Hello,
It is my understanding that cas.properties should override whatever
properties are in WEB-INF/classes application.properties. Is this correct?
If so, I'm having trouble overriding
"cas.authn.accept.users=casuser::Mellon". With a blank value in
cas.properties and
Hello,
I'm trying to enable access to the Dashboard with the default
casuser:Mellon account but I'm running into an Application Not Authorized
to Use CAS. This is my cas.properties file. I can't figure out what I'm
missing? Looking online, it seems I need a registry of some sort but I
can't
Where is the path specified? I don't remember running into this?
On Tuesday, February 20, 2018 at 10:37:53 AM UTC-6, Manfredo Hopp wrote:
>
> Path to your certificate is not found
>
> El martes, 20 de febrero de 2018, Kevin Liu <annih...@gmail.com
> > escribió:
>
>
I'm running into a PKIX path building failed and in the documentation it
lists this: "The problem here is that the CAS *client* does not trust the
certificate presented by the CAS server; most often this occurs because of
using a *self-signed certificate* on the CAS server. "
I'm currently
target
On Tuesday, February 20, 2018 at 9:59:04 AM UTC-6, Kevin Liu wrote:
>
> I'm running into a PKIX path building failed and in the documentation it
> lists this: "The problem here is that the CAS *client* does not trust the
> certificate presented by the CAS server; most often th
t;
>
> --
>
> *DAVID A. CURRY, CISSP*
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
>
>
> On Tue, Feb 20, 2018 at
"description" : "CAS dashboard and administrative endpoints",
> "evaluationOrder" : 12345
> }
>
> Or something like that.
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
"description" : "CAS dashboard and administrative endpoints",
> "evaluationOrder" : 12345
> }
>
> Or something like that.
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
wing the error, and, if you have it turned on, debug messages.
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.e
R OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Thu, Feb 22, 2018 at 4:01 PM, Kevin Liu <annih...@gmail.com
> > wr
].subtreeSearch=true
cas.authn.ldap[0].baseDn=dc=beta,dc=gamma
cas.authn.ldap[0].userFilter=cn={user}
cas.authn.ldap[0].bindDn=user@beta.gamma
cas.authn.ldap[0].bindCredential=userPassword
Still not working with the same error.
On Thursday, February 22, 2018 at 1:32:54 PM UTC-6, Kevin Liu wrote
ything.
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Thu,
Hello,
I can't seem to make heads or tailed of getting CAS to talk to LDAP
I know my LDAP is working because using the following command, I can see
all LDAP entries:
ldapsearch -x -h alpha.beta.gamma -D user@beta.gamma -W -b
"dc=beta,dc=gamma"
My assumption is that since these credentials
t windows environments). The script
> copies your project configuration to that folder before building the web
> app (target generation).
>
> El jueves, 15 de febrero de 2018, 16:05:28 (UTC+1), Kevin Liu escribió:
>>
>> Hello,
>>
>> It is my understanding
, rbon wrote:
>
> Kevin,
>
> Is the config file being written to /etc/cas1/config?
> Do you still have the same problem when using /etc/cas/config?
>
> Ray
>
> On Thu, 2018-02-15 at 07:05 -0800, Kevin Liu wrote:
>
> Hello,
>
> It is my understanding that
.cu...@newschool.edu
>
> [image: The New School]
>
> On Fri, Feb 23, 2018 at 9:56 AM, Kevin Liu <annih...@gmail.com
> > wrote:
>
>> For my own account, when I execute the LDAP query in my first post, I
>> can't see my own DN but I can see what I'm a member of.
and all my questions.
On Friday, February 23, 2018 at 11:44:35 AM UTC-6, Kevin Liu wrote:
>
> I finally got it to talk to my LDAP! I've realized I should also put that
> my LDAP is really a MSDN. It is in a very limited capacity though. Here is
> my cas.properties and I hope someone can he
in
one and imported it to the others.
On Tuesday, February 20, 2018 at 2:34:30 PM UTC-6, Kevin Liu wrote:
>
> Ray,
>
> I am trying to access /cas/status/dashboard from the tomcat server that's
> deploying the cas.war.
>
> Kevin
> On Tuesday, February 20, 2018 at 2:21
gt; environment. Something like:
>
> install self signed certificates in java certificate store (must be done
> for every java upgrade)
> sudo keytool -import -file /etc/ssl/certs/name_of.crt -alias name_of
> -keystore $JAVA_HOME/jre/lib/security/cacerts
>
> Ray
>
> On Tue,
ured to use CAS?
> If a different application, is it running in the same tomcat as CAS or
> perhaps even on a different computer?
>
> Perhaps tomcat needs to have the certificate path in the https section of
> conf/server.xml.
>
> Ray
>
> On Tue, 2018-02-20 at 11:43 -0800, Kevin
I'm trying to access https://xxx.xxx.xxx.xxx:/cas1/status/dashboard
On Monday, February 19, 2018 at 11:01:33 AM UTC-6, rbon wrote:
>
> Kevin,
>
> What is the URL that you are trying to access?
>
> Ray
>
> On Mon, 2018-02-19 at 08:34 -0800, Kevin Liu wrote:
>
I'm trying to access https://xxx.xxx.xxx.xxx:/cas1/status/dashboard
On Monday, February 19, 2018 at 11:01:33 AM UTC-6, rbon wrote:
>
> Kevin,
>
> What is the URL that you are trying to access?
>
> Ray
>
> On Mon, 2018-02-19 at 08:34 -0800, Kevin Liu wrote:
>
FORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Thu, Feb 22, 2018 at 9:34 AM, Kevin Liu <annih...@gmail.com
> > wrote:
>
>> C
Strongly recommend following this:
https://dacurry-tns.github.io/deploying-apereo-cas/building_server_ldap_authentication_config-ad-auth-properties.html
On Thursday, February 22, 2018 at 8:02:01 AM UTC-6, Hippolyte wrote:
>
> Hello everyone,
>
> I would like to install the latest version of the
certificate? Perhaps misspelled hosts names.
>
> Ray
>
> On Tue, 2018-02-20 at 08:10 -0800, Kevin Liu wrote:
>
> This is the error I keep getting:
>
> Error: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.Valida
Can someone explain to me the different LDAP types? I don't exactly
understand the purpose of AD, Authenticated, Anonymous, or DIrect. If there
is documentation somewhere, that would be appreciated too.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
For my own account, when I execute the LDAP query in my first post, I can't
see my own DN but I can see what I'm a member of. Is the listed member
field my DN?
member: CN=Kevin Liu,OU=Delta,OU=Alpha,DC=Beta,DC=Gamma
Would this be my DN?
On Friday, February 23, 2018 at 6:17:22 AM UTC-6
I should also mention that my error is preventing CAS from even loading.
It's not that it's not authenticating but rather the system just won't
start.
On Friday, February 23, 2018 at 8:56:40 AM UTC-6, Kevin Liu wrote:
>
> For my own account, when I execute the LDAP query in my first p
as
part of the DN. For example, my DN is CN=Kevin Liu, OU=Alpha, DC=beta,
DC=gamma instead of CN=kliu. Do you have any ideas on how I might get
around that?
On Friday, February 23, 2018 at 2:24:37 PM UTC-6, David Curry wrote:
>
>
> There are smarter (way smarter) LDAP people than me,
but I'm not
> very sure of that answer.
>
> Perhaps someone else on the list can jump in.
>
> --Dave
>
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 2
SP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Mon, Feb 26, 2018 at 4:14 PM, Kevin Liu <annih...@gmail.com
>
Kevin Liu I can login. It doesn't seem like
userFilter=sAMAccountName={name} get used as my sAMAccountName is kliu.
Maybe I don't understand userFilter completely.
Marc, what other properties did you have to add to cas.properties. Your
situation sounds very similar to mine.
Mathew:
Standard
I concur with Matthew. That was my issue too until I changed it. Then
services started picking up.
On Monday, February 26, 2018 at 2:37:37 PM UTC-6, David Curry wrote:
>
> But think of all the experience you're getting! :-)
>
> Seriously, I know the feeling. I think we've all been there before.
gt; kinds of logins, so maybe they do.
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
>
t; +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Mon, Feb 26, 2018 at 3:23 PM, Kevin Liu <annih...@gmail.com
> > wrote:
>
>> I'm messing with the logger. Is it possible to have just LDAP debug codes
>> output? If so, how
t; On Mon, 2018-07-23 at 15:54 -0700, Kevin Liu wrote:
>
> Ray,
>
> Can cas.properties pick up env variables? That could work in that case.
>
> Kevin
>
> On Monday, July 23, 2018 at 3:52:41 PM UTC-5, rbon wrote:
>
> Kevin,
>
> Could the deployment process create
I'd like to do this because this ways, I won't have bindCredentials in
cleartext.
On Tuesday, February 27, 2018 at 11:29:22 AM UTC-6, Kevin Liu wrote:
>
> Does anyone know how to reference the login page password in
> cas.properties? I know for username, you use %s but what about the
-tutorial/,
jasypt is the method to use.
On Wednesday, February 28, 2018 at 3:02:15 PM UTC-6, Manfredo Hopp wrote:
>
> What would be the problem to have it cleartext in server.
>
> 2018-02-28 17:02 GMT-03:00 Kevin Liu <annih...@gmail.com >:
>
>> I'd like to do this beca
word
>
> Le lundi 26 février 2018 17:41:37 UTC-5, Kevin Liu a écrit :
>>
>> So I've included an extra ldap index to get around multiple OUs. I can
>> now authenticate users but only with their full name and not their
>> sAMAccountName. For example, on the cas login
Hello All,
Is there a way to see the response that CAS gets back from LDAP? Also is
there a tutorial anywhere for specific LDAP queries from CAS? For example,
if I need to check to see if a member is part of a specific OU?
Thanks,
Kevin
--
- Website: https://apereo.github.io/cas
- Gitter
Does anyone know how to reference the login page password in
cas.properties? I know for username, you use %s but what about the password?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions:
I guess the easiest would be physical access. There are other various
intrusion methods too.
On Wednesday, February 28, 2018 at 3:29:40 PM UTC-6, Manfredo Hopp wrote:
>
> How should the server be compromised.
>
> 2018-02-28 18:12 GMT-03:00 Kevin Liu <annih...@gmail.com >:
>
, 2018 at 3:35 PM, Man H <info.ings...@gmail.com> wrote:
> How do you get to password
>
> 2018-02-28 18:34 GMT-03:00 Kevin Liu <annihil8...@gmail.com>:
>
>> I guess the easiest would be physical access. There are other various
>> intrusion methods too.
>>
And somewhat stemming from the other conversation, what get's passed is via
the principalAttributeList? Where does the attributes get passed to?
On Tuesday, February 27, 2018 at 3:10:38 PM UTC-6, Kevin Liu wrote:
>
> I see, so in other words, I should not have CAS search through LDAP
>
I see, so in other words, I should not have CAS search through LDAP looking
for a user and checking to see if they're a member of a group. Rather, that
should get passed to application using cas.
Thanks!
On Tuesday, February 27, 2018 at 3:04:17 PM UTC-6, Marc Dufour wrote:
>
> Atlassian has a
ttributes, so I limit the size of what it returned.
>
> As for the bindDN, it is a regular Domain user, not an admin. It should only
> need read access to Active Directory.
>
>
> Le mardi 27 février 2018 10:52:52 UTC-5, Kevin Liu a écrit :
>>
>> Marc, what
;> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003=gmail=g>
>> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>>
>> [image: The New School]
>>
>> On Wed, Feb 28, 2018 at 4:35 PM, Man H
That said though, it would still be great if there was a variable to pass
in the password and if there is one, I'd like to know.
On Thursday, March 1, 2018 at 8:25:03 AM UTC-6, Kevin Liu wrote:
>
> Not much of a follow up, but my security team just announced they have
> their o
Hello All,
I'm having some trouble accessing my dashboard again and I'm fairly certain
it's an SSL cert error. I'm hoping to seek some help from this group.
Initially, I had a self generated cert that I created with the java keytool
and pointed it to my java ca-cert store. When trying to
I would check to make sure you have an absolute path for your service
directory.
Also, can confirm that : or = does not matter. Works for me either ways.
On Tuesday, February 27, 2018 at 8:51:11 AM UTC-6, David Curry wrote:
>
> Well, without digging into the code to see exactly who's logging
Thank Ray!
Unfortunately, I realized searching by OU for a user won't work. This is
because of a couple of things.
I originally thought OUs were groups and have since discovered they are not.
I want to authenticate using sAMAccountName and when you search by groups,
none of the memberss have
Hello,
I've got a working class that I'm trying to hook my jetty service up to. I
can get as far as hitting the service will redirect to CAS which upon a
sucessful sign in will result in a 503 service unavailable. Looking at the
logs, I see this error.
java.lang.ClassNotFoundException:
52 matches
Mail list logo
