Re: [cas-user] Cas 3.5 and Shibboleth idp 2.4 Integration

Hi! It looks like you haven't walked through configuring your Shib instance to be used with testshib; please see http://www.testshib.org/configure.html and follow the "post install idp config" instructions. Chris >>> Mostafa Tabal 01/07/16 2:19 AM >>> Hi, i

Re: [cas-user] CAS 4.1.3 Shibboleth IdP integration

Awesome, thanks much! Watching it now :) >>> Gang Wang <wangga...@gmail.com> 01/06/16 3:36 PM >>> here is the issue, https://github.com/Jasig/cas/issues/1423thanks! On Wednesday, January 6, 2016 at 4:17:12 PM UTC-5, Christopher Myers wrote:When you do, please let the

RE: [cas-user] CAS 4.1.3 Shibboleth IdP integration

When you do, please let the list know what the issue number is so that we can follow it too; I'm going to be doing an upgrade from Shib 2.x to 3.x here sometime this spring since 2.x is being desupported. Our Shib instance points to our CAS instance for authentication, so we'll need to make

Re: [cas-user] Any published use of cas by "fortune 500" companies?

Ellucian and Heartland Payment Systems use it for their product offerings (both on-prem and hosted;) not sure where they fall on the list though. >>> John Rellis 06/21/16 4:21 AM >>> Hey folks, I am presenting the SSO solution using cas to our customers. Is there

Re: [cas-user] Cas 3.5 and Shibboleth idp 2.4 Integration

gure.html and i couldn't configure . please help i open idp-proccess.log and i found :- -No metadata for relying party https://sp.testship.org/ shibboleth-sp couldn't be resolved - Saml2 sso profile is not configured for https://sp.testship.org/ shibboleth-sp On Thursday, January 7,

Re: [cas-user] Re: CAS Intermittent SSO logins issues

Out of curiosity, what happens if you take the load balancer out of the picture - does the required re-authentication happen? Also, do you have any kind of session replication set up between your CAS nodes, such as hazelcast? Also, what frequency does this happen? Eg., if someone logs into a

Re: [cas-user] Anonymous Access (Re-Posting In cas-user)

Oh - I didn't have to do any of this in the CAS web.xml; the "url-pattern" is in the application's web.xml file, but you should only need to tweak that if you want a part of that application itself to be unauthenticated. Or, are you basically wanting to allow part of the CAS environment itself

Re: [cas-user] Anonymous Access (Re-Posting In cas-user)

need to deploy unsecured applications on the same application server instance that CAS is deployed to. I would like to have this one context root not protected by SSO. Regards. On Monday, February 8, 2016 at 9:11:54 AM UTC-5, Christopher Myers wrote:Just out of curiosity - why even have CAS

Re: [cas-user] CAS4 SSL Requirement for SSO to Work

his appears to be a neat solution :-) Cheers, Stephan On Tue, Feb 9, 2016 at 2:59 PM, Christopher Myers <cmy...@mail.millikin.edu> wrote: What we do is: internet(https) -> (https)load balancer(http) -> tomcat (http) Basically, the load balancer talks https to the internet and h

Re: [cas-user] Anonymous Access (Re-Posting In cas-user)

Hmm...that really seems like the application itself is looking for CAS...would you be willing to post an (edited) version of your "keepalive" application's web.xml file? >>> William 02/08/16 2:09 PM >>> Chris, Right now I am working on a local instance. CAS url

Re: [cas-user] Anonymous Access (Re-Posting In cas-user)

No worries at all, and no apologies needed...that would definitely explain things then :D That's what was making me so confused - we're doing exactly what you're wanting to do here, so I couldn't understand why it wasn't working for you :) Glad you're all set up! And - I've been trying to wean

Re: [cas-user] Anonymous Access (Re-Posting In cas-user)

Definitely sounds like it! I started playing around with CAS back in 2007 when I knew basically nothing about Java, Tomcat, or Linux, so I got to learn them all at the same time :P For the most part, it's been really straightforward to set up and configure, and we've gone from one small old

[cas-user] Version lifetimes

Out of curiosity, is there a list of the support lifetimes for the various CAS server versions? (Eg., how long is the 3.x branch going to be continued to be developed and patched?) Thanks much! Chris -- You received this message because you are subscribed to the Google Groups "CAS

RE: [cas-user] Version lifetimes

. We certainly no longer work on or maintain CAS 3, but if you have a patch that you think might be a good fit for 3.x, we could certainly cut a patch release as long as the work is done. Same with all the other versions. From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Christ

Re: [cas-user] Forgot password

Personally, I just edit the source pages in /cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/ There are a couple of files you can edit, including the casLoginView.jsp, and the files in the "includes" subfolder. and then it gets compiled when you go to build the app. If you

Re: [cas-user] New to CAS, new to Apereo

by Christopher Myers [ 25-Feb-2015 ] Edit as-server-4.0.0/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml Comment out

Re: [cas-user] New to CAS, new to Apereo

Likewise, we have 3+1 (two primary, one secondary, and an "oh crud the entire production VMWare environment went offline" backup.) All are running 4.0.x, connected together with hazelcast replication. We've got over 20 registered services, including connecting Shibboleth to CAS for its

Re: [cas-user] New to CAS, new to Apereo

other VMs - is that viable? Hank On Friday, August 12, 2016 at 8:50:22 AM UTC-4, Christopher Myers wrote:Likewise, we have 3+1 (two primary, one secondary, and an "oh crud the entire production VMWare environment went offline" backup.) All are running 4.0.x, connected together w

Re: [cas-user] CASify email system

We have GroupWise, and cheat - we've got an intermediary page that's CASified and just does a form post of the credentials to the WebAccess login page. Chris >>> "noumann.f" 06/29/16 5:38 AM >>> Hi, I need to CASify an email system (Postmaster and Roundcube web mail)

Re: [cas-user] What LDAP Server do you guys use?

We use eDirectory; works splendidly for us :) I used openLDAP at home for a long time. Whatever route you choose, an awesome free tool that I've found to be super handy is LDAP Admin: http://www.ldapadmin.org/ Chris >>> RJ Guroo 02/20/17 10:06 AM >>> We have been

Re: [cas-user] Elucian Banner 5 minute timeout with CAS

Try this change, and then repackage and redeploy the CAS war: modify the value of CAS's web.xml file, change the default timeout to 2 hours 120 >>> Adam Causey 02/15/17 10:45 AM >>> We are experiencing a 5 minute session timeout after users login to

Re: [cas-user] Internally hosted applications under load balancer issue

A few questions -- Are the applications behind the same load balancer, or different ones? Does the load balancer do SSL offloading? How is the DNS set up for the applications behind the load balancer? Eg., can application X see the proper DNS and IP address for CAS server Y? Do the logs say

Re: [cas-user] Forgot password

nks, Alaska 99775 Tel: 907-450-8320 Fax: 907-450-8381 linda.t...@alaska.edu | www.alaska.edu/oit/ On Thu, Aug 11, 2016 at 6:58 AM, Christopher Myers <cmy...@mail.millikin.edu> wrote: Personally, I just edit the source pages in /cas-server-webapp/src/main/webapp/WEB-INF/view

Re: [cas-user] Forgot password

functionality will need to be implemented (outside of CAS server). Best, D. On Aug 16, 2016, at 9:11 AM, Christopher Myers <cmy...@mail.millikin.edu> wrote: Not quite sure what you're asking, but -- the only thing we had to change on our side was to add the links to the login page. The link bas

Re: [cas-user] Re: CAS with two ldap servers

Not really sure to be honest. I haven't done anything with AWS or Nginx. Doing a quick google, it looks like you might be able to use nginx: https://www.nginx.com/resources/admin-guide/tcp-load-balancing/ We've got a Barracuda load balancer; it was fairly inexpensive, I want to say maybe a few

Re: [cas-user] CAS with two ldap servers

Usually you'd either have some sort of load balancer in front of the LDAP servers, or just use DNS round-robin. We currently have a load balancer, but before that did use round-robin. Both work fine, but the load balancing method is more reliable since it can intelligently detect when one of

Re: [cas-user] Java client - Dynamic service urls

Out of curiosity, are these different URLs, or just dynamic content on the same URL? After visiting a secured page, then logging in, you should be automatically redirected back to the page that triggered the login, unless your login page has expired. Example: Visiting

[cas-user] Documentation on bringing a CAS server online

I'm not quite sure the best way of going about this, so I thought I'd start out here. There is a ton of documentation about the different options that are available for CAS, but I've yet to find a step-by-step "here's how to bring a new CAS server online" document, and trying to infer what

[cas-user] Issues with service registry on 5.2.2

I apologize in advance, I didn't realize that the jasig-cas-user list wasn't the current one because that's the list that showed up in my Google searches, and it appears to still be active based on others posting out there. So I'm cross-posting to this list, which I guess is the current one?

Re: [cas-user] Issues with service registry on 5.2.2

or CAS versions 5.2+ use *cas.serviceRegistry.json.location *property: > https://apereo.github.io/cas/development/installation/Configuration-Properties.html#json-service-registry > > Cheers, > D. > > > From: Christopher Myers <chris...@gmail.com> > Reply: cas-...@ape

[cas-user] Using the password management functionality when your LDAP doesn't support password modify extended operation (OID - 1.3.6.1.4.1.4203.1.11.1)

I've tried to set up the LDAP password management on our environment, per https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-password-management , but it's not working for me. After much digging and LDAP traces, I found this: Completed TLS handshake on