I thought I'd just post an update on this. I tried this again with 6.4.4.
Since my CAS server is not acting as a SAML IdP, I removed all saml-idp
modules from my build which seems to have resolved the issue.
Noelette
On Monday, November 15, 2021 at 7:01:30 AM UTC-7 Noelette Stout wrote:
> At
lol, I wish. I'm just a sysadmin with a lot of years of troubleshooting.
At this point, it's as much trial and error as anything. I look up the
various possible settings and try different things. For now, I'm running
6.3.7.2 in dev and prod where people are actually using it. So to some
extent, I
Don't need the "just" ;)
I'd like to move away from CAS but we use the CAS protocol a lot (although
deprecated for new services) and there is always talk of a big project that
would make it silly to replace this little bit.
I'm a Java developer and have been spending a long time debugging CAS.
Thanks @ robertoschwald
That worked for me as well
build.gradle
---
dependencies {
compile "org.apache.logging.log4j:log4j-api:2.15.0"
compile "org.apache.logging.log4j:log4j-core:2.15.0"
compile "org.apache.logging.log4j:log4j-jcl:2.15.0"
compile
Note v2.16.0 is now out a patch for the patch
On Tuesday, December 14, 2021 at 10:02:48 AM UTC-6 apereo_cas_user wrote:
> We use cas 6.1.7 overlay template [still in pre-prod] for delegated
> authentication.
> As a temp solution we replaced log4j 2.12.1 with 2.15.0 manually and
>
That message might mean that you're missing the OIDC dependency in your
build.gradle
Make sure you have something like
implementation
"org.apereo.cas:cas-server-support-oidc:${project.'cas.version'}"
> On Dec 14, 2021, at 8:28 AM, Jeffrey Ramsay wrote:
>
> Hello -
>
> What is the
Thanks for letting us know. I think I'm stuck on a different issue related
to pac4j change that break pulling over the only attribute I want...
Cheers
Sam
On Tuesday, 14 December 2021 at 15:59:23 UTC stou...@isu.edu wrote:
> I thought I'd just post an update on this. I tried this again with
That sounds terrible. Once I moved from alpha to dev, I've just discovered
that logout is throwing a 500 error
On Tue, Dec 14, 2021 at 9:12 AM Sam Hough wrote:
> Thanks for letting us know. I think I'm stuck on a different issue related
> to pac4j change that break pulling over the only
Same experience.
On Tue, Dec 14, 2021 at 11:02 AM apereo_cas_user
wrote:
> We use cas 6.1.7 overlay template [still in pre-prod] for delegated
> authentication.
> As a temp solution we replaced log4j 2.12.1 with 2.15.0 manually and
> bounced tomcat.
> Is there a way we can exclude 2.12.1 from
We use cas 6.1.7 overlay template [still in pre-prod] for delegated
authentication.
As a temp solution we replaced log4j 2.12.1 with 2.15.0 manually and
bounced tomcat.
Is there a way we can exclude 2.12.1 from the build . [I can pull in 2.15.0
by adding in build.gradle but conflict with
Oh no. Probably showing my age... but without a bug database what is your
process for getting this stuff fixed? Are you a Java developer?
On Tuesday, 14 December 2021 at 16:35:59 UTC stou...@isu.edu wrote:
> That sounds terrible. Once I moved from alpha to dev, I've just discovered
> that
Hello -
What is the process for migrating the service registry from CAS 6.2 to 6.4?
I have used the service endpoints to export the 6.2 registry and then tried
to import into the new 6.4 system registry and that fails. Placing the
exported json files in the services area fails as shown below --
We had the same problem and we did the following:
1. Overwrite BOM defined version in gradle.properties
# BOM overwritten versions
# CVE-2021-44228 critical fix in 2.15.0.
# 2.16.0 further secures.
# See https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4
log4j2.version=2.16.0
2.
Hi all,
I was struggling with this feature as well in CAS 6.4.3 and I sometimes got
it working and sometimes not. It seemed to be related to the user
previously having been logged in before attempting a username request. That
seemed to make a difference but I want it to work all the time even
Ok, I just read the error message more carefully...
Cannot deserialize value of type
`org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesCoreProperties$MergingStrategyTypes`
from String "replace": not one of the values accepted for Enum class:
[NONE, ADD, MULTIVALUED,
Robert and Joe,
Your examples were really helpful. I was able to combine the steps and
patch our systems.
Thanks,
-Jeff
On Tue, Dec 14, 2021 at 1:58 PM Pablo Vidaurri wrote:
> Note v2.16.0 is now out a patch for the patch
>
> On Tuesday, December 14, 2021 at 10:02:48 AM UTC-6
David,
Thanks for your suggestion, I will give it a try.
Thanks again,
-Jeff
On Tue, Dec 14, 2021 at 10:15 PM David Gelhar
wrote:
>
> Ok, I just read the error message more carefully...
>
> Cannot deserialize value of type
>
Looks like we should be using log4j v 2.16.0 as 2.15.0 will not be good
enough.
https://logging.apache.org/log4j/2.x/security.html
On Monday, December 13, 2021 at 10:07:32 PM UTC-6 Misagh Moayyed wrote:
> Yes you can.
>
> -- Misagh
>
> On Tue, Dec 14, 2021, 12:35 AM Pablo Vidaurri wrote:
>
18 matches
Mail list logo