> your best.  Instead of tearing people down, try building them up!
>>>
>>> --
>>> This communication is intended for the use of the recipient to whom it is
>>> addressed, and may contain confidential, personal, and or privileged
>>> information. Please contact us immediately if you are not the intended
>>> recipient of this communication, and do not copy, distribute, or take action
>>> relying on it. Any communications received in error, or subsequent reply,
>>> should be deleted or destroyed.
>>> ---
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google Groups 
>>> "CAS
>>> Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email
>>> to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/9b59ea99-b6eb-dd79-9403-8ad737ad0798%40athabascau.ca.
> 
> --
> Trenton D. Adams
> Senior Systems Analyst/Web Software Developer
> Applications Unit - ITS
> Athabasca University
> (780) 675-6195
> 
> It is only when you are surrounded by a supportive team, that you can achieve
> your best.  Instead of tearing people down, try building them up!
> 
> --
> This communication is intended for the use of the recipient to whom it is
> addressed, and may contain confidential, personal, and or privileged
> information. Please contact us immediately if you are not the intended
> recipient of this communication, and do not copy, distribute, or take action
> relying on it. Any communications received in error, or subsequent reply,
> should be deleted or destroyed.
> ---
> 
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups "CAS
> Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email
> to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/79abcd19-33fa-9086-7806-b53cbfe27a74%40athabascau.ca.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/458619598.7334139.1533915781890.JavaMail.zimbra%40unicon.net.

Re: [cas-user] security questions read but not managed?

2018-08-09 Thread Misagh Moayyed

That is true. 

--Misagh

- Original Message -
> From: "Trenton D. Adams" 
> To: "CAS Community" 
> Sent: Thursday, August 9, 2018 1:17:04 PM
> Subject: [cas-user] security questions read but not managed?

> Hi Guys,
> 
> I'm a bit confused about something.  It appears that CAS does not
> support management of challenge questions, but only using them, is that
> true?
> 
> Thanks.
> 
> --
> Trenton D. Adams
> Senior Systems Analyst/Web Software Developer
> Applications Unit - ITS
> Athabasca University
> (780) 675-6195
> 
> It is only when you are surrounded by a supportive team, that you can achieve
> your best.  Instead of tearing people down, try building them up!
> 
> --
> This communication is intended for the use of the recipient to whom it is
> addressed, and may contain confidential, personal, and or privileged
> information. Please contact us immediately if you are not the intended
> recipient of this communication, and do not copy, distribute, or take action
> relying on it. Any communications received in error, or subsequent reply,
> should be deleted or destroyed.
> ---
> 
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups "CAS
> Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email
> to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/9b59ea99-b6eb-dd79-9403-8ad737ad0798%40athabascau.ca.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/74736266.7269121.1533847244003.JavaMail.zimbra%40unicon.net.

1 2 3 4 5 6 >

1 - 100 of 563 matches

Mail list logo