Hi,
my current version of CAS is 6.6.0.
I'm using JWT with CAS and I set these configs:
cas.authn.token.crypto.enabled=true
cas.authn.token.crypto.encryptionEnabled=true
cas.authn.token.crypto.signingEnabled=true
cas.authn.token.crypto.alg=A256CBC-HS512
cas.authn.token.crypto.signing.key=***
(reminder)
Hello,
The CAS project management committee has availed a new mailing list
for Apereo CAS subscribers. This new forum will be used as a
trusted-contacts list to share security release updates, vulnerability
details, etc early on, should a security patch release become
available.
Mike,
That smells like a bug to me. SAML allows for any valid URI, which that
clearly is, and I've seen much worse registered and used successfully with
SAMLtest.
docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd
So, I think your theory is correct.
Take care,
Nate
On Thu,
Hi all,
We are running into an issue with a new SP, and despite turning on DEBUG
for both org.apereo.cas.services.AbstractServicesManager and
org.apereo.cas.support.saml.web.idp we can't find any hints for why this is
showing up in the logs:
2022-10-06 09:57:15,798 WARN
Hi,
With 6.6.0, we've been using the memcached Ticket Registry support
previously, but now we want to take advantage of the Account Profile pages
we can't get Session information (as getTickets() is not supported), so I
thought I would switch to JPA (since we have a suitable DB). Logins
OK - update!
A co-worker much smarter than me did the research into the code, and found
that the SAML service ID was being processed through a regex.
{
"@class": "org.apereo.cas.support.saml.services.SamlRegisteredService",
"serviceId": "*REDACTED*/metadata*\\*?Z3JvdXBJZD0yNTMxNQ==",
We've
Hi all,
I am working on CAS server upgrade from 6.3.7.4 to 6.5.8 version.
My clustered environment is working with 3 nodes without any issue.
But, for lower environment with single node, its not working. I am getting
error on server startup.
Can someone please help?
Do we have a way to disable
