Re: [cas-user] Register service to CAS 6.1.3 behind HA Proxy

2020-02-27 Thread Jérôme Steve
sorry for my skim read :) Le jeu. 27 févr. 2020 à 09:23, Napoleon Ponaparte a écrit : > No Mr Jérôme Steve, > I deployed CAS behind HA Proxy. It's done. > Now I want to register service CAS Managment Web App with proxy. > Thanks > > On Thursday, February 27, 2020 at 3:15:5

Re: [cas-user] OIDC provider multi node ST VALIDATE FAILED after ST VALIDATE SUCESS

2020-02-03 Thread Jérôme Steve
?service=https://possum.com/fake=ST > > <https://cashost.com/cas/serviceValidate?service=https://possum.com/faketicket=ST> > -... > > You will want to turn logging up (debug or trace) for CAS, and memcached. > Also check access logs. > > Ray > > > On Wed, 2020-

Re: [cas-user] environment variables in custom_messages.properties

2020-02-07 Thread Jérôme Steve
Hi Nathan, With thymeleaf template you can get directly env var by using this : ${@environment.getProperty('cas.env.clusterNodeName')} Jérôme. Le ven. 7 févr. 2020 à 16:04, Nathan Lewan a écrit : > hello! > > i've been trying to get environment variables to resolved when added to my >

Re: [cas-user] OIDC provider multi node ST VALIDATE FAILED after ST VALIDATE SUCESS

2020-02-05 Thread Jérôme Steve
ou find out what specifically CAS is storing in the http >> session for OIDC that needs to be replicated? I think I have seen the same >> issue in my deployment where OIDC wasn't working in an active/active CAS >> cluster but I haven't had a chance to track down the cause. >> >

Re: [cas-user] Jackson Kotlin Warning on Startup

2020-02-14 Thread Jérôme Steve
Hi Jeremy, This is a spring framework warning : https://github.com/spring-projects/spring-framework/issues/20217 If you are using overlay add this dependency in your build.gradle file : compile "com.fasterxml.jackson.module:jackson-module-kotlin:${project.jacksonModuleKotlin}" Jérôme. Le jeu.

Re: [cas-user] OIDC provider multi node ST VALIDATE FAILED after ST VALIDATE SUCESS

2020-01-15 Thread Jérôme Steve
t. > Is that the case? Or did you set up multiple nodes between the logs from > node 1 and node 2? > > Ray > > On Tue, 2020-01-07 at 08:02 -0800, Jérôme Steve wrote: > > Hi ray, > > Thanks for your reply. so you think the problem come from my OIDC client > app ? o

[cas-user] Re: How to change the log location and file name for gradle output using embedded tomcat in cas.war built with 'gradlew run'

2020-01-15 Thread Jérôme Steve
Hi, 1. In my opinion don't use gradle run in production but launch your war with java directly (Like in the dockerfile cas overlay). 2. response in 1. maybe solve this porblem ? Jérôme. Le jeudi 9 janvier 2020 16:12:21 UTC+1, crdaudt a écrit : > > I will restate my questions: > >1. What is

Re: [cas-user] Throttle successful login attempts

2020-01-21 Thread Jérôme Steve
Hello Mohamed, Look at this : https://apereo.github.io/cas/6.1.x/installation/Configuring-Authentication-Throttling.html#throttling-authentication-attempts Jérôme. Le mar. 21 janv. 2020 à 18:05, mohamed gamal a écrit : > Hello everyone, > I know this is a weird situation. But we have faced

Re: [cas-user] How to handle SSO connexion for commons users in two differents CAS server

2020-01-14 Thread Jérôme Steve
Hi Icoundoul, I think you have to used the same ticket registry for the two organisation. You have lot of kind of ticket registry ( https://apereo.github.io/cas/6.1.x/configuration/Configuration-Properties.html#ticket-registry). Of course the users need to have the same login in the two

Re: [cas-user] How to handle SSO connexion for commons users in two differents CAS server

2020-01-14 Thread Jérôme Steve
s nodes/network so how the > token created by on of theme will be see by the other with the same tiket > registery ? Do you have a POC I can turn and deploy to thow tomcats > servers? > > Thanks > > > > Le mardi 14 janvier 2020 12:08:53 UTC+1, Jérôme Steve a écrit : >&

[cas-user] OIDC provider multi node ST VALIDATE FAILED after ST VALIDATE SUCESS

2020-01-03 Thread Jérôme Steve
Hello, Before all thanks for your works. We are using CAS overlay in Multi node architecture (Docker container) behind a load balancer and a proxy with a memcahced service registery. All work fine but when we used it like an OIDC provider, i'm getting a Validation Ticket Failed after called

Re: [cas-user] OIDC provider multi node ST VALIDATE FAILED after ST VALIDATE SUCESS

2020-01-07 Thread Jérôme Steve
applications involved. > > Ray > > > On Fri, 2020-01-03 at 02:37 -0800, Jérôme Steve wrote: > > > Hello, > > > > Before all thanks for your works. > > > We are using CAS overlay in Multi node architecture (Docker container) behind > a load balancer and a pr

[cas-user] Re: cas-management-overlay attribute virtual rename 5.3.6 AND 6.1.5 not working

2020-04-23 Thread Jérôme Steve
Hello JC, I think what you use, is not what you discribe. cas.authn.attributeRepository.stub.attributes.udcid=UDC_IDENTIFIER Enter code here... This is for define a static attribute "udcid" with value "UDC_IDENTIFIER".

Re: [cas-user] Re: CAS OIDC 403 forbidden

2020-05-20 Thread Jérôme Steve
Hi charl, You try to add the scopes in your service configuration ? like this : "scopes" : [ "java.util.HashSet", [ "openid"] ] Le mer. 20 mai 2020 à 12:35, Charl Thiem a écrit : > Hi there > > I tried that too with no luck. I think there is a bug in spring's pac4j or > pac4j itself. I had

Re: [cas-user] CAS 5.2 - OIDC and attribute release

2020-06-08 Thread Jérôme Steve
Hi, Your OIDC configuration look good. You map your claims like this : cas.authn.oidc.claimsMap.name=sn cas.authn.oidc.claimsMap.email=mail Maibe you don't have sn and email in your attribute repository ? Le lun. 8 juin 2020 à 16:37, qla3fa a écrit : > Hi, > > I try to configure OIDC with

Re: [cas-user] Re: how to include authenticated user's roles in JWT?

2020-06-05 Thread Jérôme Steve
Hello DG, You have to pût it un the attributsrRepository from jour db or ldap. After you can get it, in ths jwt token. Something l'île this : https://apereo.github.io/2019/11/04/cas62x-oauth-jwt-access-token/ Jérôme. Le jeu. 4 juin 2020 à 16:25, dg a écrit : > hello, i am really stuck with

Re: [cas-user] Re: how to include authenticated user's roles in JWT?

2020-06-05 Thread Jérôme Steve
Sorry in english, You have to put it in the attributes repository from our db or your ldap (or something else). After that you can get it in the jwt token. Something like this : https://apereo.github.io/2019/11/04/cas62x-oauth-jwt-access-token/ Jérôme. Le jeu. 4 juin 2020 à 16:25, dg a écrit

Re: [cas-user] CAS 5.2 - OIDC and attribute release

2020-06-09 Thread Jérôme Steve
0 module too and I use and map > these attributes with success... So I think it's ok with these attributes. > It's only with OIDC services it doesn't work... > > Best regards. > > QLA. > Le 08/06/2020 à 18:01, Jérôme Steve a écrit : > > Hi, > > Your OIDC configur

Re: [cas-user] Configuration property overrides via environment variables does not work

2020-06-25 Thread Jérôme Steve
Hi Paul, I had the same probleme. What I notice : If you coment or you remove property in app.properties, the corresponding env var is used. But if you have it in the app.properties, property will not be erasse by env var. But for me is same as other spring-boot app. Maybe what you are

Re: [cas-user] Re: OpenID Connect CAS module does not display required attributes (as iss, sub, aud, exp) if claims are set.

2020-06-26 Thread Jérôme Steve
Ok all look good. So what is that : *=* *{"userinfo":{"sub":null,"iss":null,"openid":null,"profile":null,"name":null,"email":null,"first_name":null,"last_name":null}}* you don't need it in /cas/oidc/authorize And when you talk about "In *userinfo* endpoint I getting now" what is your user info

Re: [cas-user] Re: OpenID Connect CAS module does not display required attributes (as iss, sub, aud, exp) if claims are set.

2020-06-26 Thread Jérôme Steve
Hi, You see it here : /cas/oidc/.well-known ? Le ven. 26 juin 2020 à 09:07, Jakub Fridrich < jakub.fridr...@klikpojisteni.cz> a écrit : > Thanks, but attributes not showing still.. > > My service now looks like: > { > "@class" : "org.apereo.cas.services.OidcRegisteredService", > "clientId":

Re: [cas-user] Re: OpenID Connect CAS module does not display required attributes (as iss, sub, aud, exp) if claims are set.

2020-06-26 Thread Jérôme Steve
Ok maybe you need it in response, but not when you request Authorization. Le ven. 26 juin 2020 à 15:20, Jakub Fridrich < jakub.fridr...@klikpojisteni.cz> a écrit : > Yes, for userinfo endpoint I think */cas/oidc/profile*. > > For claims, I need this params, generated with XWiki. The above claim

Re: [cas-user] Re: CAS5.3 support oidc/logout with post_logout_redirect_uri?

2020-07-29 Thread Jérôme Steve
Hi Yan, I think your need to add "logoutUrl" : "yyy" property in the service.json Jérôme. Le mar. 28 juil. 2020 à 21:34, Yan Zhou a écrit : > > cas/logout does work, but it does not redirect back to the app URL, the > OIDC standard uses this: > >

Re: [cas-user] CAS5.3.x, oidc, how do I get additional scopes other than openid?

2020-07-21 Thread Jérôme Steve
Hi, I think you have to map your custom user attributes from attribute repository, to your claims/scope oidc : https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#openid-connect Jérôme. Le lun. 20 juil. 2020 à 20:55, Yan Zhou a écrit : > Hello, > > I have CAS5.3.x,