Re: [cas-user] log4j vulnerability remediation

We had the same problem and we did the following: 1. Overwrite BOM defined version in gradle.properties # BOM overwritten versions # CVE-2021-44228 critical fix in 2.15.0. # 2.16.0 further secures. # See https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4 log4j2.version=2.16.0 2. ad

Re: [cas-user] log4j2 vulnerability

sses present in Apache Tomcat. There will be more that are found. Update Log4j or put the environment variable in. From: cas-user@apereo.org on behalf of Robert Oschwald Sent: Saturday, December 11, 2021 09:24 To: cas-user@apereo.org Subject: Re: [cas-user] log4j

Re: [cas-user] log4j2 vulnerability

Jdk 1.8 192 or newer or jdk11 11.0.2 or newer are not affected it seems, as JNDI lookups are disabled there by default. https://www.veracode.com/blog/security-news/urgent-analysis-and-remediation-guidance-log4j-zero-day-rce-cve-2021-44228 Sent while mobile. > Am 11.12.2021 um 13:44 schrieb An

Re: [cas-user] Sample Java Web Application to test the login

https://www.baeldung.com/spring-security-cas-sso Sent while mobile. > Am 06.11.2019 um 08:37 schrieb Steve Cheung : > >  > Hi all, > > I have setup and run a overlay cas war 6.2.0 in my local environment with > simple configuration. > > The next step I would like to setup a sample web app

Re: [cas-user] CAS 5.3, where is LOGGER defined with @Slf4j?

https://github.com/apereo/cas/blob/5.3.x/lombok.config <https://github.com/apereo/cas/blob/5.3.x/lombok.config> > Am 08.10.2018 um 16:53 schrieb Robert Oschwald : > > https://projectlombok.org/features/log > <https://projectlombok.org/features/log> > > >

Re: [cas-user] CAS 5.3, where is LOGGER defined with @Slf4j?

https://projectlombok.org/features/log See lombok.config file You need this file in your overlay project. > Am 08.10.2018 um 16:32 schrieb Yan Zhou : > > Hello, > > Looking at CAS 5.3 source code, I need to customize action class, so I > create a

Re: [cas-user] Custom login theme and templates for cas 5.2.2

Just copy the page / resources you want to modify. This way, it is also easier for you to compare if you want to upgrade to a newer version of CAS. > Am 12.02.2018 um 06:39 schrieb Matthew Hannay : > > Just 1 thing is not 100% clear > > Do I copy all of > overlays/org...cas-server-webapp-tom

Re: [cas-user] Creating custom JDBC authentication handler!

you can introduce your own config keys in cas.properties and define your own Config bean. Access the properties with @Value annotation in the config bean like so: @Configuration(„myCustomApplicationConfiguration") @EnableConfigurationProperties(CasConfigurationProperties.class) @AutoConfigureAfte

Re: [cas-user] Re: CAS 5.2 Getting more attributes from CAS than just user id

If the attributes are stored in the same records as the authentication, CAS needs a second query to the same db to fetch the attributes. Thats the reason why I built the DirectMappedPersonAttributeDao, which you can inject into your authentication handler to directly set the attributes in one go

Re: [cas-user] CAS 5.2.0 How to configure cas in that way so that it listen to HTTP?

I strongly recommend to not use the approach you try to configure. Connection between the LB and CAS Servers should be encrypted as well. > Am 14.12.2017 um 08:13 schrieb casuser : > > Thank you Cristina, > > Actually what I meant was lets say https://example.com will go to a load > balancer

Re: [cas-user] Re: Creating custom JDBC authentication handler!

By default, CAS scans only the org.apereo.cas.config package, so you config bean is not picked up. You can either move the config bean to the org.apereo.cas.config package, or you register your Config bean. See https://apereo.github.io/2017/02/21/cas-autocfg-strategy/

Re: [cas-user] How ticket cleanup works in clustered CAS environment

Of course you can add tickets while cleaner is running, assuming you properly configured the cas.ticket.registry.jpa.dialect property (e.g. using org.hibernate.dialect.MySQL5InnoDBDialect). > Am 26.07.2017 um 13:52 schrieb shruti halgekar : > > Thank you for your reply. I have one more query,

Re: [cas-user] CAS 5.0.5 how to release attributes with Protocol V 2.0

You do not need to customize CasServiceValidationSuccess.html, if you just want to release attributes the same way as p3. For 5.0.5, you currently need to do the following things: 1. Overwrite the serviceValidateController bean definition, and wire in the cas3ServiceSuccessView, like so: @Bean

Re: [cas-user] Overloading Bean Configuration does not work in 5.0.4

:-( This means I need to overlay the whole CasValidationConfiguration bean. > Am 04.05.2017 um 17:46 schrieb Dmitriy Kopylenko : > > The reason is that currently serviceValidateController bean in CAS is not > @ConditionalOnMissingBean > > D. > > > From: robertoschwald >

Re: [cas-user] Redirect to arbitrary URL after logout

https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet How to prevent that: - Register the redirect url as a service - check the redirect URL if the domain name is contained in any registered service (thats a custom extension you have to build on your own) - Separate conf

Re: [cas-user] 4.1.2: JpaTicketRegistry: No transactional EntityManager available

schrieb Misagh Moayyed : > > No you should not have to use the same transaction manager. > > - Misagh > >> On Dec 1, 2015, at 8:00 AM, Robert Oschwald wrote: >> >> >> As I use the JPA Ticket Registry and the JPA Service Registry in my CAS &

[cas-user] Re: 4.1.2: JpaTicketRegistry: No transactional EntityManager available

As I use the JPA Ticket Registry and the JPA Service Registry in my CAS 4.1.2 Server, I assume I need to use the same transactionManager for TicketRegistry and ServiceRegistry. Therefore I set in the CAS-Server deployerConfigContext: and in the CAS-Server ticketRegistry.xml I added the point

[cas-user] 4.1.2: JpaTicketRegistry: No transactional EntityManager available

Hi all, while configuring CAS 4.1.2 with JpaTicketRegistry, I cannot get it to work. I always receive the following Exception: Exception thrown executing org.jasig.cas.web.flow.GenerateServiceTicketAction@6e6a43a4 in state 'generateServiceTicket' of flow 'login' javax.persistence.TransactionReq

[cas-user] War overlay project with cas and cas-management

While I currently migrate CAS from 3.4.11 to 4.1.2, I’m currently facing an issue with the cas-management module and my build process. I use Gradle since a long time to build my project (using a custom warOverlay config) and this worked pretty well. Now the cas-management-webapp module war overl