Re: [cas-user] CAS Management Service Showing 'localhost:8080' on Redirection to Login Page

[Uxío Prego]

Maybe grepping the CAS itself (not the overlay) helps..?

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-05-23 17:16 GMT+00:00 josbrodie <josbro...@gmail.com>:

> When accessing 'hxxp://example.edu/cas-management' ---> the redirection
> to login page is 'hxxp://example.edu/cas/login?service=http%3A%2F%
> 2Flocalhost%3A8080%2Fcas-management%2Fmanage.html' ---> on successful
> authentication, it goes to the expected 'hxxp://example.edu/cas-
> management/services/default'.
>
> I have 'grep-ed' the living daylight out of both the CAS and services
> overlays to find the errant 'localhost:8080' and so far have not been
> successful.
>
> I have deployed both the respective 2 WARs in Tomcat (i.e. not the
> embedded container). Have I somehow also left the embedded container
> setting in the properties file and/or build script?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/0cea8e1b-350c-447d-842f-
> ce9d670ff5a5%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0cea8e1b-350c-447d-842f-ce9d670ff5a5%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKZKrLftsCKF%3DAvcuukXMheq1D3ugxDxUOJdB2-qP4ucuA%40mail.gmail.com.

Re: [cas-user] InvalidTicketException while searching for Service ticket

[Uxío Prego]

Is it possible the ticket doesn't exist once you try to reach it?

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-05-04 5:31 GMT+00:00 Aman Garg <amangarg4...@gmail.com>:

> I have service ticket id on the CAS server end which I want to use to get
> to the ServiceTicket object or to get to the corresponding TGT.
>
> I am not able to find service ticket using ticketRegistry and it
> throws InvalidTicketException .
>
> Is there a way I can get to the ServiceTicket object or obtain TGT via
> Service ticket id on CAS server?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/c68a4ee6-fdb2-48e5-aa31-
> 64253383c449%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c68a4ee6-fdb2-48e5-aa31-64253383c449%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKYRjf1J9jL7%2B0SJ1%3DRMwQFpvJ_H3fWCJ07sySL222PMJw%40mail.gmail.com.

Re: [cas-user] Re: InvalidTicketException while searching for Service ticket

[Uxío Prego]

Why would you want not to iterate TGTs?

Aren't you using the default ticket registry?

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-05-04 5:59 GMT+00:00 Aman Garg <amangarg4...@gmail.com>:

> Need to achieve this without iterating over all ticket granting tickets
> available in ticketRegistry
>
> On Friday, May 4, 2018 at 11:01:16 AM UTC+5:30, Aman Garg wrote:
>>
>> I have service ticket id on the CAS server end which I want to use to get
>> to the ServiceTicket object or to get to the corresponding TGT.
>>
>> I am not able to find service ticket using ticketRegistry and it
>> throws InvalidTicketException .
>>
>> Is there a way I can get to the ServiceTicket object or obtain TGT via
>> Service ticket id on CAS server?
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/87d199b9-479f-4cb1-9911-
> 4a2ac770cee5%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/87d199b9-479f-4cb1-9911-4a2ac770cee5%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKbu%2BCWm2AJoaC8KhjztBoxMQ-ZtL-CFd4d9Obq9tA9TYw%40mail.gmail.com.

Re: [cas-user] Issue handling Browser Back button in CAS UI flow

[Uxío Prego]

Yeah take control of the browser back button and send the user to wherever
you find appropriate: https://stackoverflow.com/questions/25806608/.

Regards,

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-04-10 15:59 GMT+00:00 Ray Bon <r...@uvic.ca>:

> Yan,
>
> Accept User Agreement is shown after Login Screen form is POSTed. You can
> not go back to it from Success Page because that would require resubmitting
> the login form.
> If you really want to be able to go back to Accept User Agreement, you
> could have a link on Success Page or perform some redirection/javascript
> reloading of Accept User Agreement.
>
> Ray
>
> On Mon, 2018-04-09 at 10:50 -0700, Yan Zhou wrote:
>
> Hello,
>
> I built CAS 4.1.9 overlay webapp. In order to test transition among the UI
> screens using browser Back button, I enabled AUP flow just so I can have a
> couple screens to navigate with.
>
> Login Screen -> Accept User Agreement -> Success Page.
>
> When I am in the 2nd screen, I can use Browser Back button to go back to
> the 1st screen,  but when I am at the last screen (success page), hitting
> browser BACK button results in an "expired page" or a cache-miss,
> basically, browser cannot find the page in the cache.
>
> Any suggestion?
>
> Thx!
>
> --
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/1523375951.1822.11.camel%40uvic.ca
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1523375951.1822.11.camel%40uvic.ca?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKYFYDWqHi6rzAcLe1WaKEW272vvk62UZQWRUU6RQa8zGQ%40mail.gmail.com.

Re: [cas-user] CAS PostgreSql Connection Problem

[Uxío Prego]

I don't know.

In Maven environments I would expect the declaration of a postgresql
artifact from the org.postgresql group ID.

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-04-06 6:12 GMT+00:00 Aghil krishna <aghilkris...@gmail.com>:

> Hi,
>
> I checked the connectivity through my client server (Spring boot) and its
> working fine. Is there any gradle config require for the postgresql ?
> Because I haven't mentioned any gradle config for that.
>
> Regards,
> Aghil T U
>
> On Wednesday, April 4, 2018 at 9:00:15 PM UTC+5:30, Uxío Prego wrote:
>>
>> Can you confirm psql connectivity between the data base and the Java
>> application server (i.e. CAS)?
>>
>> Uxío Prego
>>
>>
>>
>> Madiva Soluciones
>> CL / SERRANO GALVACHE 56
>> <https://maps.google.com/?q=CL+/+SERRANO+GALVACHE+56=gmail=g>
>> BLOQUE ABEDUL PLANTA 4
>> 28033 MADRID
>> +34 917 56 84 94
>> www.madiva.com
>> www.bbva.com
>>
>> The activity of email inboxes can be systematically tracked by
>> colleagues, business partners and third parties. Turn off automatic loading
>> of images to hamper it.
>>
>> 2018-04-04 13:17 GMT+00:00 Aghil krishna <aghilk...@gmail.com>:
>>
>>> Hi All,
>>>
>>> I'm trying to integrate CAS server with my exiting client projects. I'm
>>> facing database connection timeout issue.
>>>
>>> CAS Version : 4.2.1
>>> Database : PostgreSql
>>>
>>>
>>>
>>> In cas.properties,
>>>
>>>
>>>
>>>> # == Basic database connection pool configuration ==
>>>> database.driverClass=org.postgresql.Driver
>>>> database.url=jdbc:postgresql://IP-ADDRESS:5432/DBNAME
>>>> database.user=username
>>>> database.password=password
>>>> database.pool.minSize=6
>>>> database.pool.maxSize=18
>>>>
>>>> # Maximum amount of time to wait in ms for a connection to become
>>>> # available when the pool is exhausted
>>>> database.pool.maxWait=1
>>>>
>>>> # Amount of time in seconds after which idle connections
>>>> # in excess of minimum size are pruned.
>>>> database.pool.maxIdleTime=120
>>>>
>>>> # Number of connections to obtain on pool exhaustion condition.
>>>> # The maximum pool size is always respected when acquiring
>>>> # new connections.
>>>> database.pool.acquireIncrement=6
>>>>
>>>> # == Connection testing settings ==
>>>>
>>>> # Period in s at which a health query will be issued on idle
>>>> # connections to determine connection liveliness.
>>>> database.pool.idleConnectionTestPeriod=30
>>>>
>>>> # Query executed periodically to test health
>>>> database.pool.connectionHealthQuery=select 1
>>>>
>>>> # == Database recovery settings ==
>>>>
>>>> # Number of times to retry acquiring a _new_ connection
>>>> # when an error is encountered during acquisition.
>>>> database.pool.acquireRetryAttempts=5
>>>>
>>>> # Amount of time in ms to wait between successive aquire retry attempts.
>>>> database.pool.acquireRetryDelay=2000
>>>>
>>>>
>>>>
>>>> # == PDS User record fetch query == #
>>>> cas.jdbc.authn.query.sql=select * from user where username = ?
>>>>
>>>>
>>>>
>>>
>>> After entering login credential from login page, I'm getting the below
>>> error.
>>>
>>> 2018-04-04 17:35:58,718 ERROR [org.jasig.cas.authentication.
>>> PolicyBasedAuthenticationManager] - >> : SQL exception while executing query for testusername  (Details: Could
>>> not get JDBC Connection; nested exception is java.sql.SQLException: An
>>> attempt by a client to checkout a Connection has timed out.)>
>>>
>>>
>>> Please update me what has to be done to resolve this.
>>>
>>> Note : The same cas server setup is working with mysql database but not
>>> in postgresql .
>>>
>>> Regards,
>>> Aghil
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/ap

Re: [cas-user] CAS PostgreSql Connection Problem

[Uxío Prego]

Can you confirm psql connectivity between the data base and the Java
application server (i.e. CAS)?

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-04-04 13:17 GMT+00:00 Aghil krishna <aghilkris...@gmail.com>:

> Hi All,
>
> I'm trying to integrate CAS server with my exiting client projects. I'm
> facing database connection timeout issue.
>
> CAS Version : 4.2.1
> Database : PostgreSql
>
>
>
> In cas.properties,
>
>
>
>> # == Basic database connection pool configuration ==
>> database.driverClass=org.postgresql.Driver
>> database.url=jdbc:postgresql://IP-ADDRESS:5432/DBNAME
>> database.user=username
>> database.password=password
>> database.pool.minSize=6
>> database.pool.maxSize=18
>>
>> # Maximum amount of time to wait in ms for a connection to become
>> # available when the pool is exhausted
>> database.pool.maxWait=1
>>
>> # Amount of time in seconds after which idle connections
>> # in excess of minimum size are pruned.
>> database.pool.maxIdleTime=120
>>
>> # Number of connections to obtain on pool exhaustion condition.
>> # The maximum pool size is always respected when acquiring
>> # new connections.
>> database.pool.acquireIncrement=6
>>
>> # == Connection testing settings ==
>>
>> # Period in s at which a health query will be issued on idle
>> # connections to determine connection liveliness.
>> database.pool.idleConnectionTestPeriod=30
>>
>> # Query executed periodically to test health
>> database.pool.connectionHealthQuery=select 1
>>
>> # == Database recovery settings ==
>>
>> # Number of times to retry acquiring a _new_ connection
>> # when an error is encountered during acquisition.
>> database.pool.acquireRetryAttempts=5
>>
>> # Amount of time in ms to wait between successive aquire retry attempts.
>> database.pool.acquireRetryDelay=2000
>>
>>
>>
>> # == PDS User record fetch query == #
>> cas.jdbc.authn.query.sql=select * from user where username = ?
>>
>>
>>
>
> After entering login credential from login page, I'm getting the below
> error.
>
> 2018-04-04 17:35:58,718 ERROR [org.jasig.cas.authentication.
> PolicyBasedAuthenticationManager] -  SQL exception while executing query for testusername  (Details: Could not
> get JDBC Connection; nested exception is java.sql.SQLException: An
> attempt by a client to checkout a Connection has timed out.)>
>
>
> Please update me what has to be done to resolve this.
>
> Note : The same cas server setup is working with mysql database but not in
> postgresql .
>
> Regards,
> Aghil
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/b5cb2526-b354-42d3-ac8b-
> eb634af4ddc3%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b5cb2526-b354-42d3-ac8b-eb634af4ddc3%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKYoZhn9TiVvqrCreDAw_0V6SLwqJumS7ukuvapQHrZhwQ%40mail.gmail.com.

Re: [cas-user] CAS incorrect redirection behind reverse proxy

[Uxío Prego]

I can't tell why, but I've known of ancient CAS deployments where the CAS
application sits behind the proxy configured at its very *own* third level
domain, where CAS is the only accessible application... or meaningful
application... depending on the existing applications ecosystem's structure.

In other words; if you can not fix it in time, roll forward that way
without fixing anything.

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-04-03 18:40 GMT+00:00 Cliff Ingham <ingh...@gmail.com>:

> Is there something I'm missing when setting CAS up behind a reverse
> proxy?  CAS is rewriting the hostnames of the service URLs when doing the
> redirection.
>
> When both CAS and a web application using CAS authentication are behind
> the same reverse proxy, then CAS rewrites the service URL when redirecting
> back to the web application during authentication.
>
> CAS authentication works successfully when not behind any reverse proxy.
> Also, it works successfully, in CAS and the web application are behind two
> different reverse proxies.  It's only if they're both behind the same
> reverse proxy that it does not work as expected.
>
>
> Example
>
> CAS at https://cas.host.org/cas
> Web Application at https://app.host.org/app
>
> Authentication works as expected when visting https://app.host.org/app.
> The app redirects to CAS at https://cas.host.org/cas and cas redirects
> back as expected.
>
> Drop CAS behind a reverse proxy at https://proxy.host.org/cas.
> Authentication still works as expected when visiting
> https://app.host.org/app and doing the auth through https://proxy.host.org
>
> You can even drop the App behind a different proxy and it will work as
> expected.
> Visit https://proxy-two.host.org/app and do auth through either
> https://proxy.host.org/cas or https://cas.host.org/cas and it works as
> expected.
>
> However
>
> If you reverse proxy the app and CAS behind the same host, then CAS will
> always rewrite the service URL for the app during the redirection step.  It
> rewrites the service URL to the reverse proxy hostname, even if you came
> from the original hostname for the app.
>
> Set up a reverse proxy at https://proxy.host.org/app
>
> But when you still visit https://app.host.org/app (This not accessing it
> through the reverse proxy, even though the reverse proxy is still
> configured).  Do auth through https://proxy.host.org/cas and when CAS
> sends the 302 redirect header, it sends https://proxy.host.org/app,
> instead of https://app.host.org/app as expected.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/a25b9e6d-f042-46e8-9865-
> c0b0fb97225a%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/a25b9e6d-f042-46e8-9865-c0b0fb97225a%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKaU-_mM2a8tNftUgbPqx8j%3Dt4xC42v_%2BkYe2uuhXq6QVQ%40mail.gmail.com.

Re: [cas-user] JPA Ticket Registry

[Uxío Prego]

In line with the error message, it can hopefully be tackled by rewriting
the schema LOCKS.LOCKVER as integer.

I would issue ALTER TABLE .LOCKS MODIFY LOCKVER NUMBER(19, 0);

Best,

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-03-29 6:09 GMT+00:00 yashwanth chowdary <
ryashwanthkumarchowd...@gmail.com>:

> My Properties:
>
>
> cas.ticket.registry.jpa.dialect=org.hibernate.dialect.Oracle10gDialect
> cas.ticket.registry.jpa.url=*
> cas.ticket.registry.jpa.driverClass=oracle.jdbc.driver.OracleDriver
> cas.ticket.registry.jpa.user=*
> cas.ticket.registry.jpa.password=
> cas.ticket.registry.jpa.ddlAuto=validate
> cas.ticket.registry.jpa.defaultSchema=
> cas.ticket.registry.jpa.batchSize=1
> cas.ticket.registry.jpa.healthQuery=SELECT 1 FROM DUAL
>
> Dependency in pom:
>
>
> 
> org.apereo.cas
> cas-server-support-jpa-ticket-registry
> 5.3.0-RC2
> 
>
> Getting an sql exception on locks table, you can find the logs in the
> screenshots attached.
>
> As Definitions of the tables have  been changed please provide the
> structure or scripts for the tables
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/6223302a-d936-4058-9f3e-
> 89bfaae39dcd%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6223302a-d936-4058-9f3e-89bfaae39dcd%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKYFUxazDd-SQ1x29C6CeTnqEBH3ghYN5-qHB3dcYs%3DvkQ%40mail.gmail.com.

Re: [cas-user] [cas 5.1.8] Issue encountered with the customization of the theme

[Uxío Prego]

... http://localhost:8443/cas/login is a poorly idiomatic configuration,
hinting... that, or something else might be wrong?

Nowadays it is rare to listen HTTP on port 8443.

On port 8443 you would better want to listen HTTPS, and often the mean Java
application server only serves HTTP on 8080 to a trusted proxy where HTTPS
is handled.

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-03-29 10:23 GMT+00:00 Olivier Guilloux <olivier.guill...@gmail.com>:

> Hello,
>
> I encountered an issue with the customization of the theme. I have build
> the war following https://apereo.github.io/cas/5
> .1.x/installation/User-Interface-Customization-Themes.html but the theme
> is not display after each war startup, here is the case :
>
> 1/ Build the war with the customize theme
> 2/ Start the application (java -jar target/cas.war)
> 3/ Display the default login page (http://localhost:8443/cas/login)
>   ==> the page is a broken default login page (I want the default login
> page without customization) *it doesn't work*
> 4/ Display the login page through a service which uses the customize theme
>   => the page is a broken default login page (I want the customize login
> page)  *it doesn't work*
>
> 5/ Restart the application
> 6/ Display the login page through a service which uses the customize theme
> (set the theme property in the service declaration)
>   => the page is the custom one (the one I want) here* it works *
> 7/ Display the default login page (http://localhost:8443/cas/login)
>   => the page is the custom one without css (I want the default login
> page) *it doesn't work*
>
> 8/ Stop the application
> 9/ Add properties in order to set the default theme
> cas.theme.defaultThemeName=mytheme
> 10/ Start the application
> 11/ Display the default login page, but it's the same broken login page
> (as step 3) )
>
> *it doesn't work*12/ Restart the application
> 13/ Display the login page through a service which uses the customize
> theme
>   => Sale as step 6 the page is the custom one,* it works*
> 14/ 7/ Display the default login page directly
>   => The page is the custom one* it works*
>
> In order to build the custom login page I have done the following :
>
> src/main/resources/
> .
> ├── mytheme.properties
> ├── static
> │   └── themes
> │   └── mytheme
> │   ├── css
> │   │   └── cas.css
> │   ├── fonts
> │   │   └── iconic
> │   │   ├── css
> │   │   │   ├── material-design-iconic-font.css
> │   │   │   └── material-design-iconic-font.min.css
> │   │   └── fonts
> │   │   ├── Material-Design-Iconic-Font.eot
> │   │   ├── Material-Design-Iconic-Font.svg
> │   │   ├── Material-Design-Iconic-Font.ttf
> │   │   ├── Material-Design-Iconic-Font.woff
> │   │   └── Material-Design-Iconic-Font.woff2
> │   ├── images
> │   │   ├── bg-01.jpg
> │   │   └── logo.gif
> │   └── js
> │   └── cas.js
> └── templates
> └── mytheme
> └── casLoginView.html
>
>
>
> with mytheme.properties :
>
> standard.custom.css.file=/themes/mytheme/css/cas.css
> standard.custom.js.file=/themes/mytheme/js/cas.js
>
> What's wrong ?
> Thanks in advance
> Olivier Guilloux
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/2b21006e-4ac7-40d0-ab84-
> 1e2ed56d9dbd%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/2b21006e-4ac7-40d0-ab84-1e2ed56d9dbd%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKZYbMa63%3DX3ddpKFbLSaT7EvtQWNXV%2BVKZXWKcDQR%3D5hQ%40mail.gmail.com.

Re: [cas-user] CAS problem with abnormal memory increase

[Uxío Prego]

Apart from the virtual memory increase, which is the profile of actual
memory use increase and (if applicable) swap space use increase?

In other words, are you really sure a virtual memory use increase is a
problem?

Which is the operating system where you are running that?

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-03-27 7:55 GMT+00:00 Peter Machala <peter.m2...@gmail.com>:

> Hello,
> I'm facing problem with abnormal virtual memory increase of CAS server
> application, which leads to problems with login via CAS(loading CAS page is
> too long). Virtual memory of CAS process raises up to 20 GB. I hope someone
> was facing same or at least simillar issue.
>
> My architecture is following:
>
> CAS server (v. 5.1.8)
> (SAML2 protocol)
> / \
>  /  \
> APP1 APP2
> CentOS Oracle weblogic server
>
> Here are steps what I'm doing in my Jmeter performance test to simulate
> this issue.
> 1.  go to APP1 and login
> 2.  redirect to CAS server and after successfull login redirect back to
> APP1
> 3. click on link to APP2
> 4. APP2 redirects to CAS server and return back to APP2
>
> If skip steps 3. and 4. the memory problem disappears. So I'm deducing
> that something is wrong with Oracle weblogic server.
>
> Can be realy Oracle weblogic server the problem? Or it needs some
> additional configuration? Have you experienced something like this?
>
> Thanks for reply.
>
> Peter
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/6ea9b6b9-6f95-48a4-bd29-
> f0ac8ea99329%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6ea9b6b9-6f95-48a4-bd29-f0ac8ea99329%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKbJQsjuYc170Kao3F7vWyA054an%3D18RtsYzx0FsCxKGHQ%40mail.gmail.com.

Re: [cas-user] JPA Ticket Registry

[Uxío Prego]

When using Oracle and JPA you can upgrade CAS 3.4 to 3.x | x > 4 just by
schema increases. I don't know if that is applicable to CAS 3 to 5, but I
encourage you to research it. If so it might have a good outcome in the
form of fewer needs of downtime or other convenient migration easing.

Good luck with the migration,

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-03-21 14:37 GMT+00:00 yashwanth chowdary <
ryashwanthkumarchowd...@gmail.com>:

> Hi Prego,
>
> we are migrating from cas3.5 to cas 5.3.0 , whatever the scheema we have
> for cas3.5 contains locks but it doesnt contain lockver column, what i need
> to know is, Is structure for locks is changed in cas 5.3 version or for the
> other tables too.what is struture of the tables i need to maintain in my
> scheema. As we have to raise a request to change our db, if i have
> structure of the tables i can request them to change the tables at a time.
>
> I havent tried changing the db
>
> On Wednesday, March 21, 2018 at 7:17:54 PM UTC+5:30, Uxío Prego wrote:
>>
>> Do you need to support CAS 3 and 5 at the same time for a while, or can
>> you afford a *migration*? Can you afford CAS downtime when migrating the
>> users to CAS 5? Have you tried to add LOCKVER to CAS_OWN.LOCKS?
>>
>> Uxío Prego
>>
>>
>>
>> Madiva Soluciones
>> CL / SERRANO GALVACHE 56
>> <https://maps.google.com/?q=CL+/+SERRANO+GALVACHE+56=gmail=g>
>> BLOQUE ABEDUL PLANTA 4
>> 28033 MADRID
>> +34 917 56 84 94 <+34%20917%2056%2084%2094>
>> www.madiva.com
>> www.bbva.com
>>
>> The activity of email inboxes can be systematically tracked by
>> colleagues, business partners and third parties. Turn off automatic loading
>> of images to hamper it.
>>
>> 2018-03-21 13:12 GMT+00:00 yashwanth chowdary <ryashwanthk...@gmail.com>:
>>
>>> For Jpa ticket registry these are the properties i was using:
>>>
>>> cas.ticket.registry.jpa.dialect=org.hibernate.dialect.Oracle10gDialect
>>> cas.ticket.registry.jpa.url=
>>> cas.ticket.registry.jpa.driverClass=oracle.jdbc.driver.OracleDriver
>>> cas.ticket.registry.jpa.user=xx
>>> cas.ticket.registry.jpa.password=x
>>> cas.ticket.registry.jpa.ddlAuto=validate
>>> cas.ticket.registry.jpa.defaultSchema=x
>>> cas.ticket.registry.jpa.batchSize=1
>>> cas.ticket.registry.jpa.healthQuery=SELECT 1 FROM DUAL
>>>
>>> My schema tables locks,tgt,rs_attributes,serviceticket,registeredticketimpl
>>> are structured in such a way that they support cas3.5 version.Is there any
>>> change in structure of tables
>>>
>>> Dependencies:
>>> 
>>> org.apereo.cas
>>> cas-server-support-jpa-ticket-registry
>>> 5.3.0-RC2
>>> 
>>> 
>>> com.oracle
>>> ojdbc6
>>> 11.2.0.1.0
>>> 
>>>
>>> And when i try to run the cas application observing these issues
>>> unsatisfied dependency exception,unable to create hibernate session
>>> factory,.. You can observe the logs in below attached files
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/3767a389-36b1-4fff-a502-13c3a99214
>>> 51%40apereo.org
>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3767a389-36b1-4fff-a502-13c3a9921451%40apereo.org?utm_medium=email_source=footer>
>>> .
>>>
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view t

Re: [cas-user] JPA Ticket Registry

[Uxío Prego]

Do you need to support CAS 3 and 5 at the same time for a while, or can you
afford a *migration*? Can you afford CAS downtime when migrating the users
to CAS 5? Have you tried to add LOCKVER to CAS_OWN.LOCKS?

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-03-21 13:12 GMT+00:00 yashwanth chowdary <
ryashwanthkumarchowd...@gmail.com>:

> For Jpa ticket registry these are the properties i was using:
>
> cas.ticket.registry.jpa.dialect=org.hibernate.dialect.Oracle10gDialect
> cas.ticket.registry.jpa.url=
> cas.ticket.registry.jpa.driverClass=oracle.jdbc.driver.OracleDriver
> cas.ticket.registry.jpa.user=xx
> cas.ticket.registry.jpa.password=x
> cas.ticket.registry.jpa.ddlAuto=validate
> cas.ticket.registry.jpa.defaultSchema=x
> cas.ticket.registry.jpa.batchSize=1
> cas.ticket.registry.jpa.healthQuery=SELECT 1 FROM DUAL
>
> My schema tables locks,tgt,rs_attributes,serviceticket,registeredticketimpl
> are structured in such a way that they support cas3.5 version.Is there any
> change in structure of tables
>
> Dependencies:
> 
> org.apereo.cas
> cas-server-support-jpa-ticket-registry
> 5.3.0-RC2
> 
> 
> com.oracle
> ojdbc6
> 11.2.0.1.0
> 
>
> And when i try to run the cas application observing these issues
> unsatisfied dependency exception,unable to create hibernate session
> factory,.. You can observe the logs in below attached files
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/3767a389-36b1-4fff-a502-
> 13c3a9921451%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3767a389-36b1-4fff-a502-13c3a9921451%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKbR5pFLjS22haeMsGn6AuGkSXfFe%2B%3DXeBxEDr%3DZyQLz4A%40mail.gmail.com.

Re: [cas-user] CAS 3.5.2 returning mail as user name

[Uxío Prego]

I don't know.

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-02-21 15:36 GMT+00:00 Toby Archer <sandsl...@gmail.com>:

> No. Is that what it would take?
>
> On Monday, February 19, 2018 at 4:35:34 AM UTC-6, Uxío Prego wrote:
>>
>> I don't know.
>>
>> Does your CAS 3 deployment provide a custom class extending
>> AbstractUsernamePasswordAuthenticationHandler?
>>
>> Uxío Prego
>>
>>
>>
>> Madiva Soluciones
>> CL / SERRANO GALVACHE 56
>> <https://maps.google.com/?q=CL+/+SERRANO+GALVACHE+56=gmail=g>
>> BLOQUE ABEDUL PLANTA 4
>> 28033 MADRID
>> +34 917 56 84 94 <+34%20917%2056%2084%2094>
>> www.madiva.com
>> www.bbva.com
>>
>> The activity of email inboxes can be systematically tracked by
>> colleagues, business partners and third parties. Turn off automatic loading
>> of images to hamper it.
>>
>> 2018-02-16 19:38 GMT+00:00 Toby Archer <sand...@gmail.com>:
>>
>>> Well then let me try to clarify. Right now I'm getting this:
>>>
>>> 
>>> 
>>> Toben.Archer
>>> 
>>> 
>>>
>>> I want to recieve this:
>>>
>>> 
>>> 
>>> toben@usd.edu
>>>
>>> 
>>> 
>>>
>>> Is that possible?
>>>
>>> On Friday, February 16, 2018 at 12:10:30 PM UTC-6, Uxío Prego wrote:
>>>>
>>>> I still operate version 3 of CAS using relational as service registry,
>>>> yet I don't understand what you ask.
>>>>
>>>> I can't grep the sources anyhow, today.
>>>>
>>>> I hope you find whatever you are looking for.
>>>>
>>>> On 16 Feb 2018, at 18:53, Toby Archer <sand...@gmail.com> wrote:
>>>>
>>>> We have an application from the library that they want CASified. In
>>>> order for said application to work it needs CAS to return the user's mail
>>>> attribute as their username. We have a database backed service registry so
>>>> I opened it up and noticed the column "username_attr" which to me sounds
>>>> like a column that lets me decide what the username attribute in the
>>>> response is. GREAT! Sounds like just what I need. So I set it to a value I
>>>> knew was being passed, and nothing happened, I'm still getting the same
>>>> value for user name. Am I missing something here? Is it possible to do what
>>>> is being asked of me?
>>>>
>>>> ~TA
>>>>
>>>> --
>>>> - Website: https://apereo.github.io/cas
>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>> - Contributions: https://goo.gl/mh7qDG
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to cas-user+u...@apereo.org.
>>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>>> ereo.org/d/msgid/cas-user/caf938ab-4dfc-4ccc-8cd0-8b492d1227
>>>> a8%40apereo.org
>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/caf938ab-4dfc-4ccc-8cd0-8b492d1227a8%40apereo.org?utm_medium=email_source=footer>
>>>> .
>>>>
>>>>
>>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/9a56b861-712d-4f26-8cfe-b2515cd588
>>> c5%40apereo.org
>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/9a56b861-712d-4f26-8cfe-b2515cd588c5%40apereo.org?utm_medium=email_source=footer>
>>> .
>>>
>>
>> --
> - Website: https:

Re: [cas-user] CAS 5.2

[Uxío]

Hi,
I've known a CAS customisation where after logging in from no particular 
CASified service an attribute would be passed for a default redirect URL to 
then re redirect the user to a particular default service for that particular 
user (the thing is really just a little bit more complicated than that, but let 
hold there).

Is there any CAS facility, contrib module or artifact to help sinking that 
responsibility in CAS or nearer to it in a simple single-responsibility 
well-known _service_? And more importantly, which is roughly the best practice 
at this requirement?

Thanks, have a nice weekend, regards,

Sent from my iPhone

> On 23 Feb 2018, at 18:59, Ray Bon  wrote:
> 
> It is a property in cas.properties (or whatever file you are using for 
> properties). If a login request does not have a service parameter, the 
> redirect goes to this value.
> See, 
> https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#views
> 
> Ray
> 
>> On Fri, 2018-02-23 at 12:43 -0500, Cheltenham, Chris wrote:
>> Ray,
>>  
>> I appreciate that but I don’t know what you mean.
>>  
>>  
>>  
>> ===
>> 
>> Thank You;
>> 
>> Chris Cheltenham
>> Technology Services
>> The School District of Philadelphia
>> 
>> Work # 215-400-5025
>> Cell # 215-301-6571
>> From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Ray Bon
>> Sent: Friday, February 23, 2018 12:36 PM
>> To: cas-user@apereo.org
>> Subject: Re: [cas-user] CAS 5.2
>>  
>> Chris,
>>  
>> cas.view.defaultRedirectUrl=
>>  
>> Ray
>>  
>> On Fri, 2018-02-23 at 08:36 -0500, Cheltenham, Chris wrote:
>> Hello Everyone,
>>  
>> I am sure most folks change the default landing page AFTER you get login to 
>> work.
>>  
>> It looks like it lands on a page called casGenericSuccessView.html.
>>  
>> My question is how do you change that page?
>>  
>>  
>>  
>> ===
>> 
>> Thank You;
>> 
>> Chris Cheltenham
>> Technology Services
>> The School District of Philadelphia
>> 
>> Work # 215-400-5025
>> Cell # 215-301-6571
>> -- 
>> Ray Bon
>> Programmer analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | r...@uvic.ca
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1519407337.1765.69.camel%40uvic.ca.
>  -- 
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1519408754.1765.76.camel%40uvic.ca.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/43976099-3FE1-400B-BBAF-F7E27019D736%40madiva.com.

Re: [cas-user] CAS 3.5.2 returning mail as user name

[Uxío Prego]

I don't know.

Does your CAS 3 deployment provide a custom class extending
AbstractUsernamePasswordAuthenticationHandler?

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-02-16 19:38 GMT+00:00 Toby Archer <sandsl...@gmail.com>:

> Well then let me try to clarify. Right now I'm getting this:
>
> 
> 
> Toben.Archer
> 
> 
>
> I want to recieve this:
>
> 
> 
> toben.arc...@usd.edu
> 
> 
>
> Is that possible?
>
> On Friday, February 16, 2018 at 12:10:30 PM UTC-6, Uxío Prego wrote:
>>
>> I still operate version 3 of CAS using relational as service registry,
>> yet I don't understand what you ask.
>>
>> I can't grep the sources anyhow, today.
>>
>> I hope you find whatever you are looking for.
>>
>> On 16 Feb 2018, at 18:53, Toby Archer <sand...@gmail.com> wrote:
>>
>> We have an application from the library that they want CASified. In order
>> for said application to work it needs CAS to return the user's mail
>> attribute as their username. We have a database backed service registry so
>> I opened it up and noticed the column "username_attr" which to me sounds
>> like a column that lets me decide what the username attribute in the
>> response is. GREAT! Sounds like just what I need. So I set it to a value I
>> knew was being passed, and nothing happened, I'm still getting the same
>> value for user name. Am I missing something here? Is it possible to do what
>> is being asked of me?
>>
>> ~TA
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/ap
>> ereo.org/d/msgid/cas-user/caf938ab-4dfc-4ccc-8cd0-8b492d1227
>> a8%40apereo.org
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/caf938ab-4dfc-4ccc-8cd0-8b492d1227a8%40apereo.org?utm_medium=email_source=footer>
>> .
>>
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/9a56b861-712d-4f26-8cfe-
> b2515cd588c5%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/9a56b861-712d-4f26-8cfe-b2515cd588c5%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKbCVmR4HXxMessBOc-YZM8j_2Z3VACByVkkMNsQzxQJGg%40mail.gmail.com.

Re: [cas-user] CAS 3.5.2 returning mail as user name

[Uxío Prego]

I still operate version 3 of CAS using relational as service registry, yet I 
don't understand what you ask.

I can't grep the sources anyhow, today.

I hope you find whatever you are looking for.

> On 16 Feb 2018, at 18:53, Toby Archer  wrote:
> 
> We have an application from the library that they want CASified. In order for 
> said application to work it needs CAS to return the user's mail attribute as 
> their username. We have a database backed service registry so I opened it up 
> and noticed the column "username_attr" which to me sounds like a column that 
> lets me decide what the username attribute in the response is. GREAT! Sounds 
> like just what I need. So I set it to a value I knew was being passed, and 
> nothing happened, I'm still getting the same value for user name. Am I 
> missing something here? Is it possible to do what is being asked of me? 
> 
> ~TA
> 
> -- 
> - Website: https://apereo.github.io/cas 
> - Gitter Chatroom: https://gitter.im/apereo/cas 
> - List Guidelines: https://goo.gl/1VRrw7 
> - Contributions: https://goo.gl/mh7qDG 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org 
> .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/caf938ab-4dfc-4ccc-8cd0-8b492d1227a8%40apereo.org
>  
> .

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/592CB60B-8F6A-4C14-A164-82C29B704B37%40madiva.com.

Re: [cas-user] Failed To Add TGT Ticket - MongoDB Ticket Registry CAS 45.2.

[Uxío Prego]

Do you mean it is buggy because Redis was refusing to write -1 for
expiration times?

If you have a lot of time I guess you could write your test case and
request pull.

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-02-10 2:20 GMT+00:00 michael kromarek <mkroma...@gmail.com>:

> Sorry, there's a bit of a history to the problem that involved several
> other ticket registries.
>
> On CAS 3.5 we where using PostgreSQL, but when I upgraded to CAS 5.x I
> switched to Hazelcast.  Which work okay except that after three days
> pinciple ID's start to become null after successful authentication.  WE
> thought it might be something with Hazelcast so we tried Dynamo which was
> an instant bust as it complained about an empty string.  We then tried
> Redis with AWS but the Setex command was being given a -1 for the ticket
> expiration time.  So we tried MongoDB, which wasn't writing tickets.
> PostgreSQL was the fall back, though my manager prefered I find something
> more performant since the JPA driver can be a bit slow (not to mention the
> need to 4+ tiggers on the ticketgrantingticket table and another 2-3 on the
> serviceticke table).
>
> But now that I found that the ticket expiration time was the culprit, I
> should be able to go forward with MongoDB or Redis.  Though the expiration
> time problem does sound like a bug to me, but I'm not sure where to report
> that.
>
> --Mike K.
>
> On Fri, Feb 9, 2018 at 1:03 PM, Uxío Prego <upr...@madiva.com> wrote:
>
>> I’m a little lost now.
>>
>> Are you sure you need to waste that much energy investigating so many
>> ticket registry alternatives? Shouldn’t you be trying to just assess the
>> feasibility of using that data base with which you feel more comfortable?
>>
>> To be more clear, let’s say it works better using MongoDB than
>> PostgreSQL. If you already have a large body of PostgreSQL exposure, which
>> you have demonstrated, even if MongoDB performs better there are chances
>> your total cost of ownership will be smaller by using PostgreSQL.
>>
>> I’m sorry again I can’t help you, but with these energy and eagerness you
>> seem to have I’m sure you aren’t going to have a lot of trouble with CAS
>> once you focus in your problem. Or is it that your thing is to assess which
>> one performs better? And if so, why not just ask that?
>>
>> Regards,
>>
>> On 9 Feb 2018, at 20:55, michael kromarek <mkroma...@gmail.com> wrote:
>>
>> So it turns out I already had the driver turned to debug, so no new
>> information there.  But I did up the verbosity level of MongoDB log to 5
>> and noticed that a write attempt for the TGT ticket wasn't even made
>> (subsequent fetches where made though).
>>
>> I decided to try pulling down the latest maven overlay and move my
>> settings over one by one to see what would cause the problem, and culprit
>> turned out to be
>>
>> cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=28800
>>
>>
>> If I comment that out, it writes the ticket no problem.  If I set it, it
>> fails creating the ticket and new writes it to or even attempts to write it
>> to Mongo.  I think this is an error in the ExpirationPolicy class as I have
>> also tried Redis and noticed it was writing the expiration time as -1.  -1
>> is not acceptable to Redis so it won't make the record.  I also tried
>> DynamoDB and noticed it was complaining about an empty string being written
>> (which for whatever reason Dynamo does not like empty strings at all).  I'm
>> thinking PostgreSQL didn't have a problem because the expiration policy is
>> stored as a large object and it probably doesn't care what it is.
>>
>> --Mike K.
>>
>> On Wed, Feb 7, 2018 at 5:51 AM, michael kromarek <mkroma...@gmail.com>
>> wrote:
>>
>>> I'll give that a shot and let you know what I find.
>>>
>>> Thank you.
>>>
>>> On Wed, Feb 7, 2018 at 5:31 AM, David Curry <david.cu...@newschool.edu>
>>> wrote:
>>>
>>>> Ah - you just reminded me, and I should have mentioned this last time.
>>>> Try adding this to your log4j2.xml:
>>>>
>>>> 
>>>>
>>>>
>>>> That's the actual Java driver.
>>>>
>>>> --Dave
>>>>
>>>>
>>>> --
>>>> DAVID A. CURRY, CISSP
>>>> *DI

Re: [cas-user] Failed To Add TGT Ticket - MongoDB Ticket Registry CAS 45.2.

[Uxío Prego]

I’m a little lost now.

Are you sure you need to waste that much energy investigating so many ticket 
registry alternatives? Shouldn’t you be trying to just assess the feasibility 
of using that data base with which you feel more comfortable?

To be more clear, let’s say it works better using MongoDB than PostgreSQL. If 
you already have a large body of PostgreSQL exposure, which you have 
demonstrated, even if MongoDB performs better there are chances your total cost 
of ownership will be smaller by using PostgreSQL.

I’m sorry again I can’t help you, but with these energy and eagerness you seem 
to have I’m sure you aren’t going to have a lot of trouble with CAS once you 
focus in your problem. Or is it that your thing is to assess which one performs 
better? And if so, why not just ask that?

Regards,

> On 9 Feb 2018, at 20:55, michael kromarek  wrote:
> 
> So it turns out I already had the driver turned to debug, so no new 
> information there.  But I did up the verbosity level of MongoDB log to 5 and 
> noticed that a write attempt for the TGT ticket wasn't even made (subsequent 
> fetches where made though).
> 
> I decided to try pulling down the latest maven overlay and move my settings 
> over one by one to see what would cause the problem, and culprit turned out 
> to be 
> 
> cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=28800
> 
> If I comment that out, it writes the ticket no problem.  If I set it, it 
> fails creating the ticket and new writes it to or even attempts to write it 
> to Mongo.  I think this is an error in the ExpirationPolicy class as I have 
> also tried Redis and noticed it was writing the expiration time as -1.  -1 is 
> not acceptable to Redis so it won't make the record.  I also tried DynamoDB 
> and noticed it was complaining about an empty string being written (which for 
> whatever reason Dynamo does not like empty strings at all).  I'm thinking 
> PostgreSQL didn't have a problem because the expiration policy is stored as a 
> large object and it probably doesn't care what it is.
> 
> --Mike K.
> 
> On Wed, Feb 7, 2018 at 5:51 AM, michael kromarek  > wrote:
> I'll give that a shot and let you know what I find.
> 
> Thank you.
> 
> On Wed, Feb 7, 2018 at 5:31 AM, David Curry  > wrote:
> Ah - you just reminded me, and I should have mentioned this last time. Try 
> adding this to your log4j2.xml:
> 
> 
> 
> That's the actual Java driver.
> 
> --Dave
> 
> 
> --
> DAVID A. CURRY, CISSP
> DIRECTOR OF INFORMATION SECURITY
> INFORMATION TECHNOLOGY
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
> 
> +1 212 229-5300 x4728  • david.cu...@newschool.edu 
> 
> 
> 
> On Wed, Feb 7, 2018 at 8:25 AM, michael kromarek  > wrote:
> Hi Dave,
> 
> I actually tried those settings first (I was following your guide, but only 
> having a single server instead of a cluster for mongo).  Unfortunately, it 
> fails in the same way with those settings too.  I might be able to eek out a 
> little  more information if I set
> org.apereo.cas.ticket.registry.MongoDbTicketRegistry
> to debug in the logger, though I  already have org.apero.cas and com.mongo 
> set to debug.
> 
> --Mike K
> 
> On Wed, Feb 7, 2018 at 5:15 AM, David Curry  > wrote:
> Mike,
> 
> The only thing that strikes me as odd in your settings is this one:
> 
> cas.ticket.registry.mongo.collectionName=cas-ticket-registry
> 
> The Mongo ticket registry uses multiple collections:
> 
> proxyGrantingTicketsCollection
> proxyTicketsCollection
> samlArtifactsCache
> samlAttributeQueryCache
> serviceTicketsCollection
> ticketGrantingTicketsCollection
> 
> So while I'm not sure if that setting is having any impact on your 
> configuration at all, I suspect that if it _is_ having an impact, it's a 
> negative one. Although, I don't see anything in the logs to suggest that it 
> is -- the server seems to be using the "right" collection:
> 
> 2018-02-07 00:46:30,159 DEBUG 
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] -  name [ticketGrantingTicketsCollection] for ticket definition 
> [org.apereo.cas.ticket.DefaultTicketDefinition@28556a8b[implementationClass=class
>  org.apereo.cas.ticket.TicketGrantingTicketImpl,prefix=TGT]]>
> 2018-02-07 00:46:30,159 DEBUG 
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] -  collection instance [ticketGrantingTicketsCollection]>
> 2018-02-07 00:46:30,160 DEBUG [org.mongodb.driver.protocol.command] - 
>  to database casdb on connection [connectionId{localValue:6, serverValue:68}] 
> to server localhost:27017>
> 2018-02-07 00:46:30,161 DEBUG [org.mongodb.driver.protocol.command] - 
> 
> 
> For what it's worth, mine is 

Re: [cas-user] CAS 5.2.x

[Uxío Prego]

If you are using UNIX-like, do:

$ 7z l cas_without_ldap_support.war >cas_without_ldap_support_listing
$ 7z l cas_supposedly_with_ldap_support.war
>cas_supposedly_with_ldap_support_listing
$ diff cas_*_listing
> [...]ldap[...]
$ _

If you are not, you can easily get a Cygwin equivalent of that.

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-02-08 12:27 GMT+00:00 Cheltenham, Chris <ccheltenham-...@philasd.org>:

> Hello folks,
>
> I think I have been confusing everyone with too much incongruent
> information.
>
> If I may I will ask things in a more logical manner.
>
> I an still not able to connect with CAS 5 via LDAP.
>
> My first question is , how do I know the ldap dependency was built into
> the cas.war file?
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025 <(215)%20400-5025>
> Cell # 215-301-6571 <(215)%20301-6571>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/341032203.44492473.
> 1518092860963.JavaMail.zimbra%40philasd.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/341032203.44492473.1518092860963.JavaMail.zimbra%40philasd.org?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKYmBy%2Bd1jyLqm8m%2BDnf9_ZQ7FP2K19TYrC%2BSaYOxuFG2g%40mail.gmail.com.

Re: [cas-user] Failed To Add TGT Ticket - MongoDB Ticket Registry CAS 45.2.

[Uxío Prego]

Oh... Goodness. I was hoping the ORM software to be at last using BYTEA
instead of LO/OID.

Thank you, you are very much kind.

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-02-07 13:49 GMT+00:00 michael kromarek <mkroma...@gmail.com>:

> Hi Uxio,
>
> Sure I can share that.  I had to do a few tweaks to the database. The
> first is if you are using SAML, you need to change the samlobject columns
> from varchar(5000) to text, because signed assertions will exceed those
> 5000 characters really fast.
>
> Next you want to update the constraints for tables saml2_artifacts and
> saml2_attribute_query_tickets to cascade on delete.  I ran into a situation
> where the TGT got removed but the SAML stuff stayed behind, causing
> exceptions to be throw in my log a lot.
>
> Finally the biggest thing you need to do is enable the lo module by
> running the query "CREATE EXTENSION lo;" so you can have lo_manager
> function take care of the oid fields, because jdbc and odbc both handle
> removing large objects in postgresql wrong. In that they don't exist in the
> table, so when they remove the row, the objects get orphaned and just take
> up space
>
> For each oid field in the tables ticketgrantingticket and serviceticket
> you'll want to create the following trigger:
>
> CREATE TRIGGER t_trigger_name BEFORE UPDATE OR DELETE ON target_table
> FOR EACH ROW EXECUTE PROCEDURE lo_manage(target_column);
>
>
> --- cas.properties --
> cas.ticket.registry.jpa.url=jdbc:postgresql:cas-ticket-registry
> cas.ticket.registry.jpa.dialect=org.hibernate.dialect.PostgreSQL95Dialect
> cas.ticket.registry.jpa.user=
> cas.ticket.registry.jpa.ddlAuto=none
> cas.ticket.registry.jpa.password=
> cas.ticket.registry.jpa.driverClass=org.postgresql.Driver
>
> cas.ticket.registry.jpa.crypto.signing.key=
> cas.ticket.registry.jpa.crypto.signing.keySize=512
> cas.ticket.registry.jpa.crypto.encryption.key=
> cas.ticket.registry.jpa.crypto.encryption.keySize=16
> cas.ticket.registry.jpa.crypto.alg=AES
> cas.ticket.registry.jpa.crypto.enabled=true
>
> -- end file--
>
> Make sure ddlAuto is none or else all your changes will get overwritten on
> the next reboot.
>
> Attached is my SQL schema dump from my modified database.
>
> Enjoy
> --Mike K
>
> On Wed, Feb 7, 2018 at 4:38 AM, Uxío Prego <upr...@madiva.com> wrote:
>
>> I'm sorry I can't help you, but it would be very sweet if you could share
>> your effective serviceticket or ticketgrantingticket table schema from the
>> times when you were using PostgrelSQL as ticket registry for CAS 5...
>>
>> Regards,
>>
>> Uxío Prego
>>
>>
>>
>> Madiva Soluciones
>> CL / SERRANO GALVACHE 56
>> <https://maps.google.com/?q=CL+/+SERRANO+GALVACHE+56=gmail=g>
>> BLOQUE ABEDUL PLANTA 4
>> 28033 MADRID
>> +34 917 56 84 94 <+34%20917%2056%2084%2094>
>> www.madiva.com
>> www.bbva.com
>>
>> The activity of email inboxes can be systematically tracked by
>> colleagues, business partners and third parties. Turn off automatic loading
>> of images to hamper it.
>>
>> 2018-02-07 9:03 GMT+00:00 Mike Kromarek <mkroma...@gmail.com>:
>>
>>> I recently switched from the Postgresql JPA ticket registry to MongoDB
>>> and am having a strange issue.  The authentication succeeds, but then it
>>> fails to add the ticket to the mongo database, causing the process to fail
>>> and return to the login screen.
>>>
>>> -- cas.properties --
>>> cas.ticket.registry.mongo.host=localhost
>>> cas.ticket.registry.mongo.userId=
>>> cas.ticket.registry.mongo.password=
>>> cas.ticket.registry.mongo.databaseName=casdb
>>> cas.ticket.registry.mongo.collectionName=cas-ticket-registry
>>> cas.ticket.registry.mongo.dropCollection=false
>>> cas.ticket.registry.mongo.timeout=5000
>>> cas.ticket.registry.mongo.writeConcern=NORMAL
>>> cas.ticket.mongo.conns.lifetime=6
>>> cas.ticket.mongo.conns.perHost=10
>>> cas.ticket.registry.mongo.idleTimeout=3
>>>
>>>
>>> CAS connects to the database with the specified user, makes all the
>>> tables and seems like everything should be good.  Then it encodes the TGT,
>>> but fails to add it.
>>>
>>>
>>> 2018-02-07 00:46:30,024 DEBUG [org.apereo.cas.ti

Re: [cas-user] Failed To Add TGT Ticket - MongoDB Ticket Registry CAS 45.2.

[Uxío Prego]

I'm sorry I can't help you, but it would be very sweet if you could share
your effective serviceticket or ticketgrantingticket table schema from the
times when you were using PostgrelSQL as ticket registry for CAS 5...

Regards,

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-02-07 9:03 GMT+00:00 Mike Kromarek <mkroma...@gmail.com>:

> I recently switched from the Postgresql JPA ticket registry to MongoDB and
> am having a strange issue.  The authentication succeeds, but then it fails
> to add the ticket to the mongo database, causing the process to fail and
> return to the login screen.
>
> -- cas.properties --
> cas.ticket.registry.mongo.host=localhost
> cas.ticket.registry.mongo.userId=
> cas.ticket.registry.mongo.password=
> cas.ticket.registry.mongo.databaseName=casdb
> cas.ticket.registry.mongo.collectionName=cas-ticket-registry
> cas.ticket.registry.mongo.dropCollection=false
> cas.ticket.registry.mongo.timeout=5000
> cas.ticket.registry.mongo.writeConcern=NORMAL
> cas.ticket.mongo.conns.lifetime=6
> cas.ticket.mongo.conns.perHost=10
> cas.ticket.registry.mongo.idleTimeout=3
>
>
> CAS connects to the database with the specified user, makes all the tables
> and seems like everything should be good.  Then it encodes the TGT, but
> fails to add it.
>
>
> 2018-02-07 00:46:30,024 DEBUG [org.apereo.cas.ticket.factory.
> DefaultTicketGrantingTicketFactory] -  [TGT-**3wOfaglzGL-
> JNpegctV--qfA0S5-xCE-aws-stage-cas.highline.edu]>
> 2018-02-07 00:46:30,025 DEBUG 
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry]
> -  3wOfaglzGL-JNpegctV--qfA0S5-xCE-aws-stage-cas.highline.edu]>
> 2018-02-07 00:46:30,118 ERROR 
> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry]
> -  3wOfaglzGL-JNpegctV--qfA0S5-xCE-aws-stage-cas.highline.edu]: [java.lang.
> NullPointerException]>
> 2018-02-07 00:46:30,118 DEBUG [org.apereo.cas.
> AbstractCentralAuthenticationService] -  [org.apereo.cas.support.events.ticket.CasTicketGrantingTicketCreated
> Event@2c84b7f8[ticketGrantingTicket=TGT-*
> *3wOfaglzGL-JNpegctV--
> qfA0S5-xCE-aws-stage-cas.highline.edu]]>
>
> Has anyone else ran into this?
>
> --Mike K
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/051a23e8-bb02-48a3-ab26-
> 86b9a2fa3c40%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/051a23e8-bb02-48a3-ab26-86b9a2fa3c40%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKYVAdV7t0SdMHA1gF3MF4AN_seyJMS_bN8CWAYr3RmTOw%40mail.gmail.com.

Re: [cas-user] Integrating CAS SSO with Office 365

[Uxío Prego]

Hi,
SAML2 support aside, I recommend the client to upgrade to CAS 3.6 ASAP then
start a customized CAS 5 deployment.

Although I could list some spanish companies and famous _startups_ using
CAS (look for CASTGC in the cookies section of your favorite companies and
get surprised) I don't think there is a spanish speaking commercial partner
(or for sure none is prominent). For the record, the holding I work for
could use some serious budgets for CAS development. Chances are they will
eventually need to.

If your customer can speak english, and has a decent budget capability, why
not Unicon..?

Regards,

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-01-15 13:12 GMT+01:00 Jose Ortega <jose.ortega@gmail.com>:

> We have a customer with CAS version 3.2 which would like to integrate with
> Office 365 for SSO and authentication purposes. We know that CAS and Office
> 365 speak SAML2 but we doubt that version 3.2 meets the minimum
> requirements and stability for their integration. At the same time, in
> parallel we have installed ADFS and there’re around 50 apps which use CAS
> for authentication and SSO.
>
> Could you possibly give us a general technical view of what services would
> be involved so we could speak with the customer and make them understand to
> which extent they need to invest for full integration with Office 365,
> maintaining current apps SSO? As well if you know any partner in Spain to
> work on it with.
>
> Many thanks!
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/d0ab7712-f9b5-40d2-9392-
> 2f15fa403942%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d0ab7712-f9b5-40d2-9392-2f15fa403942%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKavyd22p0XW0OMeJkpYCquVex57_SYR57R4-f7mdp1b8A%40mail.gmail.com.

Re: [cas-user] Best Practice for protecting external applications - REST API or CAS Proxy Authentication or something else?

[Uxío Prego]

Can't you do this just by using the CAS client from the java application
like you would do by using the CAS client from the web java (CASified)
application?

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2017-09-04 17:00 GMT+00:00 Daniel O'Hare <dano.hssdev...@gmail.com>:

> I am looking into protecting an external standalone java application using
> CAS along with some other web based applications.
>
> This standalone application ideally needs to authenticate through a
> library, but obviously will not have cookie access.
>
> Particularly if the standalone application authenticates after the web
> based applications register an authentication how does it acquire the
> correct CAS context?
>
> Alternatively in the case that if it is the first authenticator does
> anything special need to occur to create a cookie that can be seen by the
> other protected web applications, or will the cas server take care of this?
>
> We intend to use a single user context across all applications, once
> authentication has been successful.
>
> Finally is the best approach for this REST API or CAS Proxy authentication
> or is there a recommended approach?
>
> Many Thanks,
>
> Dan
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/946b6c14-203b-472d-80c9-
> d8b175d60314%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/946b6c14-203b-472d-80c9-d8b175d60314%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKYtVMkrwQPqrpdQzuq_MhM5Uay9MgC4PeiooX6E1ieO7Q%40mail.gmail.com.

Re: [cas-user] CASv5.1.x embedded Tomcat - Extended access log valve - Log rotation?

[Uxío Prego]

Move the rotate responsibility to logrotate out of Tomcat and CAS.

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2017-09-13 15:47 GMT+00:00 Waldbieser, Carl <waldb...@lafayette.edu>:

>
> I'm running CASv5.1.x with the embedded Tomcat service.  I've enabled the
> valve for the extended Tomcat access log, and it is logging the entries I
> expect.
> However, I'm running into problems trying to set up log rotation.
>
> It seems that by default, the log will embed the current date into the log
> file name, and it produces a new file every day.
>
> This format makes it difficult for tools like `logrotate` to clean up the
> log.
>
> My goal is to only keep 3 days of this log at the most-- all our logging
> is centralized via Splunk, so the extra files just eventually will fill up
> the disk.
> I'm running on a Linux system.
>
> Any idea how I can do this without having to write a custom script?
>
> Thanks,
> Carl Waldbieser
> ITS Systems Programmer
> Lafayette College
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/822382531.91398849.
> 1505317676900.JavaMail.zimbra%40lafayette.edu.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKakL1BSTcpkvBPtwC3GthTipxEEDZc-qh6dWWgi2hH5Jw%40mail.gmail.com.

Re: [cas-user] cas 5.0.8 ldap authentication error

[Uxío]

It seems a little typo, one missing comma.

Cheers,

Sent from my iPhone

> On 20 Sep 2017, at 10:15, mceylan  wrote:
> 
> Hi, I am using cas 5.0.8. I am working on Openldap authentication. I get an 
> invalid credentials error when I enter the username and password I created on 
> OpenLDAP.
> 
> 
> add dependency for ldap
> 
> vim pom.xml0
> 
> 
> org.apereo.cas
> cas-server-support-ldap
> ${cas.version}
> 
> 
> mkdir etc/cas/services
> 
> vim etc/cas/services/wildcard.json
> 
> {
>   /*
>* Wildcard service definition that applies to any https or imaps url.
>* Do not use this definition in a production environment.
>*/
>   "@class" :"org.apereo.cas.services.RegexRegisteredService",
>   "serviceId" : "^(http|https|imaps)://.*",
>   "name" :  "HTTP/HTTPS/IMAPS wildcard",
>   "id" :20170828090137,
>   "evaluationOrder" :   9
> }
> 
> 
> 
> vim etc/cas/config/cas.properties
> 
> cas.server.name: https://localhost:8443
> cas.server.prefix: https://localhost:8443/cas
> 
> cas.adminPagesSecurity.ip=127\.0\.0\.1
> 
> cas.authn.accept.users=
> logging.config: file:/etc/cas/config/log4j2.xml
> # cas.serviceRegistry.config.location: classpath:/services
> 
> cas.serviceRegistry.config.location: file:/etc/cas/services
> 
> 
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldap://x.x.x.x:389/dc=example,dc=org
> cas.authn.ldap[0].useSsl=false
> cas.authn.ldap[0].useStartTls=false
> cas.authn.ldap[0].connectTimeout=5000
> cas.authn.ldap[0].baseDn=dc=example,dc=org
> cas.authn.ldap[0].userFilter=uid={user}
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].usePasswordPolicy=false
> cas.authn.ldap[0].bind=cn=admin,dc=example,dc=org
> cas.authn.ldap[0].bindCredential=
> cas.authn.ldap[0].enhanceWithEntryResolver=false
> cas.authn.ldap[0].dnFormat=uid=%s,dc=example,dc=org
> cas.authn.ldap[0].principalAttributeId=uid
> cas.authn.ldap[0].principalAttributePassword=
> cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName
> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true 
> cas.authn.ldap[0].minPoolSize=3
> cas.authn.ldap[0].maxPoolSize=10
> cas.authn.ldap[0].idleTime=2
> cas.authn.ldap[0].validateOnCheckout=true
> cas.authn.ldap[0].validatePeriodically=true
> cas.authn.ldap[0].validatePeriod=600
> cas.authn.ldap[0].failFast=true
> cas.authn.ldap[0].prunePeriod=5000
> cas.authn.ldap[0].blockWaitTime=5000
> cas.authn.ldap[0].allowMultipleDns=false
> cas.authn.ldap[0].passwordEncoder.type=NONE
> cas.authn.ldap[0].principalTransformation.suffix=
> cas.authn.ldap[0].principalTransformation.caseConversion=NONE
> cas.authn.ldap[0].principalTransformation.prefix=
> 
> 
> cas.log 
> 
>  ERROR [org.ldaptive.pool.BlockingConnectionPool] - 
> <[org.ldaptive.pool.BlockingConnectionPool@665869765::name=null, 
> poolConfig=[org.ldaptive.pool.PoolConfig@351521213::minPoolSize=3, 
> maxPoolSize=10, validateOnCheckIn=false, validateOnCheckOut=true, 
> validatePeriodically=true, validatePeriod=PT10M], activator=null, 
> passivator=null, 
> validator=[org.ldaptive.pool.SearchValidator@1746669779::searchRequest=[org.ldaptive.SearchRequest@887831165::baseDn=,
>  searchFilter=[org.ldaptive.SearchFilter@1642584434::filter=(objectClass=*), 
> parameters={}], returnAttributes=[1.1], searchScope=OBJECT, timeLimit=PT0S, 
> sizeLimit=1, derefAliases=null, typesOnly=false, binaryAttributes=null, 
> sortBehavior=UNORDERED, searchEntryHandlers=null, 
> searchReferenceHandlers=null, controls=null, referralHandler=null, 
> intermediateResponseHandlers=null]] 
> pruneStrategy=[org.ldaptive.pool.IdlePruneStrategy@1419684819::prunePeriod=PT1H23M20S,
>  idleTime=PT5H33M20S], connectOnCreate=true, 
> connectionFactory=[org.ldaptive.DefaultConnectionFactory@1700201645::provider=org.ldaptive.provider.jndi.JndiProvider@7ae302f8,
>  
> config=[org.ldaptive.ConnectionConfig@2111733340::ldapUrl=ldap://161.9.194.153:389/dc=mys
>  dc=pardus dc=org, connectTimeout=PT1H23M20S, responseTimeout=null, 
> sslConfig=[org.ldaptive.ssl.SslConfig@1547665927::credentialConfig=null, 
> trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, 
> handshakeCompletedListeners=null], useSSL=false, useStartTLS=false, 
> connectionInitializer=null, 
> connectionStrategy=org.ldaptive.DefaultConnectionStrategy@1109741]], 
> initialized=false, availableCount=0, activeCount=0] unable to connect to the 
> ldap>
> 
> org.ldaptive.provider.ConnectionException: javax.naming.NamingException: 
> Cannot parse url: dc=org [Root exception is java.net.MalformedURLException: 
> Invalid URI: dc=org]
> 
> at 
> org.ldaptive.provider.jndi.JndiConnectionFactory.createInternal(JndiConnectionFactory.java:90)
>  ~[ldaptive-1.2.0.jar:?]
> 
> 

Re: [cas-user] CAS 5.1.6 - throttling and jdbc audit bug

[Uxío Prego]

I noticed days ago the GitHub issues system seems disabled there. Because that 
GitHub central mirror is heavily customized with a lot of goodies, the message 
is clear, and it is _bug tracking is no longer there_.

I assume you are reporting the problem and if there is no answer is because no 
one can (not enough info) or no one wants (already treated, or not enough 
reproduced / reproducible, or not enough interesting, or not enough manpower; 
probably you are going to know in the first place).

I have no idea what you should do. If the problem is still there, is it 
possible to provide a different component for either one or both audit and 
throttling?

I guess audit can be more or less toughly moved down to the DBMS layer. I guess 
even throttling should be possible down in DBMS or ORM, possibly with heavy 
modifications or ugly hacks.

Sent from my iPad

> On 21 Dec 2017, at 20:22, Facundo Mateo  wrote:
> 
> Hi, 
> 
> I have found a problem working together with JDBC audit and jdbc Throttling 
> functionality.
> 
> Basically jdbc datasource configured for throttling override jdbc audit one.  
> I don't think this behaviour is intended. 
> 
> Typically this will work unnoticed. The problem shows up when you want to 
> configure throttling datasource using a diferent connection. In our case, I 
> want a different readonly connection which allow me to balance throttling 
> read queries over a balanced mysql infraestructure. 
> 
> How can I report the problem ? One year ago I was able to submit a ticket on 
> Github but I can not now. 
> 
> Thanks
> 
>   
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BWO7Hhefg-dt2THKpiRW9R7JMzgWuYkTkhOCX7UcT1vc%3DAEMw%40mail.gmail.com.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/E5ED5DDD-AE81-4F8C-B5D5-90FC7D7D7B01%40madiva.com.

Re: [cas-user] Re: Recommendations for CATALINA_OPTS for cas 5.x with tomcat 8.5.x

[Uxío Prego]

Swap is good, generally, but as more dedicated is the server, it should
make less of a difference, because of your -Xmx configuration.

I don't know about the specific numbers of version 5, but (pending knowing
how many concurrent sessions do you normally manage) maybe the server is
having a deployment problem (maybe not).

I think 8G should be enough for your case, but I don't really know. While
you keep investigating, maybe adding swap and more memory can help you...
maybe not!

Good luck with it,

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2017-12-21 16:45 GMT+00:00 William E. <wre0...@uah.edu>:

> Martin,
>
> Thank you.  You might be on to something.  I was quoting from memory and I
> was wrong on swap.  Of the two nodes, both in my mind identical VM's, the
> secondary node has 8GB of swap and a tiny bit used, but the primary, the
> one that is crashing, has no swap configured.  I have requested our systems
> team add 8GB of swap to the primary.
>
> Primary server:
>
>   totalusedfree  shared  buff/cache
>  available
> Mem:8010840 4872660  420488  107484 2717692
>  2679336
> Swap: 0   0   0
>
>
>
> Secondary server:
>
>   totalusedfree  shared  buff/cache
>  available
> Mem:8010972 1192296 1530500   23196 5288176
>  6449948
> Swap:   83886044604 8384000
>
>
> Not sure I understand why it would matter since in theory swap should not
> be needed on a server with 8GB of ram with jvm limit set to 6GB though.
> Any more insight on why, because I would really like to understand the
> reason.
>
>
> Additionally, I've put the shibboleth IDP back into play, effectively
> rendering the saml services in cas "unused".  I am using proxy_ajp to front
> tomcat with apache so it was easy to copy the idp.war into tomcat and
> re-enable the shib-cas-authenticator. I guess my hope of moving from
> cas+shibb. to just cas will have to wait
>
>
> Thanks,
> William
>
> P.S. Jeff, thank you for posting your catalina opts!
>
>
> On Wednesday, December 20, 2017 at 11:30:40 PM UTC-6, Martin Bohun wrote:
>>
>> I have seen the behavior you are describing when people ran cas (tomcat,
>> mysql, etc.) on a (what I would consider a misconfigured) Linux box with 0
>> swap.
>> However you are saying you have 4gb of swap.
>> I still do prefer to set my swap to 2 * $MY_RAM; can you try that? adjust
>> or add a swapfile to your swap (so you have 8gb RAM / 16gb swap), I am
>> curious if that would help / solve your problem?
>> What error messages are you getting in the jvm and syslog/systemd journal
>> from the OS?
>>
>> regards,
>>
>> martin
>>
>> On Thursday, December 21, 2017 at 1:35:45 PM UTC+11, William E. wrote:
>>>
>>> RHEL 7, 8GB ram, swap is 4GB.  It's a VM in our vSphere cluster+SAN.  I
>>> actually have three, two PROD nodes behind a load balancer and one test
>>> node.  All have same specs and all show the issue.  Steadily chews up
>>> memory until eventual crash, 1-6 hours depending on load.
>>>
>>> The asme servers were running cas 3.6 . + shibboleth 3.3.x for quite a
>>> while without memory issues.  Upgraded and tried to consolidate to just cas
>>> 5, using it's saml2 capabilities to replace the shibboleth component.  But,
>>> it's not going as well as I had hoped.
>>>
>>> Been working with Unicon Support on it, but it appears to be a memory
>>> leak in cas 5.2, based on heap analysis.  So I am kinda of stuck.
>>>
>>> Thanks for your help!
>>>
>>>
>>>
>>> On Wednesday, December 20, 2017 at 6:49:39 PM UTC-6, Martin Bohun wrote:
>>>>
>>>> What is your:
>>>> 1. operation system
>>>> 2. how much RAM do you have
>>>> 3. how much swap do you have
>>>>
>>>> if you are on  Linux you can do:
>>>> 1.uname -a
>>>> 2-3. free -m
>>>>
>>>> and post the output here
>>>>
>>>> regards,
>>>>
>>>> martin
>>>>
>>>> On Thursday, December 21, 2017 at 11:00:30 AM UTC+11, William E. wrote:
>>>>>
>>>>> Does anyone have any recommendations for CATALINA_OPTS for cas 5.x on
>>&g

Re: [cas-user] Restrincting service access based on uid

[Uxío]

Is that a suspicious population of a list with comma separated values in string 
containing an implicit list instead of with an explicit list of strings? Or is 
it really meant to be comma separated values in string?

Sent from my iPhone

> On 13 Dec 2017, at 10:00, Sebastien BEAUDLOT 
>  wrote:
> 
> Hi,
> I'm using LDAP with CAS 5.1.5 and want to try restricting access to a service 
> for some users.
> What i did in the service definition :
> 
> "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> },
> "accessStrategy" : {
> "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
> "enabled" : true,
> "ssoEnabled" : true,
> "requiredAttributes" : {
> "@class" : "java.util.HashMap",
> "uid" : [ "java.util.HashSet", [ "user1, user2" ] ]
> }
> }
> 
> In cas.properties, i have
> 
> cas.authn.ldap[0].principalAttributeId=uid
> 
> and
> 
> cas.authn.attributeRepository.defaultAttributesToRelease=uid
> 
> but these users cannot access service : Cannot grant access to service 
> [http://service.domain.tld/] because it is not authorized for use by [user1]
> 
> What am i missing ? 
> 
> Regards.
> 
> --
> Sébastien BEAUDLOT
> 
> Administrateur réseaux, téléphonie et flotte mobile
> 
> Direction Opérationnelle des Systèmes d'Information ( DOSI )
> Pôle Infrastructures
> Université d'Avignon et des Pays de Vaucluse
> 
> Tèl : 04.90.16.26.04
> --
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/937867729.1173640.1513155605101.JavaMail.zimbra%40univ-avignon.fr.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/42683A54-8390-495A-AA54-3F2E834BCB69%40madiva.com.

Re: [cas-user] CAS 3 to 5 migration - properties

[Uxío Prego]

Are any of these blocking your CAS 5 test/dev deployment?

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94 <+34%20917%2056%2084%2094>
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2017-11-27 14:02 GMT+00:00 Adam Causey <apcau...@vcu.edu>:

> We are migrating from CAS 3 to CAS 5 and came across these attributes. Are
> they still used in CAS 5?
>
> "ignoreAttributes": false,
> "anonymousAccess": false
>
> ​Thank you,
> Adam
> ​
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/ap
> ereo.org/d/msgid/cas-user/CAN6MV5PnYc_GWiG1_xsZ2cCEc9mcEcD5C
> Y8cTJpk-WuEedqQSg%40mail.gmail.com
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAN6MV5PnYc_GWiG1_xsZ2cCEc9mcEcD5CY8cTJpk-WuEedqQSg%40mail.gmail.com?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKaHf-tfnCDjOpG616t6AprMBKpu4raFyos%3DDSLgjFVJDA%40mail.gmail.com.

Re: [cas-user] Looking for french consulting

[Uxío Prego]

If it absolutely has to be a french or french-heritage team and in case you
failed to find one, I'd advice you to just pick a small *good* french Java
team.

Further advice depending on constraints... user volume, requests volume,
on-premises / on-cloud, persistence types, etc...

Have good luck with your migrations, regards,

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2017-11-17 12:05 GMT+00:00 Fabio Martelli <fabio.marte...@gmail.com>:

> Hi Goulven, my company Tirasa [1] provides support for Apereo CAS (AM) and
> Apache Syncope (IdM).
> Unfortunately we don't have any French team. Is this really a strong
> constraint?
>
> BR,
> F.
>
> [1] http://www.tirasa.net/businessproposition/identity-
> access-management.html
>
>
> Il 16/11/2017 12:06, Goulven ha scritto:
>
> Hi,
>
> We are a banking company, looking for a commercial support about CAS in
> france (migration project). Do you know some french teams able to provide
> that ?
>
> Thanks
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/10ba1ffe-ade7-4a7d-870d-
> 8db5e6e67b2a%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/10ba1ffe-ade7-4a7d-870d-8db5e6e67b2a%40apereo.org?utm_medium=email_source=footer>
> .
>
>
> --
> Fabio 
> Martellihttps://it.linkedin.com/pub/fabio-martelli/1/974/a44http://blog.tirasa.net/author/fabio/index.html
>
> Tirasa - Open Source 
> Excellencehttp://www.tirasa.net/index.html?pk_campaign=email_kwd=fm
>
> Apache Syncope PMChttp://people.apache.org/~fmartelli/
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/7916bf1e-f1fd-2471-f8d4-
> e7b15569778c%40gmail.com
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/7916bf1e-f1fd-2471-f8d4-e7b15569778c%40gmail.com?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKbyqkSvfgV6Nky9ucXTCizx-29ns7krEFS%2B9qwK5A7%3D1w%40mail.gmail.com.

Re: [cas-user] Adding/Modifying Service Registry Entries

[Uxío]

A CAS service of the 3.x line I help maintaining uses JDBC for the service 
registry, not sure why or if were there any other options for it back then.

Regards,

Sent from my iPhone

> On 15 Nov 2017, at 18:15, Scott Gennari  wrote:
> 
>> On 11/15/2017 12:03 PM, George Lawson-Crowson wrote:
>> Hello all,
>> 
>> We recently updated one of our services which broke its CAS integration. I 
>> receive the error "Application Not Authorized to Use CAS" and found that it 
>> was due to a service registry issue. I went and read about CAS service 
>> registries but am unsure how to find/update our service registry 
>> configuration.
>> 
>> I'm lost here so help would be greatly appreciated.
>> 
>> Oh, and we're still using CAS 3.4.11. An upgrade is in our future.
> 
> The service registry is defined using JSON configuration files. Not having 
> used CAS 3.x, I'm not sure where the default location is, you could just 
> search for '*.json' on your root CAS directory and go from there.
> 
> In CAS 5.1, we keep all our JSON files in /etc/cas/config.
> 
> Hope this helps.
> 
> Scott
> 
> 
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/567962f7-8e8b-e291-bd53-a71ae9a7a27e%40simons-rock.edu.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/D7AE8DEE-8011-4636-B160-BDFA54F4B233%40madiva.com.

Re: [cas-user] Is the CAS sever and client both two side need same java version?

[Uxío Prego]

You have to stop using the obsolete Java 6 in the client, or explicitly
enable the insecure Diffie Helman 1024 configuration in the server.

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2017-11-13 8:52 GMT+00:00 zl anson <zl.an...@gmail.com>:

> Hello, everyone,
>   I used CAS5.1 server  on centos, and the jdk is 1.8
>  and the CAS client use jboss 4.2.3 and jdk is 1.6, and when we do
> intergrate,there is a error like below, is the CAS require same jdk version
> for servr and client?
>  Any help would be appricate!.
>
> -
>
> HTTP Status 500 -
> --
>
> *type* Exception report
>
> *message*
>
> *description* *The server encountered an internal error () that prevented
> it from fulfilling this request.*
>
> *exception*
>
> java.lang.RuntimeException: javax.net.ssl.SSLException: 
> java.lang.RuntimeException: Could not generate DH keypair
>   
> org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:443)
>   
> org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41)
>   
> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193)
>   
> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:204)
>   
> org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97)
>   
> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
>
> *root cause*
>
> javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH 
> keypair
>   com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
>   
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
>   
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1708)
>   
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1691)
>   
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1222)
>   
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
>   
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
>   
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
>   
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1195)
>   
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
>   
> org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:429)
>   
> org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41)
>   
> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193)
>   
> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:204)
>   
> org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97)
>   
> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
>
> *root cause*
>
> java.lang.RuntimeException: Could not generate DH keypair
>   com.sun.net.ssl.internal.ssl.DHCrypt.(DHCrypt.java:114)
>   
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:559)
>   
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:186)
>   com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
>   
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
>   
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)
>   
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
>   
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
>   
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
>   
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
>   
> sun.net.www.protocol.https.Abs

Re: [cas-user] Re: CAS 5.1.3 - Map Single log out request to current client app session

[Uxío]

If I understood correctly, you only need a very vanilla CAS deployment and you 
have out of the box all those features you need.

Follow up in case of any misunderstanding.

Hope that helped. Regards,

Sent from my iPhone

> On 02 Nov 2017, at 12:24, Edward  wrote:
> 
> Just want to elaborate more on what i am trying to do:
> 
> 1. during login i want to save the service-ticket to database with 
> status=active
> 2. once CAS logout is triggered (from other app or via url-../cas/logout) 
> inside my logout method, i will update service-ticket status to 'loggedOut.
> 3. subsequent action in my current app will notice that current status is now 
> "loggedOut" so it will force to invalidate the session and force user to 
> re-login
> 
> i can get service-ticket id during logout, 
> but how to get service-ticket-id during login?
> 
> Thanks all,
> 
> 
>> On Thursday, 2 November 2017 19:14:25 UTC+8, Edward wrote:
>> Hi All,
>> I am using CAS 5.1.3
>> and  have configured Single Log Out for my CAS Oauth2 client.
>> 
>> from the cas.log, once i trigger CAS-Logout from this url: 
>> (https://mydomain.com:8443/cas/logout), CAS did successfully send this 
>> logout message to my client app.:
>> 
>> > ID="LR-22-Dngg6HgOXzM3CoVSU9dNObcWaC3TJlgMAT0" Version="2.0" 
>> IssueInstant="2017-11-02T18:11:25Z">
>>> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@NOT_USED@
>>
>> ST-34-NGtUaZ5HfWFBMEiH7UDq-DOMAIN123767
>> 
>> 
>> my client-app logout method get called, and i can see this message coming in.
>> the problem is how do i map back this service ticket 
>> "ST-34-NGtUaZ5HfWFBMEiH7UDq-DOMAIN123767" to my current client session? 
>> so that i can clear the specific session for this service ticket.
>> as i am using oauth protocol, my cas-oauth client didn't know the 
>> service-ticket information.
>> 
>> is there any way i can get the service ticket information during login?
> 
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3b6e5178-677e-4fc0-a000-3c2a1e5952b3%40apereo.org.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2E47B027-666E-4163-ABFB-16BA9C804F1A%40madiva.com.

Re: [cas-user] cas.js javascript error in certain browser

[Uxío Prego]

Store what the program is trimming in local variables, log those variables
and their types to console, and work around them.

Cheers,

On Mon, 18 Sep 2017 at 17:16, K S <singh.kri...@gmail.com> wrote:

> I am getting Object does not support property or method  trim()
>  javascript error . Is there a workaround to this error in cas.js . the
> code is below .
>
> function disableEmptyInputFormSubmission() {
>
> $('#fm1 input[name="username"],[name="password"]').on("input", function 
> (event) {
> var enableSubmission = $('#fm1 input[name="username"]').val().trim() 
> &&
>$('#fm1 input[name="password"]').val().trim();
>
> if (enableSubmission) {
> $("#fm1 input[name=submit]").removeAttr('disabled');
> event.stopPropagation();
> } else {
> $("#fm1 input[name=submit]").attr('disabled', 'true');
> }
> });
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e96c32d0-54b4-48de-8903-0e8ebcfed924%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/e96c32d0-54b4-48de-8903-0e8ebcfed924%40apereo.org?utm_medium=email_source=footer>
> .
>
-- 
Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKZbnvqoMShHuUchjeJjKNxAjwyBRYmrBy%2BD9vKJVh%2ByvA%40mail.gmail.com.

Re: [cas-user] CAS 5.0.5 password warning login?execution= too long for Windows IE/Edge browsers

[Uxío Prego]

So lengthy HTTP GET URLs are anti pattern.

I guess this advice will not be useful to you, but for other people could do.

If you absolutely are to stick with those huge URLs and GET methods, and you
have access to the source code of both software ends, you can easily do by
creating an informal GUID on the calling site, storing the parameters in a data
base, any type fits, do the call passing only the key, fetching the parameters
from the data base on the called software that knows the key now, removing them
from data base after fetching them, finally using the fetched parameters like
if those had been passed normally via HTTP.


> On 18 Aug 2017, at 23:56, Duane Booher  wrote:
> 
> Further clarification, when the continue button work with the other browsers 
> the url length is approximately 19k. However with the Windows IE and Edge 
> browsers, the url is cut off at around 10k.
> 
> We are closing in on a CAS5 production deployment, any suggestions?
> 
> On Friday, August 18, 2017 at 2:42:54 PM UTC-7, Duane Booher wrote:
> We have cas.authn.ldap[0].passwordPolicy.warningDays=5 firing a password 
> change warning from casLoginMessageView.html
> 
> When we press continue, then the URL fires with login?execution=... being too 
> long for the Windows IE/Edge browsers. 
> 
> It works for all of the other host browsers, are there any alternatives to 
> this?
> 
> Duane
> 
> 
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/57de93e6-e186-4555-bdd8-0f7863e6b0aa%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CD24DBEE-5EFC-4BB6-8C44-A70E2318CD55%40madiva.com.

Re: [cas-user] Re: CAS 4.2.7 ticket validating failed

[Uxío Prego]

Make sure

service ticket not expiring by time
, service ticket not expiring by max number of uses reached
, service ticket not expiring because ticket granting ticket is expired
(happens).

Logging out parent ticket granting ticket clears all children service tickets
that is a possible cause of not recognizing a service ticket just created.

> On 18 Aug 2017, at 15:20, thomas  wrote:
> 
> hi tom,
> 
> It is a copy/paste error i've done 
> correct call is :
> 
> https://int-sso.example.com/cas/p3/serviceValidate?ticket=ST-1764-1lAgfQwbrmpIsp5c2kcT-int-sso.example.com=https%3A%2F%2Fapp.example.com%2Flogin
>  
> 
> 
> I use memcache for ticket registry.
> 
> Le vendredi 18 août 2017 09:52:24 UTC+2, thomas a écrit :
> Hi all, 
> 
> 
> I'm facing a problem of ticket validating on cas 4.2.7. 
> 
> I do tests with curl. 
> 
> There is the steps I do to reproduce problem : 
> 
> 1/Login and get TGT 
> curl -X POST https://int-sso.example.com/cas/v1/tickets -d 
> "username=xxx=xxx" 
> --> I catch TGT : 
> TGT-14-scrMLORgxLfThHRCOnVh66wI2f9DrPOzSasCRfseSECZnGcXM4-int-sso.example.com 
> Get ST according to TGT 
> 
> curl -X POST 
> https://int-sso.example.com/cas/v1/tickets/TGT-14-scrMLORgxLfThHRCOnVh66wI2f9DrPOzSasCRfseSECZnGcXM4-int-sso.example.com
>  -d "service=https%3A%2F%2Fapp.example.com%2Flogin" 
> --> I catch ST : ST-1764-1lAgfQwbrmpIsp5c2kcT-int-sso.example.com 
> 
> Finally, I ask CAS to validate my ticket, and I always have same answer : 
> 
> Call : 
> https://int-sso.example.com/cas/p3/serviceValidate?ST-1764-1lAgfQwbrmpIsp5c2kcT-int-sso.example.com=https%3A%2F%2Fapp.example.com%2Flogin
>  
> 
> response : 
> 
>  
>  
> Ticket 
> ST-1764-1lAgfQwbrmpIsp5c2kcT-int-sso.example.com not recognized 
>  
>  
> 
> 
> And in catalina.out, I have the same thing : 
> 
> 
>  
> 
> = 
> WHO: audit:unknown 
> WHAT: 
> TGT-***t0Tc3Y9B3x-int-sso.example.com
>  
> ACTION: TICKET_GRANTING_TICKET_CREATED 
> APPLICATION: CAS 
> WHEN: Thu Aug 17 16:49:11 CEST 2017 
> CLIENT IP ADDRESS: xxx 
> SERVER IP ADDRESS: 172.20.1.8 
> = 
> 
> ... 
> 
> = 
> WHO: u...@xx.com 
> WHAT: ST-1764-1lAgfQwbrmpIsp5c2kcT-int-sso.example.com for 
> https://app.example.com/login 
> ACTION: SERVICE_TICKET_CREATED 
> APPLICATION: CAS 
> WHEN: Thu Aug 17 16:49:42 CEST 2017 
> CLIENT IP ADDRESS: xxx 
> SERVER IP ADDRESS: 172.20.1.8 
> = 
> ... 
> 
> 2017-08-17 16:50:09,663 DEBUG 
> [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] -  argument [String] for audit> 
> 2017-08-17 16:50:09,663 DEBUG 
> [org.jasig.cas.CentralAuthenticationServiceImpl] -  [ST-1764-1lAgfQwbrmpIsp5c2kcT-int-sso.example.com] by type [Ticket] cannot be 
> found in the ticket registry.> 
> 2017-08-17 16:50:09,665 DEBUG 
> [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] -  locate ticket [ST-1764-1lAgfQwbrmpIsp5c2kcT-int-sso.example.com] in the 
> registry> 
> 2017-08-17 16:50:09,665 INFO 
> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN 
> = 
> WHO: audit:unknown 
> WHAT: ST-1764-1lAgfQwbrmpIsp5c2kcT-int-sso.example.com 
> ACTION: SERVICE_TICKET_VALIDATE_FAILED 
> APPLICATION: CAS 
> WHEN: Thu Aug 17 16:50:09 CEST 2017 
> CLIENT IP ADDRESS: xxx 
> SERVER IP ADDRESS: 172.20.1.8 
> = 
> 
> 
> Am I doing something wrong ? 
> 
> Thanks 
> 
> -- 
> 
> Thomas 
> 
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/02dbea15-3484-4600-ae6b-5f48d0d20070%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 

Re: [cas-user] Re: Tomcat and CAS Newbie Need Help with Google SSO Overlay

[Uxío]

Coming from 3.x you are likely to have a bad time wrangling the customization 
stage.

Since I started reading these mails about a year ago, I have read one gifted 
person was able to self make an upgrade path from 3 to 5.

IINM most peoples rework their CAS 5 customizations from scratch and from their 
clear list of requirements.

Cheers and regards,

Sent from my iPhone

> On 17 Aug 2017, at 17:55, Bob Dill  wrote:
> 
> Hi All,
> 
> I wanted to say thank you for your help (Uxio, Ng Sek Long). I did some 
> reading and decided to start from scratch with version 5.1.2. I downloaded 
> the cas overlay project from github, ran the build script and deployed the 
> resulting cas.war file. I now have a running version of the cas application. 
> Yay! Now, I'm working on configuring it to suite my needs. I will open a new 
> thread regarding that. 
> 
> Thank you for the suggestions.
> 
> ~ Bob
> 
>> On Friday, August 11, 2017 at 12:15:42 PM UTC-5, Bob Dill wrote:
>> Hi All,
>> 
>> I'm a newbie when it comes to CAS and Tomcat Web Servers. I need to set up 
>> SSO with Google using CAS. I have read the documentation at 
>> https://apereo.github.io/cas/4.2.x/integration/Google-Apps-Integration.html 
>> although I am using version 3.5.2. I'm stuck on the first step of adding a 
>> dependency for a CAS overlay. Do I need to download the overlay? Do I need 
>> to rebuild the project? Is there a nice step-by-step guide that will teach 
>> me how to perform these basic steps? I've been searching for hours, and I'm 
>> not making any progress.
>> 
>> Thank in advance,
>> ~ Bob
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/15f0c419-7db0-4815-8390-289edca39502%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/A200625A-6618-4C6F-B414-6814ED1F0DBC%40madiva.com.

Re: [cas-user] JVM Heap Kept Growing every day

[Uxío Prego]

I would reboot CAS servers nightly, if you can afford that.

Try a TGT lifetime of several hours and an ST lifetime of some minutes. But I 
can't tell the rationale.

> On 16 Aug 2017, at 19:54, Uxío Prego <upr...@madiva.com> wrote:
> 
> Never used hazelcast ticket registry nor 5.0.x, still those figures seem 
> normal to me.
> 
> If you just can't kill the curiosity, I recommend you saving a snapshot of 
> your Debian GNU/Linux CAS server, then installing xorg, xserver, lightdm, and 
> a lightweight desktop environment of your choice, and visualvm; then fetching 
> your CAS process from visualvm and profit from great stats and insights. When 
> you are satisfied you restore the saved snapshot so finally everything keeps 
> as clean and performant as before the intervention.
> 
> Cheers and regards,
> 
>> On 16 Aug 2017, at 18:54, RJ <ssogu...@gmail.com 
>> <mailto:ssogu...@gmail.com>> wrote:
>> 
>> We have seen that system is heavily swapping after a few days of CAS uptime.
>> 
>> JVM Heap args are Xms 4096m & Xmx4096m, but it kept every day.
>> 
>> Is there a way to find out whats taking all this space? We are talking about 
>> 3000 logins a day. This is pretty much common every day. I was hoping that 
>> old tickets get expired and new tickets get created and stay active for 8 
>> hours. If thats working, memory requirement should not keep increasing every 
>> day. 
>> 
>> jvm.memory.heap.usage in stats file kept growing from 3% to 50% within 3 
>> days of uptime.
>> 
>> I don't understand why the tickets are not cleaned up/expired. Is there a 
>> way to know the no# of tickets..etc ? We disabled /status URI though.
>> 
>> What parameters do you guys use for TGT lifetime and ST lifetime?
>> 
>> We just use LDAP and hazelcast ticket registry with 5.0.5.
>> 
>> Thanks
>> RJ
>> 
>> -- 
>> - CAS gitter chatroom: https://gitter.im/apereo/cas 
>> <https://gitter.im/apereo/cas>
>> - CAS mailing list guidelines: 
>> https://apereo.github.io/cas/Mailing-Lists.html 
>> <https://apereo.github.io/cas/Mailing-Lists.html>
>> - CAS documentation website: https://apereo.github.io/cas 
>> <https://apereo.github.io/cas>
>> - CAS project website: https://github.com/apereo/cas 
>> <https://github.com/apereo/cas>
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+unsubscr...@apereo.org 
>> <mailto:cas-user+unsubscr...@apereo.org>.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACNfiMJErDCzexjenLo-2tA2JNmbYHLx3JJUNaw_pE6KJvPsSA%40mail.gmail.com
>>  
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACNfiMJErDCzexjenLo-2tA2JNmbYHLx3JJUNaw_pE6KJvPsSA%40mail.gmail.com?utm_medium=email_source=footer>.
> 

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6DDC6273-136B-41E0-99EF-AA663DAEE428%40madiva.com.

Re: [cas-user] JVM Heap Kept Growing every day

[Uxío Prego]

Never used hazelcast ticket registry nor 5.0.x, still those figures seem normal 
to me.

If you just can't kill the curiosity, I recommend you saving a snapshot of your 
Debian GNU/Linux CAS server, then installing xorg, xserver, lightdm, and a 
lightweight desktop environment of your choice, and visualvm; then fetching 
your CAS process from visualvm and profit from great stats and insights. When 
you are satisfied you restore the saved snapshot so finally everything keeps as 
clean and performant as before the intervention.

Cheers and regards,

> On 16 Aug 2017, at 18:54, RJ  wrote:
> 
> We have seen that system is heavily swapping after a few days of CAS uptime.
> 
> JVM Heap args are Xms 4096m & Xmx4096m, but it kept every day.
> 
> Is there a way to find out whats taking all this space? We are talking about 
> 3000 logins a day. This is pretty much common every day. I was hoping that 
> old tickets get expired and new tickets get created and stay active for 8 
> hours. If thats working, memory requirement should not keep increasing every 
> day. 
> 
> jvm.memory.heap.usage in stats file kept growing from 3% to 50% within 3 days 
> of uptime.
> 
> I don't understand why the tickets are not cleaned up/expired. Is there a way 
> to know the no# of tickets..etc ? We disabled /status URI though.
> 
> What parameters do you guys use for TGT lifetime and ST lifetime?
> 
> We just use LDAP and hazelcast ticket registry with 5.0.5.
> 
> Thanks
> RJ
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas 
> 
> - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html 
> 
> - CAS documentation website: https://apereo.github.io/cas 
> 
> - CAS project website: https://github.com/apereo/cas 
> 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org 
> .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACNfiMJErDCzexjenLo-2tA2JNmbYHLx3JJUNaw_pE6KJvPsSA%40mail.gmail.com
>  
> .

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/736CA52C-CD1B-4DBC-8A1C-2E5030D33018%40madiva.com.

Re: [cas-user] Having issues w/ trustedDevice in 5.1.2

[Uxío]

I had a bad time trying to tweak CAS 3 with postgres ticket registry to use 
bytea for lobs, instead of oid, ended up using oid and assuming the included 
pita and believing there is a bug relating how hibernate 4 handles ticket 
removal when using postgres [oid] large objects (update/delete most possibly 
requiring multiple data unlinking ops just after commiting transaction).

If I were to want the supposed bug to be solved for CAS (not the case) I would 
open issue in CAS even thouh really sure it is (seems at least) an hibernate 
bug. The reason for it is that even there are more or less maintained public 
roadmaps often only someone in the team really knows the truth on the facts for 
the multiplicity of data access layer back ends.

CAS seems to have an historical affinity with particular versions of mysql and 
oracle to a lesser extent.

Targeting maria or not is mandatory for hibernate I would say (so that said, 
plans or mission statements are no guarantee for anything), but in the scope of 
CAS is something to be decided by the CAS committee.

I would open a github issue.

Sent from my iPhone

> On 16 Aug 2017, at 12:55, Matt Elson  
> wrote:
> 
>> On 08/15/2017 04:47 PM, Matt Elson wrote:
>> 
>> Both look like the SQL statements are getting incorrectly formed or
>> truncated in some format; going to be firing up more debugging on
>> mariadb/mysql side of things and will try other DBs later.
>> 
>> Just figured I'd throw it out there in case the underlying cause of this
>> new issue of mine is a really obvious one.
> 
> Turns out it's pretty simple.
> 
> The fields "date" and "key" are reserved words in mysql/mariadb and
> aren't being quoted/backticked properly so causing the SQL errors.
> Changing the names to something like trustedDate and trustedKey in
> MultiFactorAuthenticationRecord  and altering the explicit SQL queries
> in JpaMultifactorAuthenticationTrustStorage accordingly causes the DDL
> and subsequent inserts to succeed in my brief testing.
> 
> While playing with that, a length of 255 isn't sufficient for the key
> value once encryption takes place; had to bump it up to 1000 or so.
> 
> Not familiar with hibernate so not sure if it's supposed to take care of
> this sort of quoting/escaping, so not sure who to report this seeming
> bug to.
> 
> Matt
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/458110c3-b065-e8a2-052f-140025781224%40fastmail.net.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4BDD2C52-C382-4DAE-BC84-E7D9DC73300B%40madiva.com.

Re: [cas-user] CAS 5.1.2 step by step documentation

[Uxío Prego]

Make sure you already read and understood these articles from the
maintainer.

https://apereo.github.io/2016/10/04/casbootoverlay/
https://apereo.github.io/2017/02/21/cas-autocfg-strategy/
https://apereo.github.io/2017/03/28/cas5-gettingstarted-overlay/

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2017-08-14 11:26 GMT+02:00 satheesh k <uksathe...@gmail.com>:

> HI All,
>
> We are implementing CAS 5.1.2 in our projct. I need to set up SSO with our
> application using CAS. I have read the documentation at
> https://apereo.github.io/cas/5.1.x/planning/Installation-Requirements.html
> .We stuck on the implementation of CAS 5.1.2 in our project. Is there a
> step-by-step guide that will teach me how to perform these basic steps?
>
> Thanks,
> Satheesh. K
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/
> Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/41a2f91f-fcbc-4b4d-8228-
> 1d47ab672e68%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/41a2f91f-fcbc-4b4d-8228-1d47ab672e68%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKZFr%3DiazhMycknpFsT2GSg059s-d%3DjfUhgzB78qWOc3JA%40mail.gmail.com.

Re: [cas-user] Tomcat and CAS Newbie Need Help with Google SSO Overlay

[Uxío Prego]

Not able to help.

Make sure you already read these articles from the maintainer.

https://apereo.github.io/2016/10/04/casbootoverlay/
https://apereo.github.io/2017/02/21/cas-autocfg-strategy/
https://apereo.github.io/2017/03/28/cas5-gettingstarted-overlay/

Regards,

> On 11 Aug 2017, at 19:15, Bob Dill  wrote:
> 
> Hi All,
> 
> I'm a newbie when it comes to CAS and Tomcat Web Servers. I need to set up 
> SSO with Google using CAS. I have read the documentation at 
> https://apereo.github.io/cas/4.2.x/integration/Google-Apps-Integration.html 
> although I am using version 3.5.2. I'm stuck on the first step of adding a 
> dependency for a CAS overlay. Do I need to download the overlay? Do I need to 
> rebuild the project? Is there a nice step-by-step guide that will teach me 
> how to perform these basic steps? I've been searching for hours, and I'm not 
> making any progress.
> 
> Thank in advance,
> ~ Bob
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1eacce5a-71b9-487c-afc9-e6c91d6c3144%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8198B0B9-DC01-40B1-AA05-D2C4B0E511EF%40madiva.com.

Re: [cas-user] Setting up SSL

[Uxío Prego]

You should not be running Java with super user privileges, ever. Specially in
production environments.

When on Linux additional configuration is necessary to allow an operating
system level user account access to well known ports in the first 1K range.

OP likely to have had indeed the port held by a previous instance of CAS.

> On 19 Jul 2017, at 15:23, Toby Archer  wrote:
> 
> First thing that comes to my mind is checking if there is anything on that 
> port. try running:
> 
> netstat -a | grep "" 
>  That should tell you whether or not there is anything else listening on that 
> port. 
> 
> My other thought would be to try and let it be the default configuration, 
> which is 8443 I believe. See if it accepts that.
> 
> Oh, the other thing that occurred to me is try running it as a privileged 
> user, i.e. sudo. Some distros don't let unprivileged users bind to ports 
> below 1.
> 
> I'm still very much so a rookie at CAS, but hopefully these suggestions will 
> be helpful. Quoth the blind man leading the blind.
> 
> On Wednesday, July 19, 2017 at 2:32:50 AM UTC-5, David Rodriguez Gonzalez 
> wrote:
> Good morning everyone,
> 
> I am having problems setting up https in CAS 5.0.x gradle overlay, maybe you 
> could give me a hand.
> 
> I have the following properties in application.yml, keystore properties 
> duplicated to see if it works
> 
> server:
>   port: 
>   ssl:
> enabled: true
> keyStorePassword: changeit
> key-store-password: changeit
> keyPassword: changeit
> key-password: changeit
> keyStore: file:/etc/cas/thekeystore
> key-store: file:/etc/cas/thekeystore
> 
> 
> But I'm getting this:
> 
> ***
> APPLICATION FAILED TO START
> ***
> 
> Description:
> 
> The Tomcat connector configured to listen on port  failed to start. The 
> port may already be in use or the connector may be misconfigured.
> 
> Action:
> 
> Verify the connector's configuration, identify and stop any process that's 
> listening on port , or configure this application to listen on another 
> port.
> 
> 
> Thanks a lot!
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cb1ff7e4-c790-4653-927b-44afcdf14553%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/B0BC35CB-8DFD-4A24-99D0-CC38D1DE9174%40madiva.com.

Re: [cas-user] CAS ADFS Integration

[Uxío Prego]

Let us hope am wrong, but reminds me vaguely of
https://groups.google.com/a/apereo.org/d/msg/cas-user/BwnFLyc8TnY/6NjFsnIEAQAJ

Best of luck,

> On 17 Jul 2017, at 09:23, Антон Шихмат  wrote:
> 
> Hello everyone,
> 
> On my current project we use CAS with configured custom database 
> authentication provider.
> 
> Few weeks ago we received request from our client to integrate CAS with their 
> ADFS. 
> I did it using provided tutorial on CAS website. After that only ADFS 
> authentication can be used. What I mean – when user tries to open secured 
> page, ADFS logic page is displayed, so user can use only his ADFS credentials 
> and cannot navigate to regular logic page (where database authentication is 
> configured).
> 
> So my question is – is it possible to have a database authentication provider 
> configured as primary one (with default login page) and to have button on 
> that page that will redirect to ADFS authentication provider?
> 
> Thanks,
> Anton
> 
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas 
> 
> - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html 
> 
> - CAS documentation website: https://apereo.github.io/cas 
> 
> - CAS project website: https://github.com/apereo/cas 
> 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org 
> .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5254c733-f507-46e0-ab43-a0a67022c2a5%40apereo.org
>  
> .

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/B6930B01-0EDC-4199-B933-E1053778E231%40madiva.com.

Re: [cas-user] Re: CAS 5.1 Mariadb runtime issues

[Uxío]

How many applications, if it is not asking too much? 

Sent from my iPhone

> On 27 Jun 2017, at 19:33, Richard Frovarp  wrote:
> 
> You can just include your own JDBC driver dependency instead of using the 
> previous version. Not having them is preferable for us as we use the same 
> Tomcat instance for several things and have the JDBC driver central as the 
> MySQL one doesn't like application restarts and leaks. So I had to previously 
> exclude all of the drivers.
> 
>> On 06/27/2017 09:23 AM, 'Iain Workman' via CAS Community wrote:
>> I would also be interested in a solution to this, as I have been 
>> experiencing the same issue.
>> 
>> As an interim solution I forced the application to make use of the 
>> dependency package from the previous version (which has worked without this 
>> error) in the pom.xml
>> ...
>> 
>> org.apereo.cas
>> cas-server-support-jdbc-drivers
>> 5.0.6
>> 
>> ...
>> 
>> 
>> -- 
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines: 
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6403e8f5-24cb-45a9-92fd-2df2cf883f2b%40apereo.org.
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/b4918949-280c-7ae9-c1e6-a285557a301b%40ndsu.edu.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/58740D46-BAD1-4B95-9EE4-99016A431309%40madiva.com.

Re: [cas-user] JPA Service Registry Persistence (CAS 5.0.6)

[Uxío Prego]

There are some or at least one configuration keys named $BLAH.jpa.ddlAuto or
$BLAH.jpa.ddl.auto that if are set to (or defaulting to) 'create-drop' might be
causing those table dropping.

> On 15 Jun 2017, at 23:32, 'Iain Workman' via CAS Community 
>  wrote:
> 
> I am currently trying to configure the service registry for a CAS server 
> (Maven Overlay, v5.0.6) using mysql as the persistent backend as per the 
> information here. The intention is to also have a cas-management application 
> for the creation/updating etc. of the services. 
> 
> My current contents of pom.xml has the required dependency:
> 
> 
>   org.apereo.cas
>   cas-server-support-jpa-service-registry
>   ${cas.version}
> 
> 
> with the following settings in etc/cas/cas.properties
> 
> # Service Registry Settings
> ###
> cas.serviceRegistry.jpa.healthQuery: SELECT 1 FROM INFORMATION_SCHEMA.TABLES
> cas.serviceRegistry.jpa.driverClass: com.mysql.cj.jdbc.Driver
> cas.serviceRegistry.jpa.url: jdbc:mysql://localhost:3306/cas_services
> cas.serviceRegistry.jpa.dialect: org.hibernate.dialect.MySQL5Dialect
> cas.serviceRegistry.jpa.user: ***
> cas.serviceRegistry.jpa.password:**
> 
> This seems to work insofar as the tables are initialized and populated with 
> the standard default entries. Unfortunately when the cas server process is 
> shut down it drops all the tables which contain the service registry data. 
> This doesn't seem particularly persistent to me and, if a cas-management 
> application is running as the same time then it will crash when it finds its 
> data tables no longer exist. The server outputs the following on exit:
> 
> alter table RegisteredServiceImpl_Props drop foreign key 
> FK1xan7uamsa94y2451jgksjkj4
> Hibernate: alter table RegisteredServiceImpl_Props drop foreign key 
> FK5ghaknoplphay7reury7n3vcm
> Hibernate: drop table if exists hibernate_sequence
> Hibernate: drop table if exists RegexRegisteredService
> Hibernate: drop table if exists RegexRegisteredServiceProperty
> Hibernate: drop table if exists RegisteredServiceImpl_Props
> 
> Is there some element to the persistent storage of services which I am not 
> understanding, or is there a configuration mistake which I have made?
> 
> Thanks
> 
> 
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6db951e8-daff-4e76-bb18-f2a40e64%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/C9D0851F-7F7A-4F78-ABEE-C862EE59E5D1%40madiva.com.

[cas-user] Re: What's cooking in unaffiliated@cas-user

[Uxío Prego]

Have not figured yet how to work it out as a small change without breaking the
tests. And I have learned to simulate `vacuumlo` in RDS using SQL, plpgsql, and
shell; in the meanwhile. So it's very likely will stick in vanilla
'cas-server-core' until we phase out to CAS 5 endlich, instead. And give up any
thoughts on CAS 3 further patching.

Sorry for the noise,

> On 24 May 2017, at 18:11, Uxío <upr...@madiva.com> wrote:
> 
> Fast note to tell am somewhat working in a small hack branch of CAS Server 3 
> core in order to enable tickets' POJOs in JPA mapping under PostgreSQL to be 
> stored as byteas instead of as oids (i.e. b?lobs).
> 
> Additional tags: cas-server-core, abstractticket, ticketgrantingticket, 
> serviceticket, hibernate, jdbc, postgres, lob, blob, bytea, aws, ec2, rds, 
> dms, sct.
> 
> Future-proof following up contact this same handle at the sld outlook tld com.
> 
> Sent from my iPhone

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/458020A7-3554-4AB3-A937-F6D77DF78F24%40madiva.com.

Re: [cas-user] Encrypted database password in jdbc authn

[Uxío Prego]

Did not
cas.authn.jdbc.query[0].passwordEncoder.type=com.example.CustomPasswordEncoder
(https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#query-database-authentication)
suit your mileage?

> On 6 Jun 2017, at 19:58, Soumya Tripathy  wrote:
> 
> Hi,
> Can we configure cas to use custom encryption for database password as well?
> 
> I want to use cas.authn.jdbc.query[0].password=$EncryptedSecret$ instead of 
> cas.authn.jdbc.query[0].password=PlainSecret.
> 
> 
> 
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/c7fda9b6-2dd0-48b0-ae66-2ed9fb0793cf%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/B3B66496-24CD-4B4D-B61D-C42966A3639A%40madiva.com.

[cas-user] What's cooking in unaffiliated@cas-user

[Uxío]

Fast note to tell am somewhat working in a small hack branch of CAS Server 3 
core in order to enable tickets' POJOs in JPA mapping under PostgreSQL to be 
stored as byteas instead of as oids (i.e. b?lobs).

Additional tags: cas-server-core, abstractticket, ticketgrantingticket, 
serviceticket, hibernate, jdbc, postgres, lob, blob, bytea, aws, ec2, rds, dms, 
sct.

Future-proof following up contact this same handle at the sld outlook tld com.

Sent from my iPhone

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/71B8C18D-BC66-4C0D-94DF-45774315A6BA%40madiva.com.

Re: [cas-user] How to track login failure attempts and update the failure counter in database

[Uxío]

I might be able to give some advice, only if by a somewhat big gotcha you are 
referring CAS 3.

If it is CAS 4 or 5, if it was me and I thought the docs were not enough about 
it, I would file an issue requesting the capability or, if ready, enhanced 
explain.

Could you just use throttling of failed log in attempts instead of everything 
else? Isn't it better for anyone? No angered users because of locked accounts, 
no further dev, no further doc. Trust what is already available OOTB. Tell your 
product owner to try to find a solution not involving custom sources nor GitHub 
issuing.

Sent from my iPhone

> On 11 May 2017, at 09:57, sachin khanna  wrote:
> 
> Hi,
> 
> I have implemented CAS server and i am able to successfully authenticate user 
> by jdbc authentication.
> 
> Now i want to track login failure attempts of user and locked out user's 
> account after 3 failure attempts.
> 
> for that i would need to add counter and on specific count, i would need to 
> update user's status in DB.
> 
> Please suggest the implementation or share code??
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/644ca915-8884-4eb2-a296-5e8d2e859c59%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/B33BBC86-EAAE-4214-BA67-A775ECD5CC2E%40madiva.com.

Re: [cas-user] wbr...@gmail.com

[Uxío Prego]

Yeh, go google, paste there 'apereo server and client version mapping' if
you are lucky you should jump to another topic where past myself was asking
similarly. Or you hit this '
https://groups.google.com/a/apereo.org/d/topic/cas-user/mLFbdpnaipY/discussion'
link that I now am betting 5 dollah to it will break at some point in
between the next ten years from today.

Regards

2017-05-04 20:52 GMT+02:00 kumarCAS :

> Hi Team,
>
> We are using  CAS 3.5.1 to enable single-signon between legacy
> applications and salesforce. We built this on linux server. can you please
> suggest us which CAS client we can use.
>
> Regards
> Manoj
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/
> Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/77f26003-0874-4d35-80dd-
> 12d77e5d55c1%40apereo.org
> 
> .
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKY59sdJi-8CuT-S7qZ5N94cg_cVVvHQ3DjKvUcWDi2ROA%40mail.gmail.com.

Re: [cas-user] Need CAS 3.4.10 deployed file

[Uxío Prego]

Clone the git repository at GitHub/apereo/cas, then switch rev with git as `git 
checkout 09ead33` as seen in 
https://github.com/apereo/cas/commit/09ead33abdf5124c351ce37c147bb4457307ec7f 
which as you can see is tag 'v3.4.10'.

Descend into artifact cas-server-webapp, execute (with 7>=java) `mvn package` 
so you can get a vanilla build, and start hacking it.

Don't forget sharing later your success story!

Regards,

> On 27 Apr 2017, at 18:43, kumarCAS  wrote:
> 
> Hi Team,
> 
> We are doing a POC to intigrate CAS 3.4.10 with salesforce. We need a 
> deployed file of CAS 3.4.10. Please help us if anyone is having. Really 
> appreciate it.
> 
> Thanks in Advance,
> 
> Regards,
> Kumar
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e3ab4cb3-addc-4a1e-b112-be13097e0018%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/FBFED392-35CB-4D91-A4FB-A3DD33D1C19F%40madiva.com.

Re: [cas-user] Supporting SAML 2.0 using CAS 3.4

[Uxío Prego]

Hi good UTC morning,

CAS 3 is obsolete. It is not nor its documentation longer provided by
anyone in this mailing list (Apereo CAS) though ther many documents exist
hanging from jasig.org about CAS 3 and 4 as you may have probably noticed.

IINM depending the nature of your CASified applications you might be able
to upgrade your production system to CAS 5 without impacting the existing
applications that are currently integrated.

I would encourage you to give some more details about your platform
architecture.

Uxío Prego



The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2017-04-18 3:54 GMT+02:00 Antony Sunny <antonys1...@gmail.com>:

> Hi Team,
>
> We have a requirement for integrating Saleforce in CAS 3.4.10 using SAML
> 2.0 and since 3.4 doesn't support saml 2,we would like to know tthe options
> without upgrading CAS because we dont want to impact the existing
> applications that are currently integrated.
>
> Also would like to know,from where can I download the CAS 3.4.10
> documentation.
>
> Thanks in Advance,
>
> Regards,
> Antony Sunny
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/
> Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/c4f9e822-a0b2-4a9d-8552-
> 45bbed1c9a3d%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c4f9e822-a0b2-4a9d-8552-45bbed1c9a3d%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKbYkTeOCTiu_AfC%2BsgdwaWyHH9iQ__9CX0TZW-dn0oVAQ%40mail.gmail.com.

Re: [cas-user] Re: CAS 3.5 Service Registry Exception How-To

[Uxío Prego]

I assumed your CASified application was Java-like, and meant the CASified 
application web.xml.

But this can make the example. There are some  and  
tags. CASified Java web applications work using a web.xml file alike.

If you are using your CASified application as such, it should have several CAS 
related filters, which have their filter mapping. You might be able to find a 
way to exclude the services you want to exclude, using web.xml rules and 
(hopefully not) additional Java code.

Regards,

> On 5 Apr 2017, at 19:23, Scott Green  wrote:
> 
> 
>  <> 
> -   xmlns="http://java.sun.com/xml/ns/j2ee; 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; 
> xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; version="2.4">
> Central Authentication System (CAS) 3.5.1
> -  
> contextConfigLocation
> /WEB-INF/spring-configuration/*.xml 
> /WEB-INF/deployerConfigContext.xml
> 
> -  
> CAS Client Info Logging Filter
> com.github.inspektr.common.web.ClientInfoThreadLocalFilter
> 
> -  
> CAS Client Info Logging Filter
> /*
> 
> -  
> springSecurityFilterChain
> org.springframework.web.filter.DelegatingFilterProxy
> 
> -  
> springSecurityFilterChain
> /status
> 
> -  
> springSecurityFilterChain
> /services/*
> 
> -  
> characterEncodingFilter
> org.springframework.web.filter.DelegatingFilterProxy
> 
> -  
> characterEncodingFilter
> /*
> 
>  <> 
> -  
> org.jasig.cas.web.init.SafeContextLoaderListener
> 
>  <> 
> -  
> cas
> org.jasig.cas.web.init.SafeDispatcherServlet
> -  
> publishContext
> false
> 
> 1
> 
> -  
> cas
> /login
> 
> -  
> cas
> /logout
> 
> -  
> cas
> /validate
> 
> -  
> cas
> /serviceValidate
> 
> -  
> cas
> /samlValidate
> 
> -  
> cas
> /proxy
> 
> -  
> cas
> /proxyValidate
> 
> -  
> cas
> /CentralAuthenticationService
> 
> -  
> cas
> /services/add.html
> 
> -  
> cas
> /services/viewStatistics.html
> 
> -  
> cas
> /services/logout.html
> 
> -  
> cas
> /services/loggedOut.html
> 
> -  
> cas
> /services/manage.html
> 
> -  
> cas
> /services/edit.html
> 
> -  
> cas
> /openid/*
> 
> -  
> cas
> /services/deleteRegisteredService.html
> 
> -  
> cas
> /services/updateRegisteredServiceEvaluationOrder.html
> 
> -  
> cas
> /status
> 
> -  
> cas
> /authorizationFailure.html
> 
> -  
> cas
> /403.html
> 
> -  
>  <> 
> 5
> 
> -  
> org.springframework.context.ApplicationContextException
> /WEB-INF/view/jsp/brokenContext.jsp
> 
> -  
> 500
> /WEB-INF/view/jsp/errors.jsp
> 
> -  
> 404
> /
> 
> -  
> 403
> /403.html
> 
> -  
> index.jsp
> 
> 
> 
> On Wednesday, April 5, 2017 at 9:36:21 AM UTC-7, Scott Green wrote:
> We are running CAS 3.5 (old I know... working on it). It is using SQL as a 
> Service Registry.  I have added an application in, but I need to make an 
> exception for a certain type of request for an automated system.  They have 
> clients that have used the following XML"
> 
> Example (in their case, the SERVER.XML):
> 
> …
> 
> serverName= "https://servername.assetworks.com 
> "
> 
> except="^/token|^/identity|^/cmisatom|^/cmisbrowser|^/wsdl|^/ws|/roleList"  />
> 
> 
> 
> Can anyone help me with how I would accomplish this same type of exception 
> handling in our environment?  Thank you in advance.
> 
> 
> 
> Scott
> 
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas 
> 
> - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html 
> 
> - CAS documentation website: https://apereo.github.io/cas 
> 
> - CAS project website: https://github.com/apereo/cas 
> 
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org 
> .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5ec7f96d-02da-4387-bbd5-68766131afb2%40apereo.org
>  
> .

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4E254BB0-095E-430D-8D35-BA371F0EA9B6%40madiva.com.

Re: [cas-user] CAS 3.5 Service Registry Exception How-To

[Uxío]

Can you post web.xml configuration? Having CAS validation filter and such..?

Sent from my iPhone

> On 05 Apr 2017, at 18:36, Scott Green  wrote:
> 
> We are running CAS 3.5 (old I know... working on it). It is using SQL as a 
> Service Registry.  I have added an application in, but I need to make an 
> exception for a certain type of request for an automated system.  They have 
> clients that have used the following XML"
> 
> Example (in their case, the SERVER.XML):
> 
> …
> 
> serverName= "https://servername.assetworks.com;
> 
> except="^/token|^/identity|^/cmisatom|^/cmisbrowser|^/wsdl|^/ws|/roleList"  />
> 
> 
> 
> Can anyone help me with how I would accomplish this same type of exception 
> handling in our environment?  Thank you in advance.
> 
> 
> 
> Scott
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a161d8a6-139e-403d-9447-02c85f2710aa%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/F16366E8-A84A-49FF-8AAC-130485470A46%40madiva.com.

Re: [cas-user] Infinite loop problem between Cas Server and Cas Services Management

[Uxío Prego]

Bonsoir, bienvenue á la liste.

> No one has a solution for my problem?

Probably someone has a solution for your problem. That does not
necessarily mean s/he is going to share a solution soon, even ever. Keep
working on your own while you wait for answers and feel free to answer
yourself to help others if you get the solution to your problem.

> What's my mistake?

I don't know, I am not CAS 5 enabled yet. But I have seen similar
problems in CAS 3. There, (not necessarily now too) misconfiguration or
customisation can cause a very similar redirect loop. In that case, I
could solve it, using CAS server debugging.

> Can you help me to have the right configuration please?

Sadly, not me.

Regards,

> On 8 Feb 2017, at 19:30, Ayé Rayé  wrote:
> 
> Hi all,
> 
> No one has a solution for my problème ?
> 
> 
> 
> Le mercredi 8 février 2017 15:31:58 UTC+1, Ayé Rayé a écrit :
> Hello,
> I have an infinite loop problem with my configuration on Cas Server and Cas 
> Services Management. I precise I use the latest version of Cas Server, 5.0.2 
> . And for Cas Services Management I used  Maven war overlay on master branch. 
> After authentication with casuser I enter in a loop with two urls:
> 
> https://cas.server:8443/login?service=https%3A%2F%2Fcas.mgmt%3A8443%2Fcallback%3Fclient_name%3DCasClient
> 
> and 
> 
> https://cas.mgmt:8443/callback?client_name=CasClient=ST-20-1XvJaiZgJ6zW7o2lJRyp-MW7Dkmzd
>   with a new ST ticket each time.
> 
> 
> What's my mistake? Can you help me to have the right configuration please ?
> 
> I have added as attachments the configuration of the two applications. 
> 
> - application.properties for Cas Services Management
> - bootstrap.properties for Cas Services Management
> - management.properties for Cas Services Management
> - cas-management.log for Cas Services Management
> 
> - cas.log for Cas Sever
> - cas.properties for Cas Server
> 
> 
> Thanks for your help.
> 
> Ayé Rayé
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a0706304-c591-4f71-bb7c-2ef848401ed8%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/DD85929E-D5C1-4A0E-800A-FB8BE8200AB7%40madiva.com.

Re: [cas-user] Re: CAS Proxy vs CAS Rest protocol

[Uxío]

However it should just work out of the box by only CASifying B to the same CAS 
service protecting A because that is the whole point of SSO (e.g. Apereo CAS).

Sent from my iPhone

> On 26 Jan 2017, at 07:44, Uxío <upr...@madiva.com> wrote:
> 
> Maybe you should try to think if you can route existing AJAX to B via A back 
> again to B but letting the service A resolve calls in behalf of clients of A. 
> You can authenticate calls to B from the A back end, or if B is replicable 
> you could do an additonal private deployment of B not casified but with use 
> restricted to A us using network configuration, routing or whitelisting.
> 
> Hope that helped,
> 
> Sent from my iPhone
> 
>> On 26 Jan 2017, at 06:33, C. C. Tang <hiyo...@gmail.com> wrote:
>> 
>> Hi, I have a similar use case that
>> App-A is an web page that use ajax to call App-B webservice.
>> How should I protect App-B webservice by CAS?
>> 
>> -- 
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines: 
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/56004070-75ce-4c7b-ae70-550e0c8a8e20%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/F77CF655-9019-4EC4-9C67-5C62AE275E0A%40madiva.com.

Re: [cas-user] Re: CAS Proxy vs CAS Rest protocol

[Uxío]

Maybe you should try to think if you can route existing AJAX to B via A back 
again to B but letting the service A resolve calls in behalf of clients of A. 
You can authenticate calls to B from the A back end, or if B is replicable you 
could do an additonal private deployment of B not casified but with use 
restricted to A us using network configuration, routing or whitelisting.

Hope that helped,

Sent from my iPhone

> On 26 Jan 2017, at 06:33, C. C. Tang  wrote:
> 
> Hi, I have a similar use case that
> App-A is an web page that use ajax to call App-B webservice.
> How should I protect App-B webservice by CAS?
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/56004070-75ce-4c7b-ae70-550e0c8a8e20%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6581D7E9-9267-424A-8016-450B1FEBBE9A%40madiva.com.

Re: [cas-user] Internally hosted applications under load balancer issue

[Uxío Prego]

You can try to find the way of applying sticky 
(https://en.wikipedia.org/wiki/Load_balancing_(computing)#Persistence) to your 
casified applications' load balancer, and see if that solves, but I am afraid 
you could be alone on that.

CAS itself supports being behind a load balancer since a particular version.

> On 10 Jan 2017, at 17:30, Daniel Rakaric  wrote:
> 
> Hi,
> 
> Recently our institution has been trying to implement a new load balancer. We 
> have tried this out in our pre-prod environment and test out to see how our 
> applications behave with this new implementation.
> 
> So far, not a single application that is behind the load balancer that 
> requires CAS authentication works as the connection just times out during a 
> login request. Any externally hosted applications such as our vendor 
> applications that use our CAS to authenticate works with no issues. Also, any 
> application that is internally hosted that is not behind a load balancer 
> works as well.
> 
> We were wondering if anyone has had a similar time-out issue while using a 
> load balancer, and how did you configure the load balancer to behave properly?
> 
> Just to iterate, CAS is also behind a load balancer.
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/383046f6-d8c2-4657-ab4a-b027eefbd322%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/AF20D2B9-BFEC-4985-956F-AC43045BBCAE%40madiva.com.

Re: [cas-user] Need help CAS5 + LDAP Maven overlay misses few libraries needed for LDAP unbound Id

[Uxío Prego]

Are you sure the cause is a problem with libraries? Why not LDAP
misconfiguration?

2017-01-08 15:49 GMT+01:00 sravani patla :

> Hello Team,
>
> I tried to deploy CAS with LDAP server and i ended up with few
> errors.Please just check the errors. I have attached the document and
> Please let me Know anyone can help me
>
>
> Thanks
> Sravani
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/
> Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/59cbeee6-1c29-4345-acb2-
> a6ae7654f18f%40apereo.org
> 
> .
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKbOx9LgC_piWP%3DTH_Xbkgin-DWtxXzD9wtTv1w-YH9pCw%40mail.gmail.com.

Re: [cas-user] inspektr-jdbc-audit-config.xml

[Uxío]

Is the new data base being served from the same host URL and port that served 
the original one?

In case not, have you checked JDBC connectivity to that target destination host 
from the desired source host using another JDBC tool (not Apereo CAS) like a 
CLI client (the SQL*plus like alternative Microsoft provides for connecting to 
the data base they license) or the lovely SchemaSpy tool?

Hope that helped,

Sent from my iPhone

> On 03 Jan 2017, at 17:59, carlos maddaleno cuellar 
>  wrote:
> 
> Hi i need some help im trying to configure my audit to sql server data base 
> on my orale is working fine but when i change the cas.properties to my sql 
> server the log says
> 
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'inspektrAuditEntityManagerFactory' defined in class path resource 
> [inspektr-jdbc-audit-config.xml]: Invocation of init method failed; nested 
> exception is javax.persistence.PersistenceException: [PersistenceUnit: 
> default] Unable to build Hibernate SessionFactory
> 
> Caused by: javax.persistence.PersistenceException: [PersistenceUnit: default] 
> Unable to build Hibernate SessionFactory
> 
> 
> Caused by: org.hibernate.exception.GenericJDBCException: Unable to obtain 
> JDBC Connection
> 
> the params on my cas.properties are this:
> 
> #cas.audit.max.agedays=
> #cas.audit.database.dialect=
> #cas.audit.database.batchSize=
> cas.audit.database.ddl.auto=validate
> cas.audit.database.gen.ddl=false
> cas.audit.database.show.sql=true
> cas.audit.database.driverClass=com.microsoft.sqlserver.jdbc.SQLServerDriver
> cas.audit.database.url=jdbc:sqlserver://172.18.141.81\DESA;databaseName=SEGURIDAD_BOLSA_EMPLEO
> cas.audit.database.user=sa_desarrollo
> cas.audit.database.password=EPXV5AA9BQ
> #cas.audit.database.pool.minSize=
> #cas.audit.database.pool.minSize=
> #cas.audit.database.pool.maxSize=
> #cas.audit.database.pool.maxIdleTime=
> #cas.audit.database.pool.maxWait=
> #cas.audit.database.pool.acquireIncrement=
> #cas.audit.database.pool.acquireRetryAttempts=
> #cas.audit.database.pool.acquireRetryDelay=
> #cas.audit.database.pool.idleConnectionTestPeriod=
> #cas.audit.database.pool.connectionHealthQuery=
> 
> 
> cas.audit.database.dialect=org.hibernate.dialect.SQLServerDialect
> 
> 
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANEG9%2BcvcYkq1hay-2mZcpia1y%2BOaYBuOLKLMVNWEfvE9knYbw%40mail.gmail.com.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8FB8614F-05FC-43D8-A56B-EFC868671998%40madiva.com.

Re: [cas-user] mod_auth_cas 1.1

[Uxío Prego]

I’m sorry am noob and not yet used to think abstracted of our CAS deployments 
that use database ticket registries.

I do not know which part of the README says “this”.

"AH01998 connection closed to child i with abortive shutdown” reads like a 
pretty standard message, searching it jumps to 
http://stackoverflow.com/questions/683149/apache-ssl-error-336027900 and from 
there to https://wiki.apache.org/httpd/InternalDummyConnection, which makes a 
hint on the web server configuration, have you tried that?

Sideways, yours is a pretty old *unsupported* CAS server dated from March 2014 
not receiving security updates anymore, so you if you have not yet, you should 
consider urging your product owner, scrum master and the backing development 
team to migrate your customers’ installations to CAS 4 or 5.

Hope that helped. Regards,

> On 10 Dec 2016, at 19:10, Chris Cheltenham <cchelten...@swaintechs.com> wrote:
> 
> Uxio,
>  
> Just for some more details.
>  
> The httpd log says this:
> [Sat Dec 10 13:08:40.488691 2016] [ssl:debug] [pid 16011] 
> ssl_engine_io.c(1201): (70014)End of file found: [client 10.153.2.8:30517] 
> AH02007: SSL handshake interrupted by system [Hint: Stop button pressed in 
> browser?!]
> [Sat Dec 10 13:08:40.488703 2016] [ssl:info] [pid 16011] [client 
> 10.153.2.8:30517] AH01998: Connection closed to child 3 with abortive 
> shutdown (server test.dcis.hhs.gov:443 <http://test.dcis.hhs.gov:443/>)
>  
> The mod_auth_cas 1.1  READ ME says this which worries me.
>  
> 
> KNOWN LIMITATIONS
> 
> These limitations are known to exists in this release of the software:
>  
> * CAS Proxy Validation is not implemented in this version.
>  
> From: Uxío Prego [mailto:upr...@madiva.com] 
> Sent: Saturday, December 10, 2016 1:02 PM
> To: CAS Community
> Cc: David Lawson; Pathe Sow; Chris Cheltenham
> Subject: Re: [cas-user] mod_auth_cas 1.1
>  
> Have you discarded a misconfigured database problem?
>  
> Have you tried to `tailf` both the catalina.out log, the CAS runtime log/s, 
> and the web server's error and SSL error logs when reproducing this to try to 
> find more facts?
>  
> There is also the possibility to turn on hibernate SQL logging and increasing 
> the verbosity of the CAS runtime logs if at first sight you see nothing 
> interesting. If you can not repackage the web application archive, this 
> should be feasible with package manipulation techniques too.
>  
> Regards,
> 
> Uxío Prego
> 
> Madiva Soluciones
> Cl / Serrano Galvache 56 E Abedul 4
> 28033 Madrid
> 
> 917 56 84 94
> www.madiva.com <http://www.madiva.com/>
> 
> The activity of email inboxes can be systematically tracked by colleagues, 
> business partners and third parties. Turn off automatic loading of images to 
> hamper it.
>  
> 2016-12-10 17:41 GMT+01:00 Chris Cheltenham <cchelten...@swaintechs.com 
> <mailto:cchelten...@swaintechs.com>>:
> Hello everyone,
>  
> We are using RHEL 7.3 with apache 2.4.6 and CAS 3.5.2.1 and mod_auth_cas 1.1
>  
> We are getting this error once we log into CAS.
>  
> Unauthorized
>  
> This server could not verify that you are authorized to access the document 
> requested. Either you supplied the wrong credentials (e.g., bad password), or 
> your browser doesn't understand how to supply the credentials required.
>  
> The URL has the ticket I there when we proxy to the CAS server.
>  
>  
> https://test.dcis.hhs.gov/main.php?ticket=ST-42-aEak6uBsvai99PLq06Ad-test-ba.dcis.hhs.gov
>  
> <https://test.dcis.hhs.gov/main.php?ticket=ST-42-aEak6uBsvai99PLq06Ad-test-ba.dcis.hhs.gov>
>  
> On other RHEL5 apache servers that work we see this in the URL
>  
> https://dcis.hhs.gov/cas/login?service=https%3a%2f%2fdcis.hhs.gov%2fmain.php 
> <https://dcis.hhs.gov/cas/login?service=https%3a%2f%2fdcis.hhs.gov%2fmain.php>
>  
>  
> The install seems to go well.
> See below
>  
> See any operating system documentation about shared libraries for
> more information, such as the ld(1) and ld.so(8) manual pages.
> --
> chmod 755 /usr/lib64/httpd/modules/mod_auth_cas.so
> make[1]: Leaving directory `/tmp/mod_auth_cas-master/src'
> Making install in tests
> make[1]: Entering directory `/tmp/mod_auth_cas-master/tests'
> make[2]: Entering directory `/tmp/mod_auth_cas-master/tests'
> make[2]: Nothing to be done for `install-exec-am'.
> make[2]: Nothing to be done for `install-data-am'.
> make[2]: Leaving directory `/tmp/mod_auth_cas-master/tests'
> make[1]: Leav

Re: [cas-user] CAS 4.1 - Routing logs to SysLog - is it possible

[Uxío]

Tweak the '4.2.x' in the link for '4.1.x' then compare the section in both 
articles. Given it is documented, is probably working.

Sent from my iPhone

> On 08 Dec 2016, at 09:46, Petr Gašparík - AMI Praha a.s. 
>  wrote:
> 
> Martin,
> is that applicable also to CAS 4.1? Do you have an experience with that?
> 
> thanks, Petr
> 
> --
> 
> s pozdravem
> 
> Petr Gašparík
> solution architect
> 
> gsm: [+420] 603 523 860
> e-mail: petr.gaspa...@ami.cz
> 
>   
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239
> web: www.ami.cz
> 
>   
> 
> 
> 
> 
> 
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně 
> písemnou formu.
> 
> 
> 2016-12-07 17:15 GMT+01:00 Lukas Paulus :
>> Thank you.
>> 
>> 2016-12-07 2:49 GMT+01:00 Martin Bohun :
>>> https://apereo.github.io/cas/4.2.x/installation/Monitoring-Statistics.html#routing-logs-to-syslog
>>> 
>>> 
>>>  Martin Bohun
>>> 
 On Tue, Dec 6, 2016 at 11:43 PM, Lukas Paulus  
 wrote:
 Hi,
 
 I searched in wiki and I have a question, is CAS 5.0 feature "Routing log 
 to SysLog" also available in CAS 4.1.
 If yes, how can I configure it?
 
 Thanks
 
 -- 
 - CAS gitter chatroom: https://gitter.im/apereo/cas
 - CAS mailing list guidelines: 
 https://apereo.github.io/cas/Mailing-Lists.html
 - CAS documentation website: https://apereo.github.io/cas
 - CAS project website: https://github.com/apereo/cas
 --- 
 You received this message because you are subscribed to the Google Groups 
 "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to cas-user+unsubscr...@apereo.org.
 To view this discussion on the web visit 
 https://groups.google.com/a/apereo.org/d/msgid/cas-user/32432172-9896-4fc2-b362-1021459b8d45%40apereo.org.
>>> 
>>> -- 
>>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>>> - CAS mailing list guidelines: 
>>> https://apereo.github.io/cas/Mailing-Lists.html
>>> - CAS documentation website: https://apereo.github.io/cas
>>> - CAS project website: https://github.com/apereo/cas
>>> --- 
>>> You received this message because you are subscribed to the Google Groups 
>>> "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGVz94gFg%3DhgYrWNq2icEfXXv7UxKe66u1hiASMA58nyi1xicg%40mail.gmail.com.
>> 
>> -- 
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines: 
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAA4D82tczXeYtGm0ZXd3QQyzYb0aWD4S472%2BWFvtb2e5zXJcuA%40mail.gmail.com.
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABAspd1LxDAJb3bGAtjmQJY1a4_XHH66UNqgkkbp3a%2BwRmXUog%40mail.gmail.com.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/072389E2-CD41-44CA-8088-21AD99670787%40madiva.com.

Re: [cas-user] Cas 5.x Target Application Selection

[Uxío Prego]

We do that too, since quite a time (so not 5 though) and are mostly happy C: 
with the results so far.

Regards,

> On 7 Dec 2016, at 17:59, Andrew Morgan  wrote:
> 
> On Wed, 7 Dec 2016, Gokhan Mansuroglu wrote:
> 
>> Hi,
>> 
>> I have the following scenario :
>> 
>> 1. In the login page, user enters her username.
>> 2. The list of granted applications are filled from a service in the login
>> page.
>> 3. User select the application (s)he wants to login.
>> 4. Enters her password and redirected to that application.
>> 
>> Does Cas cover such a scenario ? If not, how it should be configured in
>> order not to make deployment and future upgrades more complicated ?
> 
> Create a separate web page that requires CAS authentication to view (some 
> would call it a portal page).  When the user visits that page, they will be 
> redirected to CAS for authentication.  When they return, your page can lookup 
> the list of services they should see using the provided username (query a 
> database, perhaps).  Each of those other services should also be protected by 
> CAS authentication.
> 
>   Andy

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CE64121A-E2E3-4F78-A098-FA96A479E693%40madiva.com.

Re: [cas-user] configuration in Ldap, xml or database

[Uxío]

I guess local storage is the fastest, so generally you use the other when 
needing to match some requirement, mostly easy integration with other 
systems..? f.i. we have kind of a procedure for ticket creation prevention 
hardwired in a CAS support module, and erasure capabilities in an external 
service "somehow" connected to the tickets registry.

I guess if nothing prevents your sleep yet, local storage is your bet.

Sent from my iPhone

> On 05 Dec 2016, at 13:18, Jiří  wrote:
> 
> Hi all,
> I am new in CAS , i have a special task to explain to my boss what is best 
> way how save configuration datas.
> We want have 2 tomcat servers with reflexion.
> 
> Could somebody explain difference between local storage, LDAP or DB. Thx a 
> lot  
> 
> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/4722eef1-39c0-4c7a-9f72-845c9bbeb871%40apereo.org.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/B960CBF9-5D89-404E-9550-6D4D99B30FAC%40madiva.com.

[cas-user] Problems completing our own roadmap

[Uxío Prego]

Hi, it seems we successfully finished upgrading CAS 3.4 to 3.6 last week.

We are now documenting ourselves in order to keep upgrading our CAS service.

I think I got so far this from the wiki and the user group:

* CAS 5: The main revolutionary change is adding Spring Boot.

* CAS 4.2: The main revolutionary change is the CAS overlay becoming the
single deployment strategy.

I have not found yet similar summaries for 4.0 and '4.1'. Am deeply sorry
of oversimplifying all this but, can you drop me two quick lines to help us
guessing the proper next step?

Anyway we are almost sure we will step in 4.1 because we link an in house
support module from the webapp and the integration restlet and I am not
sure how to drop this, so the question really might be "Is anybody really
sure we should step to 4.0 before 4.1 instead of try upgrading directly to
4.1?"

Thanks, regards,

Uxío Prego

Madiva Soluciones
Cl / Serrano Galvache 56 E Abedul 4
28033 Madrid

917 56 84 94
www.madiva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKY36mKcJv4-gOwzOxWadMaDetmTXd%3Dg2ijaxf-fJ%2BObdQ%40mail.gmail.com.

Re: [cas-user] CAS 3.4.3 - Delete session ticket

[Uxío Prego]

Helo, this is a topic of interest for us since we plan on upgrading from
Oracle 11 to something else.

If you have not solved yet the issue can you please activate the SQL
tracing and try again?

It is something like 'database.hibernate.show.sql=true' in 'cas.properties'.

If you solved the issue please reply how you did, me at least.

Regards y le dejo mis dies.

Uxío Prego

Madiva Soluciones
Cl / Serrano Galvache 56 E Abedul 4
28033 Madrid

917 56 84 94
www.madiva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2016-11-02 16:11 GMT+01:00 CR0SS <cr0ss4...@gmail.com>:

> Hello,
>
>
>
> We have CAS 3.4.3 installed distributed in 4 different machines using the
> same data base. The data base has been upgraded from Oracle11 to Oracle 12c
> and since then, we are getting errors related to the deletion of the
> session TICKET. The driver version we’re using is 10.1.0.2.0.
>
>
>
> Exception trace:
>
>
>
> 2016-10-31 13:36:15,039 INFO  [STDOUT] 2016-10-31 13:36:15,039 ERROR
> [org.hibernate.util.JDBCExceptionReporter] -  insuficientes
>
> >
>
> 2016-10-31 13:36:15,085 INFO  [STDOUT] 2016-10-31 13:36:15,039 ERROR
> [org.hibernate.event.def.AbstractFlushingEventListener] -  synchronize database state with session>
>
> org.hibernate.exception.SQLGrammarException: Could not execute JDBC batch
> update
>
>at org.hibernate.exception.SQLStateConverter.convert(
> SQLStateConverter.java:92)
>
>at org.hibernate.exception.JDBCExceptionHelper.convert(
> JDBCExceptionHelper.java:66)
>
>at org.hibernate.jdbc.AbstractBatcher.executeBatch(
> AbstractBatcher.java:275)
>
>at org.hibernate.engine.ActionQueue.executeActions(
> ActionQueue.java:263)
>
>at org.hibernate.engine.ActionQueue.executeActions(
> ActionQueue.java:184)
>
>at org.hibernate.event.def.AbstractFlushingEventListener.
> performExecutions(AbstractFlushingEventListener.java:321)
>
>at org.hibernate.event.def.DefaultFlushEventListener.onFlush(
> DefaultFlushEventListener.java:51)
>
>at org.hibernate.impl.SessionImpl.flush(SessionImpl.java:1206)
>
>at org.hibernate.impl.SessionImpl.managedFlush(
> SessionImpl.java:375)
>
>at org.hibernate.transaction.JDBCTransaction.commit(
> JDBCTransaction.java:137)
>
>at org.hibernate.ejb.TransactionImpl.commit(
> TransactionImpl.java:76)
>
>at org.springframework.orm.jpa.JpaTransactionManager.doCommit(
> JpaTransactionManager.java:467)
>
>at org.springframework.transaction.support.
> AbstractPlatformTransactionManager.processCommit(
> AbstractPlatformTransactionManager.java:754)
>
>at org.springframework.transaction.support.
> AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionMan
> ager.java:723)
>
>at org.springframework.transaction.interceptor.
> TransactionAspectSupport.commitTransactionAfterReturnin
> g(TransactionAspectSupport.java:393)
>
>at org.springframework.transaction.interceptor.
> TransactionInterceptor.invoke(TransactionInterceptor.java:120)
>
>at org.springframework.aop.framework.ReflectiveMethodInvocation.
> proceed(ReflectiveMethodInvocation.java:172)
>
>at org.springframework.aop.framework.JdkDynamicAopProxy.
> invoke(JdkDynamicAopProxy.java:202)
>
>at $Proxy78.deleteTicket(Unknown Source)
>
>at org.jasig.cas.CentralAuthenticationServiceIm
> pl.validateServiceTicket(CentralAuthenticationServiceImpl.java:454)
>
>at sun.reflect.GeneratedMethodAccessor461.invoke(Unknown Source)
>
>at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:25)
>
>at java.lang.reflect.Method.invoke(Method.java:585)
>
>at org.springframework.aop.support.AopUtils.
> invokeJoinpointUsingReflection(AopUtils.java:309)
>
>at org.springframework.aop.framework.ReflectiveMethodInvocation.
> invokeJoinpoint(ReflectiveMethodInvocation.java:183)
>
>at org.springframework.aop.framework.ReflectiveMethodInvocation.
> proceed(ReflectiveMethodInvocation.java:150)
>
>at org.springframework.aop.aspectj.MethodInvocationProceedingJoin
> Point.proceed(MethodInvocationProceedingJoinPoint.java:80)
>
>at org.perf4j.aop.AbstractTimingAspect.doPerfLogging(
> AbstractTimingAspect.java:71)
>
>at sun.reflect.GeneratedMethodAccessor101.invoke(Unknown Source)
>
>at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:25)
>
>at java.lang.reflect.Method.invoke(Method.java:585)

[cas-user] Server and client version mapping

[Uxío Prego]

Hi, am in the process of upgrading CAS 3.4.10, mainly using the Java client 
3.2.1, into 5.0.0.RC3, falling back to 4.2.6 in case PITA arises.

IINM am seeing 3.4.1 as the last version of the Java client. This means is 
compatible with all CAS 3 to 5 versions right?

Thanks, regards,

-- 
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d205e5e5-d216-45e1-9133-335188a2c93e%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.