For SAML2 to work, you need a single entry like this in your service
registry:
{
"@class" :"org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "
https://cas.example.org/cas/idp/profile/SAML2/Callback.+;,
"name" : "SAML Authentication Request",
Thanks Mickaël,
I think I will try with JPA - to store generated otp's in sql db and see
what happens. I'm not sure that will solve it but it's worth a try.
Would you share your cas.properties so that I can compare configurations if
possible?
Kind Regards
Jeremy
On Friday, 22 February 2019
Some discussion of this topic is
here:
https://groups.google.com/a/apereo.org/forum/?utm_medium=email_source=footer#!msg/cas-user/8o4XNw64euo/svXQoBUtBgAJ
We are also looking into using the ByPass settings.
On Friday, February 22, 2019 at 9:39:00 AM UTC-5, Mallory, Erik wrote:
>
> Hello,
>
>
Oh, figured it out right after asking, lol!
What happens is that the cas-overlay puts
cas.server.name: https://localhost:8443
cas.server.prefix: https://localhost:8443/cas
on cas.properties
However... OAuthConfigurations runs before interpreting this file...
Moving cas.server.name|prefix
More accurately, Duo worked for users configured to use Duo, anyone that was
NOT configured for Duo would fail.
Erik Mallory
Server Analyst
Wichita State University
From: "'Mallory, Erik' via CAS Community"
Reply-To:
Date: Friday, February 22, 2019 at 8:38 AM
To: "cas-user@apereo.org"
I don't think you can use regex in the service id for SAML services. You
have to specify the service name exactly.
On Fri, Feb 22, 2019, 2:31 AM Pameliya Mukherjee <
pameliya.mukherj...@gmail.com> wrote:
> I am using CAS 5.3.8.
>
> I have created the service like below and kept the file in
>
Hello,
While trying to enable OAuth2 support on version 5.3 of CAS, OAuth
configuration class is picking up default values instead of reading
application.yml
This method: org.apereo.cas.config.CasOAuthConfiguration#oauthSecConfig
It tries to read the loginUrl from CasProperties, but I think
Hello,
Yesterday about 3:30 CST Duo quit working for CAS, we contacted Duo support and
it was determined to be a problem with Duo, given the number of educational
institutions that were contacting Duo at the same time we were. I’m starting a
thread here if anyone cares to share any information
No problem.
Have you test with another app? I'm using andOTP but I don't think the
problem is here.
Sincerely,
Mickaël
Le ven. 22 févr. 2019 à 11:39, Jeremy Van Rooyen a
écrit :
> Apologies Mickaël,
>
> The webapp server and my smartphone's time is the same yes.
>
> Kind Regards
> Jeremy
>
>
Jeremy, you don't tell me if the webapp server is at the good time and your
smartphone too.
Token are time based, so if one of the device has not the good time, you
will have problems.
Sincerely,
Mickaël
Le ven. 22 févr. 2019 à 08:45, Jeremy Van Rooyen a
écrit :
> Thanks for your feedback
I see your email was cut off :-)
You are using what and OTP?
Kind Regards
Jeremy
On Friday, 22 February 2019 12:45:10 UTC+2, Mickaël wrote:
>
> No problem.
>
> Have you test with another app? I'm using andOTP but I don't think the
> problem is here.
>
> Sincerely,
>
> Mickaël
>
> Le ven. 22
Hi,
The pac4j v3.6.1 release has been cut and the 5.3.x, 6.0.x and master
branches of CAS have been upgraded.
Thanks.
Best regards,
Jérôme
Le vendredi 15 février 2019 08:46:45 UTC+1, Andy Ng a écrit :
>
> Hi Jérôme
>
> > That said, as CAS v5.3.9 and v6.0.2 releases are planned for March 01,
>
I am using CAS 5.3.8.
I have created the service like below and kept the file in etc\cas\services:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://.+;,
"name" : "SAML Authentication Request",
"id" : 20190219131300,
"accessStrategy" : {
Hi,
Try to configure cas server to delegate authentication to another cas
server. Current use CAS 5.1 and another server is also CAS 5.1. Following
the configuration provide in the document. But the application got
authentication error. Check the cas server log, found the authentication
Hi,
Because you have not defined which service management you will use to store
services.
I do not know the version you are using but you can refer to this:
https://apereo.github.io/cas/5.3.x/installation/Service-Management.html#service-management
Charaf
Le ven. 22 févr. 2019 à 08:10, Pameliya
I do not see where you specify the service registry location in
cas.properties:
https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#json-service-registry
Le ven. 22 févr. 2019 10:31, Pameliya Mukherjee <
pameliya.mukherj...@gmail.com> a écrit :
> I am using CAS 5.3.8.
Apologies Mickaël,
The webapp server and my smartphone's time is the same yes.
Kind Regards
Jeremy
On Friday, 22 February 2019 10:44:11 UTC+2, Mickaël wrote:
>
> Jeremy, you don't tell me if the webapp server is at the good time and
> your smartphone too.
> Token are time based, so if one of
Rodrigo,
Spring's PropertyResolver,
https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/core/env/PropertyResolver.html,
does not provide a list option. It does allow you to specify a type. I am not
sure how you would set a list in a text file.
Based on Andy's
It quit working for us (or at least we first received complaints) as well
around 3:30pm EST yesterday (2/21). We have a ticket open with Duo,
although I'm not aware that we've heard anything back from them yet. I'll
share anything we learn as well.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF
For our institution it was first reported on the 19th around 5pm EST
shortly after a server restart.
On Friday, February 22, 2019 at 9:39:00 AM UTC-5, Mallory, Erik wrote:
>
> Hello,
>
> Yesterday about 3:30 CST Duo quit working for CAS, we contacted Duo
> support and it was determined to be a
Hi everyone,
A few questions for those of you who are using a distributed or high
availability CAS implementation (i.e., more than one server in a pool of
some sort):
1. Which technology are you using for your ticket repository?
2. How many CAS servers are you running?
3. How many
Hey there Ray,
Actually, I'm using:
resources:
- name:
link:
Which resolves to resource[0].name/link
In YAML, you can specify lists like that.
Take a look at my previous answer, I was able to load a list through a
dedicated property class.
--
- Website:
1, Hazelcast
2. 4
3. 4
4. Same server
5. 200k per day using Duo (employees) Students add more. I have seen 400k
total per day.
6. No issues
Bryan
University of Utah
On Fri, Feb 22, 2019 at 10:12 AM wrote:
> Hi everyone,
>
> A few questions for those of you who are using a distributed or high
>
Has the serviceParameter = 'SAMLart' and artifactParameterName ='TARGET '
depreciated in cas?
I am using trying to connect CAS 6.1.0-RC2-SNAPSHOT to Banner 9 Application
Navigator ver 3.1.
We had it working on 6.0.0-RC4-SNAPSHOT and CAS 5.1.2.
Despite being the most recent version of Banner
Hi all,
I'm having a small trouble with OAuth protocol. While all redirections
works as expected, after authenticating I'm getting a NPE in some internal
mechanism I didn't quite understand...
Following stacktrace for reference:
(Please, ask me for more info where possible, I'm clueless about
1. Hazelcast
2. 4 round robin
3. 4
4. Same server
5. 40k per day (all users)
6. No issues
Our previous install used ehcache. It did not replicate fast enough to support
round robin so we used primary and fail over.
Hazelcast is not replicated (at least not by default). It has stood up
admirably
This might be of service to
you:
https://apereo.github.io/2017/02/22/cas51-dbauthn-tutorial/#password-encoding
On Thursday, February 21, 2019 at 8:10:37 PM UTC-7, Ngô Hữu Tiến wrote:
>
> How to custom encoderpassword with cas 5.3 ?
> hepl me
>
--
- Website: https://apereo.github.io/cas
-
Just to clarify: service identifiers can be a regex.
On Friday, February 22, 2019 at 5:07:16 AM UTC-7, Matthew Uribe wrote:
>
> I don't think you can use regex in the service id for SAML services. You
> have to specify the service name exactly.
>
> On Fri, Feb 22, 2019, 2:31 AM Pameliya
The redirect is handled by a Javascript snippet: you can remove other
elements on the screen to "blank" things out, or move the redirect call
into something more immediate; maybe a meta-refresh tag.
On Thursday, February 21, 2019 at 2:10:24 AM UTC-7, john wrote:
>
> Hi , I upgraded Cas from
This seems like a side-effect of this pull
request: https://github.com/apereo/cas/pull/3782
This should be fixed in 5.3.9-SNAPSHOT, if you want to switch and try again.
On Friday, February 22, 2019 at 11:36:13 AM UTC-7, Rodrigo Siqueira wrote:
>
> Hi all,
>
> I'm having a small trouble with
shib-cas-authn3 3.2.3 does not support handling authn context classes
received from CAS. Switch to a more recent version such as a 3.2.4.beta4
please. The readme also provides an example of how one can map MFA on CAS
to the REFEDS profile, which might serve as inspiration for you.
On Friday,
Just passing along that we heard back from Duo support late this afternoon
that the issue had been escalated to engineering and that a fix has now
been rolled out.
But given that it's late on Friday afternoon we're waiting until Monday to
try it, so I can't say for sure whether it's really been
We heard back from them as well. We spot checked with a few students. There was
a desire from up top to get duo turned on again for production systems. We did
so about an hour ago. So far, so good.
Thanks,
Erik Mallory
Server Analyst
Wichita State University
From: David Curry
Date: Friday,
Hi Dave,
Nice question.
1. Redis
2. 5
3. 3
4. Different
5. 80k
6. Have started load-testing last week & have reached 10k per day till now.
No problem yet.
Bryan / Ray / Andy
I could see everyone using Hazecast.
In my case is Redis a bottleneck? However, until now for 10k login load, I
have not
Hi John,
FYI, the redirect logic is in
here:
https://github.com/apereo/cas/blob/v6.0.1/webapp/resources/templates/fragments/loginProviders.html#L90
Also if I am not mistaken, the 6.0.1 branch already have this bug fixed,
you can see the following for reference:
-
Hi Dave,
1. Hazelcast
2-5. I consider them sensitive information, sorry Dave can't disclose them
6. You might need to the cap the memory or else it will use a large
percentage of the memory,
and there is more network traffic between the servers then we expected (but
ultimate is still stable
36 matches
Mail list logo
