[cas-user] SAML and signing configuration

Hi, I'm getting a strange error when running the Onelogin SSO Wordpress plugin to authenticate users with a CAS with SAML support. I managed to get the plugin working with simpleSAMLphp so I think the problem is in the CAS side. The displayed error message is: CAS is unable to process this

Re: [cas-user] SAML and signing configuration

Do you hace mod_auth_cas installed El martes, 20 de febrero de 2018, Alberto Cabello Sánchez escribió: > Hi, > > I'm getting a strange error when running the Onelogin SSO Wordpress > plugin to authenticate users with a CAS with SAML support. I managed > to get the plugin

Re: [cas-user] [5.2] Dashboard - Application Not Authorized to Use CAS

Assuming "the services directory" means you're trying to use an external directory full of JSON service definitions, do you have org.apereo.cas cas-server-support-json-service-registry ${cas.version} in your pom.xml and cas.serviceRegistry.json.location:

Re: [cas-user] Re: Values are all ? for MFA-JDBC

Some progress, the SQL DBA noticed the query coming in included the date as '2018-02-20 00:00:00' So he modified the column for recordDate from timestamp to datetime and the insert then works, but then nothing else works, the selects and deletes and maintenance of that table is now broken. I

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

> > So it works under 5.3.0-RC2. >> > Cas autogenerates the encryption/signing keys (still not sure how to add them to the keystore permanently). But, at this point I would like to test my idp; usually, from what I understand, the idp needs to provide: - The Federation Service Identifier

[cas-user] ClassNotFoundException when build.sh bootrun

Hi, I want to live develop my cas-overlay casLoginView.html without restarting CAS every time I make a little change on the .html (because it is very long to restart). So I wanted to simply execute mvn clean package spring-boot:run

RE: [cas-user] [5.2] Dashboard - Application Not Authorized to Use CAS

Hello Everyone, I am getting access denied on the /cas-management It appears CAS 5 is a bit different from 4 Does anyone know why I am getting access denied to the management stuff? === Thank You; Chris Cheltenham Technology Services The School District of

Re: [cas-user] [5.2] Dashboard - Application Not Authorized to Use CAS

This should be another thread since dashboard is not the same as cas-management. Make it a service El martes, 20 de febrero de 2018, Cheltenham, Chris < ccheltenham-...@philasd.org> escribió: > Hello Everyone, > > > > I am getting access denied on the /cas-management > > It appears CAS 5 is a

Re: [cas-user] CAS Client Location (PKIX path building failed)

Where is the path specified? I don't remember running into this? On Tuesday, February 20, 2018 at 10:37:53 AM UTC-6, Manfredo Hopp wrote: > > Path to your certificate is not found > > El martes, 20 de febrero de 2018, Kevin Liu > escribió: > >> This is the error I keep

Re: [cas-user] attributeRepository.expireInMinutes, maximumCacheSize and merger is never taken into account

Thank you for your hints Manfredo, I finally managed to spot the problem: I was deploying CAS inside a Docker container which was not redeploying my modification on my application.yml file! When I modified this file inside my container, the cas.authn.attributeRepository.* attributes were

RE: [cas-user] Values in cas.properties not taking effect

Ray, This is what I have in my cas.properties now for ehcache. I couldn’t figure out where classpath actually referenced so I tried the absolute file path. cas.ticket.registry.ehcache.replicateUpdatesViaCopy=true cas.ticket.registry.ehcache.cacheManagerName=ticketRegistryCacheManager

RE: [cas-user] [5.2] Dashboard - Application Not Authorized to Use CAS

Man, I don’t know what that means. === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Man H Sent: Tuesday, February 20,

[cas-user] CAS Client Location (PKIX path building failed)

I'm running into a PKIX path building failed and in the documentation it lists this: "The problem here is that the CAS *client* does not trust the certificate presented by the CAS server; most often this occurs because of using a *self-signed certificate* on the CAS server. " I'm currently

[cas-user] Re: CAS Client Location (PKIX path building failed)

This is the error I keep getting: Error: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested

Re: [cas-user] [5.2] Dashboard - Application Not Authorized to Use CAS

I'm not familiar with cas 4 but do you have a cas.properties file? On Tuesday, February 20, 2018 at 10:16:01 AM UTC-6, Chris Cheltenham wrote: > > Hello Everyone, > > > > I am getting access denied on the /cas-management > > It appears CAS 5 is a bit different from 4 > > > > Does anyone know

RE: [cas-user] [5.2] Dashboard - Application Not Authorized to Use CAS

Yes, Cas works properly. === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Kevin Liu Sent: Tuesday, February 20, 2018

Re: [cas-user] CAS Client Location (PKIX path building failed)

Path to your certificate is not found El martes, 20 de febrero de 2018, Kevin Liu escribió: > This is the error I keep getting: > > Error: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building

Re: [cas-user] ClassNotFoundException when build.sh bootrun

You probably want this in cas.properties: spring.thymeleaf.cache: false As least, "it worked for me" while I was working on all the stuff in our templates. --Dave -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW

Re: [cas-user] CAS Client Location (PKIX path building failed)

Kevin, If you are using a self signed cert, it must be added into the java environment. Something like: install self signed certificates in java certificate store (must be done for every java upgrade) sudo keytool -import -file /etc/ssl/certs/name_of.crt -alias name_of -keystore

Re: [cas-user] Values in cas.properties not taking effect

Jeremiah, You could try putting ehcache-replicated.xml in src/main/resources. It will end up in the the classpath. If the classpath is the default search location, you can remove the property cas.ticket.registry.ehcache.configLocation or set it to 'classpath:/ehcache-replicated.xml'. If you

Re: [cas-user] Re: Values are all ? for MFA-JDBC

It is Microsoft SQL Server 12.0.4213 which I thought matched up with cas.authn.mfa.trusted.jpa.dialect=org.hibernate.dialect.SQLServer2012Dialect I've also found that if I modify cas.authn.mfa.trusted.timeUnit to anything other than "DAYS" (such as MINUTES, SECONDS, or HOURS), I get an error

Re: [cas-user] Re: Values are all ? for MFA-JDBC

Justin, Looks like there is a disconnect between the hibernate generated query and the db. What database is this? Perhaps the hibernate dialect is mismatched. Ray On Tue, 2018-02-20 at 06:56 -0800, Justin Andrews wrote: Some progress, the SQL DBA noticed the query coming in included the date

Re: [cas-user] CAS Client Location (PKIX path building failed)

I have a keystore in /opt/tomcat/keystore that tomcat uses for SSL. I have another keystore in /etc/cas/thekeystore that cas uses. There is also another keystore in /usr/java/jre/lib/security/cacerts that I've imported certs into too. They are all using the same certs as I created a cert in

Re: [cas-user] CAS Client Location (PKIX path building failed)

I did do that but I'm still getting the same error it seems. Is there anything I'd have to restart for the change to take effect? On Tuesday, February 20, 2018 at 11:39:47 AM UTC-6, rbon wrote: > > Kevin, > > If you are using a self signed cert, it must be added into the java > environment.

Re: [cas-user] CAS Client Location (PKIX path building failed)

Kevin, Are you accessing /cas/login or do you have a another application that is configured to use CAS? If a different application, is it running in the same tomcat as CAS or perhaps even on a different computer? Perhaps tomcat needs to have the certificate path in the https section of

Re: [cas-user] CAS Client Location (PKIX path building failed)

Ray, I am trying to access /cas/status/dashboard from the tomcat server that's deploying the cas.war. Kevin On Tuesday, February 20, 2018 at 2:21:12 PM UTC-6, rbon wrote: > > Kevin, > > Are you accessing /cas/login or do you have a another application that is > configured to use CAS? > If a

RE: [cas-user] Values in cas.properties not taking effect

Ray, Thanks for that suggestion. I tried cas.ticket.registry.ehcache.configLocation=classpath:/ehcache-replicated.xml With the file at src/main/resources/ehcache-replicated.xml I can see it ends up in the deployed war cas/WEB-INF/classes/ehcache-replicated.xml But it wasn’t being processed by