Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

Does the vendor require you to configure your IdP (CAS server) to obtain the metadata from them dynamically? Or could you: 1. Use curl to grab a copy of their metadata from https://vendor.com/metadata 2. Edit the metadata yourself and get rid of the "validUntil" attribute 3. Put the

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

We're the identify provider and the vendor is the service provider. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed

Re: [cas-user] CAS Scalling

I have a requirement where I hit a url say www.abc.com/123 which redirects to cas if not logged in, generates tickets and then redirects to specified url. User is unaware of CAS. Internally we are handling the request to forward to CAS or specified url based on ticket. This is the reason I am

[cas-user] Help using {cipher} encrypted parameters in a standalone CAS 5.2.3 configuration

Hi there, I run CAS 5.2.3 as a standalone WEB Application war in the Tomcat container. I am trying to configure {cipher} option to encrypt passwords in the configuration files. First, I added the following properties to CAS configuration and no {cipher} for any of the fields:

Re: [cas-user] CAS Scalling

In short my current setup is 1. We have 2 active CAS nodes installed on Apache Tomcat 8.0. 2. Each tomcat is behind a Apache Webserver which does the proxy.* i.e 2 Tomcat & 2 Apache Webserver* 3. Both webserver are behind a load balancer(NGINX). and what I need is 1. 2 active CAS nodes

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

No, it's the "adminpages" stuff: https://dacurry-tns.github.io/deploying-apereo-cas/building_server_dashboard_overview.html It's enabled solely in the CAS server; you don't need the management webapp. --Dave -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY

[cas-user] CAS Training?

Anyone know of any organized CAS training? Just a good solid day or two with some fundamentals? Anyone know of anything?? Keith Alston Regent University IT Department keit...@regent.edu 757.352.4081 -- - Website:

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

Thanks, David. Is the dashboard the management overlay? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

I got a reply from one of the apereo developers and he did not rule out the possibility of a bug; advised I should stand up cas in debug mode which I will work on. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines:

[cas-user] Re: [WS Federation] Source/StaxSource error on Security Token Service Provider

Dmitri, Misagh Moayyed (apereo developer) advised to stand up cas in debug mode and step through the code. This sounds like a lot of moving pieces will need to be configured, but that is the only reply I managed to get. Just fyi. -- - Website: https://apereo.github.io/cas - Gitter Chatroom:

Re: [cas-user] Re: CAS not redirecting to service after successful authentication.

Neha, There may be other settings that need to be modified when switching from SAML11 to CAS20. ST are being created but not validated. Your ASP.NET client is not configured correctly. Ray On Tue, 2018-05-08 at 03:56 -0700, Neha Gupta wrote: Hello Andy, Thanks for reply. I was also wondering

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

Looking at the logs more I did find these WARNs: 2018-05-08 17:02:31,227 WARN > [org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade] > > - https://vendor-site.com/Pages/Auth/Login.aspx] in > metadata provider Ensure the metadata is valid and

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

This may be your problem, then? validUntil="2018-05-03T20:29:06Z --Dave -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu [image: The New School] On Tue, May 8, 2018

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

I get the XML output as expected. https://vendor-site.com/Pages/Auth/Login.aspx;> https://vendor-site.com/Pages/Auth/Login.aspx; index="1" /> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

What do you get back when you do a curl on https://link-to-metadata.com ? On Tuesday, May 8, 2018 at 11:10:44 AM UTC-6, John D Giotta wrote: > > Looking at the logs more I did find these WARNs: > > 2018-05-08 17:02:31,227 WARN >>

[cas-user] .Net Cas client adding returns to ticket.

Good Morning, We are trying to connection our custom application to PortalGuard who is CAS 3 compliant. It seems that the .net cas client that we are using (version 1.1) is injecting into the ticket some white spaces. Because of this, PortalGuard is not able to search its database for the

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

Ok, this is just a guess here, but the vendor I'm trying to implement CAS SAML to is for Identity Provider. Is it possible we've got this confused, because our metadata.xml is setup for SPSSODescriptor. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas

Re: [cas-user] CAS Scalling

Yeah, but you still don't need to couple mod_auth_cas and CAS server on the same system one to one. They can be running in separate instances. It's likely easier to do so. Have your IdP (CAS Server) running on a different subdomain, so sso.example.com. Then scale your IdP and your application

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

Is that attribute required? Right now it is static. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google

[cas-user] LDAP gradle-overlay setup not working

Hello, I generated a war file from cas-gradle-overlow and deployed on to Tomcat9. Default Username/Password authentication worked and now I'm trying to change it to LDAP but for some reason, am not able to see authentication with LDAP. Can anyone of you guys suggest what's going on? Below

Re: [cas-user] Re: Working on Setting Up SAML 2.0 for the First Time

I do not see it in the metadata from any of the SPs we have in production here, so my guess would be probably not. But that's just a guess; I don't pretend to be an authority on SAML. --Dave -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE.,