Re: [cas-user] CAS 6.3.x + Google Auth as 2FA

2 > > > Maybe there is another way? > wtorek, 13 kwietnia 2021 o 15:22:29 UTC+2 Philippe MARASSE napisał(a): > > A good question indeed :-) > > I've took a look over my overlay, it seem that I only overloaded > the flawed class from the commit : > >

Re: [cas-user] CAS 6.3.x + Google Auth as 2FA

t; after build. Maybe it's possible to replace/edit it? > Regards  > Bartek > > > wtorek, 13 kwietnia 2021 o 14:06:08 UTC+2 Philippe MARASSE napisał(a): > > Hello, > > It has been fixed there > > https://github.com/apereo/cas/commit/e7c

Re: [cas-user] CAS 6.3.x + Google Auth as 2FA

stry.redis.pool.test-while-idle": "false", >   "cas.ticket.registry.redis.port": "6379", >   "cas.ticket.registry.redis.timeout": "2000", >   "cas.ticket.registry.redis.use-ssl": "false", > > Any hints?

Re: [cas-user] CAS 6.x + 2FA/MFA with Google Authenticator

3e90e-b6c3-4bdb-917d-d59141c2d6f2%40nitkiewicz.eu > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/5a83e90e-b6c3-4bdb-917d-d59141c2d6f2%40nitkiewicz.eu?utm_medium=email_source=footer>. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri L

Re: [cas-user] CAS 6.x + 2FA/MFA with Google Authenticator

https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ac21753-2b33-44ca-aec5-84d2d0fa5865n%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ac21753-2b33-44ca-aec5-84d2d0fa5865n%40apereo.org?utm_medium=email_source=footer>. -- Philippe MARASSE Responsable pôle Infrastru

Re: [cas-user] CAS 6.3.2 Google Auth OTP Validation Issue

https://github.com/apereo/cas/commit/e7cb3b8b44867addcb6b8510cbbed45cbc9b265f>). > > Pavlos > > On Tue, Mar 9, 2021 at 10:19 PM 'Philippe MARASSE' via CAS Community > mailto:cas-user@apereo.org>> wrote: > > Folks, > > Since we've installed our new cas

[cas-user] CAS 6.3.2 Google Auth OTP Validation Issue

-support-redis-ticket-registry:${project.'cas.version'}" } And relevant configuation in cas.properties : cas.authn.mfa.gauth.code-digits=6 cas.authn.mfa.gauth.time-step-size=30 cas.authn.mfa.gauth.rank=2 Any idea ? Regards. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Cen

Re: [cas-user] CAS 6.3.0-RC3 issue with MFA selector menu

ava:48)     at java.util.Optional.map(Optional.java:265) ~[?:?] Regards. Le 06/10/2020 à 17:51, 'Philippe MARASSE' via CAS Community a écrit : > Folks, > > I'm testing the possibility to let the user choose MFA token to use, in > fact between u2f and google authenticator. > > I h

Re: [EXTERNAL SMIME EMAIL] [cas-user] Cas Management webapp does not start anymore

error of requiring the Incommon > Federation certificate as a requirement to start. > >   > > If you search the for incommon.pem over the last few weeks discussion > you’ll find several answers to this problem. > >   > >   > >   > > *From:*'Philippe MARASSE' via CAS

[cas-user] CAS 6.3.0-RC3 issue with MFA selector menu

:28:50 CEST 2020 CLIENT IP ADDRESS: SERVER IP ADDRESS: = If I use cas.authn.mfa.provider-selection-enabled=false, I cannot choose the 2FA but it works... Any clue ? Regards. -- Philippe MARASSE Responsable pôle Infrastructures

[cas-user] Cas Management webapp does not start anymore

: *screen.service.error.message* ... Any idea ? If I switch back to 6.1.0-RC4, it works. Regards. -- Philippe MARASSE Responsable pôle Infrastructures Direction de l'Informatique, Support à la Communication et à l'Organisation (DISCO) Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021

Re: [cas-user] CAS 6.1 - decipher / cipher an arbitrary attribute

to do yet. Philippe. Le 16/04/2020 à 17:52, Ray Bon a écrit : > Philippe, > > I do not know the exact answer. But check how clear pass works. It > encrypts the password with the service's public key. > > Ray > > On Thu, 2020-04-16 at 16:49 +0200, 'Philippe MARASSE' via CAS

[cas-user] CAS 6.1 - decipher / cipher an arbitrary attribute

guacamole in a safe way. Cheers. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo

Re: [cas-user] Re: cas 6.1 with u2f

/0b45cc66-1160-48aa-9320-b4fabc54ae75%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0b45cc66-1160-48aa-9320-b4fabc54ae75%40apereo.org?utm_medium=email_source=footer>. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS

Re: [cas-user] AJP with header too big

e the packetSize of the AJP connector, but it's missing > from > https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#ajp > > Is it hidden somewhere else ? > > > -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS

Re: [cas-user] CAS 5 - SNPEGO with LDAP fallback

google.com/a/apereo.org/d/msgid/cas-user/c9b1459f-54ca-48a5-9b0f-868dadaf0b17%40apereo.org?utm_medium=email_source=footer>. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19

Re: [cas-user] Blank first 401 page with SPNEGO

If it fits your use case it's perfect. In our case we want Spnego for all internal accesses so CAS needs to stop and does not offer login/password if Spnego fails. Regards. Le 14/02/2017 à 15:22, Felix Schumacher a écrit : > Am 13.02.2017 18:45, schrieb 'Philippe MARASSE' via CAS Commun

Re: [cas-user] Blank first 401 page with SPNEGO

: - casSpnegoNegotiateView.html (first 401 view) - casSpnegoAuthenticationFailureView.html (auth failure view) - casSpnegoErrorView.html (all other errors view) Regards. Le 13/02/2017 à 18:07, Felix Schumacher a écrit : > > Am 13. Februar 2017 17:28:44 MEZ schrieb 'Philippe MARASSE' via CAS Community >

Re: [cas-user] Blank first 401 page with SPNEGO

e user is therefore > greeted with an empty page. > > Is this a bug, or do I have to specify anything to get the first 401 > page have the login page included? > > Regards, > Felix > -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10

Re: [cas-user] CAS 5.0.0 with Active Directory Authentication

ation.PolicyBasedAuthenticationManager] - > > 2016-12-13 12:14:20,368 WARN > [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - > find authentication handler that supports [testuser] of type > [UsernamePasswordCredential], which suggests a configuration problem.> > > On Monday, December 12, 2

Re: [cas-user] CAS 5.0.0 with Active Directory Authentication

lal > wrote: > > Hell Philippe, > > So how to we can configure the LDAP authentication handler? > > Thanks. > > > > On Monday, December 12, 2016 at 12:01:20 PM UTC+3, Philippe > MARASSE wrote: > > Hello, > > No, it's n

Re: [cas-user] CAS-5.1.0-SNAP MFA Bypass configuration property is confusing

t; MFA based on the Ldap handler, that pretty much confirms my theory. > > > > File an issue either way please. (And since you’re on SNAPSHOT, let’s > move this to dev) > > > > --Misagh > > > > *From:*'Philippe MARASSE' via CAS Community [mailto:cas-user@aper

[cas-user] CAS-5.1.0-SNAP MFA Bypass configuration property is confusing

dler, LdapAuthenticationHandler whe I use login form, fine. and successfulAuthenticationHandlers: JcifsSpnegoAuthenticationHandler with SPNEGO, perfect :-). but IMHO, bypass configuration option behavior is inverted. Regards. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Ce

Re: [cas-user] CAS 5.1.0-SNAPSHOT no more mfa-yubikey ??

--Misagh > > > -Original Message- > From: 'Philippe MARASSE' via CAS Community [mailto:cas-user@apereo.org] > Sent: Thursday, November 17, 2016 4:37 AM > To: CAS Community <cas-user@apereo.org> > Subject: [cas-user] CAS 5.1.0-SNAPSHOT no more mfa-yubikey ?? > > H

Re: [cas-user] CAS 5 does not read cas.properties file

n Monday, August 8, 2016 at 9:42:40 AM UTC-5, Philippe MARASSE wrote: > > Folks, > > I'm preparing a new CAS service for our organisation (we use CAS > 3.5 for years now :-) ), my plan is to upgrade to v5 in order to > use MFA. > > I'm using maven ove

[cas-user] CAS 5.1.0-SNAPSHOT no more mfa-yubikey ??

Hello, After disabling spnego, I wanted to test MFA yubikey with CAS 5.1.0-SNAP, unfortunately I get authenticated without MFA : 2016-11-17 11:51:36,559 DEBUG [org.apereo.cas.web.flow.resolver.impl.RegisteredServiceAuthenticationPolicyProviderResolver] - 2016-11-17 11:51:36,569 DEBUG

Re: [cas-user] CAS 5.1.0-SNAPSHOT - SPNEGO broken ?

or SWF). > > --Misagh > > -Original Message- > From: 'Philippe MARASSE' via CAS Community [mailto:cas-user@apereo.org] > Sent: Wednesday, November 16, 2016 3:20 AM > To: CAS Community <cas-user@apereo.org> > Subject: [cas-user] CAS 5.1.0-SNAPSHOT - SPNEGO broken ? &g

[cas-user] CAS 5.1.0-SNAPSHOT - SPNEGO broken ?

. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing

Re: [cas-user] Re: Custom Authentication Handler in version 5.0.0

discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ee8f8ac-5761-43d7-ade1-ad95b6e11e3f%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ee8f8ac-5761-43d7-ade1-ad95b6e11e3f%40apereo.org?utm_medium=email_source=footer>. -- Phil

Re: [cas-user] Level of identity assurance implementation in CAS 5.0

uld be an attractive > feature to add; to turn on/off mfa levels conditionally based on mode > of authentication. You’re welcome to file a request. > > -- > Misagh > > From: Philippe MARASSE <philippe.mara...@ch-poitiers.fr> > <mailto:philippe.mara...@ch-poitiers

Re: [cas-user] Workflow for SPNEGO partly broken with 5.0.0-RC3

gt; From: Philippe MARASSE <philippe.mara...@ch-poitiers.fr> > <mailto:philippe.mara...@ch-poitiers.fr> > Reply: Philippe MARASSE <philippe.mara...@ch-poitiers.fr> > <mailto:philippe.mara...@ch-poitiers.fr> > Date: October 5, 2016 at 3:37:18 PM > To: c

Re: [cas-user] Level of identity assurance implementation in CAS 5.0

3:19, Misagh Moayyed a écrit : > > What exactly do these points mean? > > > If you mean to say, multiple MFA options are assigned to a user, and > you wish to rank them by weight, that’s already supported. > > > -- > Misagh > > From: Philippe

[cas-user] Issue with json service registry between CASv5 RC3-SNAP and RC4-SNAP

) is instantiated instead of jsonServiceRegistry found in cas-server-support-json-service-registry module. Environment is the same as last week (Tomcat 8.5.4 / java 8u101). Regards. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques

Re: [cas-user] Level of identity assurance implementation in CAS 5.0

No idea, really ? It's mentioned in section MFA of https://apereo.github.io/cas/4.2.x/planning/Security-Guide.html but not anymore on v5 https://apereo.github.io/cas/development/planning/Security-Guide.html ?? Regards. Le 29/09/2016 à 14:43, Philippe MARASSE a écrit : > Hello, >

[cas-user] Level of identity assurance implementation in CAS 5.0

gain access with SPNEGO, and external users will be requested login/password only for Webmail, and login/password + MFA for Personal Informations. Is it already possible with CASv5 ? I think it will need some development though, in this case, I'll need directions :-) Regards. -- Philippe

Re: [cas-user] CAS 5.0.0RC1 - MFA webflow not found

/apereo.org/d/msgid/cas-user/etPan.57e567f8.1ae214b4.2e6e%40unicon.net > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57e567f8.1ae214b4.2e6e%40unicon.net?utm_medium=email_source=footer>. > For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- Phi

Re: [cas-user] CAS 5.0.0RC1 - MFA webflow not found

( https://apereo.github.io/cas/development/installation/Configuring-Multifactor-Authentication.html#yubikey ), there's a mention of "id" field, but I didn't find any reference in my configuration files. Regards. Le 16/09/2016 à 16:57, Philippe MARASSE a écrit : > Hello, > > I'm tr

[cas-user] CAS 5.0.0RC1 - MFA webflow not found

tionExecutor] - Is login-webflow.xml needing modifications (documentation does not mention this) ? Regards. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- You received

Re: [cas-user] Re: CAS 2.0 not return attributes.

Thanks in Advance, > > > -- > You received this message because you are subscribed to the Google > Groups "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to cas-user+unsubscr...@apereo.org > <m

[cas-user] CAS management Webapp 5.0.0RC1 default locale

the right localized page. Regards. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- You received this message because you are subscribed to the Google Groups &quo

Re: [cas-user] YUbikey MFA and customized validation URLs

Sep 14, 2016 at 06:30, Philippe MARASSE > <philippe.mara...@ch-poitiers.fr> wrote: > > Actually, we're testing a few Yubikeys with customized > cryptographic keys, so public Yubico API's cannot validate our > tokens. I've set up a local validation server that work

Re: [cas-user] YUbikey MFA and customized validation URLs

disable a certain API version? > > > -- > Misagh > > From: Philippe MARASSE <philippe.mara...@ch-poitiers.fr> > <mailto:philippe.mara...@ch-poitiers.fr> > Reply: Philippe MARASSE <philippe.mara...@ch-poitiers.fr> > <mailto:philippe.mara...@ch-poi

Re: [cas-user] Custom Authentication Handler in version 5.0.0

r@apereo.org > <mailto:cas-user@apereo.org>. > Visit this group at > https://groups.google.com/a/apereo.org/group/cas-user/. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/9a92aede-f879-4387-ad16-cdecbfffbd8b%40apereo.org >

[cas-user] CAS 5.0.0 SPNEGO - How to send a view after a failed authentication

Folks, Actually, when SPNEGO authentication fails, it's falling back to login form (wether cas.authn.spnego.send401OnAuthenticationFailure is true or false). But in our configuration, on a failure, we need to send a specific view. How can I achieve that behavior ? Regards. -- Philippe MARASSE

Re: [cas-user] CAS 5.0.0 SPNEGO issue

Done. #1946 Le 11/08/2016 à 22:27, Misagh Moayyed a écrit : > Possibly. Could you issue a pull with the updates you have in mind to > the docs? > > -- > Misagh > > From: Philippe MARASSE <philippe.mara...@ch-poitiers.fr> > <mailto:philippe.mara...@ch-poiti

Re: [cas-user] New to CAS, new to Apereo

t; <mailto:cas-user@apereo.org>. > Visit this group at > https://groups.google.com/a/apereo.org/group/cas-user/. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/df64e990-a4f5-406a-871e-f4a8ea96d289%40apereo.org > <https://groups.goo

Re: [cas-user] CAS 5.0.0 SPNEGO issue

cas.authn.spnego.ipsToCheckPattern=172.+ cas.authn.spnego.send401OnAuthenticationFailure=false cas.authn.spnego.principalWithDomainName=false it works... Is the documentation needing update ? Regards. Le 10/08/2016 à 17:42, Philippe MARASSE a écrit : > Folks, > > I'm testing my freshly inst

[cas-user] CAS 5.0.0 SPNEGO issue

? Regards. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubs

Re: [cas-user] CAS 5 + phpCAS client + SAML 1.1 service validation

Done : https://github.com/apereo/cas/issues/1943 Regards. Le 10/08/2016 à 13:57, Misagh Moayyed a écrit : > > > I don’t think you have. Go ahead and file an issue please. > > > On Wednesday, August 10, 2016 at 4:46:07 AM UTC-7, Philippe MARASSE > wrote: > > BT

[cas-user] CAS 5 + phpCAS client + SAML 1.1 service validation

roupId} cas-server-support-json-service-registry ${cas.version} org.apereo.cas cas-server-support-saml ${cas.version} Am I missing something (again :-) ) ? Regards. -- Philippe MARASSE Responsabl

Re: [cas-user] CAS 5 does not read cas.properties file

agh Moayyed a écrit : > Simply put, you should be following the docs here: > https://github.com/apereo/cas-overlay-template/tree/5.0 > > There is no “propertyFileConfigurer.xml”. > Using “deployerConfigContext.xml” is also useless for most if not all > cases. > > -- > Mis

[cas-user] CAS 5 does not read cas.properties file

} runtime ${cas.groupId} cas-server-support-json-service-registry ${cas.version} Regards. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers

Re: [cas-user] French enteprise to integrate JASIG with SPNEGO

m > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABjbDXTu2oDXd%2BRjvt%2BXyc4h2sTekoxtH1jveQXCXeYxxqng7w%40mail.gmail.com?utm_medium=email_source=footer>. > For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO