2021-02-10 13:00:40,175 ERROR [org.apereo.cas.util.serialization. AbstractJacksonBackedStringSerializer] - <Cannot read/parse JSON [{"@class":"org.apereo.cas.services.RegexRegisteredService","serviceId":"^https://abc/login...] to deserialize into type (interface org.apereo.cas.services. RegisteredService). This may be caused in the absence of a configuration/support module that knows how to interpret the JSON fragment, specially if the fragment describes a CAS registered service definition. Internal parsing error is (Illegal type (org.apereo.cas.services.RegexRegisteredService) to
deserialize: prevented for security reasons
at [Source
(String)"("@class":"org.apereo.cas.services.RegexRegisteredService","serviceId" : "^https://abc/login","name":"CommonWeb", "description":"This is a Spring App that uses the CAS Server for it's authentication", "id":19991, "theme": "theme abc", "evaluationOrder":1,"properties":{"@class":"java.util.HashMap", "appId": {"@class":"org.apereo.cas.services.DefaultRegisteredServiceProperty","values":["java.util.HashSet",["ABC"]]},"rolePrefix": {"@class":"org.apereo.cas.services.De" [truncated 399 chars); line: 1, column: 11]]>
2021-02-10 13:00:40, 176 INFO (org.apereo.cas.services AbstractServicesManager - <Loaded [0] service(s) from (JsonServiceRegistryDao)->
https://pastebin.ubuntu.com/p/C8SFX6zbTw/
everything is ok without saml-idp. I add this lines to cas.properties too:
cas.authn.samlIdp.entityId=${cas.server.prefix}/idp
cas.authn.samlIdp.scope=ourdomain_dns_name
cas.authn.samlIdp.metadata.location=file:/etc/cas/saml
Hello. I am running CAS 5.3.14 with saml and saml-idp services.
I am using CAS 5.3.14. when i added saml-idp for saml sp integration, I have a error. i paste error on pastebin.
https://pastebin.ubuntu.com/p/C8SFX6zbTw/
everything is ok without saml-idp. I add this lines to cas.properties too:
cas.authn.samlIdp.entityId=${cas.server.prefix}/idp
cas.authn.samlIdp.scope=ourdomain_dns_name
cas.authn.samlIdp.metadata.location=file:/etc/cas/saml
I found the problem. I defined my gitlab service as SAML SP on cas management. but it need to configure skipGeneratingTransientNameId.
org.apereo.cas.ticket.registry to org.apereo.cas.ticket . And now i got deserialization problem for tickets from 6.2 version. Caused by: java.lang.ClassNotFoundException: org.apereo.cas.ticket.registry.EncodedTicket in at org.apereo.cas.ticket.registry.RedisTicketRegistry.lambda$getTicketsStream$0(RedisTicketRegistry.java:98) ~[cas-server-support-redis-ticket-registry-6.3.0.jar!/:6.3.0]
cas.authn.ldap[0].use-start-tls=false
cas.authn.ldap[0].baseDn=dc=atu,dc=gob,dc=pe
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.ldap[0].bindDn=user@atu.gob.pe
cas.authn.ldap[0].bindCredential=password
\nWHAT: ST-156-5B2tBGK6XzBFRQ1THd7105vuGBE-https://localhost/closing/cas for https://localhost/closing/cas/oauth2.0/callbackAuthorize?client_id=CRfgn8vNQqVFUoM7sEBL3imr&redirect_uri=https%3A%2F%2Floc...\n
ACTION: SERVICE_TICKET_VALIDATE_FAILED\nAPPLICATION: CAS
\nWHEN: Wed Feb 17 08:52:27 EST 2021
nCLIENT IP ADDRESS: ::1
\nSERVER IP ADDRESS:
I am using CAS 6.2X. When the CAS login page is served and user goes idle for sometime and then submits the credentials the CAS error page is shown to the user. I have tried to set the expiration policy of ST and TGT but the error still persists. Is the problem that the CAS Session times out when the user goes idle or something else. Looking for inputs. WHO: audit:unknown
\nWHAT: ST-156-5B2tBGK6XzBFRQ1THd7105vuGBE-https://localhost/closing/cas for https://localhost/closing/cas/oauth2.0/callbackAuthorize?client_id=CRfgn8vNQqVFUoM7sEBL3imr&redirect_uri=https%3A%2F%2Floc...\n
ACTION: SERVICE_TICKET_VALIDATE_FAILED\nAPPLICATION: CAS
\nWHEN: Wed Feb 17 08:52:27 EST 2021
nCLIENT IP ADDRESS: ::1
\nSERVER IP ADDRESS:
I am using CAS 6.2X. When the CAS login page is served and user goes idle for sometime and then submits the credentials the CAS error page is shown to the user. I have tried to set the expiration policy of ST and TGT but the error still persists. Is the problem that the CAS Session times out when the user goes idle or something else. Looking for inputs. WHO: audit:unknown
\nWHAT: ST-156-5B2tBGK6XzBFRQ1THd7105vuGBE-https://localhost/closing/cas for https://localhost/closing/cas/oauth2.0/callbackAuthorize?client_id=CRfgn8vNQqVFUoM7sEBL3imr&redirect_uri=https%3A%2F%2Floc...\n
ACTION: SERVICE_TICKET_VALIDATE_FAILED\nAPPLICATION: CAS
\nWHEN: Wed Feb 17 08:52:27 EST 2021
nCLIENT IP ADDRESS: ::1
\nSERVER IP ADDRESS:
The ST would be created after the authentication. Are there any error messages shown (try logging with 'TRACEW' or 'DEBUg').
can someone please provide any documentation link on how CAS supports multi tenancy
What are you referring to by 'mutil-tenancy'?
Greetings,
I have a quick question, is there a way to disable the gateway option from a request when using the service param, let me to add more context to this question: Im using the service parameter to send my user to my main application after they log in, the url looks something like: https://192.168.X.X:8443/cas/login?service=http%3A%2F%2Fmywebapp%3A3000%2Flogin , then I found a possible risk if someone malicious wants to redirect traffic to their page using the gateway option, something like: https://192.168.X.X:8443/cas/login?service=http//maliciouswebsite.com&gateway=true, I don't want someone with bad intentions to be able to perform this option, so my question is, is it possible to eliminate the gateway parameter so that traffic is not redirected?
Is here anyone who got cas as a OpenIDConnect Server running?
Im trying this for days but always get endless redirects. And most curious is a redirect to >http< instead of >https<. I have no clue where the source for this is located:
http://test.hwe.de/cas/oidc/authorize?response_type=id_token token&client_id=client14d&redirect_uri=https://test.hwe.de/cb&scope=openid profile&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj&bypass_approval_prompt=true
The chain is:
after that it redirects again to
http://test.hwe.de/cas/oidc/authorize?response_type=id_token+token&client_id=client14d&redirect_uri=https%3A%2F%2Ftest.hwe.de%2Fcb&scope=openid+profile&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj&bypass_approval_prompt=true
and so on...
Has anyone an idea?
No matching variant of org.apereo.cas:cas-server-core-api-configuration-model:6.3.2 was found. The consumer was configured to find a runtime of a library compatible with Java 8, packaged as a jar, and its dependencies declared externally but:
- Variant 'apiElements' capability org.apereo.cas:cas-server-core-api-configuration-model:6.3.2 declares a library, packaged as a jar, and its dependencies declared externally:
- Incompatible because this component declares an API of a component compatible with Java 11 and the consumer needed a runtime of a component compatible with Java 8
- Variant 'runtimeElements' capability org.apereo.cas:cas-server-core-api-configuration-model:6.3.2 declares a runtime of a library, packaged as a jar, and its dependencies declared externally:
- Incompatible because this component declares a component compatible with Java 11 and the consumer needed a component compatible with Java 8Could not resolve org.apereo.cas:cas-server-core-configuration-metadata-repository:6.3.2.
Required by:
unspecified:unspecified:unspecified
No matching variant of org.apereo.cas:cas-server-core-configuration-metadata-repository:6.3.2 was found. The consumer was configured to find a runtime of a library compatible with Java 8, packaged as a jar, and its dependencies declared externally but:- Variant 'apiElements' capability org.apereo.cas:cas-server-core-configuration-metadata-repository:6.3.2 declares a library, packaged as a jar, and its dependencies declared externally: - Incompatible because this component declares an API of a component compatible with Java 11 and the consumer needed a runtime of a component compatible with Java 8
attributeReleasePolicy: !<org.apereo.cas.services.ReturnMappedAttributeReleasePolicy>
principalAttributesRepository: !<org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository>
expiration: 2
timeUnit: "HOURS"
consentPolicy: !<org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy>
enabled: true
authorizedToReleaseCredentialPassword: false
authorizedToReleaseProxyGrantingTicket: false
excludeDefaultAttributes: false
authorizedToReleaseAuthenticationAttributes: true
allowedAttributes: !<java.util.TreeMap>
- "cn" : "cn"
- "mail" : "email"
- "memberOf" : "memberOf"
- "givenName" : "givenName"
- "displayName" : "displayName"
- "surName" : "surName"
- "departmentNumber" : "departmentNumber"
The yml file fails to load as a CAS service, any help would be appreciated.
Regards,
Robert
I'm new to CAS and I need to validate the ticket. I've setup the application and after successful login I've a ticket. Now my question is: How can I validate the ticket using cas server? Second, how many times we can validate the ticket? I would be great there is any link to go through. Thanks
