Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 20:10
    codecov[bot] commented #5068
  • 20:05
    codecov[bot] commented #5068
  • 20:01
    codecov[bot] commented #5068
  • 19:19
    codecov[bot] commented #5068
  • 19:17
    codecov[bot] commented #5068
  • 19:17
    codecov[bot] commented #5068
  • 17:14

    mmoayyed on heroku-casinit

    Update gradle.properties (compare)

  • 17:08

    mmoayyed on 6.3.x

    cassandra ci fixes (compare)

  • 16:43
    apereocas-bot labeled #5068
  • 16:42
    mmoayyed unlabeled #5068
  • 16:38
    apereocas-bot labeled #5068
  • 16:38
    apereocas-bot labeled #5068
  • 16:38
    apereocas-bot milestoned #5068
  • 16:37
    rmathis opened #5068
  • 12:39

    mmoayyed on master

    next release next release (compare)

  • 09:28

    mmoayyed on 6.3.x

    backport patch fix tests (cherry picked from … backport patches (compare)

  • 09:03

    apereocas-bot on gh-pages

    Published docs to [gh-pages] fr… (compare)

  • 08:48

    mmoayyed on v6.4.0-RC2

    next release (compare)

  • 08:41
    mmoayyed milestoned #5055
  • 08:41
    mmoayyed demilestoned #5055
hsartoris-bard
@hsartoris-bard
@kripalsingh Hm, depending on how interested you are in testing webauthn it might be worth cloning it and running the bci alias given at the end of this page on the master branch. Something has changed from 6.3.0-RC3 to master such that the above error doesn't arise anymore.
You'd have to update your gradle.properties to indicate 6.3.0-SNAPSHOT
Also, be aware that you should probably parameterize the version specified in overrides.gradle in gradle.properties or something, and in general get rid of that snippet as soon as it's no longer necessary, otherwise you'll probably encounter weird Jackson version issues in the future due to unintended version pinning
Kripal Singh
@kripalsingh
@hsartoris-bard i am not interested in building from source as that might lead us into a different issues on production plaforms , any ides where is the com.yubico.webauthn.core.RegistrationStorage located and how to inclue it ? thanks
ssrinathraju
@ssrinathraju
Hi Anyone
I'm trying to get the response for /status/health API in Apereo CAS 5.3
endpoints.enabled = true
endpoints.sensitive = false
endpoints.actuator.enabled = true
management.security.enabled = false
cas.adminPagesSecurity.ip = 127\\.0\\.0\\.1
cas.adminPagesSecurity.actuatorEndpointsEnabled = true
cas.monitor.endpoints.enabled = true
cas.monitor.endpoints.sensitive = false
Using these properties as mentioned above
But still, I'm getting Access Denied error
@virgium03
Andreich2010
@Andreich2010
Hello, Friends!
I'm setting up CAS for SPNERGO. I have little experience in JAVA. Can someone show an example of cas.properties for Kerberos?
Thank you in advance
hsartoris-bard
@hsartoris-bard
@kripalsingh if you're not interested in messing with the source (which is fair) then I would suggest holding off on implementing webauthn. In my testing, being able to dive into the source has been somewhat important. As yet there are also some rough edges. What I mean to say by suggesting compiling the source is not to deploy that to production, but to acknowledge that you're treading into bleeding-edge features and will need to be able to support yourself to some extent.
In any case, I would suggest tracking down the Yubico Github repo for the relevant artifact and locating RegistrationStorage if you're intent on using it with RC3
Kripal Singh
@kripalsingh
@hsartoris-bard Thanks for your help , I was able to build and deploy the CAS but unable to activate the webauthn flow . Do you the device registration URL for webauthn
hsartoris-bard
@hsartoris-bard
@kripalsingh the same requirements as usual for MFA providers apply for getting it to activate. Start by making sure that your test service identifies mfa-webauthn as an allowed provider, and that your MFA triggering policy is selecting mfa-webauthn for your test account. In all of this it will likely be necessary to increase the log level to debug at least.
Kripal Singh
@kripalsingh
@hsartoris-bard i attempted to set up MFA for webauthn with keycas.authn.mfa.web-authn.id=web-authn but i do not see it as MFA provider in supported list https://apereo.github.io/cas/development/mfa/Configuring-Multifactor-Authentication.html#supported-providers
Kripal Singh
@kripalsingh
running into the issue of WARN [org.apereo.cas.web.flow.resolver.impl.DefaultCasDelegatingWebflowEventResolver] - <class org.apereo.cas.authentication.AuthenticationException: Transition definition cannot be found for event web-authn>
hsartoris-bard
@hsartoris-bard
Yeah I would recommend leaving the id parameter unset and using the built-in 'mfa-webauthn'
Kripal Singh
@kripalsingh
@hsartoris-bard i made the recommended changes i got this error 2020-10-14 14:43:16,728 ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] - <Forwarding to error page from request [/login] due to exception [Exception thrown executing org.apereo.cas.webauthn.web.flow.WebAuthnAccountCheckRegistrationAction@ad2154a in state 'accountRegistrationCheck' of flow 'mfa-webauthn' -- action execution attributes were 'map['resolvedAuthenticationEvents' -> list[mfa-webauthn]]']>
org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.webauthn.web.flow.WebAuthnAccountCheckRegistrationAction@ad2154a in state 'accountRegistrationCheck' of flow 'mfa-webauthn' -- action execution attributes were 'map['resolvedAuthenticationEvents' -> list[mfa-webauthn]]'
xgdz
@xgdz
Hello everyone!How to configure multiple LDAP connections in cas5. 3,Now I can only configure one LDAP connection。
Sheldon
@peterzha
Can spnego authentication mode support a highly available deployment ? Why it does not work when I add a nginx server between a client browser and the cas server which is configured to use spnego authentication mode? The nginx proxy upstream I configured domain name already,but it alse dosen't work.
Łukasz
@lgwozniak
Anyone got problem with remember me in version 6.2.1 ?
Andreich2010
@Andreich2010
image.png
I'm having problems with Kerberos.
The keys and principals are correct, the account is active.
But you can't log in. (version 6.3.0)
Kripal Singh
@kripalsingh
@hsartoris-bard i was successfully able to test the wenauthn flow on my device , is there a way to go passwordless with webauthn flow ?
Fabrice Bacchella
@fbacchella
do you have a common set of encription algorithm ?
klist -e might help you
Sheldon
@peterzha
Is your keytab file on the cas server correct?
hsartoris-bard
@hsartoris-bard
You will need to set cas.authn.passwordless.multifactor-authentication-activated=true and then flag the target accounts as eligible as demonstrated in the example here. Unfortunately, I am not aware of how to integrate flagging the account with the webauthn repository; i.e., to ask it who is registered and flag as such. I'm sure there is a way but I do not know of it at this time.
Kripal Singh
@kripalsingh
@hsartoris-bard thanks
hsartoris-bard
@hsartoris-bard
@kripalsingh np, good luck
fotis120
@fotis120

Good morning to everyone.

I am currently trying to run a build in the master branch and I am receiving the following error:
Could not determine the dependencies of task ':support:cas-server-support-simple-mfa-core:compileTestJava'.

Could not resolve all dependencies for configuration ':support:cas-server-support-simple-mfa-core:testAnnotationProcessor'.
Failed to calculate the value of task ':support:cas-server-support-simple-mfa-core:compileJava' property 'javaCompiler'.
Unable to configure Java installation, probing failed with the following message: A problem occurred starting process 'command '/usr/lib/jvm/openjdk-11/bin/java''

My $JAVA_HOME does not point to this path and I cannot find why the build process searches for java in that particular path.

I face the current problem only when cloning the master branch and trying to run a build.
If I switch to 6.2 branch, the build is successful.

Has anyone else tried to clone and build the master branch and received a similar error?

Pavlos Drandakis
@pdrados
@fotis120 It seems that there is a problem with gradle's toolchain feature, when locating jvm. The build process completes successfully by commenting out lines 181-185 in build.gradle or by adding in gradle.properties the following lines
org.gradle.java.installations.auto-detect=false
org.gradle.java.installations.auto-download=false
org.gradle.java.installations.paths=/THE_PATH_WHERE_YOUR_JDK_IS
dmngb
@dmngb

Hello all,

We have observed a behavior (regression?) change between 6.2.2 and 6.2.3/6.2.4, regarding forced renew.
(I have not been able to bisect further and propose a fix: I still have not found the exact command line to build and deploy to my maven local from sources. But this this another topic. Help wanted.).

In 6.2.2:
Go http://cas/login?renew=true&TARGET=http://testapp/ (note: our testapp does not validate the service ticket – but this may be irrelevant)
Login
Go http://cas/login?renew=true&TARGET=http://testapp/
Result (as expected): the UI shows ‘welcome back ‘user’, …’

In 6.2.3/6.2.4:
Same steps
Result: the UI does not show ‘welcome back ‘user’, …’
(e.g. existingSingleSignOnSessionAvailable seems to be false in context of loginform.html)

springnirps
@springnirps
@xplodwild see gradle task "getResource" ... gradlew getResource header (leave off file extension)
Dustin Lemp
@dustin_lemp_twitter
Hey all! I'm finally moving into the world of Spring Security! Trying to build out my first app that uses Spring Security and CAS...I can't quite figure out how to properly use the setUserDetailsService to load the CAS info (all I really need is principle/username). The examples I've found override a service loadUserDetails, but that may be depreciated? The newer examples all use loadUserByName, but when I try that, I get a "cannot return ResultSet" error. Anybody know of a good, up to date guide for this? Thanks!
Dustin Lemp
@dustin_lemp_twitter
Alright, I think I'm getting somewhere. I found a post where it said loadUserByName is depreciated and loadUserDetails is newer...Anyway, I moved to use loadUserDetails, reading the authentication object and it's starting to come together.
xgdz
@xgdz
How to configure saml protocol in cas5.x
Misagh Moayyed
@mmoayyed
which saml protocol?
xgdz
@xgdz
saml2.0
matrixbot
@matrixbot
mijutu Hello. Is there an easy way to add mapping of usernames per service? For example user logs in to cas with her username and password. When she goes to serviceA, the serviceA gets the username usual. But when she goes to serviceB, cas would look up an alternative username and return that to serviceB.
xgdz
@xgdz
@mmoayyed saml2.0
Misagh Moayyed
@mmoayyed
have you looked at the docs?
xgdz
@xgdz
image.png
Is the part marked in red provided by the client?
Misagh Moayyed
@mmoayyed
yes
CHITHRA SHETTY
@CHITHRASHETTY2_twitter
Hello, I am having following setup .net core(AspNet.Security.CAS) -> CAS(delegating) -> SAML IdP. Able to authenticate to the Idp from CAS server so connection to external IdP is setup correctly. But when I login from the .net app, it is throwing below error.2020-11-03 02:15:45,970 DEBUG [org.apereo.cas.web.DelegatedClientWebflowManager] - <Client identifier could not found as part of the request parameters. Looking at relay-state for the SAML2 client> 2020-11-03 02:15:45,970 DEBUG [org.apereo.cas.web.DelegatedClientWebflowManager] - <Located delegated client identifier for this request as [Optional.empty]> 2020-11-03 02:15:45,970 DEBUG [org.apereo.cas.AbstractCentralAuthenticationService] - <Ticket [] by type [TransientSessionTicket] cannot be found in the ticket registry.> 2020-11-03 02:15:45,970 ERROR [org.apereo.cas.web.DelegatedClientWebflowManager] - <Delegated client identifier cannot be located in the authentication request [https://mycasserver/cas/login?service=https%3A%2F%2Flocalhost%2Fsignin-cas%3Fstate%3DCfDJ8HgM412oj95DqYeKeBq8zOQjNWyHmcLcpasqvwAY0UFS0VoWduTQNZWIp2-8dN1kmseWmoFHt7qg32885lXa4aXQKScs5Rqr4MkSBQNgBfJToNa5O7fPN_PbAB0UNxMdK9P2ENAi1D7rUoqhZQA-MigfWyzCG5lNd0ACZl2L4XrARmOA8Ial7GQ79KRtGvXUYnXyJ5G4AsfiOnSiQWcIn4S-eHxh_xtR7MBHWka2j-YonCYC4ER2MVgaLhfWIUF8RHXQi_75YsU830QslcsK_LOyP0kb0qZlDGHPXEr46hRf1Y3qtCh2j1Qv3sufP5y2mHHGZsz4PGOo8m2ReEQKLt4&client_name=login]> 2020-11-03 02:15:45,970 ERROR [org.apereo.cas.web.flow.DelegatedClientAuthenticationAction] - <> Can someone please help me. Trying to fix this from so many days.
springnirps
@springnirps
cas 6.2.1 ... after logging in I only see the default user attribute page. How do I get CAS to redirect me back to the application?
Rafiek
@rafiek
Hi all, I am configuring the /actuator/metrics endpoint and I am interested in more metrics like ldap and hazelcast. Is there a way to enable them and push statistics on the /metrics endpoint?
Łukasz
@lgwozniak
Hello. I got CAS 6.2 .We got problem with client that has dynamic IPs they always must log in after ip is changed. Any idea why ?