and I want to use Redis as a session-storage but got error
'Parameter 1 of method sessionRepositoryFilterRegistration in org.springframework.boot.autoconfigure.session.SessionRepositoryFilterConfiguration required a single bean, but 2 were found:
- redisGoogleAuthenticatorConnectionFactory: defined by method 'redisGoogleAuthenticatorConnectionFactory' in class path resource [org/apereo/cas/config/GoogleAuthenticatorRedisConfiguration.class]
- redisTicketConnectionFactory: defined in BeanDefinition defined in class path resource [org/apereo/cas/config/RedisTicketRegistryConfiguration.class]'
I have 2 questions related to the CAS authentication using OIDC
- Do I need to have the cas ticketing to get the OIDC working on multiple instances deployment?
- If I am accessing the cas server directly, not from a client (no redirection url but a default-redirect-url is used which is secured by oidc), what happens is I need to login again after the first time. Any reason or way to handle this case?
Hello, I have installed CAS & CAS managment 6.3 in Linux. I am able to login to the application through LDAP authentication. I have added application URL in service registery which throws error : "Application Not Authorized to Use CAS
The application you attempted to authenticate to is not authorized to use CAS. This usually indicates that the application is not registered with CAS, or its authorization policy defined in its registration record prevents it from leveraging CAS functionality, or it's malformed and unrecognized by CAS. Contact your CAS administrator to learn how you might register and integrate your application with CAS" . I have set up virtual host in my local windows system and add that url in service registery and able to access it without any issue. But with the application URL i am facing issue. I am giving the pattern as below :
^(http|https)://CNNAME/*. can you please point out what i am doing wrong
2 replies
<AppenderRef ref="console"/>
<AppenderRef ref="file"/>
</Logger>
Hi, we have a CAS 6.3 setup being used to authenticate Canvas LMS. We are experiencing an issue that apparently occurs only with Chromre: right after you login, instead of redirecting you to the application, it reloads the CAS login page. If you hit F5 the redirect happens. We read many old and new posts reporting this issue but never saw the solution...so I'm not sure if there is one. I can confirm it happens even with the newest versions of Chrome. Thanks!!!
Additional information: it does not happen to every user, but to many of them. We could not find a reason, it even happens with the latest version of Chrome (v89).
cas.authn.attributeRepository.ldap[1].ldapUrl=ldaps:/xxx
cas.authn.attributeRepository.ldap[1].connectionStrategy=
cas.authn.attributeRepository.ldap[1].order=0
cas.authn.attributeRepository.ldap[1].useSsl=true
cas.authn.attributeRepository.ldap[1].useStartTls=false
cas.authn.attributeRepository.ldap[1].connectTimeout=10000
cas.authn.attributeRepository.ldap[1].baseDn=......
cas.authn.attributeRepository.ldap[1].userFilter=uid={user}
cas.authn.attributeRepository.ldap[1].subtreeSearch=true
cas.authn.attributeRepository.ldap[1].bindDn=uid=yyy
cas.authn.attributeRepository.ldap[1].bindCredential=zzz
cas.authn.attributeRepository.ldap[1].minPoolSize=3
cas.authn.attributeRepository.ldap[1].maxPoolSize=10
cas.authn.attributeRepository.ldap[1].validateOnCheckout=true
cas.authn.attributeRepository.ldap[1].validatePeriodically=true
cas.authn.attributeRepository.ldap[1].validatePeriod=600
cas.authn.attributeRepository.ldap[1].validateTimeout=5000
cas.authn.attributeRepository.ldap[1].failFast=true
cas.authn.attributeRepository.ldap[1].idleTime=500
cas.authn.attributeRepository.ldap[1].prunePeriod=600
cas.authn.attributeRepository.ldap[1].blockWaitTime=5000
1 reply
Hello,
I have a problem with SPRING_SESSION table. It is not being created and afterwards the job that cleans it up complains about this fact.
Still, in the config I have:
spring:
session:
store-type: jdbc
jdbc:
initialize-schema: alwaysThe problem looks like this one https://stackoverflow.com/questions/62280248/apereo-cas-6-x-embeded-hsqldb-not-initialized (but I have a different DB)
And I also tried properties suggested in the answer, but with no luck.
"If a user rejects consent to the application, they will be redirected to the redirect_uri with an access_denied error"
Hello everyone,
I'm trying to use mongodb to store mfa tokens and for ticket registry. cas won't boot and throw the following error :
Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'gridFsTemplate' defined in class path resource [org/springframework/boot/autoconfigure/data/mongo/MongoDatabaseFactoryDependentConfiguration.class]: Unsatisfied dependency expressed through method 'gridFsTemplate' parameter 1; nested exception is org.springframework.beans.factory.NoUniqueBeanDefinitionException: No qualifying bean of type 'org.springframework.data.mongodb.core.MongoTemplate' available: expected single matching bean but found 2: mongoDbGoogleAuthenticatorTemplate,mongoDbTicketRegistryTemplate
is this a known issue ?
I have a service registered with scopes "A" and "B", when I request an access token using the Authorization Code flow or Client credentials grant with the scopes "A" and "C" CAS is creating an access token with scopes "A" and "C" but the scope "C" is not registered in my service.
For me this is a bug, but I want to be sure because I found more things that could be fixed, for example:
- "org.apereo.cas.services.RegisteredService" in the access token header.
- "grant_type", "client_id", "oauthClientId" in the access token.
- "client_id" in the ID token.
- "state" in the access token an ID token, this value should be returned as a query parameter if the request included it in the URI.
- "nonce" in the access token, but it should be added only in the ID token.
- "nonce" in the ID token with an empty value, it should be added only if the request included it.
We're trying to get the Syslog Appender working in version 4.0.1 of CAS - It's a long, boring story why we're still on this version.
I found this info in the Manual for ver 4.2.x:
https://apereo.github.io/cas/4.2.x/installation/Monitoring-Statistics.html#routing-logs-to-syslog
But we're using 4.0.1 of CAS - attempting to apply this directive as is results in numerous errors.
log4j:WARN Element type "Appenders" must be declared.
log4j:WARN Continuable parsing error 27 and column 41
log4j:WARN Element type "Syslog" must be declared.
log4j:WARN Continuable parsing error 173 and column 23
log4j:WARN The content of element type "log4j:configuration" must match "(renderer,throwableRenderer?,appender,plugin,(category|logger),root?,(categoryFactory|loggerFactory)?)".
log4j:WARN Unrecognized element Appenders
log4j:ERROR No appender named [SYSLOG] could be found.
If I change "Appenders" to "appender" as declared in other sections of the config I get a stack trace and various problems when starting this in the tomcat container. Any advice would be appreciated.