[cas-user] which version of SAML do I have

I need to take a screen shot to show which version of saml I have installed. Can anyone tell me where to look? thank you -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --

Re: [EXT] [cas-user] which version of SAML do I have

t CAS with should show the versions for everything. > > > > Thanks, > > > > *Tom* > > > > *From:* cas-user@apereo.org *On Behalf Of *Jennifer > LaVoie > *Sent:* Tuesday, July 16, 2019 10:49 AM > *To:* CAS Community > *Subject:* [EXT] [cas-user] whic

Re: [EXT] [cas-user] which version of SAML do I have

2.0:metadata > > urn:oasis:names:tc:SAML:2.0:bindings > > . > > . > . > > > Would that be proof enough? > > > > > > On Tuesday, July 16, 2019 at 9:13:42 AM UTC-6, Jennifer LaVoie wrote: >> >> I have to prove to the application owner that I have SAML 2... >>

[cas-user] cas 3.5.2 not authorized service despite bean being present.

Hi everyone Background: I am running an old implementation of jasig cas (3.5.2) on redhat 5. We are working on going to our new Apero cas but we have one app that simply won't work in the new environment. So to try to get the rest of our apps over to the new cas, we decided to (vmware) CLONE

[cas-user] password reset

Hi All I am trying to edit the password reset link in our 5.x cas implementation to point to our password reset url...Which file should I look in to make that change? Thank you Jen -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: ht

Re: [cas-user] Re: log4j vulnerability remediation

Thanks, Lars. Very helpful On Thu, Dec 16, 2021 at 11:18 AM Lars Feistner wrote: > Hi, > > just in case anyone out there is still using the 5.3.x version and > building the overlay with maven. > I have added these lines to the dependencies section: > > org.apache.logging.log4j > lo

[cas-user] cas 7 properties

Hi All Does anyone have an example of what should be in the cas.properties file? I'm installing a new server with this version of CAS and I've never used it before. My last install was cas5.x Anyway, I'd love to see an example thank you Jen -- - Website: https://apereo.github.io/cas - Gitt

[cas-user] CAS 5.4.2 AD integration

Hello Everyone- Let me be the first to say, I am a bit in the dark with how to configure/install this version of CAS. The last version we use here was 3.5.2. I'm trying to find the configuration files to update for AD integration, but I can't find anything that looks remotely like what I sho

Re: [cas-user] CAS 5.4.2 AD integration

ion_overview.html. I recommend learning the Maven overlay > process. > > On Mon, Apr 30, 2018 at 2:31 PM Jennifer LaVoie > wrote: > >> Hello Everyone- >> >> Let me be the first to say, I am a bit in the dark with how to >> configure/install this version of CAS. The

[cas-user] error when I run mvmn - the trustAnchors parameter must be non-empty

I am following this amazing document https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html (thank you so much for this) But I am hitting a snag here https://dacurry-tns.github.io/deploying-apereo-cas/building_server_ldap_authentication_overview.html I have added the co

[cas-user] Re: error when I run mvmn - the trustAnchors parameter must be non-empty

Here is the section I added to my pom.xml org.apereo.cas cas-server-support-ldap ${cas.version} On Wednesday, May 2, 2018 at 9:44:54 AM UTC-4, Jennifer LaVoie wrote: > > I am following this amazing document > > >

[cas-user] Re: Documentation on bringing a CAS server online

I am using this one https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html On Wednesday, May 2, 2018 at 10:47:04 AM UTC-4, Christopher Myers wrote: > > I'm not quite sure the best way of going about this, so I thought I'd > start out here. > > > There is a ton of documen

Re: [cas-user] error when I run mvmn - the trustAnchors parameter must be non-empty

; -- > > DAVID A. CURRY, CISSP > *DIRECTOR OF INFORMATION SECURITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 212 229-5300 x4728 • david.cu...@newschool.edu > > [image: The New School] > > On Wed, May 2, 2018 at 9:44 AM, Jennifer LaVoie > wr

Re: [cas-user] error when I run mvmn - the trustAnchors parameter must be non-empty

ad everything. > > --Dave > > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR OF INFORMATION SECURITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 212 229-5300 x4728 • david.cu...@newschool.edu > > [image: The New School] > &g

Re: [cas-user] error when I run mvmn - the trustAnchors parameter must be non-empty

RITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 212 229-5300 x4728 • david.cu...@newschool.edu > > [image: The New School] > > On Wed, May 2, 2018 at 2:09 PM, Jennifer LaVoie > wrote: > >> Hi Dave >> >> thanks for your

Re: [cas-user] error when I run mvmn - the trustAnchors parameter must be non-empty

They are dreadful On Wed, May 2, 2018, 14:46 Riley Wills wrote: > Be careful. Those type of meetings are contagious. > > On Wednesday, May 2, 2018 at 1:29:58 PM UTC-5, Jennifer LaVoie wrote: >> >> Thanks. Will try that after this dumb meeting I am stuck in >&

Re: [cas-user] error when I run mvmn - the trustAnchors parameter must be non-empty

du > > [image: The New School] > > On Wed, May 2, 2018 at 2:51 PM, Riley Wills wrote: > >> You may examine your environment variables for a MAVEN_OPTS variable (see >> https://stackoverflow.com/a/40650800/345687). >> >> >> On Wednesday, May 2, 2018

[cas-user] can't run mvnw clean package - TrustAnchors parameter must be non-empty

I am still struggling with this error. [jennifer.lavoie_da@xxx cas-overlay-template-master]$ ./mvnw clean package Downloading https://repository.apache.org/content/repositories/releases/org/apache/maven/apache-maven/3.5.2/apache-maven-3.5.2-bin.zip Exception in thread "main" javax.net.ssl.SSLExc

Re: [cas-user] can't run mvnw clean package - TrustAnchors parameter must be non-empty

is created with the update-ca-certs command >> (which gets run as part of the OpenJDK install I guess; I've never run it >> manually). >> >> --Dave >> >> >> -- >> >> DAVID A. CURRY, CISSP >> *DIRECTOR OF INFORMATION SECURITY* &g

[cas-user] error in catalina.out Address already in use

Hello Everyone I am having an issue with configuring tomcat/apache/java After a fresh reboot, I run netstat -anop |grep java and nothing is returned. I then run /opt/apache/bin/ ./startup.sh and run netstat again and get tcp0 0 0.0.0.0:443 0.0.0.0:*

[cas-user] Re: error in catalina.out Address already in use

Wrong Error in subject... should be UnsatisfiedLinkError: org.apache.tomcat.jni.Pool.create(J)J On Thursday, May 10, 2018 at 1:02:07 PM UTC-4, Jennifer LaVoie wrote: > > Hello Everyone > > I am having an issue with configuring tomcat/apache/java > > After a fresh reboot, I

[cas-user] cas.properties file

When I configure my LDAP (AD) info, should the entries look like this cas.authn.ldap[0].name: Active Directory or this cas.authn.ldap[0].name= Active Directory Is it colon or equal sign? thanks Jen -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/a

[cas-user] Authentication issues - CAS cannot find authentication handler that supports [UsernamePasswordCredential].

Hello Everyone I am trying to get CAS to work with AD. I am getting the following error and authentication fails. I already have the OS bound to AD for OS login, so I know there is not firewall issue or anything. I am wondering if I have the right libraries and jar files? I did update my po

[cas-user] New Error -- I broke it LOL

I updated my pom.xml last week to install LDAP, but I didn't redeploy the war file...so I did that today, but now I can't reach https://cas3.xxx.xxx/cas/login I can still see my self signed cert though, so I didn't wipe out my server.xml file... If i go to here https://cas3.xxx.xxx:8443/ I d

Re: [cas-user] New Error -- I broke it LOL

212 229-5300 x4728 • david.cu...@newschool.edu > > [image: The New School] > > On Tue, May 15, 2018 at 11:35 AM, Jennifer LaVoie > wrote: > >> I updated my pom.xml last week to install LDAP, but I didn't redeploy the >> war file...so I did that today, but now I can

Re: [cas-user] New Error -- I broke it LOL

> INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 212 229-5300 x4728 • david.cu...@newschool.edu > > [image: The New School] > > On Tue, May 15, 2018 at 1:31 PM, Jennifer LaVoie > wrote: > >> Thanks Dave...I had to format my ldap s

Re: [cas-user] New Error -- I broke it LOL

- > > DAVID A. CURRY, CISSP > *DIRECTOR OF INFORMATION SECURITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 212 229-5300 x4728 • david.cu...@newschool.edu > > [image: The New School] > > On Tue, May 15, 2018 at 11:35 AM, Jennifer La

[cas-user] cas admin pages from every IP?

I want to be able to hit the admin page from any host...is there a way to do that in the /etc/cas/config/cas.properties file? I tried leaving the entry blank, but no luck my subnet is 10.28.51 so I at least need that so all my sys admins can log in. thanks Jen -- - Website: https://apereo.g

Re: [cas-user] cas admin pages from every IP?

P > *DIRECTOR OF INFORMATION SECURITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g> > +1 212 229-5300 x4728 • david.cu...@newschool.edu > > [i

Re: [cas-user] New Error -- I broke it LOL

hink you recognized that uri to be confidential. > > But I can clearly see the actual ldap server in your debug log. Soo... > yeah. > > - Andy > > On Wednesday, 16 May 2018 02:55:55 UTC+8, Jennifer LaVoie wrote: >> >> Hi Everyone >> >> It was my malforme

[cas-user] cas 3.5.2 integration with Blackboard 9 - timing out during exams

Has anyone else seen this? We get students who are taking exams and writing discussion posts. They get "timed out" or "logged out". It is my understanding that once you have a ticket in your browser, you don't communicate with CAS again. I guess we are trying to exclude CAS from our troubles

[cas-user] cas-management question

So I have followed all the steps here https://dacurry-tns.github.io/deploying-apereo-cas/building_svcmgmt_configure-webapp-properties.html (awesome site) And when I try to go to https://cashost:8443/cas-management I am redirected to here https://casserver.herokuapp.com/cas/login?service=http

[cas-user] Re: cas-management question

logging.config=file:/etc/cas/config/log4j2-management.xml On Thursday, May 17, 2018 at 3:18:42 PM UTC-4, Jennifer LaVoie wrote: > > So I have followed all the steps here > > > https://dacurry-tns.github.io/deploying-apereo-cas/building_svcmgmt_configure-webapp-properties.html &g

Re: [cas-user] cas-management question

gt; >> *IT staff will never ask you for your username and password. * >> >> >> *Always decline to provide the information and report such attempts to the >> Help Desk (x6380).* >> >> >> On Thu, May 17, 2018 at 1:18 PM, Jennifer LaVoie >> wrot

[cas-user] Re: cas-management question

Thursday, May 17, 2018 at 3:18:42 PM UTC-4, Jennifer LaVoie wrote: > > So I have followed all the steps here > > > https://dacurry-tns.github.io/deploying-apereo-cas/building_svcmgmt_configure-webapp-properties.html > > (awesome site) > > And when I try to go to > > ht

Re: [cas-user] Re: cas-management question

> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 212 229-5300 x4728 • david.cu...@newschool.edu > > [image: The New School] > > On Thu, May 17, 2018 at 3:40 PM, Jennifer LaVoie > wrote: > >> I updated the management.properties file with some ports specificall

Re: [cas-user] Re: cas-management question

unning on the same tomcat? > Logging config for cas-management is in log4j2-management.xml which also > introduces cas-management.log. > > Ray > > On Thu, 2018-05-17 at 12:55 -0700, Jennifer LaVoie wrote: > > > nothing helpful in cas.log or catalina.out that I can see >

Re: [cas-user] Re: cas-management question

s to send it to the browser. > > sudo keytool -import -file ${certName} -alias ${aliasName} -keystore > $JAVA_HOME/jre/lib/security/cacerts > > https://apereo.github.io/cas/developer/Build-Process-5X.html#configure-ssl > > Ray > > On Fri, 2018-05-18 at 08:20 -0700, Jennife

[cas-user] Re: cas-management question

ANd it works! You guys are awesome... Pizza all round! On Thursday, May 17, 2018 at 3:18:42 PM UTC-4, Jennifer LaVoie wrote: > > So I have followed all the steps here > > > https://dacurry-tns.github.io/deploying-apereo-cas/building_svcmgmt_configure-webapp-properties.html &g

[cas-user] log in error question

Hello Everyone My managers are asking if CAS can return a better error to the end user besides "invalid credentials" based on the status of their account. If there a way for CAS to know if the account is disabled or the password has expired and return that information to the end user? I am int

Re: [cas-user] log in error question

> --Dave >> >> >> >> -- >> >> DAVID A. CURRY, CISSP >> *DIRECTOR OF INFORMATION SECURITY* >> INFORMATION TECHNOLOGY >> >> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YO

[cas-user] attribute mapping ldap

Hi there In my old CAS installation, I have attribute mapping that looks like this

[cas-user] username cas in CAS

Hello Everyone We have 1 app that wants the username returned in UPPERCASE. We have the attribute set to pull SamAccountName and in AD, that is UPPER CASE...but when I log into CAS with lower case, it is passing my username to the app in lower case...when I log in as upper case, it passes to t

Re: [cas-user] username cas in CAS

ttributeProvider" : { > > "@class" : > "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider", > > "canonicalizationMode" : "UPPER" > > } > > > > The canonicalizationMode: “UPPER” should do the trick. > > > > Thanks, > > > > *Tom* > > &g

Re: [cas-user] username cas in CAS

ing like this in the service provider JSON: > > > > "usernameAttributeProvider" : { > > "@class" : > "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider", > > "canonicalizationMode" : "UPPER" > > } &

Re: [cas-user] username cas in CAS

fixup on their own, don't really need a particular case, or the service > definition is remapping what the username attribute is. > > On 12/19/18 11:04 AM, Jennifer LaVoie wrote: > > Hi Richard > > We actually addressed this in our old version of CAS by changing our > usernam

Re: [cas-user] username cas in CAS

LOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 212 229-5300 x4728 • david.cu...@newschool.edu > > > On Wed, Dec 19, 2018 at 12:13 PM Jennifer LaVoie > wrote: > >> Actually, it did fix it for us in our previous version. The gobumap >> table in Banner AND

[cas-user] Error 500 after authentication - service fails to authorize me

Trying to get a new authorized service to work. I get through to our cas login page, I can authenticate, but then I get this error returned. org.jasig.cas.client.validation.TicketValidationException: org.opensaml.SAMLException: Ticket 'ST-24-UBBnZVuL7dYjEXnopRzJUFf0Th8-cas3-prd' does not matc

[cas-user] Re: Error 500 after authentication - service fails to authorize me

I am using cas 5.4.2 On Monday, January 7, 2019 at 7:19:21 PM UTC-5, Jennifer LaVoie wrote: > > Trying to get a new authorized service to work. I get through to our cas > login page, I can authenticate, but then I get this error

Re: [cas-user] Error 500 after authentication - service fails to authorize me

the CAS client to not send GLMS... or send it with the log in > request. > Or maybe change the service registry id to something like > https://travel.host.com:4447/tvlexp/tvlexp-flex/.* (memory may be rusty > here). > > Ray > > On Mon, 2019-01-07 at 16:19 -0800, Jenn

Re: [cas-user] Error 500 after authentication - service fails to authorize me

). > > Ray > > On Mon, 2019-01-07 at 16:19 -0800, Jennifer LaVoie wrote: > > Trying to get a new authorized service to work. I get through to our cas > login page, I can authenticate, but then I get this error returned. > > > org.jasig.cas.client.validation.Tick

Re: [cas-user] Error 500 after authentication - service fails to authorize me

here is the complete error I get org.jasig.cas.client.validation.TicketValidationException: org.opensaml.SAMLException: Ticket 'ST-68-Ym0B6A15gcil-QfPnLUps5D8Zt8-cas3-test' does not match supplied service. The original service was 'https://travel-test.host.edu:4443/tvlexp/index.htm;GLMSSESSION

Re: [cas-user] Error 500 after authentication - service fails to authorize me

some entries that end in a fixed pattern and some that end with .* > It has been a while since I encountered this error and I am not sure if > changes to the service entry will affect the result. > > Ray > > On Tue, 2019-01-08 at 08:33 -0800, Jennifer

Re: [cas-user] Error 500 after authentication - service fails to authorize me

gt; > On Tue, 2019-01-08 at 10:58 -0800, Jennifer LaVoie wrote: > > Hi Ray > > I did try to put the .* in the services URL, but no joy. > > Here is my service file > > { > @class: org.apereo.cas.services.RegexRegisteredService > serviceId: ^https://travel.host.e