[cas-user] Re: Using a delegated authority with CAS auth providers

I think you can use groovy script to select the delegate provider using query parameter of service request, here is my sample script to detect auto redirect parameter and redirect to delegate provider : import org.apereo.cas.web.* import org.apereo.cas.configuration.model.support.delegation.* im

Re: [cas-user] CAS 6.6.x CSS with SSL Offload

As Ray said it's because you use custom theme and /themes/** is not define in list of excluded endpoints from web security, so Spring Security redirect the request to secure channel it means redirect to port 8443(default port) that does not exist in your situation! I think there are multiple wa

[cas-user] Re: Implementing ORCID auth: Problem with cas.authn.pac4j.oauth2[0].profile-url

I think you need to develop a wrapper API for profile-url like this(a normal api):https://www.googleapis.com/oauth2/v3/userinfo, so you can get the uid and send it in custom format to https://api.sandbox.orcid.org/v3.0/{uid}/record . On Tu

Re: [cas-user] CAS 6.6.x CSS with SSL Offload

etc/cas/static/ > > I do not understand why it works on 8080 but not on the F5 pulling 8080 to > 443, what is triggering redirects when the traffic comes through the F5? > > > On Tuesday, November 7, 2023 at 7:18:04 AM UTC-5 Meysam Shirazi wrote: > >> As Ray said it's b

Re: [cas-user] CAS 6.6.x CSS with SSL Offload

n org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter to my > overlay that includes the "/themes/**" pattern? > > > > > On Tuesday, November 7, 2023 at 10:25:45 PM UTC-5 Meysam Shirazi wrote: > >> For embedded tomcat in Spring boot it seams that tomcat i

Re: [cas-user] Re: Implementing ORCID auth: Problem with cas.authn.pac4j.oauth2[0].profile-url

of how this should be implemented? > Or where I can find a documentation that talks about this process? Do you > know any similar examples that I can take a look from? > > Thank you so much! > > > Aleix > > El miércoles, 8 de noviembre de 2023 a las 4:25:45 UTC+1, Meys

[cas-user] Re: CAS 6.6 no automatic redirect after OIDC logout

It needs idToken in id_token_hint url parameters) that contains clientId, it can be the same id token that be retrieved in login process. On Thursday, November 9, 2023 at 4:20:04 PM UTC+3:30 Udo Einspanier wrote: > Hi, > > we have CAS 6.6 as OIDC provider. When our client initiates logout, it >

[cas-user] Re: CAS 6.6 no automatic redirect after OIDC logout

rs: > > > https://.../cas/oidc/oidcLogout?id_token_hint=...&post_logout_redirect_uri=https://... > > But still no redirect from CAS to post_logout_redirect_uri. > > Any other ideas? > > Thanks, > Udo > > On Friday, November 10, 2023 at 3:41:42 AM UTC+1 Meysam Sh

[cas-user] Re: 6.6.13 - OpenID Issue - Unable to locate authentication profile

Hi, I followed the below configuration, and everything worked fine: *CAS Version 6.6.x* *cas.properties* *cas.authn.oauth.crypto.encryption.key=0ZJCKvFSVO6PUKlzUqWzE5eXDerK_T7G1oSfGHfaAGMcas.authn.oauth.crypto.signing.key=_d6j3pacsAy_V7WP55RB-H0HtwfSawKav6aV8rUPuRPBDqDhAeJXpqjrtZwqTiUPkNOz2jcb

[cas-user] Re: 6.6.13 - OpenID Issue - Unable to locate authentication profile

edit: *cas.authn.oidc.core.issuer=https://casserver/cas/oidc <https://oauth.iritco.ir/cas/oidc>* On Monday, November 13, 2023 at 11:19:51 PM UTC+3:30 Meysam Shirazi wrote: > Hi, > I followed the below configuration, and everything worked fine: > *CAS Version 6.6.x* &g

[cas-user] Re: 6.6.13 - OpenID Issue - Unable to locate authentication profile

|__| |_| | | |___ / ___ \ ___) | > /_/ \_\_| |_|_| \_\_\___/ \/_/ \_\/ > > > CAS Version: 6.6.13 > CAS Branch: 6.6.x > CAS Commit Id: 7589c85d08b0ebc4f0e479f4a0448901e46ecb3c > CAS Build Date/Time: 2023-11-14T08:28:48Z > Spring Boot Version: 2.7.3 &g

[cas-user] Re: CAS 6.6 no automatic redirect after OIDC logout

> as before: > > cas: > logout: > followServiceRedirects: false > removeDescendantTickets: true > redirect-url: "https://..."; > > > > On Friday, November 10, 2023 at 8:56:25 AM UTC+1 Meysam Shirazi wrote: > >> Hi Udo >> Change *cas.log.lev

Re: [cas-user] CAS 6.6.9 Hazelcast and Ticket Registry errors

Hi Sathish Did you check the port(5701) access and connectivity of hazelcast members? you can set the hazelcast.log.level to debug for more details in log. On Tuesday, November 14, 2023 at 10:36:28 PM UTC+3:30 Sathish Sekar wrote: > Hi Team, > > Hazelcast is causing problem. Since we have 3 ser

Re: [cas-user] Re: CAS 6.4.0, CAS 6.4.0-RC6 and CAS 6.4.0-RC5 : Issues with OIDC

Edit: *"serviceId" : "http://localhost:3000(.*) <http://localhost%3A3000(.*)>",* On Tuesday, May 16, 2023 at 6:55:04 AM UTC+3:30 Meysam Shirazi wrote: > Hi, > I followed the below configuration, and everything worked fine: > *C

[cas-user] Re: CAS 6.6 no automatic redirect after OIDC logout

re what you mean with "if you send the request to default /logout > url". Shouldn't the OIDC logout request always be sent to the > end_session_endpoint > advertised in .well-known metadata? > > > On Tuesday, November 14, 2023 at 8:06:28 PM UTC+1 Meysam Shirazi wrote

[cas-user] Re: authenticationMethod mfa-simple + LdapAuthenticationHandler

Hi Jorge Please share the configuration, and any log if available. On Thursday, November 16, 2023 at 3:22:43 PM UTC+3:30 Jorge Bastida wrote: > Good morning, > > In CAS 6.3.7 when authenticating a service with mfa-simple the value of > authenticationMethod was: > > authenticationMethod: > 1.-

[cas-user] Re: CAS 6.6 no automatic redirect after OIDC logout

Edit: ? --> : prefixes? (*TGT, ST, RT, AT, PT, TST, OC, SART, ODUC, PGT, SATQ, ODT*). --> prefixes: (*TGT, ST, RT, AT, PT, TST, OC, SART, ODUC, PGT, SATQ, ODT*). On Thursday, November 16, 2023 at 11:00:30 PM UTC+3:30 Meysam Shirazi wrote: > As you stated, the logout redirect is working

[cas-user] Re: Initializr cas-overlay 6.6.13 build issue

Hi The CAS repository does not contain the cas-server-support-discovery-profile-core module! On Thursday, November 16, 2023 at 11:00:31 PM UTC+3:30 King, Robert wrote: > Folks, > > > > Looks like there is an issue with Initializr and the gradle build process. > > > > How to reproduce: > >

[cas-user] Re: supress notification after login.

hello Jen You can use this configuration to disable password policy if you are using LDAP: *cas.authn.ldap[0].password-policy.enabled=false* you can find all configuration here . On Thursday, November 16, 2023

[cas-user] Re: Proposal for Enhancing CAS Instance Setup

Hi Please check: https://apereo.github.io/cas/6.5.x/ticketing/Hazelcast-Ticket-Registry.html On Friday, November 17, 2023 at 10:54:24 AM UTC+3:30 Miguel Martínez De Espronceda Cámara wrote: > Hi everyone, > > Our current configuration involves two CAS instances operating in an > active-active s

[cas-user] Re: authenticationMethod mfa-simple + LdapAuthenticationHandler

t; "@class": >> "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy", >> >> "permitUndefined": false >> >> }, >> >> "usernameAttributeProvider": { >> >> &quo

[cas-user] Re: [EXTERNAL SENDER] Re: Initializr cas-overlay 6.6.13 build issue

t; breaks the gradle build. > > > > > > *From:* Meysam Shirazi > *Sent:* Thursday, November 16, 2023 5:23 PM > *To:* CAS Community > *Cc:* King, Robert > *Subject:* [EXTERNAL SENDER] Re: Initializr cas-overlay 6.6.13 build issue > > > > Hi > &

[cas-user] Re: authenticationMethod mfa-simple + LdapAuthenticationHandler

Cano wrote: > Thank you, > Just a curious question, have you seen any of the above configurations > that are formatted or named out of convention for 6.6.x? > > Just to make sure. So that the validator passes correctly > Thanks > El viernes, 17 de noviembre de 2023 a las

[cas-user] Re: CAS 6.6 no automatic redirect after OIDC logout

use for the CAS protocol. > But our client uses OIDC and not CAS protocol. So, it sends the logout > request to "end_session_endpoint" defined in > https://cas.server/cas/oidc/.well-known. Why would we require another > protocol just for the logout? > > On Thursday, November 1

[cas-user] Re: CAS 6.6 no automatic redirect after OIDC logout

separately. But still good > to know that this is a limitation for now. > > Thanks again for your help, > Udo > > On Friday, November 17, 2023 at 7:21:45 PM UTC+1 Meysam Shirazi wrote: > >> It appears that CAS displays the logout request on the logout page when >>

[cas-user] Null delegatedPolicy in RemoteEndpointServiceAccessStrategy

Hi gents, I think this is a bug in cas 6.6.x that when you activate delegate authentication with custom Access Strategy extended of BaseRegisteredServiceAccessStrategy, you will got a NullPointerException: *java.lang.NullPointerException: nullat org.apereo.cas.pac4j.clie

[cas-user] Re: problem to update cas 6.3.7.4 to 6.6.14

Hi, Check your dependencies(cas-server-support-pac4j-api) in your build.gradle file. On Friday, December 29, 2023 at 5:39:11 PM UTC+3:30 Danielo De León wrote: > Hi, > I am having problems updating cas 6.3.7.4 to 6.6.14, when I do ./gradlew > clean explodeWar I get error messages like this: >

[cas-user] Re: embedded tomcat error

Hi Define 128 key length to use GCMParameterSpec instead of IvParameterSpec: cas.webflow.crypto.encryption.key-size:128 On Monday, February 12, 2024 at 4:37:06 PM UTC+3:30 Vaibhav GPT wrote: > Hi try adding this in cas.properties and see if it helps > > cas.webflow.crypto.enabled=false > > > > O

[cas-user] Re: ERROR [org.apereo.cas.util.concurrent.CasReentrantLock] -

Hi Josh Check the JDK version. On Friday, April 12, 2024 at 12:41:49 AM UTC+3:30 Josh wrote: > Hi all - > > We're in the process of migrating from CAS 6.6.x to CAS 7.0.x. We have > several hundred services in our production environment working fine, > however when starting CAS 7.0.3 in our test

[cas-user] Re: cas 6.6.15 & pac4j

Hi Danielo, It doesn't make sense why you need to know it but you can find it in gradle.properties file, ### # Pac4j versions ### pac4jSpringWebmvcVersion=6.0.3 pac4jVersion=5.4.6 On Wednesday, April 10, 2024 at 8:14:56 AM UTC+3:30 Daniel

[cas-user] Re: CAS 6.6.5 to 7.0.4 - customized css and js with prohibited access from html.

Hi Leonardo I guess the main cause is that the */ect *is not in the list of secure path of the application. Spring Boot , by default, permit access to /css/**, /js/**, /images/**, and /**/favicon.ico. you can use custom theme for this purpose. On Tuesday, May 14, 2024 at 3:39:50 PM UTC+3:30 L

[cas-user] Re: Adding Header to the verification URI in REST Authentication

Hi Reza Please pay attention to this section in the Rest Auth documentation : *"This allows the CAS server to reach to a remote REST endpoint via a POST for verification of credentials. Credentials are passed via an Au

[cas-user] biometrics authentication

HI, Is there any solution for biometrics integration(such as face detection) with CAS authentication? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this

Re: Re[2]: [cas-user] default locale setting

I'v test default locale in version 3.5.7 but it's not working for me too! I'm debugging the code so I see that it's set correctly in org.apereo.cas.configuration.model.webapp.LocaleProperties also in org.apereo.cas.config.CasWebAppConfiguration but it seems that something changed because of som

[cas-user] Passwordless and User Pass authentication in same server

Hi, Is there anyway to have both of user password login page with passwordless otp login(as alternative) in same CAS Server(ver. 5.3)? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo

[cas-user] Accessing Service Id in DefaultRegisteredServiceAccessStrategy

Hello everyone, Is it possible to access service(Id) in GroovyRegisteredAccessStrategy script? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message

[cas-user] CAS Authentication by PKE usb token

Hello every one I'm looking for a way to develop a solution bade on Apereo CAS to authenticate user by PKI enabled usb token like this one(https://cpl.thalesgroup.com/access-management/authenticators/pki-usb-authentication/etoken-5110-usb-token). I will appreciate any help to do that. -- - Webs

Re: [cas-user] CAS Authentication by PKE usb token

a lot of options, one of which is custom where you write groovy > scripts (instead of modifying or adding to cas code). > > Ray > > On Sat, 2021-01-23 at 01:22 -0800, Meysam Shirazi wrote: > > Notice: This message was sent from outside the University of Victoria > ema

Re: [cas-user] CAS Authentication by PKE usb token

gt; On Mon, 2021-01-25 at 23:48 -0800, Meysam Shirazi wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > Thanks Ray for your reply. > OK, It's a good idea. I found Custom

Re: [cas-user] CAS Authentication by PKE usb token

> and mix those with the cas documentation. > > I am looking into a custom MFA flow now. I will let you know my progress. > > Ray > > On Wed, 2021-01-27 at 03:06 -0800, Meysam Shirazi wrote: > > Notice: This message was sent from outside the University of Victoria > ema

Re: [cas-user] Hazelcast-Ticket Registry config

Hi everyone, About "Null input buffer" issue, I think it can be solved by adding these two keys in your cluster nodes: cas.webflow.crypto.signing.key= cas.webflow.crypto.encryption.key= On Saturday, February 27, 2021 at 10:50:44 PM UTC+3:30 anusu...@gmail.com wrote: > Can anyone help me if yo

Re: [cas-user] Re: CAS 6.4.0, CAS 6.4.0-RC6 and CAS 6.4.0-RC5 : Issues with OIDC

Hi, I followed the below configuration, and everything worked fine: *CAS Version 6.6.x* *cas.properties* *cas.authn.oauth.crypto.encryption.key=0ZJCKvFSVO6PUKlzUqWzE5eXDerK_T7G1oSfGHfaAGMcas.authn.oauth.crypto.signing.key=_d6j3pacsAy_V7WP55RB-H0HtwfSawKav6aV8rUPuRPBDqDhAeJXpqjrtZwqTiUPkNOz2jcb

[cas-user] CAS 4.2.7 login throttling not working

Hello, I'm trying to use throttling on CAS 4.2.7 but it seems that it's not working! I'v done that on CAS 3.5.2 and it worked fine! my configuration(based on CAS documentaion): depoyerConfigContext: cas.properties: cas.throttle.failure.threshold=3 cas.throttle.failure.range.seconds=10 I f

[cas-user] Re: CAS 4.2.7 login throttling not working

I find a related issue here <https://issues.jasig.org/browse/CAS-1107> but it's too old! On Tuesday, February 6, 2018 at 11:31:14 AM UTC+3:30, Meysam Shirazi wrote: > > Hello, > > I'm trying to use throttling on CAS 4.2.7 but it seems that it's not > working

[cas-user] Re: CAS 4.2.7 login throttling not working

Any help?! On Tuesday, February 6, 2018 at 11:31:14 AM UTC+3:30, Meysam Shirazi wrote: > > Hello, > > I'm trying to use throttling on CAS 4.2.7 but it seems that it's not > working! I'v done that on CAS 3.5.2 and it worked fine! > my config

[cas-user] Re: CAS 4.2.7 login throttling not working

it's resolved by switching to 4.2.0! On Wednesday, February 7, 2018 at 10:21:06 PM UTC+3:30, Meysam Shirazi wrote: > > Any help?! > > On Tuesday, February 6, 2018 at 11:31:14 AM UTC+3:30, Meysam Shirazi wrote: >> >> Hello, >> >> I'm trying to use