[cas-user] ORCID API updated to version 2.0.

Dear CAS Community, ORCID have updated the API version to 2 and as such problem is coming while authenticating with Orcid credentials. I am attaching a trace for the same. Request you to please look into the same. Error shown in the CAS trace: - http://www.orcid.org/ns/orcid;> 1.2 API

[cas-user] CAS SLO Unable to remove ticket [ST-...]

Hello! We have a problem and I hope someone can help us. I let you the error log, basically we can not perform the Single Logout. The problem we have comes when we delete the ST ticket, it shows, Unable to remove ticket [ST-...] However, it is capable of erasing the TGT ticket. I do not know

Re: [cas-user] ORCID API updated to version 2.0.

Hi, This upgrade will be available in pac4j 3.0.0(-RC2). See: https://github.com/pac4j/pac4j/commit/cfb5113300de914b6a6e5a109a87a9d1da576472 Thanks. Best regards, Jérôme On Mon, May 7, 2018 at 9:55 AM, Neha Gupta wrote: > Dear CAS Community, > > ORCID have updated the

[cas-user] CAS not redirecting to service after successful authentication.

Dear All, I am trying to integrate CAS with ASP.NET application. Everything is working fine but CAS is not able to redirect to the destination service and showing its own logged in page. Final URL is: - https://idiv-dev1:8443/cas/login?TARGET= *http%3a%2f%2flocalhost%3a60397%2f* where in

[cas-user] CAS Scalling

Hello I am running a load balancer(NGINX) which redirects the request to Mod_Auth_Cas(Apache) and its corresponding CAS Server(Tomcat). Drawback of current approach what I am using is -> One tomcat for one apache which I want to remove. Also I need to remove multiple node connection. Is

Re: [cas-user] CAS SLO Unable to remove ticket [ST-...]

Iker, It looks like the logout message was sent. Was it received and processed by the client? It could be that the ST was removed earlier or that the ticket was expired and the response from the cache was interpreted by CAS as 'Unable to remove...'. Ray On Mon, 2018-05-07 at 04:24 -0700, Iker

[cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

What do you have in your json for "@class"? Is it "org.apereo.cas.support.saml.services.SamlRegisteredService"? On Monday, May 7, 2018 at 9:19:58 AM UTC-6, John D Giotta wrote: > > I'm not too familiar with SAML 2.0 and I need to set up our existing CAS > (currently using CAS protocol). > >

Re: [cas-user] CAS Scalling

A bit confused as to why you need the IdP (CAS Server) and the SP (mod_auth_cas) on every system. You don't need mod_auth_cas to run the CAS Server. There is mod_proxy_balancer in HTTPD which can do load balancing to multiple backends. On 05/07/2018 09:13 AM, Ramakrishna G wrote: Hello I am

[cas-user] Working on Setting Up SAML 2.0 for the First Time

I'm not too familiar with SAML 2.0 and I need to set up our existing CAS (currently using CAS protocol). I've followed documentation, but unfortunately I'm unable to get the application to authorize. The error I get in logs is: CAS has found a match for service >

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

Do you have the dashboard endpoints enabled? Can you go to the "services" endpoint, which dumps the service registry, and see if there's something else in there? Alternatively, I think if you turn on debug mode logging, it will tell you what services are loaded. I'm thinking you might be getting

[cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

Hello everyone, I'm the developer who has been working on implementing the SAML authentication referenced by the OP, and the provided responses seem to align with what I've come across while researching the issue, so I wanted to try and provide a little more information in the hopes that it'll

[cas-user] Re: how to change cas.properties location

Hi Cristina, I tried to define the property in JAVA_OPTS, but still it could not pick up the cas.properties file from the location. I see the below from the catalina.out log file. May 07, 2018 11:15:14 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument:

[cas-user] Re: CAS not redirecting to service after successful authentication.

Hi Neha, Would like to know in which documentation do you know about the parameter TARGET in "https://idiv-dev1:8443/cas/login?TARGET= *http%3a%2f%2flocalhost%3a60397%2f*", I didn't see this parameter in the official documentation. Maybe it is something related to ASP.NET? Anyway, the usual

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

For the service definition, you should only have one, which is a SamlRegisteredService. You do not need (or want) a RegexRegisteredService for a SAML service. And as Matthew said, you should also set cas.authn.samlIdp.entityId: ${cas.server.prefix}/idp cas.authn.samlIdp.scope:

[cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

Yes, it is. { "@class": "org.apereo.cas.support.saml.services.SamlRegisteredService", "serviceId": "https://vendor-site.com/Pages/Auth/Login.aspx;, "name": "SAML Authentication Request", "id": 1003, "evaluationOrder": 1, "metadataLocation":

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

If I don't set this property does it affect the vendor integration I'm attempting to do? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

Just a thought, do you still have the "HTTP|IMAP" wildcard service in there? And does it have a lower evaluation order than your service-specific entry? --Dave -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212

[cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

Are there 2 service JSON files I'm supposed to create? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

Well, I used the one file per service model with them all in the /etc/cas/services directory. But I believe you can keep them all in one big JSON file if you want. David A. Curry, CISSP Director of Information Security The New School - Information Technology 71 Fifth Ave., 9th Fl. ~ New York,

[cas-user] MFA - Filter by User or Location

Has anyone experimented with, or had success with, enforcing multifactor authentication based on a user's returned attribute, or based on the location from which they are logging in? I'm experimenting with this now, and wondered whether anyone else had already crossed this bridge. We are

[cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

Have you also added the service definition for the IdP endpoint? If you haven't already, you may want to walk through the steps for adding SAML support in this guide: https://dacurry-tns.github.io/deploying-apereo-cas/building_server_saml_update-the-service-registry.html On Monday, May 7,

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

What I meant was that Matthew asked about my JSON using the @class org.apereo.cas.support.saml.services.SamlRegisteredService Then asked if I registered the IdP endpoint. From the tutorial he pointed me towards, I can't tell if I'm creating both a SamlRegisteredService and a

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

I noticed that my /cas/idp/metadata endpoint returns the following http://www.w3.org/2000/09/xmldsig#; xmlns:shibmd= "urn:mace:shibboleth:metadata:1.0" xmlns:xml= "http://www.w3.org/XML/1998/namespace; xmlns:mdui= "urn:oasis:names:tc:SAML:metadata:ui" entityID="https://cas.example.org/idp; >

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

I would expect your entityID to be https://cas.example.org/cas/idp but it depends on what you've set it to in cas.properties under cas.authn.samlIdp.entityId On Monday, May 7, 2018 at 10:39:28 AM UTC-6, John D Giotta wrote: > > I noticed that my /cas/idp/metadata endpoint returns the following

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

What does the SP expect the entityID to be? I have not experimented with anything other than setting the entityId to ${cas.server.prefix}/idp and I don't know whether the CAS server will have issues with responding to https://cas.example.org/idp since CAS itself is at