Re: [cas-user] Application Not Authorized to Use CAS, After authentication.

[mohamed gamal]

Maybe this is what is causing your config not to work with us, we are using
version 6.1.0-RC4.

On Sun, Nov 17, 2019 at 2:33 PM Abdelrahman Halawa 
wrote:

> CAS v5.3.x
>
>
>
>
> On Sun, 17 Nov 2019 at 09:44, mohamed gamal 
> wrote:
>
>> Mr Abdelrahman, thanks for your support.
>> which version are you using ?
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d2798992-7c7e-469d-9283-6a2ba279aef1%40apereo.org
>> 
>> .
>>
>
>
> --
> Best regards,
> 
>
> ​
>
> *Abdelrahman Halawa*
> Teacher Assistant, Computer and Systems Department, Al-Azhar University
> +2 01008131693 <+2+01008131693> | abdelrahmanhal...@gmail.com | Skype:
> abdelrahmanhalawa  | Maadi, Cairo,
> Egypt
> 
> 
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "CAS Community" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/a/apereo.org/d/topic/cas-user/PysooL5aXXs/unsubscribe
> .
> To unsubscribe from this group and all its topics, send an email to
> cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHr-WtbVeSNdQa8i52iVKoUYeSGbfXS9xR%2BGsFDGcePtzrEMWw%40mail.gmail.com
> 
> .
>


-- 
Mohamed Ahmed Moursi
Computer Engineer.
Al-kharj, Saudi Arabia.
Mobile SA: +966555192325
Skype: live:b155f044caf1b8b6

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABB5vGfNvxi1anm%3DjxGYG_-iO1exgBdUg_PUzKuqxTqcjOVRpg%40mail.gmail.com.

Re: [cas-user] Application Not Authorized to Use CAS, After authentication.

[Abdelrahman Halawa]

CAS v5.3.x




On Sun, 17 Nov 2019 at 09:44, mohamed gamal 
wrote:

> Mr Abdelrahman, thanks for your support.
> which version are you using ?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d2798992-7c7e-469d-9283-6a2ba279aef1%40apereo.org
> 
> .
>


-- 
Best regards,


​

*Abdelrahman Halawa*
Teacher Assistant, Computer and Systems Department, Al-Azhar University
+2 01008131693 <+2+01008131693> | abdelrahmanhal...@gmail.com | Skype:
abdelrahmanhalawa  | Maadi, Cairo, Egypt



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHr-WtbVeSNdQa8i52iVKoUYeSGbfXS9xR%2BGsFDGcePtzrEMWw%40mail.gmail.com.

Re: [cas-user] Application Not Authorized to Use CAS, After authentication.

[mohamed gamal]

Mr Abdelrahman, thanks for your support.
which version are you using ?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d2798992-7c7e-469d-9283-6a2ba279aef1%40apereo.org.

Re: [cas-user] Application Not Authorized to Use CAS, After authentication.

[Abdelrahman Halawa]

Hi Mohammed,

below is my JSON file, you are free to use it and try. but you must
configure the SharePoint to use UPN and mail claims as the JSON shows.
Hint: It is a must to use the *realmcas *certificate as the signing
certificate for SharePoint config.

{
  "@class" : "org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
  "serviceId" : "https://.xxx.xxx.*;,
  "realm" : "urn:org:apereo:cas:ws:idp:realm-CAS",
  "name" : "Simple WS fed test application",
  "id" : "101",
  "description" : "SharePoint",
  "evaluationOrder" : 1,
  "tokenType" : "
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1;,
  "attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.ws.idp.services.WSFederationClaimsReleasePolicy",
"allowedAttributes" : {
  "@class" : "java.util.TreeMap",
 "USER_PRINCIPAL_NAME_2005" : "upn",
 "EMAIL_ADDRESS_2005" : "mail"
   }
  }
}




On Wed, 13 Nov 2019 at 16:09, mohamed gamal 
wrote:

> Unfortunatly Mr Abdelrahman,
>>
>> we are still facing the same error
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/82015f25-f74b-46d6-8504-8c85c1f28a2e%40apereo.org
> 
> .
>


-- 
Best regards,


​

*Abdelrahman Halawa*
Teacher Assistant, Computer and Systems Department, Al-Azhar University
+2 01008131693 <+2+01008131693> | abdelrahmanhal...@gmail.com | Skype:
abdelrahmanhalawa  | Maadi, Cairo, Egypt



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHr-WtYcRMjViow_DSnge9CdL9zBr6WGgVxx0%2B71FUT8uuzGBg%40mail.gmail.com.

Re: [cas-user] Application Not Authorized to Use CAS, After authentication.

[mohamed gamal]

Unfortunatly Mr Abdelrahman, 
>
> we are still facing the same error 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/82015f25-f74b-46d6-8504-8c85c1f28a2e%40apereo.org.

Re: [cas-user] Application Not Authorized to Use CAS, After authentication.

[Abdelrahman Halawa]

Hi Mohammed,

Everything looks good except you need to set the token type in JSON file to
be SAMLV1.1.
SharePoint supports SAMLV1.1 only and the default in CAS is SAMLv2.
Change your JSON file as below and try again

..
"evaluationOrder" : 2,
"tokenType" : "
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1;,
..
.








On Tue, 12 Nov 2019 at 13:25, mohamed gamal 
wrote:

> Dear Abdelrahman,
> Below you can find the configuration  and ther service json.
> Thanks for your support
>
>
> cas.authn.wsfedIdp.idp.realm=urn:org:apereo:cas:ws:idp:realm-CAS
> cas.authn.wsfedIdp.idp.realmName=CAS
> cas.authn.wsfedIdp.sts.subjectNameIdFormat=unspecified
> cas.authn.wsfedIdp.sts.encryptTokens=false
> cas.authn.wsfedIdp.sts.signingKeystoreFile=file
> :/etc/cas/config/signing.jks
> cas.authn.wsfedIdp.sts.signingKeystorePassword=changeit
> cas.authn.wsfedIdp.sts.encryptionKeystoreFile=file
> :/etc/cas/config/encryption.jks
> cas.authn.wsfedIdp.sts.encryptionKeystorePassword=changeit
> cas.authn.wsfedIdp.sts.realm.keystoreFile=file
> :/etc/cas/config/realmcas.jks
> cas.authn.wsfedIdp.sts.realm.keystorePassword=changeit
> cas.authn.wsfedIdp.sts.realm.keystoreAlias=realmcas
> cas.authn.wsfedIdp.sts.realm.keyPassword=changeit
> cas.authn.wsfedIdp.sts.realm.issuer=CAS
> cas.authn.wsfedIdp.sts.crypto.signing.key=xx
> cas.authn.wsfedIdp.sts.crypto.signing.keySize=xxx
> cas.authn.wsfedIdp.sts.crypto.encryption.key=xx
> cas.authn.wsfedIdp.sts.crypto.encryption.keySize=xxx
> cas.authn.wsfedIdp.sts.crypto.enabled=true
>
>
> {
> "@class" : "org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
> "serviceId" : "https://devsp.xxx.xxx.xxx/.*;,
> "realm" : "urn:org:apereo:cas:ws:idp:realm-CAS",
> "name" : "Simple WS fed test application",
> "id" : 101,
> "evaluationOrder" : 2,
> "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> },
> "accessStrategy" : {
> "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
> "enabled" : true,
> "ssoEnabled":true,
> "caseInsensitive":true
> }
> }
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/4795c1da-9100-4bdd-a3c3-d22be3a5c0ca%40apereo.org
> 
> .
>


-- 
Best regards,


​

*Abdelrahman Halawa*
Teacher Assistant, Computer and Systems Department, Al-Azhar University
+2 01008131693 <+2+01008131693> | abdelrahmanhal...@gmail.com | Skype:
abdelrahmanhalawa  | Maadi, Cairo, Egypt



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHr-WtYUNPBcs6yuxnB6GaaokWGBf_0BMRy88GFkZMdiA9gndw%40mail.gmail.com.

Re: [cas-user] Application Not Authorized to Use CAS, After authentication.

[mohamed gamal]

Dear Abdelrahman,
Below you can find the configuration  and ther service json.
Thanks for your support


cas.authn.wsfedIdp.idp.realm=urn:org:apereo:cas:ws:idp:realm-CAS
cas.authn.wsfedIdp.idp.realmName=CAS
cas.authn.wsfedIdp.sts.subjectNameIdFormat=unspecified
cas.authn.wsfedIdp.sts.encryptTokens=false
cas.authn.wsfedIdp.sts.signingKeystoreFile=file:/etc/cas/config/signing.jks
cas.authn.wsfedIdp.sts.signingKeystorePassword=changeit
cas.authn.wsfedIdp.sts.encryptionKeystoreFile=file
:/etc/cas/config/encryption.jks
cas.authn.wsfedIdp.sts.encryptionKeystorePassword=changeit
cas.authn.wsfedIdp.sts.realm.keystoreFile=file:/etc/cas/config/realmcas.jks
cas.authn.wsfedIdp.sts.realm.keystorePassword=changeit
cas.authn.wsfedIdp.sts.realm.keystoreAlias=realmcas
cas.authn.wsfedIdp.sts.realm.keyPassword=changeit
cas.authn.wsfedIdp.sts.realm.issuer=CAS
cas.authn.wsfedIdp.sts.crypto.signing.key=xx
cas.authn.wsfedIdp.sts.crypto.signing.keySize=xxx
cas.authn.wsfedIdp.sts.crypto.encryption.key=xx
cas.authn.wsfedIdp.sts.crypto.encryption.keySize=xxx
cas.authn.wsfedIdp.sts.crypto.enabled=true


{
"@class" : "org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
"serviceId" : "https://devsp.xxx.xxx.xxx/.*;,
"realm" : "urn:org:apereo:cas:ws:idp:realm-CAS",
"name" : "Simple WS fed test application",
"id" : 101,
"evaluationOrder" : 2,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
"accessStrategy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled":true,
"caseInsensitive":true
}
}

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4795c1da-9100-4bdd-a3c3-d22be3a5c0ca%40apereo.org.

Re: [cas-user] Application Not Authorized to Use CAS, After authentication.

[mohamed gamal]

Dear Abdelrahman,
Below you can find the configuration  and ther service json.
Thanks for your support

cas.authn.wsfedIdp.idp.realm=urn:org:apereo:cas:ws:idp:realm-CAS
cas.authn.wsfedIdp.idp.realmName=CAS
cas.authn.wsfedIdp.sts.subjectNameIdFormat=unspecified
cas.authn.wsfedIdp.sts.encryptTokens=false
cas.authn.wsfedIdp.sts.signingKeystoreFile=file:/etc/cas/config/signing.jks
cas.authn.wsfedIdp.sts.signingKeystorePassword=changeit
cas.authn.wsfedIdp.sts.encryptionKeystoreFile=file
:/etc/cas/config/encryption.jks
cas.authn.wsfedIdp.sts.encryptionKeystorePassword=changeit
cas.authn.wsfedIdp.sts.realm.keystoreFile=file:/etc/cas/config/realmcas.jks
cas.authn.wsfedIdp.sts.realm.keystorePassword=changeit
cas.authn.wsfedIdp.sts.realm.keystoreAlias=realmcas
cas.authn.wsfedIdp.sts.realm.keyPassword=changeit
cas.authn.wsfedIdp.sts.realm.issuer=CAS
cas.authn.wsfedIdp.sts.crypto.signing.key=xx
cas.authn.wsfedIdp.sts.crypto.signing.keySize=xxx
cas.authn.wsfedIdp.sts.crypto.encryption.key=xx
cas.authn.wsfedIdp.sts.crypto.encryption.keySize=xxx
cas.authn.wsfedIdp.sts.crypto.enabled=true


{
"@class" : "org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
"serviceId" : "https://devsp.xxx.xxx.xxx/.*;,
"realm" : "urn:org:apereo:cas:ws:idp:realm-CAS",
"name" : "Simple WS fed test application",
"id" : 101,
"evaluationOrder" : 2,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
"accessStrategy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled":true,
"caseInsensitive":true
}
}

On Tuesday, November 12, 2019 at 11:40:40 AM UTC+3, Abdelrahman Halawa 
wrote:
>
> Hi Mohammed,
>
> Could you share your WS-Fed configuration with the CAS and JSON file of 
> the service as well may I help you.
>
>
>
>
> On Tue, Nov 12, 2019 at 7:39 AM mohamed gamal  > wrote:
>
>> Hello Steve,
>> Thanks for your support. 
>> but now I am getting this error 
>>  DEBUG [org.apereo.cas.support.realm.UriRealmParser] - > [CAS]>  
>> │
>> │2019-11-11 13:22:51,868 WARN 
>> [org.apache.cxf.sts.token.provider.SAMLTokenProvider] - <>  
>> 
>> │
>> │java.lang.ClassCastException: class java.lang.String cannot be cast to 
>> class java.net.URI (java.lang.String and java.net.URI are in module 
>> java.base of loader 'bootstrap')  │
>> │   at 
>> org.apereo.cas.support.claims.CustomNamespaceWSFederationClaimsClaimsHandler$CustomNamespaceWSFederationClaimsList.contains(CustomNamespaceWSFederationClaimsClaimsHandler.java:58)
>>  
>> ~[cas-server-suppor│
>> │   at 
>> org.apache.cxf.sts.claims.ClaimsManager.filterHandlerClaims(ClaimsManager.java:286)
>>  
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
>>│
>> │   at 
>> org.apache.cxf.sts.claims.ClaimsManager.handleClaims(ClaimsManager.java:191) 
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
>>   │
>> │   at 
>> org.apache.cxf.sts.claims.ClaimsManager.retrieveClaimValues(ClaimsManager.java:149)
>>  
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
>>│
>> │   at 
>> org.apache.cxf.sts.claims.ClaimsManager.retrieveClaimValues(ClaimsManager.java:110)
>>  
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
>>│
>> │   at 
>> org.apache.cxf.sts.claims.ClaimsUtils.processClaims(ClaimsUtils.java:57) 
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
>>   │
>> │   at 
>> org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider.getStatement(ClaimsAttributeStatementProvider.java:38)
>>  
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
>>  │
>> │   at 
>> org.apache.cxf.sts.token.provider.SAMLTokenProvider.createCallbackHandler(SAMLTokenProvider.java:336)
>>  
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
>>  │
>> │   at 
>> org.apache.cxf.sts.token.provider.SAMLTokenProvider.createSamlToken(SAMLTokenProvider.java:307)
>>  
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
>>│
>> │   at 
>> org.apache.cxf.sts.token.provider.SAMLTokenProvider.createToken(SAMLTokenProvider.java:121)
>>  
>> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
>>│
>> │   at 
>> 

Re: [cas-user] Application Not Authorized to Use CAS, After authentication.

[Abdelrahman Halawa]

Hi Mohammed,

Could you share your WS-Fed configuration with the CAS and JSON file of the
service as well may I help you.




On Tue, Nov 12, 2019 at 7:39 AM mohamed gamal 
wrote:

> Hello Steve,
> Thanks for your support.
> but now I am getting this error
>  DEBUG [org.apereo.cas.support.realm.UriRealmParser] -  [CAS]>
> │
> │2019-11-11 13:22:51,868 WARN
> [org.apache.cxf.sts.token.provider.SAMLTokenProvider] - <>
>
> │
> │java.lang.ClassCastException: class java.lang.String cannot be cast to
> class java.net.URI (java.lang.String and java.net.URI are in module
> java.base of loader 'bootstrap')  │
> │   at
> org.apereo.cas.support.claims.CustomNamespaceWSFederationClaimsClaimsHandler$CustomNamespaceWSFederationClaimsList.contains(CustomNamespaceWSFederationClaimsClaimsHandler.java:58)
> ~[cas-server-suppor│
> │   at
> org.apache.cxf.sts.claims.ClaimsManager.filterHandlerClaims(ClaimsManager.java:286)
> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>│
> │   at
> org.apache.cxf.sts.claims.ClaimsManager.handleClaims(ClaimsManager.java:191)
> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>   │
> │   at
> org.apache.cxf.sts.claims.ClaimsManager.retrieveClaimValues(ClaimsManager.java:149)
> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>│
> │   at
> org.apache.cxf.sts.claims.ClaimsManager.retrieveClaimValues(ClaimsManager.java:110)
> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>│
> │   at
> org.apache.cxf.sts.claims.ClaimsUtils.processClaims(ClaimsUtils.java:57)
> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>   │
> │   at
> org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider.getStatement(ClaimsAttributeStatementProvider.java:38)
> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>  │
> │   at
> org.apache.cxf.sts.token.provider.SAMLTokenProvider.createCallbackHandler(SAMLTokenProvider.java:336)
> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>  │
> │   at
> org.apache.cxf.sts.token.provider.SAMLTokenProvider.createSamlToken(SAMLTokenProvider.java:307)
> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>│
> │   at
> org.apache.cxf.sts.token.provider.SAMLTokenProvider.createToken(SAMLTokenProvider.java:121)
> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>│
> │   at
> org.apache.cxf.sts.operation.TokenIssueOperation.issueSingle(TokenIssueOperation.java:172)
> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
> │
> │   at
> org.apache.cxf.sts.operation.TokenIssueOperation.issue(TokenIssueOperation.java:85)
> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>│
> │   at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) ~[?:?]
>   │
> │   at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:?]
> │
> │   at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:?]
> │
> │   at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
>
> │
> │   at
> org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider.invoke(SecurityTokenServiceProvider.java:244)
> ~[cxf-rt-ws-security-3.3.2.jar!/:3.3.2]
>
>
> and this
>
>   at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:836)
> ~[tomcat-coyote-9.0.20.jar!/:9.0.20]
>│
> │   at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1839)
> ~[tomcat-coyote-9.0.20.jar!/:9.0.20]
>│
> │   at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> ~[tomcat-coyote-9.0.20.jar!/:9.0.20]
>│
> │   at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> ~[?:?]
>│
> │   at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> ~[?:?]
>│
> │   at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> ~[tomcat-embed-core-9.0.20.jar!/:9.0.20]
> │
> │   at java.lang.Thread.run(Thread.java:834) [?:?]
>
> │
> │2019-11-11 13:22:51,868 WARN
> 

Re: [cas-user] Application Not Authorized to Use CAS, After authentication.

[mohamed gamal]

Hello Steve,
Thanks for your support. 
but now I am getting this error 
 DEBUG [org.apereo.cas.support.realm.UriRealmParser] -   
│
│2019-11-11 13:22:51,868 WARN 
[org.apache.cxf.sts.token.provider.SAMLTokenProvider] - <>  

│
│java.lang.ClassCastException: class java.lang.String cannot be cast to 
class java.net.URI (java.lang.String and java.net.URI are in module 
java.base of loader 'bootstrap')  │
│   at 
org.apereo.cas.support.claims.CustomNamespaceWSFederationClaimsClaimsHandler$CustomNamespaceWSFederationClaimsList.contains(CustomNamespaceWSFederationClaimsClaimsHandler.java:58)
 
~[cas-server-suppor│
│   at 
org.apache.cxf.sts.claims.ClaimsManager.filterHandlerClaims(ClaimsManager.java:286)
 
~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
   │
│   at 
org.apache.cxf.sts.claims.ClaimsManager.handleClaims(ClaimsManager.java:191) 
~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
  │
│   at 
org.apache.cxf.sts.claims.ClaimsManager.retrieveClaimValues(ClaimsManager.java:149)
 
~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
   │
│   at 
org.apache.cxf.sts.claims.ClaimsManager.retrieveClaimValues(ClaimsManager.java:110)
 
~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
   │
│   at 
org.apache.cxf.sts.claims.ClaimsUtils.processClaims(ClaimsUtils.java:57) 
~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
  │
│   at 
org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider.getStatement(ClaimsAttributeStatementProvider.java:38)
 
~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
 │
│   at 
org.apache.cxf.sts.token.provider.SAMLTokenProvider.createCallbackHandler(SAMLTokenProvider.java:336)
 
~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
 │
│   at 
org.apache.cxf.sts.token.provider.SAMLTokenProvider.createSamlToken(SAMLTokenProvider.java:307)
 
~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
   │
│   at 
org.apache.cxf.sts.token.provider.SAMLTokenProvider.createToken(SAMLTokenProvider.java:121)
 
~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
   │
│   at 
org.apache.cxf.sts.operation.TokenIssueOperation.issueSingle(TokenIssueOperation.java:172)
 
~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
│
│   at 
org.apache.cxf.sts.operation.TokenIssueOperation.issue(TokenIssueOperation.java:85)
 
~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]  
   │
│   at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
Method) ~[?:?]  
  │
│   at 
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 
~[?:?]  
│
│   at 
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
~[?:?]  
│
│   at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]  

  │
│   at 
org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider.invoke(SecurityTokenServiceProvider.java:244)
 
~[cxf-rt-ws-security-3.3.2.jar!/:3.3.2] 


and this

  at 
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:836)
 
~[tomcat-coyote-9.0.20.jar!/:9.0.20]
   │
│   at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1839)
 
~[tomcat-coyote-9.0.20.jar!/:9.0.20]
   │
│   at 
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) 
~[tomcat-coyote-9.0.20.jar!/:9.0.20]
   │
│   at 

[cas-user] Application Not Authorized to Use CAS, After authentication.

[mohamed gamal]

Hello everyone, 
I am trying to integrate cas with  a share point application using WS-FED I 
added the service file and the application connects normally to cas. the 
app redirects the user to cas for authentication, the user is authenticated 
by cas and I can see in logs that the user is authenticated and everything 
looks fine. But after the authentication the user is shown a message 
"Application Not Authorized to Use CAS". I am using the git service 
registry could this be the problem ? any idea how to solve this ? 
kindest regards.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b7414a7-b714-400d-a1ea-16ee001b7f56%40apereo.org.

Re: [cas-user] Application Not Authorized to Use CAS

[Jann Malenkoff]

FYI --- this post is old and resolved via great assistance from David (fThe
New School).

The filters are holding back emails sent to the list.

On Mon, May 14, 2018 at 10:43 AM, Jann Malenkoff 
wrote:

> Hello:
>
> I have been tacking with the JSON enabling of 'http://localhost:8080/cas-
> management' over the weekend.
>
> Wondering if I can change approach and tackle this by entering SQL to the
> DB tables (screenshot attached).
>
> Would there be a resource with instruction on which tables to update?
> Google has not been my best friend today.
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/092d3dc9-f4f2-4b43-b928-
> 75bc4e5e61a4%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGeq_2WwU7mCJD3-uDeseE50AX8vd-KRhtCDqyRZoO8CCDsQkA%40mail.gmail.com.

[cas-user] Application Not Authorized to Use CAS

[Jann Malenkoff]

Hello:

I have been tacking with the JSON enabling of 
'http://localhost:8080/cas-management' over the weekend.

Wondering if I can change approach and tackle this by entering SQL to the 
DB tables (screenshot attached).

Would there be a resource with instruction on which tables to update? 
Google has not been my best friend today.


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/092d3dc9-f4f2-4b43-b928-75bc4e5e61a4%40apereo.org.

[cas-user] Application Not Authorized to Use CAS

[Jann Malenkoff]

Apologies if this is a double post -- my earlier one may not have gone 
through.

I have been battling via the JASON service registry over the weekend -- 
raising the white flag and planning the JPA route.

Attempting to access: 
http%3A%2F%2Flocalhost%3A8080%2Fcas-management%2Fmanage.html

"The services registry of CAS is empty and has no service definitions. 
Applications that wish to authenticate with CAS must explicitly be defined 
in the services registry."

Google is failing me today (or I am failing Google) -- is there info and 
what can be populated into the DB tables to allow above service to 
authenticate? I havent set up for attributes yet -- so these won't be 
needed for now.

The DB tables whivh have appered:

REGEXREGISTEREDSERVICE
/
REGEXREGISTEREDSERVICEPROPERTY
/
REGISTEREDSERVICE_CONTACTS
/
REGISTEREDSERVICEIMPL_PROPS

Thanks.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/aa8e706a-64d8-48e7-9e13-781bd682c789%40apereo.org.

[cas-user] Application Not Authorized to Use CAS The application you attempted to authenticate to is not authorized to use CAS.

[Ramakrishna G]

Application Not Authorized to Use CAS The application you attempted to 
authenticate to is not authorized to use CAS.

I keep getting this error. CAS-MANAGEMENT i am not able to run. Have any 
other solution to get rid of this error.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f3f90c9c-c402-4bff-99a0-874eb3fc408f%40apereo.org.