Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Mar 05 20:10
    codecov[bot] commented #5068
  • Mar 05 20:05
    codecov[bot] commented #5068
  • Mar 05 20:01
    codecov[bot] commented #5068
  • Mar 05 19:19
    codecov[bot] commented #5068
  • Mar 05 19:17
    codecov[bot] commented #5068
  • Mar 05 19:17
    codecov[bot] commented #5068
  • Mar 05 17:14

    mmoayyed on heroku-casinit

    Update gradle.properties (compare)

  • Mar 05 17:08

    mmoayyed on 6.3.x

    cassandra ci fixes (compare)

  • Mar 05 16:43
    apereocas-bot labeled #5068
  • Mar 05 16:42
    mmoayyed unlabeled #5068
  • Mar 05 16:38
    apereocas-bot labeled #5068
  • Mar 05 16:38
    apereocas-bot labeled #5068
  • Mar 05 16:38
    apereocas-bot milestoned #5068
  • Mar 05 16:37
    rmathis opened #5068
  • Mar 05 12:39

    mmoayyed on master

    next release next release (compare)

  • Mar 05 09:28

    mmoayyed on 6.3.x

    backport patch fix tests (cherry picked from … backport patches (compare)

  • Mar 05 09:03

    apereocas-bot on gh-pages

    Published docs to [gh-pages] fr… (compare)

  • Mar 05 08:48

    mmoayyed on v6.4.0-RC2

    next release (compare)

  • Mar 05 08:41
    mmoayyed milestoned #5055
  • Mar 05 08:41
    mmoayyed demilestoned #5055
VikashChandra1996
@VikashChandra1996

2021-02-10 13:00:40,175 ERROR [org.apereo.cas.util.serialization. AbstractJacksonBackedStringSerializer] - <Cannot read/parse JSON [{"@class":"org.apereo.cas.services.RegexRegisteredService","serviceId":"^https://abc/login...] to deserialize into type (interface org.apereo.cas.services. RegisteredService). This may be caused in the absence of a configuration/support module that knows how to interpret the JSON fragment, specially if the fragment describes a CAS registered service definition. Internal parsing error is (Illegal type (org.apereo.cas.services.RegexRegisteredService) to
deserialize: prevented for security reasons

at [Source

(String)"("@class":"org.apereo.cas.services.RegexRegisteredService","serviceId" : "^https://abc/login","name":"CommonWeb", "description":"This is a Spring App that uses the CAS Server for it's authentication", "id":19991, "theme": "theme abc", "evaluationOrder":1,"properties":{"@class":"java.util.HashMap", "appId": {"@class":"org.apereo.cas.services.DefaultRegisteredServiceProperty","values":["java.util.HashSet",["ABC"]]},"rolePrefix": {"@class":"org.apereo.cas.services.De" [truncated 399 chars); line: 1, column: 11]]>

2021-02-10 13:00:40, 176 INFO (org.apereo.cas.services AbstractServicesManager - <Loaded [0] service(s) from (JsonServiceRegistryDao)->

This is my log file. Please suggest. URL of both client side and what we have configured in our end is same. Naming convention of my JSON is commonWebapp-1991.json
mohsensaeedi
@mohsensaeedi
I am using CAS 5.3.14. when i added saml-idp for saml sp integration, I have a error. i paste error on pastebin.
https://pastebin.ubuntu.com/p/C8SFX6zbTw/
everything is ok without saml-idp. I add this lines to cas.properties too:
cas.authn.samlIdp.entityId=${cas.server.prefix}/idp
cas.authn.samlIdp.scope=ourdomain_dns_name
cas.authn.samlIdp.metadata.location=file:/etc/cas/saml
it creates saml files on /etc/cas/saml after first start.
ChristianPillajo
@ChristianPillajo
hello everyone
Can you help..... How I can active DASHBOARD ???
How Can I active DASHBOARD??
Captura de pantalla de 2021-02-11 18-51-22.png
mohsensaeedi
@mohsensaeedi

Hello. I am running CAS 5.3.14 with saml and saml-idp services.

I am using CAS 5.3.14. when i added saml-idp for saml sp integration, I have a error. i paste error on pastebin.
https://pastebin.ubuntu.com/p/C8SFX6zbTw/
everything is ok without saml-idp. I add this lines to cas.properties too:
cas.authn.samlIdp.entityId=${cas.server.prefix}/idp
cas.authn.samlIdp.scope=ourdomain_dns_name
cas.authn.samlIdp.metadata.location=file:/etc/cas/saml

I found the problem. I defined my gitlab service as SAML SP on cas management. but it need to configure skipGeneratingTransientNameId.

mohsensaeedi
@mohsensaeedi
Now error is: Caused by: java.lang.IllegalArgumentException: Can not set boolean field org.apereo.cas.support.saml.services.SamlRegisteredService.skipGeneratingTransientNameId to null value. any idea?
mohsensaeedi
@mohsensaeedi
@mmoayyed, According my problem, it seems field skipGeneratingTransientNameId is not present on management panel. is it correct? what is the solution to solve this problem. I am using CAS Management panel 5.3.6
Łukasz
@lgwozniak
@mmoayyed Hey i've upgrade from 6.2 to 6.3 and there is breaking change that wasn't write in RC. There was change Class package for EncodedTicket from org.apereo.cas.ticket.registry to org.apereo.cas.ticket . And now i got deserialization problem for tickets from 6.2 version. Caused by: java.lang.ClassNotFoundException: org.apereo.cas.ticket.registry.EncodedTicket in at org.apereo.cas.ticket.registry.RedisTicketRegistry.lambda$getTicketsStream$0(RedisTicketRegistry.java:98) ~[cas-server-support-redis-ticket-registry-6.3.0.jar!/:6.3.0]
Łukasz
@lgwozniak
@mmoayyed I've got second problem. MFA devices from 6.2 doesn't work on 6.3 :/ Keys in 6.2 are saved on RedisGoogleAuthenticatorTokenCredentialRepository:username but on 6.3 are saved as RedisGoogleAuthenticatorTokenCredentialRepository:username:id
Łukasz
@lgwozniak
Is there any migration possible ?
Martin Carrillo
@marvicgit
hello everyone will have an example how to configure cas and ldap, in tried several ways it does not authenticate me
cas 5.3
Martin Carrillo
@marvicgit
it worked after several attempts
cas.authn.ldap[0].ldap-url=ldap://XXX.XX.X.XX
cas.authn.ldap[0].use-start-tls=false
cas.authn.ldap[0].baseDn=dc=atu,dc=gob,dc=pe
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.ldap[0].bindDn=user@atu.gob.pe
cas.authn.ldap[0].bindCredential=password
Rishabh Ohri
@rohri_gitlab
I am using CAS 6.2X. When the CAS login page is served and user goes idle for sometime and then submits the credentials the CAS error page is shown to the user. I have tried to set the expiration policy of ST and TGT but the error still persists. Is the problem that the CAS Session times out when the user goes idle or something else. Looking for inputs. WHO: audit:unknown
\nWHAT: ST-156-5B2tBGK6XzBFRQ1THd7105vuGBE-https://localhost/closing/cas for https://localhost/closing/cas/oauth2.0/callbackAuthorize?client_id=CRfgn8vNQqVFUoM7sEBL3imr&redirect_uri=https%3A%2F%2Floc...\n
ACTION: SERVICE_TICKET_VALIDATE_FAILED\nAPPLICATION: CAS
\nWHEN: Wed Feb 17 08:52:27 EST 2021
nCLIENT IP ADDRESS: ::1
\nSERVER IP ADDRESS:
I am using CAS 6.2X. When the CAS login page is served and user goes idle for sometime and then submits the credentials the CAS error page is shown to the user. I have tried to set the expiration policy of ST and TGT but the error still persists. Is the problem that the CAS Session times out when the user goes idle or something else. Looking for inputs. WHO: audit:unknown
\nWHAT: ST-156-5B2tBGK6XzBFRQ1THd7105vuGBE-https://localhost/closing/cas for https://localhost/closing/cas/oauth2.0/callbackAuthorize?client_id=CRfgn8vNQqVFUoM7sEBL3imr&redirect_uri=https%3A%2F%2Floc...\n
ACTION: SERVICE_TICKET_VALIDATE_FAILED\nAPPLICATION: CAS
\nWHEN: Wed Feb 17 08:52:27 EST 2021
nCLIENT IP ADDRESS: ::1
\nSERVER IP ADDRESS:
Ashish Tewari
@funlovingAshish_twitter
hi, I need to understand how CAS supports multi-tenancy
Ashish Tewari
@funlovingAshish_twitter
can someone please provide any documentation link on how CAS supports multi tenancy
vonfoovonbar
@vonfoovonbar

I am using CAS 6.2X. When the CAS login page is served and user goes idle for sometime and then submits the credentials the CAS error page is shown to the user. I have tried to set the expiration policy of ST and TGT but the error still persists. Is the problem that the CAS Session times out when the user goes idle or something else. Looking for inputs. WHO: audit:unknown
\nWHAT: ST-156-5B2tBGK6XzBFRQ1THd7105vuGBE-https://localhost/closing/cas for https://localhost/closing/cas/oauth2.0/callbackAuthorize?client_id=CRfgn8vNQqVFUoM7sEBL3imr&redirect_uri=https%3A%2F%2Floc...\n
ACTION: SERVICE_TICKET_VALIDATE_FAILED\nAPPLICATION: CAS
\nWHEN: Wed Feb 17 08:52:27 EST 2021
nCLIENT IP ADDRESS: ::1
\nSERVER IP ADDRESS:

The ST would be created after the authentication. Are there any error messages shown (try logging with 'TRACEW' or 'DEBUg').

can someone please provide any documentation link on how CAS supports multi tenancy

What are you referring to by 'mutil-tenancy'?

Łukasz
@lgwozniak
Maybe your ST ttl is too short.
Ashish Tewari
@funlovingAshish_twitter
can someone please provide any documentation link on how CAS supports multi tenancy ? By multi-tenancy, it is a software architecture in which a single instance of software runs on a server and serves multiple tenants. A tenant is a group of users who share a common access with specific privileges to the software instance.
Got below article https://apereo.github.io/2017/10/23/cas-multitenancy/ but our requirement is to have single deployment to server multiple tenants
dziq
@dz1q:matrix.org
[m]
Hi there.
I'm new future CAS user. I have some questions. Is there a quide/howto for best practicies of CAS installation. I inherited two installations of CAS (4.x and 5.3) from a previous administrator.
I think that we need fresh CAS instance for AD (LDAP) user authentication of our few services.
dziq
@dz1q:matrix.org
[m]
I read the CAS documentation and concluded that the easiest way to build CAS is docker.
Do you have and tips for newcommers?
Andres Camilo Santana
@Niordsid

Greetings,

I have a quick question, is there a way to disable the gateway option from a request when using the service param, let me to add more context to this question: Im using the service parameter to send my user to my main application after they log in, the url looks something like: https://192.168.X.X:8443/cas/login?service=http%3A%2F%2Fmywebapp%3A3000%2Flogin , then I found a possible risk if someone malicious wants to redirect traffic to their page using the gateway option, something like: https://192.168.X.X:8443/cas/login?service=http//maliciouswebsite.com&gateway=true, I don't want someone with bad intentions to be able to perform this option, so my question is, is it possible to eliminate the gateway parameter so that traffic is not redirected?

Thorax
@Intrathorakal_twitter
Why not restrict access to services they are not malicious?
Thorax
@Intrathorakal_twitter

Is here anyone who got cas as a OpenIDConnect Server running?
Im trying this for days but always get endless redirects. And most curious is a redirect to >http< instead of >https<. I have no clue where the source for this is located:
http://test.hwe.de/cas/oidc/authorize?response_type=id_token token&client_id=client14d&redirect_uri=https://test.hwe.de/cb&scope=openid profile&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj&bypass_approval_prompt=true

The chain is:

http://test.hwe.de/cas/oidc/authorize?response_type=id_token token&client_id=client14d&redirect_uri=https://test.hwe.de/cb&scope=openid profile&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj&bypass_approval_prompt=true
the end of a round in the endless redirect chain i mean (sorry).
Thorax
@Intrathorakal_twitter
I now do a redirect in an apache in front of the application server but this can't be a good clean solution (RedirectMatch ^(.*) https://test.hwe.de$1)
dclark14
@dclark14

No matching variant of org.apereo.cas:cas-server-core-api-configuration-model:6.3.2 was found. The consumer was configured to find a runtime of a library compatible with Java 8, packaged as a jar, and its dependencies declared externally but:

      - Variant 'apiElements' capability org.apereo.cas:cas-server-core-api-configuration-model:6.3.2 declares a library, packaged as a jar, and its dependencies declared externally:
          - Incompatible because this component declares an API of a component compatible with Java 11 and the consumer needed a runtime of a component compatible with Java 8
      - Variant 'runtimeElements' capability org.apereo.cas:cas-server-core-api-configuration-model:6.3.2 declares a runtime of a library, packaged as a jar, and its dependencies declared externally:
          - Incompatible because this component declares a component compatible with Java 11 and the consumer needed a component compatible with Java 8

Could not resolve org.apereo.cas:cas-server-core-configuration-metadata-repository:6.3.2.
Required by:
unspecified:unspecified:unspecified
No matching variant of org.apereo.cas:cas-server-core-configuration-metadata-repository:6.3.2 was found. The consumer was configured to find a runtime of a library compatible with Java 8, packaged as a jar, and its dependencies declared externally but:

      - Variant 'apiElements' capability org.apereo.cas:cas-server-core-configuration-metadata-repository:6.3.2 declares a library, packaged as a jar, and its dependencies declared externally:
          - Incompatible because this component declares an API of a component compatible with Java 11 and the consumer needed a runtime of a component compatible with Java 8
robdec
@robdec
Hi, I have a CAS 6.3.0 server running in a Tomcat sever, i am wanting to release the following attributes but map the ldap mail to the attribute "email".
attributeReleasePolicy: !<org.apereo.cas.services.ReturnMappedAttributeReleasePolicy>
principalAttributesRepository: !<org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository>
expiration: 2
timeUnit: "HOURS"
consentPolicy: !<org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy>
enabled: true
authorizedToReleaseCredentialPassword: false
authorizedToReleaseProxyGrantingTicket: false
excludeDefaultAttributes: false
authorizedToReleaseAuthenticationAttributes: true
allowedAttributes: !<java.util.TreeMap>
  • "cn" : "cn"
  • "mail" : "email"
  • "memberOf" : "memberOf"
  • "givenName" : "givenName"
  • "displayName" : "displayName"
  • "surName" : "surName"
  • "departmentNumber" : "departmentNumber"
    The yml file fails to load as a CAS service, any help would be appreciated.
    Regards,
    Robert
msilla
@msilla
Hello @habi3000, I'm wondering if you ever found a solution for the file descriptor leaks you were receiving. I'm having a similar issue with version 6.2.2. Please share your findings. Thank you.
pawanktiwari
@pawanktiwari
Hi All,
I'm new to CAS and I need to validate the ticket. I've setup the application and after successful login I've a ticket. Now my question is: How can I validate the ticket using cas server? Second, how many times we can validate the ticket? I would be great there is any link to go through. Thanks
mijutu
@mijutu:ellipsis.fi
[m]
I guess you should use one of the cas client libraries to validate the ticket: https://apereo.github.io/cas/6.3.x/integration/CAS-Clients.html
pawanktiwari
@pawanktiwari
@mijutu:ellipsis.fi There is nothing which sheds a light on validation using spring boot in particular.
1584286140
@1584286140
image.png
Do you know the reason?
mijutu
@mijutu:ellipsis.fi
[m]
I have close to zero experience with spring, but I guess you can use the java cas client library to validate a ticket and then mark user as logged in somehow. Perhaps add an attribute to http session or use some spring mechanism to set a user.
Or use some spring-cas library such as: https://www.baeldung.com/spring-security-cas-sso
msilla
@msilla
In order to overcome too many open file descriptors & memory leaks with CAS 6.2.2, we updated the code to close the LDAP connection after authentication (oops!).