apereo/cas

Apereo CAS - Single Sign On for All

tobia

@tobia

Hello.
I just realized that SSO (single sign-out) is not playing well with Spring sessions stored on the DB (spring.session.store-type=jdbc) at least on the project I'm working on. Apparently SingleSignOutFilter and SingleSignOutHandler cannot find the session to invalidate in SessionMappingStorage.
Can anybody confirm that this is indeed an issue?
Does anybody know of a fix or a workaround?

tobia

@tobia

Update: this has nothing to do with DB storage of the sessions. Apparently I'm receiving a SAML11 request, which has the parameter named "SAMLart" (instead of "ticket") and this is not recognized as an artifact parameter by SingleSignOutHandler.

tobia

@tobia

I have added a configuration directive in the vein of singleSignOutFilter.setArtifactParameterName("SAMLart") and now the code is executed, but the session is still not dropped. I will keep debugging.

mijutu

@mijutu:ellipsis.fi

[m]

When using CAS as oauth client with pac4j, what is my "Authorization callback URL" that I'm supposed to give to the oauth server?

mijutu

@mijutu:ellipsis.fi

[m]

I tried "https://my.address/cas/login", but that just brought me back from oauth server to cas login page and did not log me in.

mijutu

@mijutu:ellipsis.fi

[m]

Authorization callback URL is "https://my.addess/cas/login/NAME" where NAME is probably the value of cas.authn.pac4j.xxx.client-name from cas.properties. And at least for github: cas.authn.pac4j.github.callback-url-type=PATH_PARAMETER

chenbo6398

@chenbo6398

Unable to start ServletWebServerApplicationContext due to missing ServletWebServerFactory bean
What's wrong with this

mijutu

@mijutu:ellipsis.fi

[m]

What do I need to write to a service registry json file if I want a service to NOT be available with any delegated authentication methods? I have other services that need deletgated authentication and I don't want to confuse users of all services with the extra buttons on login screen.

I could probably hide the buttons by creating a new theme, but I'd rather just configure them out in the service registry json.

chenbo6398

@chenbo6398

I try to start cas (with version 6+),but it block when tomcat starting.......

apascuag

@apascuag

hi @mmoayyed. I have a problem with cas-management 6.3.1.
When adding a value in the "properties" tab, I get the following error:

ERROR TypeError: e.value.split is not a function

Is it reported? Is a patch expected?

xu20160924

@xu20160924

I face the problem of java.io.FileNotFoundException: /etc/cas/thekeystore when I run the image of docker (I pulled latest version). Has anyone experienced the same problem?

2 replies

fbusselgln

@fbusselgln

Does anyone know what I am doing wrong when CAS returns Servicetickets to an OIDC Registered Client?

futureideasworld

@futureideasworld

Hi, I am getting Cannot redirect after HTTP headers have been sent as I am using .Net dotnet-cas-client. Need help please

mixman68

@mixman68

Hi guys, my issue described here : https://groups.google.com/a/apereo.org/g/cas-user/c/rGU-xgmp-Mw/m/ISSqFkxFCwAJ
is resolved on last 6.4 rc but still here in the las 6.3, will the fix back to 6.3 ?

elion

@elion

Hello!

jcifs-ext is not accessible. The repository dl.bintray.com/uniconiam/maven/ is down. It is a dependency of cas-server-support-spnego.

bondsta

@bondsta

I’m having issues logging into hoonuit it’s saying my institution has a specific way to log in but when I click on it it’s says CAS not authorized

Neil

@RealNeilB_twitter

Is there a way to remove all TGTs for a user so they will be forced to re-login for all their current CAS sessions?

xgdz

@xgdz

Can cas6.2 log in without secret?

oauthtester01

@oauthtester01

Has anyone used vouch proxy with CAS OIDC to secure web apps ? I am getting following error

{"level":"error","ts":1623440653.4036229,"msg":"no User found in jwt"}
{"level":"debug","ts":1623440653.4036324,"msg":"setting the cookie domain to grouperdev.idm.xxx.edu"}
{"level":"debug","ts":1623440653.4036362,"msg":"deleting cookie: my-vouch-ct"}
{"level":"debug","ts":1623440653.4036474,"msg":"CaptureWriter.Write set w.StatusCode 401"}

this is the error i recieve post authentication

mixman68

@mixman68

hi guys, when cas 6.4 will be released (there is no milestone in schedules)

Christopher Hoskin

@mans0954

Hello, is it possible to use https://casserver.herokuapp.com/ to test integration of a SAML SP with a CAS IdP? I looked for the IdP metadata at https://casserver.herokuapp.com/cas/idp/metadata but got a page not found. Thanks.

mwbi

@mwbi

hi guys, on centos7 with java-11-openjdk-11.0.11.0.9-1 after adding ldap and json-service-registry in the dependencies i've got an error
Task :compileJava FAILED

What went wrong:
Execution failed for task ':compileJava'.
error: release version 11 not supported

building from https://github.com/apereo/cas-overlay-template with gradlew

any hint for me ?

juandn

@juandn

hi, im configuring x509 auth, with ldap extra attributes, but i have a problem with matchin cert data with LDAP fields for filter. I have a principal like ABCD-1234567Z and need a searchfilter like cas.authn.attribute-repository.ldap[0].searchFilter=<ldapfield>=1234567Z, how can i trim principal in order to use them in searchfilter. thx

Marc K.

@V3ndetta

Hi, i'm trying to activate acceptable usage policy and get this Error: [..] in state 'acceptableUsagePolicyView' of flow 'login' -- action execution attributes were 'map[[empty]]' [..]
any ideas on how to fix this?

stourwalk-work

@stourwalk-work

Hi, i'm trying to activate acceptable usage policy and get this Error: [..] in state 'acceptableUsagePolicyView' of flow 'login' -- action execution attributes were 'map[[empty]]' [..]
any ideas on how to fix this?

Usually this happens when the query to find the aupAccepted value doesn't return anything at all. For example if you are using JDBC with 'SELECT aupAccepted from user where username = ?' and there is no row for the username specified then you will get the error you are seeing

Marc K.

@V3ndetta

@stourwalk-work Thanks, i'll try this later and debug the jdbc-connection. My first thought was something about webflow, so i looked at a very wrong end =)

yosbotnet

@yosbotnet

Anyone knows how to fix this error when creating an Oauth2 service on cas management?

2021-06-29 05:01:59,854 INFO [org.pac4j.core.profile.ProfileHelper] - <Building user profile based on typedId: [email]>
2021-06-29 05:02:33,169 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [email]
WHAT: IO error opening file stream.
ACTION: SAVE_SERVICE_FAILED
APPLICATION: CAS_Management
WHEN: Tue Jun 29 05:02:33 WGST 2021
CLIENT IP ADDRESS: 192.168.0.98
SERVER IP ADDRESS: 192.168.0.73
=============================================================

>
2021-06-29 05:02:33,185 ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas-management].[dispatcherServlet]] - <Servlet.service() for servlet [dispatcherServlet] in context with path [/cas-management] threw exception [Request processing failed; nested exception is java.lang.IllegalArgumentException: IO error opening file stream.] with root cause>
java.io.IOException: The service definition file could not be saved at /etc/cas/services/ex-1624950153058.json
        at org.apereo.cas.services.resource.AbstractResourceBasedServiceRegistry.save(AbstractResourceBasedServiceRegistry.java:184) ~[cas-server-core-services-registry-6.3.2.jar!/:6.3.2]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
        at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
        at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
        at com.sun.proxy.$Proxy119.save(Unknown Source) ~[?:?]
        at org.apereo.cas.services.DefaultChainingServiceRegistry.lambda$save$0(DefaultChainingServiceRegistry.java:44) ~[cas-server-core-services-registry-6.3.2.jar!/:6.3.2]
        at java.util.ArrayList.forEach(ArrayList.java:1541) ~[?:?]
        at org.apereo.cas.services.DefaultChainingServiceRegistry.save(DefaultChainingServiceRegistry.java:44) ~[cas-server-core-services-registry-6.3.2.jar!/:6.3.2]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
   [continues]

The program is being ran as root, so it should have access to the directory. Also this only happens for some services, for example open id works.

chenbo6398

@chenbo6398

how could i config CAS with Springboot DelegatingPasswordEncoder

thomas-bee

@thomas-bee

Concerning OIDC, we managed to get some custom attributes (claims) into the open_id token by adding a attributeReleasePolicyto the service definition and listing the allowedAttributes. However, it would be nice to control which attributes are returned for which standard or custom scope. How can this be accomplished?

Marc K.

@V3ndetta

Hi, i'm trying to activate acceptable usage policy and get this Error: [..] in state 'acceptableUsagePolicyView' of flow 'login' -- action execution attributes were 'map[[empty]]' [..]
any ideas on how to fix this?

Usually this happens when the query to find the aupAccepted value doesn't return anything at all. For example if you are using JDBC with 'SELECT aupAccepted from user where username = ?' and there is no row for the username specified then you will get the error you are seeing

Problem was a missing (and valid) cas.acceptable-usage-policy.aup-policy-terms-attribute-name=XXXXX config option. Wasn't aware that this is mandatory

stourwalk-work

@stourwalk-work

Hi, i'm trying to activate acceptable usage policy and get this Error: [..] in state 'acceptableUsagePolicyView' of flow 'login' -- action execution attributes were 'map[[empty]]' [..]
any ideas on how to fix this?

Usually this happens when the query to find the aupAccepted value doesn't return anything at all. For example if you are using JDBC with 'SELECT aupAccepted from user where username = ?' and there is no row for the username specified then you will get the error you are seeing

Problem was a missing (and valid) cas.acceptable-usage-policy.aup-policy-terms-attribute-name=XXXXX config option. Wasn't aware that this is mandatory

Glad you got it sorted! Having an invalid value would also lead to no row being returned which would throw the same error that I had come across before.

Marc K.

@V3ndetta

Is there a way to change CAS generated SAML Metadata .xml content like <ContactPerson contactType="administrative"> <GivenName>John Smith</GivenName>? didn't find anything in documentation. I'm curently triing to connect CAS with DFN:AAI - looks like a very hard job =D

Frédéric Praca

@FredPraca

Hi, I have a CAS version 6.3 which works correctly when directly accessed but I have a problem when using a reverse-proxy in front of it. In fact, when working with Apache through AJP, I receive the following message on CAS log ([org.apereo.cas.authentication.principal.WebApplicationServiceFactory] - <No service is specified in the request. Skipping service creation>) and thus the theme associated with my services is not correctly defined. Has anyone seen this before ?

mwbi

@mwbi

Hi, building the cas-configserver-overlay i got an error getting the resource https://dl.bintray.com/scalding/generic/waroverlay.gradle , because it looks like this URL is dead. Where can I find an alternative to build this project ? Any hints ?

apascuag

@apascuag

Hello,
I have a problem with cas-management, in the whole 6.3 series (including the latest 6.3.3).
I can't add any value in the "properties" tab.

Has it happened to someone or know of any report of this case?

mwbi

@mwbi

Hello, das someone know to fix this error :
The bean 'messageSource', defined in BeanDefinition defined in class path resource [org/apereo/cas/config/CasCoreWebConfiguration.class]
, could not be registered

After enabling spring.main.allow-bean-definition-overriding=true the cas application crash

2021-07-13 19:11:57,199 ERROR [org.springframework.boot.SpringApplication] - <Application run failed>
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'casServletWebServerFactory' defined in class pat
h resource [org/apereo/cas/config/CasEmbeddedContainerTomcatConfiguration.class]: Bean instantiation via factory method failed; nested e
xception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.web.servlet.server.Con
figurableServletWebServerFactory]: Factory method 'casServletWebServerFactory' threw exception; nested exception is java.lang.NullPointe
rException

Will be nice, if someone can help me

GegrLmtte

@GegrLmtte

Hi, i'm trying to activate acceptable usage policy and get this Error: [..] in state 'acceptableUsagePolicyView' of flow 'login' -- action execution attributes were 'map[[empty]]' [..]
any ideas on how to fix this?

Usually this happens when the query to find the aupAccepted value doesn't return anything at all. For example if you are using JDBC with 'SELECT aupAccepted from user where username = ?' and there is no row for the username specified then you will get the error you are seeing

Problem was a missing (and valid) cas.acceptable-usage-policy.aup-policy-terms-attribute-name=XXXXX config option. Wasn't aware that this is mandatory

Glad you got it sorted! Having an invalid value would also lead to no row being returned which would throw the same error that I had come across before.

CAS 6.3.2
Hi, i'm also trying to activate acceptable usage policy (with ldap storage) and the same error occur when my browser locale is set to fr (which matches messages_fr.properties file), no error when the browser locale is set to fr-FR

I don't understand what would be a valid cas.acceptable-usage-policy.aup-policy-terms-attribute-name=XXXXX config option, can someboby help me please ?

nava.cbe

@nava.cbe:matrix.org

[m]

Hi, I have upgraded the CAS 5.2 version to 6.3 , I have configured everything as documentation, but jsonService Registry working for me and jpa service registry not worked

1 reply

stourwalk-work

@stourwalk-work

Hi, I'm looking to override some internal CAS classes to make the functionality fit our requirements better - we are using the overlay build method, and if I add the class into src/main/java it errors because it can't find any of the dependencies, trying to add them all will make a rabbit's warren of files being imported that really aren't necessary - is there a better / easier way to overlay the overlay :)

Bert-Jan

@bert-janzwanepol

Hi, building the cas-configserver-overlay i got an error getting the resource https://dl.bintray.com/scalding/generic/waroverlay.gradle , because it looks like this URL is dead. Where can I find an alternative to build this project ? Any hints ?

I ran into the same problem. I solved it by changing my build.gradle:

   // on line 11 add  the following dependency
  classpath "org.scaldingspoon.gradle:gradle-waroverlay-plugin:0.9.3"

  // replace the following line
  apply from: "https://dl.bintray.com/scalding/generic/waroverlay.gradle"
  // with this one
  apply plugin: 'waroverlay'

Where communities thrive

People

Repo info

Activity