Kanari,
Where did you see that django-cas-ng only works with Django 3? I have it
running with Django 4.0.3.
Thanks,
Carl Waldbieser
ITS
Lafayette College
On Mon, Jun 24, 2024 at 12:26 AM Kanari Hirano
wrote:
> Hello everyone, I am a trying to create a CAS server to integrate with
You probably are going to need to share your mod_auth_cas config (if you
need to replace your actual domain with "example.com" that is fine).
Thanks,
Carl Waldbieser
On Fri, Aug 16, 2024 at 9:08 AM 'TF' via CAS Community
wrote:
> Hey guys,
>
> i hope i can get help
AuthType None
> Require all granted
>
>
> # Regular User
>
> AuthType CAS
> Require valid-user
>
>
> WSGIPassAuthorization On
>
>
>
>
> On Friday 16 August 2024 at 15:51:25 UTC+2 Carl Waldbieser wrote:
>
>> You
If you swap out auth type cas for auth type basic, do you get the same
issue?
Thanks,
Carl Waldbieser
On Wed, Aug 28, 2024, 5:12 AM TF wrote:
> Hi,
>
> sorry for my late response.
> i tryd "CasScope" with no success.
> Still same behavior :(
>
> Kind regards,
ER" environment variable, so you should be able to swap one out
for another to test.
Thanks,
Carl Waldbieser
On Thu, Aug 29, 2024 at 1:18 AM TF wrote:
> Then im getting a Internal Error.
>
> Log:
> [Thu Aug 29 05:16:14.581084 2024] [auth_basic:error] [pid 1497476:tid
> 1497476] [
er to be redirected to a static "Unauthorized" page that
explains that the user is not authorized for this service.
Is that something I can do using CAS views? Or would I be better off just
setting up an external web page somewhere?
Thanks,
Carl Waldbieser
ITS
Lafayette College
--
ectronic signature and document
routing service that securely transmits documents for signing.",
"logo": "https://cdn.lafayette.edu/images/logos/docusign-100x100.png";,
"properties": {
"@class": "java.util.HashMap",
"InformationURL": {
"
e any questions, let me know.
Thanks,
Carl Waldbieser
ITS
Lafayette College
On Tue, Dec 15, 2020, 3:30 PM Geng, Kelly wrote:
> Hi All,
>
> Is there anyone that is successfully running CAS v5+ on AWS either
> exclusively or in hybrid mode? We are trying to migrate CAS 6.0 to AWS and
&g
x27;t determine a better way to get the
container to do a health check without some kind of rudimentary shell.
We do use Duo MFA integration.
I'm not certain what CAS interruption is-- I'm pretty sure we don't use it.
Thanks,
Carl Waldbieser
ITS
Lafayette College
On Wed, Dec 16,
ed
person directory. CAS brokers the authentication and provides the
information necessary to make policy enforcement decisions.
Thanks,
Carl Waldbieser
ITS
Lafayette College
On Thu, Feb 11, 2021 at 6:32 PM KC Pullen wrote:
> Hello,
>
> I'm currently using CAS to protect web di
Mark,
If your web site uses some kind of session to persist authentication
between requests, you could just have separate login resources for CAS or
for an alternative authN/authZ method. Either one could establish the
session and you could proceed from there.
Thanks,
Carl Waldbieser
ITS
something that would normally require authentication.
Historically, I believe CAS used to have a "login ticket" which was a
nonce. It dropped it somewhere between 3.x and 5.x, I believe.
Thanks,
Carl Waldbieser
ITS
Lafayette College
On Wed, Apr 21, 2021 at 5:24 AM Paul Roemer wrote:
>
I am working around this by having the JAR files (duo and okhttp-2.3.0.jar)
locally in the build environment and tweaking the Gradle build script to
use those. Seems to work for now with 6.2.8.
Thanks,
Carl Waldbieser
ITS
Lafayette College
On Mon, May 10, 2021 at 5:14 PM 'Zachary Dunham
oking for is at
"./WEB-INF/lib/duo-client-0.2.2.jar". There are also a couple "okhttp"
JARs in there, too. I think I needed one of those as well.
Thanks,
Carl Waldbieser
ITS
Lafayette College
On Tue, May 11, 2021 at 3:01 PM 'Zachary Dunham' via CAS Community &l
ayette.edu/authorized";
]
]
}
},
"logo": "https://cdn.lafayette.edu/images/logos/example-100x100.png";,
"properties": {
"@class": "java.util.HashMap",
"InformationURL": {
"@cla
Baron,
Couldn't you just put a subject alternative names on the certificate to
include both the DR name and the production service name?
Thanks,
Carl Waldbieser
ITS
Lafayette College
On Mon, Oct 4, 2021 at 2:01 PM Baron Fujimoto wrote:
> This isn't strictly a CAS issue, but we&#x
ce queries your DR LDAP service, but you could just
configure it to use the DR LDAP service's current name if you just wanted
to quickly verify the service starts up. Presumably the DR DNS name will
still be around during a fail over?
Thanks,
Carl Waldbieser
ITS
Lafayette College
On Mon, Oct 4,
11 an exact requirement? Or are later versions of the JDK also
acceptable? I don't follow Java development too closely, but I did see
that JDK 17 is in general availability, so it just got me wondering.
Thanks,
Carl Waldbieser
ITS
Lafayette College
--
- Website: https://apereo.github.io/c
t;org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values": [
"java.util.HashSet",
[
"https://help.example.org/service-example-net";
]
]
}
}
}
The
otected is OK, since the user will
likely be first introduced to CAS on a valid resource and the browser will
remember the header setting for the site.
If this *is* an issue, is there a way to configure CAS to just apply the
security response headers to *all* resources that it serves up?
Th
aders, etc.
Trying to replicate the CAS server functionality from the REST API seems
like a pretty big undertaking. The REST API is really meant to model
"applications as users".
>From my point of view this doesn't seem like the best way to use CAS.
Thanks,
Carl Waldbieser
ITS
Lafaye
whether or not this type of access should be granted. But it is
*typically* the application's responsibility to enforce that kind of access
control.
Thanks,
Carl Waldbieser
On Tue, Feb 22, 2022 at 3:15 PM Ray Bon wrote:
> Pablo,
>
> That kind of behaviour is in your application a
The lifetime of a service ticket is usually set pretty short-- 15 or 20
seconds max. Alice needs to leak her ST within that timeframe for it to be
valid, or else Bob should get an invalid ticket error at the client.
You may want to examine the ST lifetime and shorten it.
Thanks,
Carl Waldbieser
rom the documentation how one might configure that, or
even if it is possible.
Thanks,
Carl Waldbieser
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received
erly. Also, the SEARCH would need to indicate that alias entries
should be dereferenced.
I'm not sure if CAS supports this without getting into some magical Java
bean territory.
Thanks,
Carl Waldbieser
On Wed, May 18, 2022 at 7:09 PM Ray Bon wrote:
> Carl,
>
> Are you referring to surr
ast once a
day? It really depends on the policies in your organization.
Thanks,
Carl Waldbieser
On Wed, Jul 27, 2022 at 3:16 PM Pablo Vidaurri wrote:
> Currently CAS TGT is an 8hr session, ST is a 2hr session. Client is
> requesting to enable certain parts of their site (protected) to in
appears on the endpoint.
Thanks,
Carl Waldbieser
ITS
Lafayette College
On Tue, Mar 7, 2023 at 12:13 AM Yan Zhou wrote:
> Hi,,
>
> CAS 6.4 OIDC JWKS endpoint looks like this. Our vendor has problem with
> its missing fields such as alg, kid, and use.
>
> Anyone knows how to show
uction yet, though, so I'd be interested in what the
particular symptoms are.
Thanks,
Carl Waldbieser
ITS
Lafayette College
On Wed, Mar 8, 2023 at 2:57 PM 'Richard Frovarp' via CAS Community <
cas-user@apereo.org> wrote:
> On CAS 6.6.6 and using the Duo Universal Prompt, it
s" manually. I just
>> generated a uuid4, but you can use any ID unique to your keystore from what
>> I understand.
>> The kid then appears on the endpoint.
>>
>> Thanks,
>> Carl Waldbieser
>> ITS
>> Lafayette College
>>
>> On Tue, Ma
John,
Unless you're developing for the CAS server, you probably just want to use the
WAR overlay method[1].
Basically, you set up a pom.xml file and run the `maven` command, and all the
relevant Java libs are pulled from remote repositories and assembled for you.
Thanks,
Carl Waldbiese
domain, it should
act like its own unique CAS instance.
Thanks,
Carl Waldbieser
ITS Identity Management
Lafayette College
- Original Message -
From: "Andy Ng"
To: "cas-user"
Sent: Wednesday, April 25, 2018 5:20:01 AM
Subject: [cas-user] [SSO] Is it possible to make
"surname"
]
]
},
The "attributeReleasePolicy" is used to filer the "memberOf" attribute down to
a specific value (because he attribute is multi-valued, and you usually only
want to release only one or a few of the values to a servi
ish an SSO session
or it will not. Any call to our IdP will always pass though to CAS to verify
an SSO session exists. Users are only prompted for MFA once per session.
Thanks,
Carl Waldbieser
ITS Identity Management
Lafayette College
- Original Message -
From: "Matt T"
was asserted. Again, I'm not sure how one would
configure something like that in practice.
Thanks,
Carl Waldbieser
ITS Identity Management
Lafayette College
- Original Message -
From: "Matt T"
To: "cas-user"
Sent: Friday, 7 September, 2018 11:47:43
Subject: Re:
34 matches
Mail list logo
