omponents and the right incarnation of
environment variables always seems to work it's magic. Just wondering if
I'm missing something obvious in this case.
Thanks
Colin
On 2019-11-02 12:44 p.m., David Hawes wrote:
On Fri, 1 Nov 2019 at 15:41, Colin Ryan wrote:
Folks,
For various reason's I need to
Folks,
For various reason's I need to compile my own mod_auth_cas module for
use in Apache. I also have my own builds of OpenSSL within this toolchain.
I cannot for the life of me seem to get mod_auth_cas to use my external
openssl libraries. I've done this many times before for other
rl=/opt/aa
So far so good.
Thanks All.
C
On 2019-11-04 1:05 p.m., David Hawes wrote:
On Mon, 4 Nov 2019 at 12:01, Colin Ryan wrote:
David,
Yes I've built Apache2 itself with SSL using the safe external OpenSSL as I"m
trying to use with the module. When I run the totally to stock ./c
I ran across this too. I had to add the gradle linkage for simple MFA to
get around this.
compile
"org.apereo.cas:cas-server-support-simple-mfa:${project.'cas.version'}"
Not sure why, but I did.
colin
On 2019-11-06 2:28 a.m., Andy Ng wrote:
Hi all,
In my quest to test out some CAS
ore
messages related to the service. That along with
might provide more details in case there are ldap connection issues.
If you can look at logs from RADIUS and LDAP, they may tell you if the
problem is on that end.
Ray
On Fri, 2019-11-01 at 10:59 -0400, Colin Ryan wrote:
Ray,
I had alre
Andy,
Seems almost like your "issue" with the mysterious tight linkage to MFA
and Radius and this are related.
Is there a way to enable MFA radius but have it behave as a single factor?
Side note is there a way using Radius Authentication to dynamically add
a realm identifier to the users
Folks,
I currently use my Radius infrastructure to handle multiple methods of
authentication by use of realms. However the real selections are
transparent the end users as I use various techniques to insert realm
identifiers into the users login ID on the fly. I.E. the user only ever
enters
end, i.e. a script with wget/curl time tools.
Cheers
Colin Ryan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed
Folks,
I have an central application that will be used by multiple groups of
users. These users are organized organizationally in LDAP as the primary
system of record. However each organization will have a potentially
different choice of which of my available authentication providers need
to
Folks,
I'm trying to have Radius be my Authentication Method but gather
attributes from the LDAP entry for the user. The LDAP database is the
same one that is actually backing the RADIUS auth.
Seemed straight forward enough based upon:
gradle stuff is so dynamic it’s hard for me to figure out how to
override project defaults etc etc.
Thank you
Colin Ryan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--
Ray,
I had already set the attribute release directive in the basic HTTPIMAP
all access service definition.
You've helped my brain tweak on the concept that only principal
attributes are automatically released while all others must be
explicitly added to defaults or service definitions. But
ected
to CAS that the parameters are preserved...i.e.
https://cas/cas/login?service=https://myapp.com?profile=xxx.
Thanks
Colin Ryan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://g
This reeks of some mismatch with your OpenSSL libraries.
Are you using the system wide OpenSSL and associated SSL lib's or are
you rolling your own OpenSSL as well.
If the latter be sure that pkg-config and other ./configure directives
are actually using your own libraries versus the system
ill not be stored in HttpSession.
2020-01-23 14:53:47.172 DEBUG 13071 --- [io-9000-exec-10]
s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now
cleared, as request processing completed
On 2020-01-20 1:38 p.m., Ray Bon wrote:
Colin,
When you say '/login/cas', are you talking about the CAS server login
pa
Folks
Sorry to go so far backwards. But in moving forward with some odd
requirements I've had to go back to first principle code and am having
problems with the basics.
My understanding is that Spring defaults to "/login/cas" now as being
the URL for the CasFilter, as such the application
Cemal,
I tried this approach to this but I keep getting a too many re-directs
error. I'm new'ish to Spring Security so maybe I'm missing something.
But basically I see the "DynamicRedirectCasAuthenticationEntryPoint"
being processed in every request the first time through it I'm intercepting
Cemal,
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.regexMatchers("/desktop/.*","/desktop?.*","/login.*")
.authenticated()
.and()
.authorizeRequests()
.regexMatchers("/")
.permitAll()
for Annotated forms of this I found at:
https://www.baeldung.com/spring-security-cas-sso
On 2019-12-24 1:39 a.m., Anmol Budhewar wrote:
Can you refer how to get java cas client because I don't have any idea
how to build java cas client can you help me
On Thu, Dec 19, 2019, 03:00 Colin Ryan
: x86_64
OS Name: Mac OS X
OS Version: 10.15.5
OS Date/Time: 2020-09-02T12:30:12.658905
OS Temp Directory: /var/folders/3z/nw6030cx27vdg7r5ws1p02vrgn/T/
Cheers
Colin
On 8/24/20 3:25 PM, Colin Ryan wrote:
Folks,
So I've still not managed to move past this. Even even started from
scratch
If I understand what your asking you want to simply use User Name and
Password authentication but using just basic FreeRadius as your
authentication handler?
You can do this easily just following the instructions in the
documentation. There is lot's of other content about MFA and Radius but
.
Not go, again was working before my development environment blew up. I
have a backup of it, but build and run for that can't find components
(old branch?).
Any idea what stupidity I'm missing.
Thanks
On 8/12/20 12:43 PM, Colin Ryan wrote:
Folks,
I'm nearly embarrassed having to ask
to the java ketstore.
https://docs.oracle.com/cd/E54932_01/doc.705/e54936/cssg_create_ssl_cert.htm#CSVSG180
Ray
On Mon, 2020-08-24 at 15:25 -0400, Colin Ryan wrote:
Notice: This message was sent from outside the University of Victoria
email system. Please be cautious with links and sensitive
idea what the h**ll is the problem.
On 8/12/20 12:43 PM, Colin Ryan wrote:
Folks,
I'm nearly embarrassed having to ask this but I'm having issues
starting up the Management Interface in the embedded Tomcat scenario.
The error is technically obvious:
Caused
and it's still
in the documentation.
I tried it on a whim upon inspecting the applications.properties file in
the source code.
Colin
On 9/21/20 12:14 PM, Colin Ryan wrote:
I give up.
I've tried everything. I have no clue. Even again did fresh git clone
and immediate build.sh run
Folks,
I have 2 authentication sources. I have services that I want strictly
to only accept success via a specific source. Even if the same
credential pair could succeed in either.
I've been trying to user the "newer"? authenticationPolicy approaches
as the logs in my 6.2.3 builds were
icy-enabled=true
It is still permitting authentication via the LDAP resource.
At a global level it works, I I do the, for example,
cas.authn.policy.req.try-all=false
cas.authn.policy.req.handler-name=Radius
cas.authn.policy.req.enabled=true
and in this configuration Radius and only Ra
Folks,
I'm nearly embarrassed having to ask this but I'm having issues starting
up the Management Interface in the embedded Tomcat scenario.
The error is technically obvious:
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe
contents entry:
Arti,
So first of all there is ton's of log information available to you, but
you've shared none of it. So it's hard to see where you have issues.
However for mod_auth_cas you've defined the variables for it all fine.
But the example you have given does not indicate you've told Apache to
ccessed; when a ST is issued and when
> validated.
>
> Ray
>
>> On Fri, 2020-12-04 at 16:01 -0500, Colin Ryan wrote:
>> Notice: This message was sent from outside the University of Victoria email
>> system. Please be cautious with links and sensitive information.
>&g
Folks,
Is there a way to interrogate a ticket/session to get the original entry
point to the CAS SSO.
If have multiple entry points (services) to CAS, this get's thrown over
to CAS for validation/auth etc.
Then I visit another site on the same domain that is enabled for SSO
with the CAS
Folks,
I'm running CAS 6.2.3.
Authenticating to a CentOS 389 Directory LDAP Server. Authentication is
all good. Finally even appeared to solve my ePerssonDirectory attribute
extraction configuration issues. However I'm unable to get the DN of the
users LDAP entry to resolve.
389 Directory
As I alluded to your directly.
I would run a tcpdump on the Radius Host (as well as Ray's suggestion of
ensuring you have no port blocks) and see if any packets are arriving to
the Radius server period (e.g. tcpdump -i eth0 host )
As well confirm that your using the proper ports. Radius
-attribute.dn-attribute-name:
dn
Cheers folks
Colin
On 12/1/20 8:29 PM, Daniel Fisher wrote:
On Tue, Dec 1, 2020 at 4:06 PM Colin Ryan <mailto:col...@caveo.ca>> wrote:
Folks,
I'm running CAS 6.2.3.
Authenticating to a CentOS 389 Directory LDAP Server.
Authentication is
Irvan,
All I have is the following:
cas.authn.radius.name=Radius
cas.authn.radius.server.protocol=PAP
cas.authn.radius.server.retries=1
cas.authn.radius.client.authenticationPort=1645
cas.authn.radius.client.sharedSecret=
cas.authn.radius.client.inetAddress=
Ray et al.
Just some closure. Indeed was application error. Mismatch between the
URL of the CASAuthenticationFilter and serviceProperties
Thanks
Have a Safe Holiday everyone.
Colin
On 12/18/20 5:30 PM, Colin Ryan wrote:
The login link is A/desktop which matches and the serviceProperties
else like
domain/cas/login?service=A/desktop?
Ray
On Fri, 2020-12-18 at 16:03 -0500, Colin Ryan wrote:
Notice: This message was sent from outside the University of Victoria
email system. Please be cautious with links and sensitive information.
Folks,
So in the initial iteration of my projec
Folks,
So in the initial iteration of my project I had my spring security
application working as it should w.r.t. to the common design/functional
patterns for Spring Security and CAS.
Let's call this Application A)
My http security definition was as follows.
http
I did this, it wasn't easy, possibly due to my lack of knowledge. I
combed through the CAS source code to find the bits involved an simply
emulated them as they are all to spec. workings.
I didn't see any directly exposed CAS API's for this they were all
internal.
I made extensive use of
What's the freeradius logs showing.
I seem to recall that you can only use PAP for authentication.
As well and maybe you just sanitized the configuration but just to state
the obvious you have to replace the {configuration key} with the
releveant context
So for example, but you must have
ing-Service-AuthN-Policy.html>
Ray
On Tue, 2020-10-20 at 14:24 -0400, Colin Ryan wrote:
Notice: This message was sent from outside the University of Victoria
email system. Please be cautious with links and sensitive information.
Folks,
I have 2 authentication sources. I have services that
Reposting essentially again as I just cannot make this go. My heartfelt
apologies that I'm circling to the list again on this.
As before. I want to be able to specifically require an exclusive
Authentication Resource per Service definition. I cannot seem to make
this work.
CAS 6.2.3
LDAP
Irvan,
That's a old reference with older versions than now.
My 6.2.x file just has the
implementation
"org.apereo.cas:cas-server-support-radius:${project.'cas.version'}"
C
On 11/6/20 7:47 AM, irvan suryadi wrote:
Hai collin,
Thanks for the solution, i will use your recomendation.
I
Sorry meant to include the exception that seems to drive this failure.
org.springframework.core.convert.ConverterNotFoundException: No
converter found capable of converting from type
[org.bson.types.ObjectId] to type [long]
C
On 6/10/21 3:46 PM, Colin Ryan wrote:
Folks,
I noticed when
Sorry been a long day...
CAS 6.2.7
MongoDB 4.2.6
On 6/10/21 3:46 PM, Colin Ryan wrote:
Folks,
I noticed when using the auto-loaded from .json service entries when
enabling that the _id key in the documents when using MongoDB as the
registry was of type .
However as I've been working
ething? Bug?
Thanks
Colin Ryan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Commu
Folks,
CAS 6.2.7
According to numerous sources I should be able to put a comma or space
seperated list of URLs in various uses of the ldap-url configuration
parameter.
However whenever I do so I get invalid URL when starting up.
eg.
cas.authn.pm.ldap[0].ldap-url: ldap://ldap1:3131
Folks,
Sorry for the likely stupid post, I swore I had sorted this prior. But I
have 3 authentication sources defined. LDAP, Radius and Google MFA.
I want to restrict a service to using - and most importantly trying -
only an explicitly configured service. I.e. If I say LDAP as the Auth
on
the Access-Challenge response from the Radius server.
Thanks
Colin Ryan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you
oughts on an approach.
Thank you
Colin Ryan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Googl
This is what I'm using...to be honest I can't seem to recall if this
does not bother trying the other resources...I think it does what we
originally wanted.
"authenticationPolicy": {
"requiredAuthenticationHandlers": ["LDAP"],
"criteria": {
"tryAll": false,
"
C
On 12/15/21 4:33 PM, Colin Ryan wrote:
As a longer view on Log4J mitigation we are doing test upgrades from
6.2.x to 6.3...
We are using Mongo for service registry, ticketregistry and GAuth
registry.
When testing the GAuth functions we are getting an exception from the
following mon
As a longer view on Log4J mitigation we are doing test upgrades from
6.2.x to 6.3...
We are using Mongo for service registry, ticketregistry and GAuth registry.
When testing the GAuth functions we are getting an exception from the
following mongo related error.
2021-12-15 21:15:06,696
the client address from the
request, assuming the load balancer is configured correctly to
pass that header along.
-- Misagh
On Fri, Mar 11, 2022, 4:54 AM Colin Ryan wrote:
Folks,
I know there's lots of info on this but I just can't seem to
make
Folks,
I know there's lots of info on this but I just can't seem to make it go,
it should be a no brainer...but...alas...
I'm running CAS 6.3 in a Docker Container with embedded Spring Tomcat.
In front of this is Apache2 Reverse Proxy with straight forward
ProxyPass/ProxyPassReverse
ption" attribute of
"Your Entry Service Page" I would like to be able to dynamically have
the Login pages say something like.
This is Login is for Access to "Your Entry Service Page".
Hints?
Thanks all
Colin Ryan
--
- Website: https://apereo.github.io/cas
- Gitt
ot;Your Entry Service Page" I would like to be able to dynamically have
the Login pages say something like.
This is Login is for Access to "Your Entry Service Page".
Hints?
Thanks all
Colin Ryan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom:
My friend,
Without sounding rude your gonna have to put in the legwork yourself.
SSO is a broad scope and what functions of CAS you need will depend on
your applications and infrastructure.
There is so much info out there, but one I found, although might be a
little dated but still very
Folks,
I have a complex password in the cas.properties file. It contains some
special characters like & and ( etc.
Do these need to be escaped somehow? It doesn't seem to be getting
parsed properly (i.e. login in question is failing)
Thanks
--
- Website: https://apereo.github.io/cas
-
59 matches
Mail list logo