[cas-user] SAML2 auth fails because /cas/p3/serviceValidate returns a 403

. Logging in to /cas/login works just fine without the SAML portion and I was able to configure the admin pages using CAS as well (that configuration is not present below). The pom.xml is: https://gist.github.com/mac-reid/2a8b151cd1caac0be312e8c104153fd2 The cas.properties file (located in /etc/cas

[cas-user] CAS 5.1.5 Login View Title

- Central Authentication Service' addition to the page title? Thanks, Mac Reid -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you

Re: [cas-user] CAS 5.1.5 Login View Title

Hi Pavlos, That worked! I appreciate the help. Thanks, Mac Reid -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed

[cas-user] CAS 5.1.5: Change SAML Attribute Names

cas.authn.samlIdp.response.useAttributeFriendlyName=false just removes the FriendlyName field. Thanks, Mac Reid -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received

Re: [cas-user] Re: Duo with Multiple Providers not using correct Duo Application

I've tried changing both the serviceId (narrowing the regex) and the evaluationOrder to ensure the correct configuration was applying to the services. Nether changed the Duo behavior. Thanks, Mac Reid -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas

[cas-user] Duo with Multiple Providers not using correct Duo Application

g for a login session up to the point of Duo. I am stumped by this and the docs don't seem to be clear on how this all works. Thanks, Mac Reid -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions:

[cas-user] CAS 5.1.5 SAML Service Access Strategy

to limit authorization only in this specific service. Is there any other way to authorization at the CAS end for SAML services? Thanks, Mac Reid -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contribu

Re: [cas-user] Re: making an extra LDAP attribute visible via CAS

Assuming a working ldap attribute repository, we added the following line to our cas.properties: cas.authn.attributeRepository.ldap[0].attributes.udcid=UDC_IDENTIFIER In the above line, the udcid is the ldap attribute and the UDC_IDENTIFIER is the CAS name for the attribute. In our Banner

Re: [cas-user] CAS login returnUrl

We configure our service URL to match the return point when we enforce authentication. That is, if I go to https://www.example.com/secure/page.html the CAS redirect URL will be https://sso.example.com/cas/login?service=https%3A%2F%2Fwww.example.com%2Fsecure%2Fpage.html . In our json service

Re: [cas-user] HA Redis Crash

Hi, You cannot configure a single redis server with sentinel configured as well. Your config should only have: cas.ticket.registry.redis.sentinel.master=mymaster cas.ticket.registry.redis.sentinel.nodes[0]=192.168.111.201:26379 cas.ticket.registry.redis.sentinel.nodes[1]=192.168.111.205:26379

Re: [cas-user] HA Redis Crash

Hi, Our repo is based on the overlay. You can find the version of spring boot here: https://github.com/apereo/cas-overlay-template/tree/5.3 Another thing I noticed is the node option does not end with an `s`, meaning it should look like: cas.ticket.registry.redis.sentinel.master=mymaster

Re: [cas-user] Cannot retrieve user attributes from PHP application behind mod_auth_cas

Hi, The option `CASAuthNHeader On` must be configured in an .htaccess or a directory/location directive. That will add headers that look like: CAS_uid => mac CAS_mail => mar...@mtu.edu - Mac -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List

Re: [cas-user] Embedded Tomcat Java Heap Size

We use systemd to run our CAS service. Here's our configs for running CAS with a larger heap: /etc/systemd/system/cas.service: [Unit] Description=CAS Webserver After=syslog.target [Service] EnvironmentFile=/etc/sysconfig/cas User=cas ExecStart=/bin/java $JAVA_OPTS -jar /opt/cas/cas.war

[cas-user] CAS 5.3.4 Kivuto/Microsoft Dreamspark SAML Auth in CAS

, and send an isMemberOf attribute back with the second matched memberOf value. Seems possible with a groovy script for service access strategy and attribute release, but they do not seem to be executing on the SAML service. Any pointers or references would be appreciated. Thanks, Mac Reid

[cas-user] CAS 5.3.11 - Attribute rewriting and groovy execution delays

Hi, Some basic info: RHEL 7 Oracle Java 1.8.0_151 CAS version 5.3.11 We're looking to do some attribute rewriting in a CAS service. We are looking to send a new attribute (that doesn't exist in our attribute repositories) based on the value of an attribute that exists in our attribute