Re: [cas-user] Changes need for CAS to enable the OpenId/oauth provider feature

Hi, Just to be sure: do you want to turn you CAS server into an OAuth / OpenID server (1) or delegate the authentication from your CAS server to another OAuth / OpenID server (2)? (1): http://jasig.github.io/cas/4.1.x/installation/OAuth-OpenId-Authentication.html &

Re: [cas-user] OIDC Delegation

Hi, You get an error from your OpenID Connect provider when trying to retrieve the token ( https://github.com/pac4j/pac4j/blob/1.8.x/pac4j-oidc/src/main/java/org/pac4j/oidc/client/OidcClient.java#L436 ) 2016-05-24 10:32:32,498 DEBUG [org.pac4j.oidc.client.OidcClient] - 2016-05-24 10:32:32,499

Re: [cas-user] CAS / JWT

Yes, exactly. 2016-02-05 19:53 GMT+01:00 Bryan Wooten : > All, > > > > Reading this page: > > > > https://jasig.github.io/cas/4.2.x/installation/JWT-Authentication.html > > > > I want to make sure my reading/understanding skills aren’t completely dead. > > > > As I interpret

[cas-user] New Chairman nomination

Hi, I'm glad to announce the nomination of Misagh Moayyed as the new CAS Chairman. Over the past few months, he has become the leader of the CAS project. It's well deserved and I wish him the best. I'll stay a CAS committer. Thanks. Best regards, Jérôme -- You received this message because

Re: [cas-user] oauth clientSecret null CAS 3.5.2

Hi, The secret is expected to be sent as a GET / POST request parameter so that's why it fails. The OAuth protocol is a bit fuzzy on these points. We could improve that in the next CAS release (4.3): could you open a Github issue for that? Thanks. Best regards, Jérôme 2016-01-22 22:55

Re: [cas-user] oauth clientSecret null CAS 3.5.2

Hi, The OAuth support in CAS 3.5.2 was a first version and now, key and secret go into the key and secret properties and the "annoying" screen can be bypassed. The DEBUG logs shows that you don't provide the secret when calling the access token endpoint (

Re: [cas-user] cas-services-management-overlay Redirect Loop In 4.2.0-RC3

Hi, The cas-management.properties has changed in CAS 4.2. You need to update yours accordingly: # CAS cas.host=http://localhost:8080 cas.prefix=${cas.host}/cas cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${cas.prefix}/login # Management cas-management.host=${cas.host}

Re: [cas-user] Custom OAuth Protected Service

Hi, OK. You raise a use case we don't really think about, but calling the /oauth2.0/profile url to get the user profile is already an access token validation process as if the access token is not valid, you won't get any user profile. Can you open an issue for that use case? So we can think how

Re: [cas-user] Custom OAuth Protected Service

On Github: https://github.com/Jasig/cas/issues/new ... 2016-03-31 10:20 GMT+02:00 Uwe Wolfinger : > Please let me know how and where to open the issue. > > Kind regards, > Uwe > > Am Donnerstag, 31. März 2016 09:21:13 UTC+2 schrieb leleuj: >> >> Hi, >> >> OK. You raise a

Re: [cas-user] RE: CAS+Oauth

understanding? Essentially, > what I am hinting at is moving away from session based authentication. > > > > Regards, > > Prasad > > > > *From:* Jérôme LELEU [mailto:lele...@gmail.com] > *Sent:* Wednesday, April 13, 2016 11:43 AM > *To:* Mahantesh Prasad Katt

Re: [cas-user] RE: CAS+Oauth

esh.ka...@indecomm.net>: > Just so I get this right. Does this mean [in the oauth scenario] I will > have to get an access token for each request that I make in my application? > > > > Regards > > Prasad > > > > *From:* cas-user@apereo.org [mailto:cas-user@aper

Re: [cas-user] RE: CAS+Oauth

Hi, The current cas-management-webapp handles OAuth client definition as well as regular CAS services. Best regards, Jérôme 2016-04-12 11:17 GMT+02:00 Mahantesh Prasad Katti < mahantesh.ka...@indecomm.net>: > The reason I asked that question was that most OAuth servers [google, > Facebook]

Re: [cas-user] RE: CAS+Oauth

esh.ka...@indecomm.net>: > Jerome, > > > > Just curious how we can test the CAS V5? > > > > Regards > > Prasad > > > > *From:* Jérôme LELEU [mailto:lel...@gmail.com] > *Sent:* Tuesday, April 12, 2016 6:08 PM > *To:* Jaroslav Kacer > *Cc:* Ma

Re: [cas-user] CAS: New License Announcement

You got me! On the first few lines, I read it seriously... 2016-04-01 12:13 GMT+02:00 Misagh Moayyed : > After much consideration and consultation with the CAS project management > committee, the CAS project has decided to switch its licensing model from > Apache v2 over to

Re: [cas-user] Custom OAuth Protected Service

Hi, I'm not sure to understand what you want to do exactly. CAS server v4.2 provides an OAuth server support for the authorization code grant type, so any OAuth client or so (properly configured) will be able to connect with the CAS server. For sure, the CasOAuthWrapperClient (

Re: [cas-user] Unable to map PAC4J attributes

Hi, You should be able to only rely on the pac4j authentication handler. For Twitter, you don't need anything specific at the client level. Can you try using a null principal resolver? Thanks. Best regards, Jérôme 2016-04-15 14:03 GMT+02:00 Juan Carlos Giménez Moncada : > Dear

Re: [cas-user] RE: CAS+Oauth

Also, currently i am using apache shiro for authorization where > I store my roles and permissions. Is it possible to customize oauth server > to refer the same for authorization? > > > > Regards, > > Prasad > > > > *From:* cas-user@apereo.org [mailt

Re: [cas-user] pac4j oauth examples - getting error while accessing /accessToken api

net>: > Thanks Jermoe for your quick response. Is there an API to validate the > token? Based on the oauth specs, the resource owner validates the token > before providing access to the resources. > > > > Regards, > > Prasad > > > > *From:* Jérôme LELEU [mailto:l

Re: [cas-user] pac4j oauth examples - getting error while accessing /accessToken api

Hi, "Invalid request" generally comes if your input parameters are not correct. In your case, the grant_type parameter is missing. See:

Re: [cas-user] pac4j oauth examples - getting error while accessing /accessToken api

ow do I correct this? > > > > Regards, > > Prasad > > > > > > *From:* Jérôme LELEU [mailto:lel...@gmail.com] > *Sent:* Thursday, April 14, 2016 1:29 PM > *To:* Mahantesh Prasad Katti > *Cc:* cas-user@apereo.org > *Subject:* Re: [cas-user] pac4j oauth

Re: [cas-user] RE: CAS+Oauth

CAS to turn on an access strategy to enforce > service access based on the presence of those attributes. > > > > *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *Jérôme > LELEU > *Sent:* Saturday, April 16, 2016 1:58 AM > *To:* Mahantesh Prasad Katti <ma

Re: [cas-user] RE: CAS+Oauth

as the roles are converted into CAS attributes in Oauth, which I > think they are, you can use CAS to turn on an access strategy to enforce > service access based on the presence of those attributes. > > > > *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *J

Re: [cas-user] RE: CAS+Oauth

same. Where can I find “expiration policy of the service time”? so > I can increase the same? > > > > Regards, > > Prasad > > > > > > *From:* Jérôme LELEU [mailto:lel...@gmail.com] > *Sent:* Saturday, April 16, 2016 2:30 PM > *To:* Mahantesh Prasad

Re: [cas-user] RE: CAS+Oauth

ertain roles only to access this service. > How will the default CAS oauth implementation help solve this? Is this > configurable? Can it be fine grained? > > > > For the pac4j project where can I find these configurations? I am using > the user jleleu. > > > > Re

Re: [cas-user] RE: CAS+Oauth

gt; Prasad Katti > *Sent:* Friday, April 15, 2016 5:15 PM > *To:* Jérôme LELEU > *Cc:* cas-user@apereo.org > *Subject:* RE: [cas-user] RE: CAS+Oauth > > > > Ok. By services configuration level, you mean let’s I have a /user > service. And I want to restrict certain roles onl

Re: [cas-user] TokenCreadential: Cannot find authentication handler that supports...

Hi, A few comments: - to generate a JWT token, you can use the pac4j-jwt module with the associated code. Internally, the CAS server uses it to decrypt JWT - you have only one primaryAuthenticationHandler: defining two makes the last one overrides the first one, thus your

Re: [cas-user] Re: pac4j delegate service redirection problem

Hi, I suspect the TARGET parameter comes from the cas-client-support-saml library and you don't need it as your CAS server (v4.2) providers a /p3 endpoint so you can get user attributes without using SAML ticket validation. The pac4j-cas dependency is useless if you don't have a pac4j

Re: [cas-user] oAuth authentification and tomcat preventing encoded slashes

Hi, When the cas-server-support-oauth jar is added to the classpath, the /oauth2.0 URL mapping is automatically added to the CAS servlet regardless of the HTTP method. So the /authorize call should be caught for GET or POST requests. Which version of Tomcat do you use? I remember doing several

Re: [cas-user] Oauth2.0 not redirecting back to app

Hi, Which CAS version do you use? Any error in your logs? Thanks. Best regards, Jérôme 2016-09-29 16:28 GMT+02:00 Jens Hausherr : > Hi, > > I am having some trouble getting my CAS Oauth2.0 Server to work. > > I have set up everything as documented and I get to the login

Re: [cas-user] Oauth2.0 not redirecting back to app

Hi, Indeed, the double call to prepareForLoginPage is the culprit. Is there any resource on your login page somehow calling the /login URL again? Thanks. Best regards, Jérôme 2016-10-05 13:28 GMT+02:00 Marina Batet : > Hi Jérôme and everyone, > > This is happening to me in

Re: [cas-user] Oauth2.0 not redirecting back to app

Hi, In the ClientAction, the service has been saved: 2016-10-03 16:32:17,094 DEBUG [org.jasig.cas.support.pac4j.web.flow.ClientAction] - save service: https://localhost:8445/dipta-cas-client-test/j_spring_cas_security_check But, indeed, the service is not retrieved during the authentication

Re: [cas-user] Pac4j delegate authentication, adding a PrincipalResolver to ClientAuthenticationHandler

Hi, You'll need to submit a PR for the master as well (5.0.0). Thanks for your contribution. Best regards, Jérôme 2016-10-03 23:43 GMT+02:00 Charles Le Gallic : > Hi, > > Thanks for your answer. > > The issue has been created here >

Re: [cas-user] CAS / JWT

t; >> Em sexta-feira, 5 de fevereiro de 2016 17:06:16 UTC-2, bryan.wooten >> escreveu: >>> >>> Thanks Jerome! I can still read. >>> >>> >>> *Bryan Wooten* >>> >>> Tel: (801)585-9323 >>> >>> Email: bryan.

Re: [cas-user] Pac4j OAuth delegation: Facebook/Google link dissapears from login page when user logs in for the first time

Hi, It seems strange: if you are not authenticated, both links should be available on the login page. Any error in your logs? Thanks. Best regards, Jérôme 2016-09-22 16:47 GMT+02:00 Yauheni Sidarenka : > Hello all, > > I was testing CAS server 5.0.0RC2 when I

Re: [cas-user] Re: CAS 4.2.1 as google openid connect client

Hi, I just upgraded my demo with OpenID Connect support: https://github.com/leleuj/cas-pac4j-oauth-demo/commit/634c8b5564e50b4e98cf9addeb46c6887cace69f and it works for 4.2.3 and 4.2.4. The "Oidc" link redirects me to Google. Thanks. Best regards, Jérôme 2016-08-16 16:23 GMT+02:00 Aymar Anli

Re: [cas-user] Pac4j OAuth delegation: Facebook/Google link dissapears from login page when user logs in for the first time

Hi, After fixing the demo, I've made a few tests, but I'm not able to generate this kind of error. Can you share the flow of HTTP requests / responses? Thanks. Best regards, Jérôme 2016-09-23 10:37 GMT+02:00 Yauheni Sidarenka : > Thank you, Jérôme, for

Re: [cas-user] Pac4j OAuth delegation: Facebook/Google link dissapears from login page when user logs in for the first time

ved. > > Regards, > Yauheni > > On Tuesday, September 27, 2016 at 11:50:20 PM UTC+3, Misagh Moayyed wrote: >> >> Is this also something you can duplicate with RC3-SNAPSHOT? >> >> -- >> Misagh >> >> From: Yauheni Sidarenka <yauheni_.

Re: [cas-user] Problems accesing to /cas/statistics

Hi, You should put the incoming IP, so generally your IP, but you must be sure this is really the IP sent to the develop server. What IP address do you see in the logs of your develop server when you call it? Thanks. Best regards, Jérôme 2016-09-30 18:02 GMT+02:00 carlos maddaleno cuellar <

Re: [cas-user] Problems accesing to /cas/statistics

com>: > hi this is the error my server is showing when i try to acces > > ERROR [org.pac4j.http.client.direct.IpClient] - validate credentials > org.pac4j.core.exception.CredentialsException: Unauthorized IP address: > 172.18.14.180 -->my ip addres > > > 2016-09-30

Re: [cas-user] Oauth2.0 not redirecting back to app

"clientSecret": "...", > "bypassApprovalPrompt": false, > "serviceId" : "https?://localhost.*", > "name" : "development key", > "id" : 2505077379 > } > > Thanks for looking into it. > &

Re: [cas-user] Pac4j delegate authentication, adding a PrincipalResolver to ClientAuthenticationHandler

Hi, You're right: there is no PrincipalResolver in the ClientAuthenticationHandler: I guess it would make sense to add that to be able to fetch additional information. Can you open a Github issue for that improvement? Currently, you likely need to override the createResult method of the

Re: [cas-user] /oauth2.0/authorize not redirect to callbackurl

Hi, It used to work in version 4.2.4, I just tested it with the following demo: https://github.com/leleuj/cas-pac4j-oauth-demo Your URL is with oath2 instead of oauth2: a typo? Or the mapping in the web.xml is now mandatory:

Re: [cas-user] CAS 4.1.9 with pac4j latest version ?

Hi, The handlers are defined via the authenticationHandlersResolvers bean in the deployerConfigContext.xml, based on the primaryAuthenticationHandler and primaryPrincipalResolver beans defined in the same file. So I guess the XML way will be easier. Thanks. Best regards, Jérôme 2016-11-07

Re: [cas-user] CAS 4.1.9 with pac4j latest version ?

Hi, The versions 1.7.x, 1.8.x and 1.9.x are major releases with breaking changes. So you cannot use pac4j 1.9.4 with CAS 4.1.x. And we only support two major streams: 1.8.x and 1.9.x (until the release of the 2.0.0 version). So I see two options: 1) You backport what you need to the 1.7.x

Re: [cas-user] Regarding JWT and CAS Server

Hi, We already generate JWTs for the OpenID Connect protocol so for sure, it's feasible. For example, you can create some controller to return a JWT generated by pac4j based on the CAS user identity. Replacing the service ticket validation by a returned JWT would be more work. Thanks. Best

Re: [cas-user] Regarding JWT and CAS Server

tible with that? > > Regards > Ajay > > On Tue, Oct 18, 2016 at 8:30 AM, Ajay Madhavan <ajayma...@gmail.com> > wrote: > >> Hi Jerome, >> >> Thanks for your response. Where do I plugin this controller to replace >> the original ticket generation i

Re: [cas-user] Re: CAS and OAuth interoperability

Hi, You may change your CAS-secured application into an OAuth-secured application to directly retrieved an access token, but in any case, you'll need to check this access token via the CAS server from the OAuth resource server. So indeed, using JWT is a way to pass identity from one app to the

Re: [cas-user] Re: Authorize request verification fails with OAuth and CAS 5.0.x

Hi, Sure. This error happens when you have not properly configured the serviceId of the Oidc service, it must match the redirectUri. See the documentation: https://apereo.github.io/cas/5.0.x/installation/OIDC-Authentication.html { "@class" : "org.apereo.cas.services.OidcRegisteredService",

Re: [cas-user] Commercial companies using CAS?

Hi, This is a harsh and disrespectful statement. While this is true that CAS is broadly used in the academic world, there are numerous commercial companies using it. My own example: the second French telecom company (where I work) uses it: almost 20 million clients and millions of

Re: [cas-user] Re: Authorize request verification fails with OAuth and CAS 5.0.x

Hi, Here is the check: https://github.com/apereo/cas/blob/master/support/cas-server-support-oauth/src/main/java/org/apereo/cas/support/oauth/validator/OAuth20Validator.java#L78 Can you debug it to see what's going on? Thanks. Best regards, Jérôme 2016-12-14 17:13 GMT+01:00 Todd Pratt

Re: [cas-user] CAS 5.2.0 Falied adding ticket in Memcached Ticket Registry Key is too long (maxlen = 250)

Hi, The encryption of the TGC makes it too long for a Memcached key: do you really need it? Thanks. Best regards, Jérôme On Mon, Dec 18, 2017 at 9:58 AM, casuser wrote: > > > *This is my cas.properties, *# cas.tgc.path= > cas.tgc.maxAge=-1 > # cas.tgc.domain= >

Re: [cas-user] CAS 5.2 configuration to delegate authentication to SAML IdP [Octa] through SAML 2.0

Hi, This is the properties to configure: https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#saml Follow this example: https://github.com/pac4j/spring-webmvc-pac4j-boot-demo/blob/master/src/main/java/org/pac4j/demo/spring/Pac4jConfig.java#L59 Thanks. Best regards,

Re: [cas-user] CAS 5.2.0 Falied adding ticket in Memcached Ticket Registry Key is too long (maxlen = 250)

Hi, It's a matter of extra security via signing and encryption, not directly a matter of size. So you can disable the encryption and signature of the TGT via the appropriate properties: cas.tgc.crypto.encryption.key= and cas.tgc.crypto.signing.key= Leave them blank. Thanks. Best regards, Jérôme

Re: [cas-user] CAS 5.2.0 Non-secure Connection warning

Hi, I would try: cas.server.httpProxy.secure=true Thanks. Best regards, Jérôme On Thu, Dec 14, 2017 at 1:46 AM, casuser wrote: > How to remove the warning "Non-secure Connection" from the log in page? I > want to get rid of it because from the load balancer to the

Re: [cas-user] Re: Migrate From Cas 5.1.6 to Cas 5.2.0 and JWT Problem

Hi, In version 5.2, the artifact is now named: cas-server-support-token-tickets, see: https://apereo.github.io/cas/5.2.x/installation/Configure-ServiceTicket-JWT.html Thanks. Best regards, Jérôme On Fri, Dec 8, 2017 at 3:02 PM, Didier Capdevielle wrote: > Oups ! Sorry, i

Re: [cas-user] How to get google attributes in PAC4J

Hi, What scope did you define? >From the doc: https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#pac4j-delegated-authn Google Delegate authentication to Google. 1 2 3 4 # cas.authn.pac4j.google.id= # cas.authn.pac4j.google.secret= #

Re: [cas-user] ORCID API updated to version 2.0.

Hi, This upgrade will be available in pac4j 3.0.0(-RC2). See: https://github.com/pac4j/pac4j/commit/cfb5113300de914b6a6e5a109a87a9d1da576472 Thanks. Best regards, Jérôme On Mon, May 7, 2018 at 9:55 AM, Neha Gupta wrote: > Dear CAS Community, > > ORCID have updated the

Re: [cas-user] ORCID API updated to version 2.0.

Hi, There are not many requests for the Orcid support, so I count on your contribution on this. Thanks. Best regards, Jérôme On Wed, May 9, 2018 at 9:56 AM, Neha Gupta wrote: > Hello Jérôme, > > Thanks for the reply but it was me only who proposed these changes. > >

Re: [cas-user] PAC4J Google delegation returns object ref in emails attribute

Hi, In pac4j, user profiles are available via the CommonProfile class and in that case, from the Google2Profile which has a specific logic to get the emails: https://github.com/pac4j/pac4j/blob/master/pac4j- oauth/src/main/java/org/pac4j/oauth/profile/google2/Google2Profile.java#L22 We can

Re: [cas-user] Steam OpenId2 auth

Hi, I guess it depends on the way you built your SteamOpenIdClient, but in pac4j you can control which attribute is used for the identifier. Thanks. Best regards, Jérôme On Wed, Jan 17, 2018 at 11:30 PM, FritzTheWonderMutt < fritzthewonderm...@gmail.com> wrote: > This works: > > @Autowired >

Re: [cas-user] Problem integrating CAS 5.2.0 with ORCID and FACEBOOK.

Hi, 1) Orcid The URL looks good: I would try another value for the scope. Have you taken a look at the documentation? 2) Facebook I opened the Facebook console, and I see a "Facebook login" item in the left menu with a "Parameters" submenu, in which you have several flags to enable, especially

Re: [cas-user] Steam OpenId2 auth

OK. I guess you could have achieved the same result with a specific pac4j ProfileDefinition configuration... On Thu, Jan 18, 2018 at 6:12 PM, FritzTheWonderMutt < fritzthewonderm...@gmail.com> wrote: > That's just the way Steam returns the steamId per their doc: >

Re: [cas-user] Steam OpenId2 auth

And feel free to contribute your Steam client to the pac4j project if you have time... On Fri, Jan 19, 2018 at 8:47 PM, FritzTheWonderMutt < fritzthewonderm...@gmail.com> wrote: > The one with your name on it? ;D > > You're right, that's a much better place for it. > Thanks. > > -- > - Website:

Re: [cas-user] Problem integrating CAS 5.2.0 with ORCID and FACEBOOK.

Hi, In pac4j, you can set the scope of the Orcid client. It doesn't seem possible within the CAS server: https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#orcid That said, this is easy to change: don't hesitate to submit a PR for that in the CAS project. What would

Re: [cas-user] Problem integrating CAS 5.2.0 with ORCID and FACEBOOK.

Looking forward for your support on this. > > > Thanks and Regards > Neha Gupta > > > > > On Wed, Jan 31, 2018 at 11:13 AM, Jérôme LELEU <lel...@gmail.com> wrote: > >> Hi, >> >> OK. So let's take problems in order: >> >> -

Re: [cas-user] Problem integrating CAS 5.2.0 with ORCID and FACEBOOK.

tps://members.orcid.org/api/news/xsd-20-update > <https://members.orcid.org/api/news/xsd-20-update> * > > > I don't know which version of ORCID API CAS is using so just thought of > sharing this information with you. > > > Thanks and Regards > Neha Gupta > > On

Re: [cas-user] Problem integrating CAS 5.2.0 with ORCID and FACEBOOK.

"error_description" : "Public members are not allowed to use the Members > API" > } > > Request you to please give me more detail about the issue i.e. the place > of its occurence whether the problem is at CAS side or pac4j side and how > can i proceed further. > &g

Re: [cas-user] Call additional URL on service logout

Hi, By default, the CAS server will call the service URL of the CAS applications the user has accessed during his SSO session. But you can change the application logout URL (called by CAS) via the CAS property when defining the CAS service: logoutUrl. See:

Re: [cas-user] Call additional URL on service logout

the CAS server, no? > > - Brian > > On 8/7/2018 9:09 AM, Jérôme LELEU wrote: > > Hi, > > By default, the CAS server will call the service URL of the CAS > applications the user has accessed during his SSO session. > > But you can change the application logout

Re: [cas-user] Steam OpenId2 auth

Hi, I would create a configuration class (@Configuration), autowire the "builtClients" bean inside it and at initialization (@PostContruct), add your new client: builtClients.getClients().add(newclient). You can even submit your new client as a contribution to the pac4j library. Thanks. Best

Re: [cas-user] Problem integrating CAS 5.2.0 with ORCID and FACEBOOK.

Hi, Please don't output your id and secret in your emails! - Orcid: I think there is an URL called before the one given in the error message, it should be something like http://www.orcid.org/oauth/authorize/xxx (

Re: [cas-user] Steam OpenId2 auth

Hi, Can you do some debugging in the ClientAuthenticationHandler to see how the login process finishes? Thanks. Best regards, Jérôme On Fri, Jan 12, 2018 at 11:17 PM, FritzTheWonderMutt < fritzthewonderm...@gmail.com> wrote: > > You are my new hero! > A few things to note... > You have to

Re: [cas-user] buji-pac4j-demo-master, CAS delegation through pac4j-webflow and 1 OIDC provider

Hi, It looks more like a CAS issue than like a pac4j issue, so I will answer on this thread. I guess the NullPointerException blocks the regular web flow and is the root cause. Can you copy/paste the full stack trace? Thanks. Best regards, Jérôme On Tue, Apr 17, 2018 at 10:40 PM, Steve

Re: [cas-user] buji-pac4j-demo-master, CAS delegation through pac4j-webflow and 1 OIDC provider

Hi, I'm resuming on your latest message. Yes, you do need a callback URL for your application. This is the doc you are looking for: https://apereo.github.io/cas/5.2.x/installation/Service-Management.html Every time you want an application to log in to the CAS server, the CAS server must know

Re: [cas-user] Pac4j Retrieve attribute and passing to CAS client

Hi, This documentation should help you: https://apereo.github.io/cas/4.2.x/integration/Delegate-Authentication.html#how-to-use-this-support-on-cas-applications-side Thanks. Best regards, Jérôme On Thu, Mar 15, 2018 at 3:31 AM, uvaraj s wrote: > Hi, > > We are using CAS

Re: [cas-user] pac4j SAML2Client and principal

Hi, The behavior is to create the CAS principal and attributes from the pac4j principal and attributes. So you should get the pac4j attributes at the end. Ignore the log about the ClientCredential, the toString method just outputs the id (not the attributes). Is the service configured properly

Re: [cas-user] only delegated (pac4j SAML) authentication and no button click

Hi, You need to use the following property : # cas.authn.pac4j.autoRedirect=false Thanks. Best regards, Jérôme On Tue, Feb 27, 2018 at 8:35 PM, Scott Koranda wrote: > Hello, > > I am running CAS 5.2.2. > > I have successfully configured CAS to use pac4j for delegated >

Re: [cas-user] Customizing webflows

Hi, You don't need to explicitly add the configuration class in your spring.factories file. Adding the dependency is enough (there is already a spring.factories file inside it). Thanks. Best regards, Jérôme On Wed, Feb 28, 2018 at 11:18 AM, yashwanth chowdary <

Re: [cas-user] Pac4j Retrieve attribute and passing to CAS client

Hi, By nature, pac4j is written in Java language. In any case, data are passed via the CAS assertion. For simple types, things should be straightforward. For more complex types, you many need some manual/custom adjustments. Thanks. Best regards, Jérôme On Mon, Oct 29, 2018 at 7:14 PM uvaraj s

Re: [cas-user] OAuth delegated authentication - Profile id null

Hi, Since pac4j v3.2, you can set the element to use as the identifier: http://www.pac4j.org/docs/release-notes.html Unfortunately, CAS v5.2.2 is still based on pac4j v2.x. So the right version to use would be the version 5.3.x, given the fact the profileId could be set by properties (it's an

Re: [cas-user] OAuth delegated authentication - Profile id null

Hi, I don't think so. Exposing these two pac4j capabilities should not be too complicated for your first contributions ;-) Thanks. Best regards, Jérôme On Thu, Nov 8, 2018 at 3:43 PM David Oteo wrote: > Hi, > > Thank you for the quick response. We will try with version 5.3.x. > > By the way,

Re: [cas-user] SAML delegated authentication - Authentication attributes missing in the user profile

Hi, You are missing nothing. pac4j authentication attributes are not used to build the CAS principal, only the user attributes. Thanks. Best regards, Jérôme On Tue, Nov 13, 2018 at 3:48 PM David Oteo wrote: > Hi, > > We configured CAS 5.2.2 to delegate authentication to an external IdP >

Re: [cas-user] Simple example for .Net Cas Client

Hi, It certainly does. New versions of the CAS server remain backward compatible regarding the CAS protocol, so old CAS protocol endpoints still exist. Thanks. Best regards, Jérôme On Wed, Oct 3, 2018 at 4:46 PM Hoang Anh Duc wrote: > Hi! > Thanks so much but I don't know it can work with CAS

Re: [cas-user] Simple example for .Net Cas Client

Hi, I have an old .Net CAS client example, it's outdated, but it might prove useful: https://github.com/casinthecloud/dotnet-cas-client-demo Thanks. Best regards, Jérôme On Wed, Oct 3, 2018 at 4:28 PM Hoang Anh Duc wrote: > Hi! > I'm try to doing authentication with CAS server using .Net C#.

Re: [cas-user] Choosing authenticator based on IP address

Hi, Controlling the behavior by IP is not out-of-the-box. I think your best option here is to override the DelegatedClientAuthenticationAction. Thanks. Best regards, Jérôme On Tue, Oct 2, 2018 at 3:21 PM Dicta Artisan wrote: > Hi all > > I have question on configuring a complex scenario where

Re: [cas-user] Re: CAS 5.3.x PAC4J

Hi, Was it a bug on your customization or something from the CAS server itself? Thanks. Best regards, Jérôme On Tue, Sep 25, 2018 at 4:37 AM Colin Wilkinson wrote: > Hi, > > I have worked out what the issue was. It one of the scope session beans > being loaded after the initial request that

Re: [cas-user] Re: CAS 5.3.x PAC4J

Hi, Authentication handlers are called depending on the passed credentials. For a delegated authentication, a ClientCredentials is created which triggers the ClientAuthenticationHandler. Are you sure your new authentication handler supports ClientCredentials? Thanks. Best regards, Jérôme On

Re: [cas-user] Re: CAS integration with multiple OpenID Providers

Hi, Starting with the version 5.3, you have the /clientredirect URL with the service and client_name parameters. You may use that. Thanks. Best regards, Jérôme Le mer. 23 janv. 2019 à 05:54, P Shreyas Holla a écrit : > > leleuj , we want to achieve something like* http://localhost:8080/cas >

Re: [cas-user] When pac4j delegated AuthN fails ...

Hi, Yes, it feels a bit too aggressive to return an IllegalArgumentException, but I think it makes sense as there is already a check via the hasDelegationRequestFailed method to know if the authentication has failed. The check may be incomplete though... In fact, it's the responsibility of pac4j

Re: [cas-user] RE: CAS 5.2 PAC4J SAML 2.0 Delegation Behavior

Hi, You're right: the TGT should be checked first. Notice that things have been fixed in 5.3, the autoRedirect property is still computed in the DelegationAuthenticationClientAction, but the redirection is applied on the HTML page. Thanks. Best regards, Jérôme Le jeu. 24 janv. 2019 à 23:25, Tom

Re: [cas-user] Re: How add a Custom OAuth20Client in CAS 5.3.X

Hi, The XML spring configuration is now a Java configuration so you can still add whatever pac4j clients you want by, for example, overriding the pac4jDelegatedClientFactory. Thanks. Best regards, Jérôme Le mar. 19 févr. 2019 à 10:42, Xavier Rodríguez a écrit : > Hi, > > Are there any way to

Re: [cas-user] Google + API Being Depreated in pac4j library, any plan to update CAS before Google+ shutdown?

Hi, A pac4j v3.6.0 release will be cut before end of February to handle the Google+ API deprecation. Then, you just need to pull the pac4j-* v3.6.0 dependencies along your current version of CAS (pac4j v3.x is backward compatible). There is no "hotfix", nor "patch". That said, as CAS v5.3.9 and

Re: [cas-user] 5.3.6 CAS 100% CPU

Hi, I would recommend doing a threads dump to see what's going on inside the CAS server. Thanks. Best regards, Jérôme Le mer. 5 juin 2019 à 16:10, thomas a écrit : > Hi all, > > I recently migrate my cas system from v4 to v5.3.6. > > Everything works fine for logging, but I have a problem

Re: [cas-user] Mongodb Authentication won't work if no attributes given in CAS 6.1.1

Hi, I saw his answer. I understand the concern and the need for consistency in CAS, but the same is worth for pac4j as well: I could change the default behavior in pac4j, but this would impact users just to accommodate with the consistency of CAS. My feeling is that the default behavior of pac4j

Re: [cas-user] Mongodb Authentication won't work if no attributes given in CAS 6.1.1

Hi, Yes, this is the expected behavior in pac4j. There are two modes ( http://www.pac4j.org/docs/authenticators/mongodb.html): either you define the attributes and they are used for the profile OR you don't and a serializedprofile attribute is expected to store the whole serialized profile. In

Re: [cas-user] Mongodb Authentication won't work if no attributes given in CAS 6.1.1

Sure. The documentation needs to be complemented here... Le lun. 4 nov. 2019 à 08:24, Andy Ng a écrit : > Hi Jérôme > > Oh nice, thanks for your explanation :) > > I think we should document that *requirement on attribute* on >

[cas-user] [cas-announce] Java CAS client v3.6.0

The Java CAS client v3.6.0 is released: https://github.com/apereo/java-cas-client/releases/tag/cas-client-3.6.0 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You

Re: [cas-user] Re: CAS OKTA integration

Hi, If you use the SAML authentication delegation to Okta, there is a SAML2ClientLogoutAction component which should retrieve the user profile and send a logout request to Okta when you trigger a CAS logout (

Re: [cas-user] Re: CAS OKTA integration

Hi, Which version of CAS (and pac4j) do you use? Do you have one or more CAS servers? Thanks. Best regards, Jérôme Le jeu. 19 déc. 2019 à 17:28, Filip Majernik a écrit : > Hi Sarika, > I am facing the same issue. The SAML logout request to Okta does not work. > After debugging I have found out

Re: [cas-user] CAS 6.1.4 - Unable to resolve Duo and Hazelcast dependencies

Duo issue. > > Unfortunately, the build is still failing on the Hazelcast dependency. > > -Bryan > > On Mon, Feb 24, 2020 at 9:34 AM Jérôme LELEU wrote: > >> Hi, >> >> You need to add the Unicon repository: >> https://github.com/apereo/cas/blob/master/gradle/m

  1   2   >