[cas-user] Re: CAS management - new service username attribute provider options

rsondir > person-directory-impl > ${person.directory.version} > > > > On Tuesday, November 21, 2017 at 10:24:47 PM UTC-5, William E. wrote: >> >> I had to add them to mine for the username drop down in cas management to >> get populated. >> >&

[cas-user] Re: CAS 5.1.0 LDAP - How to get all groups that a user is a member of?

Perhaps try adding these to cas.properties? cas.authn.attributeRepository.ldap[0].attributes.member=member cas.authn.attributeRepository.ldap[0].attributes.memberof=memberof On Thursday, November 23, 2017 at 4:41:33 AM UTC-6, Sanjaya Addula wrote: > > Hi, > > How can I configure cas to get the

[cas-user] Re: CAS management - new service username attribute provider options

Do you have entries like below in your cas.properties file? cas.authn.attributeRepository.ldap[0].attributes.uid=uid cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName cas.authn.attributeRepository.ldap[0].attributes.cn=commonName

[cas-user] Re: CAS management - new service username attribute provider options

I had to add them to mine for the username drop down in cas management to get populated. On Tuesday, November 21, 2017 at 2:01:09 PM UTC-6, Justin Andrews wrote: > > No, I do not have those in my cas.properties... > > On Tuesday, November 21, 2017 at 10:49:13 AM UTC-5, Will

[cas-user] SAML FriendlyName and Name using same value

Hi all, I'm pretty sure this is not a current feature of CAS 5.2.x, but I just wanted to ask this community if they found any way to do so by some config trickery. If not, would the awesome CAS developers be interested in putting this on the list of future feature enhancements please? So

Re: [cas-user] CAS attribute resolution with LDAP

In our cas.properties, we also have: cas.personDirectory.principalAttribute=uid,mail cas.personDirectory.returnNull=false cas.personDirectory.principalResolutionFailureFatal=false Hope this helps. On Wednesday, January 10, 2018 at 10:30:38 AM UTC-6, rbon wrote: > > Sebastien, > > To see what

[cas-user] Re: CAS 5.2.x

For Dave's docs: We too have been working on using cas 5.2's saml2 capabilities to replace a full shibboleth. Not quite there yet, but still working on it. FWIW - We use apache's mod_ajp to front tomcat and these lines are what we use in proxy_ajp.conf: ProxyPass /cas

[cas-user] Re: cas 5 management

Exactly. cas-management-overlay/target/cas-management.war Since we use json registry, and ldap, we add the below. org.apereo.cas cas-server-support-json-service-registry ${cas.version} org.apereo.cas cas-server-support-ldap ${cas.version} On Friday, February

[cas-user] Re: CAS 5.2 and Ellucian Banner 9 (XE)

We are on cas 5.2.2, banner 8 via ssomanager and banner 9 admin apps. Seems to work fine since we upgraded to cas 5.2.2 in late December. We populate the udcid in ldap from banner, then map it in cas as: cas.authn.attributeRepository.ldap[0].attributes.uahUDCID=UDC_IDENTIFIER Please note,

Re: [cas-user] Re: Management Webapp 5.2 issue with attributes release

Hi Travis, I have had similar issues. Love the new look BTW, but the erturn mapped UI seems to have a bug or two. Also, the Access strategy tab, maybe it's intentional, but it seems to autopopulate with all my defined attributes when I just click on that tab. So what I've accidentally run

[cas-user] Recommendations for CATALINA_OPTS for cas 5.x with tomcat 8.5.x

Does anyone have any recommendations for CATALINA_OPTS for cas 5.x on tomcat 8? I am finding that our setup steadily eats up memory to the point that it eventually crashes from out of memory and has to be restarted. Current settings: CATALINA_OPTS="-Djava.awt.headless=true

[cas-user] Re: Recommendations for CATALINA_OPTS for cas 5.x with tomcat 8.5.x

> > On Thursday, December 21, 2017 at 1:35:45 PM UTC+11, William E. wrote: >> >> RHEL 7, 8GB ram, swap is 4GB. It's a VM in our vSphere cluster+SAN. I >> actually have three, two PROD nodes behind a load balancer and one test >> node. All have same specs and

[cas-user] Re: Recommendations for CATALINA_OPTS for cas 5.x with tomcat 8.5.x

have > > if you are on Linux you can do: > 1.uname -a > 2-3. free -m > > and post the output here > > regards, > > martin > > On Thursday, December 21, 2017 at 11:00:30 AM UTC+11, William E. wrote: >> >> Does anyone have any recommendations for CATALIN

[cas-user] banner 8 via ssomanager and cas intermittent error

We upgraded cas from 5.2 to 5.3 last night. Today almost everything is working fine except banner 8 sso logins via ellucian's ssomanager(circa 2013 version). We're sporadically seeing the below trace in the browser. I'm suspecting the 2013 ssomanager app from ellucian is running an outdated

[cas-user] Re: Application Not Authorized to Use CAS The application you attempted to authenticate to is not authorized to use CAS.

What is in the service url parameter? Add it as an allowed service regex. For example, since I access cas-management via localhost, I have a service that allows ^http://localhost:8080/cas-management/.* On Friday, January 19, 2018 at 1:41:38 PM UTC-6, Ramakrishna G wrote: > > Application Not

Re: [cas-user] Help with LDAP auth

We grab the memberof attribute in the user record. Note it's multivalued. On Tuesday, March 13, 2018 at 1:28:43 PM UTC-5, Марат Бралиев wrote: > > how best practice to check member of specific group? check in LDAP search > query, or use some CAS (or ldaptive) handler, and check member of group

Re: [cas-user] java 1.62 - JCE Unlimited Strength Jurisdiction Policy

out property, near the end of the file: > > #crypto.policy=unlimited > > by simply removing the comment marker: > > crypto.policy=unlimited > > On Apr 10, 2018, at 8:58 AM, William E. <wre...@uah.edu > > wrote: > > Has anyone run into a proble

[cas-user] Re: The CAS management webapp is unavailable. NPE ERROR [org.apereo.cas.mgmt.services.web.AbstractManagementController] - java.lang.NullPointerException

Just guessing here, but I think I would first try trimming down the principal list values from: cas.authn.ldap[0].principalAttributeList=sn:familyName,cn:casId,givenName,mail,memberOf,xxxUID To maybe: cas.authn.ldap[0].principalAttributeList=cn,xxxUID Things that always exist in every ldap

Re: [cas-user] java 1.62 - JCE Unlimited Strength Jurisdiction Policy

il.HashSet [ "true" ] ] } jwtAsResponse: { @class: org.apereo.cas.services.DefaultRegisteredServiceProperty values: [ java.util.HashSet [ "true" ] ] } } On Tuesday, April 10, 2018 at 10:05

[cas-user] CAS 5.2 return JWT for service

Hi all, I am trying to follow the CAS docs to configure a service to return jwt's but not having much success. Docs I am reading on this: https://apereo.github.io/cas/5.2.x/installation/Configure-ServiceTicket-JWT.html https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/ (JWT

[cas-user] Re: CAS 5.2 login with UPN removing domain

We use ldap and used an ldap filter on uid or'ed with upn. Ldap search syntax. Like so: cas.authn.ldap[0].userFilter=(|(uid={user})(upn={user})) -William On Wednesday, April 11, 2018 at 10:26:10 AM UTC-5, dag wrote: > > Hi all, > > I've configured Apereo CAS 5.2, and it's running fine

Re: [cas-user] CAS-Management - Bottle at the sea - Need advice or help

, April 12, 2018 at 4:23:36 AM UTC+2, William E. wrote: >> >> This makes me think you have a bad ldap search filter in your .properties >> file, or maybe ldap support partially configured. >> >> Caused by: java.lang.NullPointerException >> at >> org.apere

Re: [cas-user] Re: CAS 5.2 login with UPN removing domain

; Any other trick please? > > > Regards. > > > 2018-04-12 0:42 GMT+02:00 William E. <wre...@uah.edu >: > >> We use ldap and used an ldap filter on uid or'ed with upn. Ldap search >> syntax. >> >> Like so: >> >> cas.authn.ldap[0].userFil

[cas-user] Re: CAS 5.2 return JWT for service

misunderstanding the cas documents, the cas.authn.token.crypto.encryption.key and cas.authn.token.crypto.signing.key accept key values directly, not file paths to files containing the keys. Anyway, much thanks to Paul at Unicon for all his help. Support money well spent. -William On Wednesday, Apr

Re: [cas-user] CAS-Management - Bottle at the sea - Need advice or help

This makes me think you have a bad ldap search filter in your .properties file, or maybe ldap support partially configured. Caused by: java.lang.NullPointerException at org.apereo.cas.util.LdapUtils.lambda$newLdaptiveSearchFilter$2(LdapUtils.java:531)

[cas-user] Re: CAS JWT/JWK oddities

I feel ya... :-) My biggest concern at the moment, as others have posted about here as well, is the jwt is a url parameter when passed back to the client app. I would much rather it be a header or cookie or post param or anything really because my concern is until the jwt expiration time

Re: [cas-user] Re: JSON Service Registry cas.serviceRegistry.config.location property setting ineffective after upgrading to CAS version 5.2

Your service provided in this thread: "serviceId" : "^(https|imaps|http)://.*" Will not match with a port specified. Try instead: "serviceId" : "^(https|imaps|http)://.*:8443/.*" -W On Saturday, April 21, 2018 at 8:44:17 PM UTC-5, IOTech Co., Ltd wrote: > > i have got error...please help me

Re: [cas-user] Re: JWT without encryption key

I think you are seeing the discrepancy due to base64 vs. base64url decoding. I think the jwt spec. wants base64 url vs. plain base64. https://en.wikipedia.org/wiki/Base64#URL_applications On Friday, December 14, 2018 at 9:37:45 AM UTC-6, Devendra Sisodia wrote: > > While decoding JWT there is

[cas-user] Decode nested JWT with Python

Has anyone tried to parse the nested JWT, JWS + JWE, produced by CAS 5.x? If so, would you mind posting a snippet please? I've read that the python-jose library can check signatures but not decrypt the payload. Been trying to use jwcrypto but can't seem to get the step put together in the

[cas-user] Re: encryption and signing key generation

+1 I ended up grabbing values from the cas startup logs and setting in my cas.properties. Seems to work. On Wednesday, September 12, 2018 at 3:34:32 PM UTC-5, Curtis Ruck wrote: > > So i'm trying to automate the generation and persistence of the > cas.tgc.crypto and cas.webflow.crypto

[cas-user] Re: encryption and signing key generation

September 13, 2018 at 10:03:02 AM UTC-4, William E. wrote: >> >> +1 >> >> I ended up grabbing values from the cas startup logs and setting in my >> cas.properties. Seems to work. >> >> >> On Wednesday, September 12, 2018 at 3:34:32 PM UT

[cas-user] Re: Inquiring CAS commercial support

We have been using Unicon for a few years now. Misagh, who I consider the main CAS developer, works for them. We're happy with their support. -William On Monday, September 9, 2019 at 1:38:05 PM UTC-5, Yan Zhou wrote: > > Hi, > > We use CAS 4.1.9 and CAS 5.3. It has

[cas-user] Re: Signing is not enabled for [Token/JWT Tickets]. The cipher [RegisteredServiceJwtTicketCipherExecutor] will attempt to produce plain objects

We're on 5.3.11. Struggled with this as well, could never find a third party tool or library that could validate the jwt generated by cas. I even contact the maintainer of one of the python libs and he claims the cas generated JWT was invalid. I was able to write my own java to validate

[cas-user] Re: Chrome and samesite cookies

Not us. Canvas is hosted with the vendor, our CAS is local, we're on 5.3. -W On Wednesday, February 26, 2020 at 12:13:47 PM UTC-6, ste...@rutgers.edu wrote: > > We received an email stating there are issues authenticating to our Canvas > instance due to the Chrome SameSite changes. Has

[cas-user] Re: CAS V5.3 with Zoom SSO???

We did with saml too, but with the Shibboleth "half" of our CAS+Shibboleth combined service. If you are looking for guidance using CAS as saml IDP with it, sorry, can't help. As for the integration, once you get it going, on the zoom side you can map attribute values to zoom roles. And it