Hi,
Just to be sure: do you want to turn you CAS server into an OAuth / OpenID
server (1) or delegate the authentication from your CAS server to another
OAuth / OpenID server (2)?
(1):
http://jasig.github.io/cas/4.1.x/installation/OAuth-OpenId-Authentication.html
&
Hi,
You get an error from your OpenID Connect provider when trying to retrieve
the token (
https://github.com/pac4j/pac4j/blob/1.8.x/pac4j-oidc/src/main/java/org/pac4j/oidc/client/OidcClient.java#L436
)
2016-05-24 10:32:32,498 DEBUG [org.pac4j.oidc.client.OidcClient] -
2016-05-24 10:32:32,499
Yes, exactly.
2016-02-05 19:53 GMT+01:00 Bryan Wooten :
> All,
>
>
>
> Reading this page:
>
>
>
> https://jasig.github.io/cas/4.2.x/installation/JWT-Authentication.html
>
>
>
> I want to make sure my reading/understanding skills aren’t completely dead.
>
>
>
> As I interpret
Hi,
I'm glad to announce the nomination of Misagh Moayyed as the new CAS
Chairman.
Over the past few months, he has become the leader of the CAS project. It's
well deserved and I wish him the best. I'll stay a CAS committer.
Thanks.
Best regards,
Jérôme
--
You received this message because
Hi,
The secret is expected to be sent as a GET / POST request parameter so
that's why it fails. The OAuth protocol is a bit fuzzy on these points.
We could improve that in the next CAS release (4.3): could you open a
Github issue for that?
Thanks.
Best regards,
Jérôme
2016-01-22 22:55
Hi,
The OAuth support in CAS 3.5.2 was a first version and now, key and secret
go into the key and secret properties and the "annoying" screen can be
bypassed.
The DEBUG logs shows that you don't provide the secret when calling the
access token endpoint (
Hi,
The cas-management.properties has changed in CAS 4.2. You need to update
yours accordingly:
# CAS
cas.host=http://localhost:8080
cas.prefix=${cas.host}/cas
cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${cas.prefix}/login
# Management
cas-management.host=${cas.host}
Hi,
OK. You raise a use case we don't really think about, but calling the
/oauth2.0/profile url to get the user profile is already an access token
validation process as if the access token is not valid, you won't get any
user profile.
Can you open an issue for that use case? So we can think how
On Github: https://github.com/Jasig/cas/issues/new ...
2016-03-31 10:20 GMT+02:00 Uwe Wolfinger :
> Please let me know how and where to open the issue.
>
> Kind regards,
> Uwe
>
> Am Donnerstag, 31. März 2016 09:21:13 UTC+2 schrieb leleuj:
>>
>> Hi,
>>
>> OK. You raise a
understanding? Essentially,
> what I am hinting at is moving away from session based authentication.
>
>
>
> Regards,
>
> Prasad
>
>
>
> *From:* Jérôme LELEU [mailto:lele...@gmail.com]
> *Sent:* Wednesday, April 13, 2016 11:43 AM
> *To:* Mahantesh Prasad Katt
esh.ka...@indecomm.net>:
> Just so I get this right. Does this mean [in the oauth scenario] I will
> have to get an access token for each request that I make in my application?
>
>
>
> Regards
>
> Prasad
>
>
>
> *From:* cas-user@apereo.org [mailto:cas-user@aper
Hi,
The current cas-management-webapp handles OAuth client definition as well
as regular CAS services.
Best regards,
Jérôme
2016-04-12 11:17 GMT+02:00 Mahantesh Prasad Katti <
mahantesh.ka...@indecomm.net>:
> The reason I asked that question was that most OAuth servers [google,
> Facebook]
esh.ka...@indecomm.net>:
> Jerome,
>
>
>
> Just curious how we can test the CAS V5?
>
>
>
> Regards
>
> Prasad
>
>
>
> *From:* Jérôme LELEU [mailto:lel...@gmail.com]
> *Sent:* Tuesday, April 12, 2016 6:08 PM
> *To:* Jaroslav Kacer
> *Cc:* Ma
You got me! On the first few lines, I read it seriously...
2016-04-01 12:13 GMT+02:00 Misagh Moayyed :
> After much consideration and consultation with the CAS project management
> committee, the CAS project has decided to switch its licensing model from
> Apache v2 over to
Hi,
I'm not sure to understand what you want to do exactly. CAS server v4.2
provides an OAuth server support for the authorization code grant type, so
any OAuth client or so (properly configured) will be able to connect with
the CAS server.
For sure, the CasOAuthWrapperClient (
Hi,
You should be able to only rely on the pac4j authentication handler. For
Twitter, you don't need anything specific at the client level.
Can you try using a null principal resolver?
Thanks.
Best regards,
Jérôme
2016-04-15 14:03 GMT+02:00 Juan Carlos Giménez Moncada :
> Dear
Also, currently i am using apache shiro for authorization where
> I store my roles and permissions. Is it possible to customize oauth server
> to refer the same for authorization?
>
>
>
> Regards,
>
> Prasad
>
>
>
> *From:* cas-user@apereo.org [mailt
net>:
> Thanks Jermoe for your quick response. Is there an API to validate the
> token? Based on the oauth specs, the resource owner validates the token
> before providing access to the resources.
>
>
>
> Regards,
>
> Prasad
>
>
>
> *From:* Jérôme LELEU [mailto:l
Hi,
"Invalid request" generally comes if your input parameters are not correct.
In your case, the grant_type parameter is missing. See:
ow do I correct this?
>
>
>
> Regards,
>
> Prasad
>
>
>
>
>
> *From:* Jérôme LELEU [mailto:lel...@gmail.com]
> *Sent:* Thursday, April 14, 2016 1:29 PM
> *To:* Mahantesh Prasad Katti
> *Cc:* cas-user@apereo.org
> *Subject:* Re: [cas-user] pac4j oauth
CAS to turn on an access strategy to enforce
> service access based on the presence of those attributes.
>
>
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *Jérôme
> LELEU
> *Sent:* Saturday, April 16, 2016 1:58 AM
> *To:* Mahantesh Prasad Katti <ma
as the roles are converted into CAS attributes in Oauth, which I
> think they are, you can use CAS to turn on an access strategy to enforce
> service access based on the presence of those attributes.
>
>
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *J
same. Where can I find “expiration policy of the service time”? so
> I can increase the same?
>
>
>
> Regards,
>
> Prasad
>
>
>
>
>
> *From:* Jérôme LELEU [mailto:lel...@gmail.com]
> *Sent:* Saturday, April 16, 2016 2:30 PM
> *To:* Mahantesh Prasad
ertain roles only to access this service.
> How will the default CAS oauth implementation help solve this? Is this
> configurable? Can it be fine grained?
>
>
>
> For the pac4j project where can I find these configurations? I am using
> the user jleleu.
>
>
>
> Re
gt; Prasad Katti
> *Sent:* Friday, April 15, 2016 5:15 PM
> *To:* Jérôme LELEU
> *Cc:* cas-user@apereo.org
> *Subject:* RE: [cas-user] RE: CAS+Oauth
>
>
>
> Ok. By services configuration level, you mean let’s I have a /user
> service. And I want to restrict certain roles onl
Hi,
A few comments:
- to generate a JWT token, you can use the pac4j-jwt module with the
associated code. Internally, the CAS server uses it to decrypt JWT
- you have only one primaryAuthenticationHandler: defining two makes the
last one overrides the first one, thus your
Hi,
I suspect the TARGET parameter comes from the cas-client-support-saml
library and you don't need it as your CAS server (v4.2) providers a /p3
endpoint so you can get user attributes without using SAML ticket
validation.
The pac4j-cas dependency is useless if you don't have a pac4j
Hi,
When the cas-server-support-oauth jar is added to the classpath, the
/oauth2.0 URL mapping is automatically added to the CAS servlet regardless
of the HTTP method. So the /authorize call should be caught for GET or POST
requests.
Which version of Tomcat do you use? I remember doing several
Hi,
Which CAS version do you use? Any error in your logs?
Thanks.
Best regards,
Jérôme
2016-09-29 16:28 GMT+02:00 Jens Hausherr :
> Hi,
>
> I am having some trouble getting my CAS Oauth2.0 Server to work.
>
> I have set up everything as documented and I get to the login
Hi,
Indeed, the double call to prepareForLoginPage is the culprit. Is there any
resource on your login page somehow calling the /login URL again?
Thanks.
Best regards,
Jérôme
2016-10-05 13:28 GMT+02:00 Marina Batet :
> Hi Jérôme and everyone,
>
> This is happening to me in
Hi,
In the ClientAction, the service has been saved:
2016-10-03 16:32:17,094 DEBUG
[org.jasig.cas.support.pac4j.web.flow.ClientAction] - save service:
https://localhost:8445/dipta-cas-client-test/j_spring_cas_security_check
But, indeed, the service is not retrieved during the authentication
Hi,
You'll need to submit a PR for the master as well (5.0.0).
Thanks for your contribution.
Best regards,
Jérôme
2016-10-03 23:43 GMT+02:00 Charles Le Gallic :
> Hi,
>
> Thanks for your answer.
>
> The issue has been created here
>
t;
>> Em sexta-feira, 5 de fevereiro de 2016 17:06:16 UTC-2, bryan.wooten
>> escreveu:
>>>
>>> Thanks Jerome! I can still read.
>>>
>>>
>>> *Bryan Wooten*
>>>
>>> Tel: (801)585-9323
>>>
>>> Email: bryan.
Hi,
It seems strange: if you are not authenticated, both links should be
available on the login page.
Any error in your logs?
Thanks.
Best regards,
Jérôme
2016-09-22 16:47 GMT+02:00 Yauheni Sidarenka :
> Hello all,
>
> I was testing CAS server 5.0.0RC2 when I
Hi,
I just upgraded my demo with OpenID Connect support:
https://github.com/leleuj/cas-pac4j-oauth-demo/commit/634c8b5564e50b4e98cf9addeb46c6887cace69f
and it works for 4.2.3 and 4.2.4.
The "Oidc" link redirects me to Google.
Thanks.
Best regards,
Jérôme
2016-08-16 16:23 GMT+02:00 Aymar Anli
Hi,
After fixing the demo, I've made a few tests, but I'm not able to generate
this kind of error.
Can you share the flow of HTTP requests / responses?
Thanks.
Best regards,
Jérôme
2016-09-23 10:37 GMT+02:00 Yauheni Sidarenka :
> Thank you, Jérôme, for
ved.
>
> Regards,
> Yauheni
>
> On Tuesday, September 27, 2016 at 11:50:20 PM UTC+3, Misagh Moayyed wrote:
>>
>> Is this also something you can duplicate with RC3-SNAPSHOT?
>>
>> --
>> Misagh
>>
>> From: Yauheni Sidarenka <yauheni_.
Hi,
You should put the incoming IP, so generally your IP, but you must be sure
this is really the IP sent to the develop server.
What IP address do you see in the logs of your develop server when you call
it?
Thanks.
Best regards,
Jérôme
2016-09-30 18:02 GMT+02:00 carlos maddaleno cuellar <
com>:
> hi this is the error my server is showing when i try to acces
>
> ERROR [org.pac4j.http.client.direct.IpClient] - validate credentials
> org.pac4j.core.exception.CredentialsException: Unauthorized IP address:
> 172.18.14.180 -->my ip addres
>
>
> 2016-09-30
"clientSecret": "...",
> "bypassApprovalPrompt": false,
> "serviceId" : "https?://localhost.*",
> "name" : "development key",
> "id" : 2505077379
> }
>
> Thanks for looking into it.
>
&
Hi,
You're right: there is no PrincipalResolver in the
ClientAuthenticationHandler: I guess it would make sense to add that to be
able to fetch additional information. Can you open a Github issue for that
improvement?
Currently, you likely need to override the createResult method of the
Hi,
It used to work in version 4.2.4, I just tested it with the following demo:
https://github.com/leleuj/cas-pac4j-oauth-demo
Your URL is with oath2 instead of oauth2: a typo?
Or the mapping in the web.xml is now mandatory:
Hi,
The handlers are defined via the authenticationHandlersResolvers bean in
the deployerConfigContext.xml, based on the primaryAuthenticationHandler
and primaryPrincipalResolver beans defined in the same file.
So I guess the XML way will be easier.
Thanks.
Best regards,
Jérôme
2016-11-07
Hi,
The versions 1.7.x, 1.8.x and 1.9.x are major releases with breaking
changes. So you cannot use pac4j 1.9.4 with CAS 4.1.x.
And we only support two major streams: 1.8.x and 1.9.x (until the release
of the 2.0.0 version).
So I see two options:
1) You backport what you need to the 1.7.x
Hi,
We already generate JWTs for the OpenID Connect protocol so for sure, it's
feasible.
For example, you can create some controller to return a JWT generated by
pac4j based on the CAS user identity. Replacing the service ticket
validation by a returned JWT would be more work.
Thanks.
Best
tible with that?
>
> Regards
> Ajay
>
> On Tue, Oct 18, 2016 at 8:30 AM, Ajay Madhavan <ajayma...@gmail.com>
> wrote:
>
>> Hi Jerome,
>>
>> Thanks for your response. Where do I plugin this controller to replace
>> the original ticket generation i
Hi,
You may change your CAS-secured application into an OAuth-secured
application to directly retrieved an access token, but in any case, you'll
need to check this access token via the CAS server from the OAuth resource
server.
So indeed, using JWT is a way to pass identity from one app to the
Hi,
Sure. This error happens when you have not properly configured the
serviceId of the Oidc service, it must match the redirectUri.
See the documentation:
https://apereo.github.io/cas/5.0.x/installation/OIDC-Authentication.html
{
"@class" : "org.apereo.cas.services.OidcRegisteredService",
Hi,
This is a harsh and disrespectful statement.
While this is true that CAS is broadly used in the academic world, there
are numerous commercial companies using it.
My own example: the second French telecom company (where I work) uses it:
almost 20 million clients and millions of
Hi,
Here is the check:
https://github.com/apereo/cas/blob/master/support/cas-server-support-oauth/src/main/java/org/apereo/cas/support/oauth/validator/OAuth20Validator.java#L78
Can you debug it to see what's going on?
Thanks.
Best regards,
Jérôme
2016-12-14 17:13 GMT+01:00 Todd Pratt
Hi,
The encryption of the TGC makes it too long for a Memcached key: do you
really need it?
Thanks.
Best regards,
Jérôme
On Mon, Dec 18, 2017 at 9:58 AM, casuser wrote:
>
>
> *This is my cas.properties, *# cas.tgc.path=
> cas.tgc.maxAge=-1
> # cas.tgc.domain=
>
Hi,
This is the properties to configure:
https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#saml
Follow this example:
https://github.com/pac4j/spring-webmvc-pac4j-boot-demo/blob/master/src/main/java/org/pac4j/demo/spring/Pac4jConfig.java#L59
Thanks.
Best regards,
Hi,
It's a matter of extra security via signing and encryption, not directly a
matter of size. So you can disable the encryption and signature of the TGT
via the appropriate properties: cas.tgc.crypto.encryption.key= and
cas.tgc.crypto.signing.key=
Leave them blank.
Thanks.
Best regards,
Jérôme
Hi,
I would try: cas.server.httpProxy.secure=true
Thanks.
Best regards,
Jérôme
On Thu, Dec 14, 2017 at 1:46 AM, casuser wrote:
> How to remove the warning "Non-secure Connection" from the log in page? I
> want to get rid of it because from the load balancer to the
Hi,
In version 5.2, the artifact is now named: cas-server-support-token-tickets,
see:
https://apereo.github.io/cas/5.2.x/installation/Configure-ServiceTicket-JWT.html
Thanks.
Best regards,
Jérôme
On Fri, Dec 8, 2017 at 3:02 PM, Didier Capdevielle
wrote:
> Oups ! Sorry, i
Hi,
What scope did you define?
>From the doc:
https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#pac4j-delegated-authn
Google
Delegate authentication to Google.
1
2
3
4
# cas.authn.pac4j.google.id=
# cas.authn.pac4j.google.secret=
#
Hi,
This upgrade will be available in pac4j 3.0.0(-RC2). See:
https://github.com/pac4j/pac4j/commit/cfb5113300de914b6a6e5a109a87a9d1da576472
Thanks.
Best regards,
Jérôme
On Mon, May 7, 2018 at 9:55 AM, Neha Gupta wrote:
> Dear CAS Community,
>
> ORCID have updated the
Hi,
There are not many requests for the Orcid support, so I count on your
contribution on this.
Thanks.
Best regards,
Jérôme
On Wed, May 9, 2018 at 9:56 AM, Neha Gupta wrote:
> Hello Jérôme,
>
> Thanks for the reply but it was me only who proposed these changes.
>
>
Hi,
In pac4j, user profiles are available via the CommonProfile class and in
that case, from the Google2Profile which has a specific logic to get the
emails: https://github.com/pac4j/pac4j/blob/master/pac4j-
oauth/src/main/java/org/pac4j/oauth/profile/google2/Google2Profile.java#L22
We can
Hi,
I guess it depends on the way you built your SteamOpenIdClient, but in
pac4j you can control which attribute is used for the identifier.
Thanks.
Best regards,
Jérôme
On Wed, Jan 17, 2018 at 11:30 PM, FritzTheWonderMutt <
fritzthewonderm...@gmail.com> wrote:
> This works:
>
> @Autowired
>
Hi,
1) Orcid
The URL looks good: I would try another value for the scope. Have you taken
a look at the documentation?
2) Facebook
I opened the Facebook console, and I see a "Facebook login" item in the
left menu with a "Parameters" submenu, in which you have several flags to
enable, especially
OK. I guess you could have achieved the same result with a specific pac4j
ProfileDefinition configuration...
On Thu, Jan 18, 2018 at 6:12 PM, FritzTheWonderMutt <
fritzthewonderm...@gmail.com> wrote:
> That's just the way Steam returns the steamId per their doc:
>
And feel free to contribute your Steam client to the pac4j project if you
have time...
On Fri, Jan 19, 2018 at 8:47 PM, FritzTheWonderMutt <
fritzthewonderm...@gmail.com> wrote:
> The one with your name on it? ;D
>
> You're right, that's a much better place for it.
> Thanks.
>
> --
> - Website:
Hi,
In pac4j, you can set the scope of the Orcid client. It doesn't seem
possible within the CAS server:
https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#orcid
That said, this is easy to change: don't hesitate to submit a PR for that
in the CAS project.
What would
Looking forward for your support on this.
>
>
> Thanks and Regards
> Neha Gupta
>
>
>
>
> On Wed, Jan 31, 2018 at 11:13 AM, Jérôme LELEU <lel...@gmail.com> wrote:
>
>> Hi,
>>
>> OK. So let's take problems in order:
>>
>> -
tps://members.orcid.org/api/news/xsd-20-update
> <https://members.orcid.org/api/news/xsd-20-update> *
>
>
> I don't know which version of ORCID API CAS is using so just thought of
> sharing this information with you.
>
>
> Thanks and Regards
> Neha Gupta
>
> On
"error_description" : "Public members are not allowed to use the Members
> API"
> }
>
> Request you to please give me more detail about the issue i.e. the place
> of its occurence whether the problem is at CAS side or pac4j side and how
> can i proceed further.
>
&g
Hi,
By default, the CAS server will call the service URL of the CAS
applications the user has accessed during his SSO session.
But you can change the application logout URL (called by CAS) via the CAS
property when defining the CAS service: logoutUrl.
See:
the CAS server, no?
>
> - Brian
>
> On 8/7/2018 9:09 AM, Jérôme LELEU wrote:
>
> Hi,
>
> By default, the CAS server will call the service URL of the CAS
> applications the user has accessed during his SSO session.
>
> But you can change the application logout
Hi,
I would create a configuration class (@Configuration), autowire the
"builtClients"
bean inside it and at initialization (@PostContruct), add your new client:
builtClients.getClients().add(newclient).
You can even submit your new client as a contribution to the pac4j library.
Thanks.
Best
Hi,
Please don't output your id and secret in your emails!
- Orcid:
I think there is an URL called before the one given in the error message,
it should be something like http://www.orcid.org/oauth/authorize/xxx (
Hi,
Can you do some debugging in the ClientAuthenticationHandler to see how the
login process finishes?
Thanks.
Best regards,
Jérôme
On Fri, Jan 12, 2018 at 11:17 PM, FritzTheWonderMutt <
fritzthewonderm...@gmail.com> wrote:
>
> You are my new hero!
> A few things to note...
> You have to
Hi,
It looks more like a CAS issue than like a pac4j issue, so I will answer on
this thread.
I guess the NullPointerException blocks the regular web flow and is the
root cause.
Can you copy/paste the full stack trace?
Thanks.
Best regards,
Jérôme
On Tue, Apr 17, 2018 at 10:40 PM, Steve
Hi,
I'm resuming on your latest message.
Yes, you do need a callback URL for your application.
This is the doc you are looking for:
https://apereo.github.io/cas/5.2.x/installation/Service-Management.html
Every time you want an application to log in to the CAS server, the CAS
server must know
Hi,
This documentation should help you:
https://apereo.github.io/cas/4.2.x/integration/Delegate-Authentication.html#how-to-use-this-support-on-cas-applications-side
Thanks.
Best regards,
Jérôme
On Thu, Mar 15, 2018 at 3:31 AM, uvaraj s wrote:
> Hi,
>
> We are using CAS
Hi,
The behavior is to create the CAS principal and attributes from the pac4j
principal and attributes. So you should get the pac4j attributes at the end.
Ignore the log about the ClientCredential, the toString method just outputs
the id (not the attributes).
Is the service configured properly
Hi,
You need to use the following property :
# cas.authn.pac4j.autoRedirect=false
Thanks.
Best regards,
Jérôme
On Tue, Feb 27, 2018 at 8:35 PM, Scott Koranda wrote:
> Hello,
>
> I am running CAS 5.2.2.
>
> I have successfully configured CAS to use pac4j for delegated
>
Hi,
You don't need to explicitly add the configuration class in your
spring.factories file. Adding the dependency is enough (there is already a
spring.factories file inside it).
Thanks.
Best regards,
Jérôme
On Wed, Feb 28, 2018 at 11:18 AM, yashwanth chowdary <
Hi,
By nature, pac4j is written in Java language. In any case, data are passed
via the CAS assertion.
For simple types, things should be straightforward. For more complex types,
you many need some manual/custom adjustments.
Thanks.
Best regards,
Jérôme
On Mon, Oct 29, 2018 at 7:14 PM uvaraj s
Hi,
Since pac4j v3.2, you can set the element to use as the identifier:
http://www.pac4j.org/docs/release-notes.html
Unfortunately, CAS v5.2.2 is still based on pac4j v2.x. So the right
version to use would be the version 5.3.x, given the fact the profileId
could be set by properties (it's an
Hi,
I don't think so. Exposing these two pac4j capabilities should not be too
complicated for your first contributions ;-)
Thanks.
Best regards,
Jérôme
On Thu, Nov 8, 2018 at 3:43 PM David Oteo wrote:
> Hi,
>
> Thank you for the quick response. We will try with version 5.3.x.
>
> By the way,
Hi,
You are missing nothing. pac4j authentication attributes are not used to
build the CAS principal, only the user attributes.
Thanks.
Best regards,
Jérôme
On Tue, Nov 13, 2018 at 3:48 PM David Oteo wrote:
> Hi,
>
> We configured CAS 5.2.2 to delegate authentication to an external IdP
>
Hi,
It certainly does. New versions of the CAS server remain backward
compatible regarding the CAS protocol, so old CAS protocol endpoints still
exist.
Thanks.
Best regards,
Jérôme
On Wed, Oct 3, 2018 at 4:46 PM Hoang Anh Duc wrote:
> Hi!
> Thanks so much but I don't know it can work with CAS
Hi,
I have an old .Net CAS client example, it's outdated, but it might prove
useful: https://github.com/casinthecloud/dotnet-cas-client-demo
Thanks.
Best regards,
Jérôme
On Wed, Oct 3, 2018 at 4:28 PM Hoang Anh Duc wrote:
> Hi!
> I'm try to doing authentication with CAS server using .Net C#.
Hi,
Controlling the behavior by IP is not out-of-the-box. I think your best
option here is to override the DelegatedClientAuthenticationAction.
Thanks.
Best regards,
Jérôme
On Tue, Oct 2, 2018 at 3:21 PM Dicta Artisan
wrote:
> Hi all
>
> I have question on configuring a complex scenario where
Hi,
Was it a bug on your customization or something from the CAS server itself?
Thanks.
Best regards,
Jérôme
On Tue, Sep 25, 2018 at 4:37 AM Colin Wilkinson wrote:
> Hi,
>
> I have worked out what the issue was. It one of the scope session beans
> being loaded after the initial request that
Hi,
Authentication handlers are called depending on the passed credentials. For
a delegated authentication, a ClientCredentials is created which triggers
the ClientAuthenticationHandler.
Are you sure your new authentication handler supports ClientCredentials?
Thanks.
Best regards,
Jérôme
On
Hi,
Starting with the version 5.3, you have the /clientredirect URL with the
service and client_name parameters. You may use that.
Thanks.
Best regards,
Jérôme
Le mer. 23 janv. 2019 à 05:54, P Shreyas Holla a
écrit :
>
> leleuj , we want to achieve something like* http://localhost:8080/cas
>
Hi,
Yes, it feels a bit too aggressive to return an IllegalArgumentException,
but I think it makes sense as there is already a check via the
hasDelegationRequestFailed method to know if the authentication has failed.
The check may be incomplete though...
In fact, it's the responsibility of pac4j
Hi,
You're right: the TGT should be checked first. Notice that things have been
fixed in 5.3, the autoRedirect property is still computed in the
DelegationAuthenticationClientAction, but the redirection is applied on the
HTML page.
Thanks.
Best regards,
Jérôme
Le jeu. 24 janv. 2019 à 23:25, Tom
Hi,
The XML spring configuration is now a Java configuration so you can still
add whatever pac4j clients you want by, for example, overriding the
pac4jDelegatedClientFactory.
Thanks.
Best regards,
Jérôme
Le mar. 19 févr. 2019 à 10:42, Xavier Rodríguez a
écrit :
> Hi,
>
> Are there any way to
Hi,
A pac4j v3.6.0 release will be cut before end of February to handle the
Google+ API deprecation.
Then, you just need to pull the pac4j-* v3.6.0 dependencies along your
current version of CAS (pac4j v3.x is backward compatible). There is no
"hotfix", nor "patch".
That said, as CAS v5.3.9 and
Hi,
I would recommend doing a threads dump to see what's going on inside the
CAS server.
Thanks.
Best regards,
Jérôme
Le mer. 5 juin 2019 à 16:10, thomas a écrit :
> Hi all,
>
> I recently migrate my cas system from v4 to v5.3.6.
>
> Everything works fine for logging, but I have a problem
Hi,
I saw his answer. I understand the concern and the need for consistency in
CAS, but the same is worth for pac4j as well: I could change the default
behavior in pac4j, but this would impact users just to accommodate with the
consistency of CAS.
My feeling is that the default behavior of pac4j
Hi,
Yes, this is the expected behavior in pac4j. There are two modes (
http://www.pac4j.org/docs/authenticators/mongodb.html): either you define
the attributes and they are used for the profile OR you don't and a
serializedprofile attribute is expected to store the whole serialized
profile.
In
Sure. The documentation needs to be complemented here...
Le lun. 4 nov. 2019 à 08:24, Andy Ng a écrit :
> Hi Jérôme
>
> Oh nice, thanks for your explanation :)
>
> I think we should document that *requirement on attribute* on
>
The Java CAS client v3.6.0 is released:
https://github.com/apereo/java-cas-client/releases/tag/cas-client-3.6.0
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You
Hi,
If you use the SAML authentication delegation to Okta, there is a
SAML2ClientLogoutAction component which should retrieve the user profile
and send a logout request to Okta when you trigger a CAS logout (
Hi,
Which version of CAS (and pac4j) do you use? Do you have one or more CAS
servers?
Thanks.
Best regards,
Jérôme
Le jeu. 19 déc. 2019 à 17:28, Filip Majernik a
écrit :
> Hi Sarika,
> I am facing the same issue. The SAML logout request to Okta does not work.
> After debugging I have found out
Duo issue.
>
> Unfortunately, the build is still failing on the Hazelcast dependency.
>
> -Bryan
>
> On Mon, Feb 24, 2020 at 9:34 AM Jérôme LELEU wrote:
>
>> Hi,
>>
>> You need to add the Unicon repository:
>> https://github.com/apereo/cas/blob/master/gradle/m
1 - 100 of 158 matches
Mail list logo