Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 16:59
    pspaude commented #5009
  • 16:58

    apereocas-bot on gh-pages

    Published docs to [gh-pages] fr… (compare)

  • 16:43

    mmoayyed on master

    Clean up manual object-mapper r… Clean up manual object-mapper r… fix tests and 4 more (compare)

  • 16:26
    unfurl-links[bot] commented #5009
  • 16:26
    mmoayyed commented #5009
  • 16:25
    mmoayyed commented #5009
  • 16:22
    pspaude commented #5009
  • 13:57

    mmoayyed on gh-pages

    documentation update (compare)

  • 10:46
    mmoayyed commented #4971
  • 10:32
    mmoayyed commented #4971
  • 10:01
    CLAassistant commented #4026
  • 09:49
    CLAassistant commented #4257
  • 09:03

    apereocas-bot on gh-pages

    Published docs to [gh-pages] fr… (compare)

  • 08:48

    mmoayyed on gh-pages

    clean up props Merge branch 'gh-pages' of gith… (compare)

  • 08:44

    mmoayyed on master

    clean up props (compare)

  • 07:45

    apereocas-bot on gh-pages

    Published docs to [gh-pages] fr… (compare)

  • 07:26

    mmoayyed on master

    clean up props (compare)

  • 06:45

    mmoayyed on master

    documentation update clean up props (compare)

  • 06:43

    mmoayyed on master

    avoid logging null messages if … (compare)

  • 06:43

    mmoayyed on loggingutils

    (compare)

Andreich2010
@Andreich2010
I'm having problems with Kerberos.
The keys and principals are correct, the account is active.
But you can't log in. (version 6.3.0)
Kripal Singh
@kripalsingh
@hsartoris-bard i was successfully able to test the wenauthn flow on my device , is there a way to go passwordless with webauthn flow ?
Fabrice Bacchella
@fbacchella
do you have a common set of encription algorithm ?
klist -e might help you
Sheldon
@peterzha
Is your keytab file on the cas server correct?
hsartoris-bard
@hsartoris-bard
You will need to set cas.authn.passwordless.multifactor-authentication-activated=true and then flag the target accounts as eligible as demonstrated in the example here. Unfortunately, I am not aware of how to integrate flagging the account with the webauthn repository; i.e., to ask it who is registered and flag as such. I'm sure there is a way but I do not know of it at this time.
Kripal Singh
@kripalsingh
@hsartoris-bard thanks
hsartoris-bard
@hsartoris-bard
@kripalsingh np, good luck
fotis120
@fotis120

Good morning to everyone.

I am currently trying to run a build in the master branch and I am receiving the following error:
Could not determine the dependencies of task ':support:cas-server-support-simple-mfa-core:compileTestJava'.

Could not resolve all dependencies for configuration ':support:cas-server-support-simple-mfa-core:testAnnotationProcessor'.
Failed to calculate the value of task ':support:cas-server-support-simple-mfa-core:compileJava' property 'javaCompiler'.
Unable to configure Java installation, probing failed with the following message: A problem occurred starting process 'command '/usr/lib/jvm/openjdk-11/bin/java''

My $JAVA_HOME does not point to this path and I cannot find why the build process searches for java in that particular path.

I face the current problem only when cloning the master branch and trying to run a build.
If I switch to 6.2 branch, the build is successful.

Has anyone else tried to clone and build the master branch and received a similar error?

Pavlos Drandakis
@pdrados
@fotis120 It seems that there is a problem with gradle's toolchain feature, when locating jvm. The build process completes successfully by commenting out lines 181-185 in build.gradle or by adding in gradle.properties the following lines
org.gradle.java.installations.auto-detect=false
org.gradle.java.installations.auto-download=false
org.gradle.java.installations.paths=/THE_PATH_WHERE_YOUR_JDK_IS
dmngb
@dmngb

Hello all,

We have observed a behavior (regression?) change between 6.2.2 and 6.2.3/6.2.4, regarding forced renew.
(I have not been able to bisect further and propose a fix: I still have not found the exact command line to build and deploy to my maven local from sources. But this this another topic. Help wanted.).

In 6.2.2:
Go http://cas/login?renew=true&TARGET=http://testapp/ (note: our testapp does not validate the service ticket – but this may be irrelevant)
Login
Go http://cas/login?renew=true&TARGET=http://testapp/
Result (as expected): the UI shows ‘welcome back ‘user’, …’

In 6.2.3/6.2.4:
Same steps
Result: the UI does not show ‘welcome back ‘user’, …’
(e.g. existingSingleSignOnSessionAvailable seems to be false in context of loginform.html)

springnirps
@springnirps
@xplodwild see gradle task "getResource" ... gradlew getResource header (leave off file extension)
Dustin Lemp
@dustin_lemp_twitter
Hey all! I'm finally moving into the world of Spring Security! Trying to build out my first app that uses Spring Security and CAS...I can't quite figure out how to properly use the setUserDetailsService to load the CAS info (all I really need is principle/username). The examples I've found override a service loadUserDetails, but that may be depreciated? The newer examples all use loadUserByName, but when I try that, I get a "cannot return ResultSet" error. Anybody know of a good, up to date guide for this? Thanks!
Dustin Lemp
@dustin_lemp_twitter
Alright, I think I'm getting somewhere. I found a post where it said loadUserByName is depreciated and loadUserDetails is newer...Anyway, I moved to use loadUserDetails, reading the authentication object and it's starting to come together.
xgdz
@xgdz
How to configure saml protocol in cas5.x
Misagh Moayyed
@mmoayyed
which saml protocol?
xgdz
@xgdz
saml2.0
matrixbot
@matrixbot
mijutu Hello. Is there an easy way to add mapping of usernames per service? For example user logs in to cas with her username and password. When she goes to serviceA, the serviceA gets the username usual. But when she goes to serviceB, cas would look up an alternative username and return that to serviceB.
xgdz
@xgdz
@mmoayyed saml2.0
Misagh Moayyed
@mmoayyed
have you looked at the docs?
xgdz
@xgdz
image.png
Is the part marked in red provided by the client?
Misagh Moayyed
@mmoayyed
yes
CHITHRA SHETTY
@CHITHRASHETTY2_twitter
Hello, I am having following setup .net core(AspNet.Security.CAS) -> CAS(delegating) -> SAML IdP. Able to authenticate to the Idp from CAS server so connection to external IdP is setup correctly. But when I login from the .net app, it is throwing below error.2020-11-03 02:15:45,970 DEBUG [org.apereo.cas.web.DelegatedClientWebflowManager] - <Client identifier could not found as part of the request parameters. Looking at relay-state for the SAML2 client> 2020-11-03 02:15:45,970 DEBUG [org.apereo.cas.web.DelegatedClientWebflowManager] - <Located delegated client identifier for this request as [Optional.empty]> 2020-11-03 02:15:45,970 DEBUG [org.apereo.cas.AbstractCentralAuthenticationService] - <Ticket [] by type [TransientSessionTicket] cannot be found in the ticket registry.> 2020-11-03 02:15:45,970 ERROR [org.apereo.cas.web.DelegatedClientWebflowManager] - <Delegated client identifier cannot be located in the authentication request [https://mycasserver/cas/login?service=https%3A%2F%2Flocalhost%2Fsignin-cas%3Fstate%3DCfDJ8HgM412oj95DqYeKeBq8zOQjNWyHmcLcpasqvwAY0UFS0VoWduTQNZWIp2-8dN1kmseWmoFHt7qg32885lXa4aXQKScs5Rqr4MkSBQNgBfJToNa5O7fPN_PbAB0UNxMdK9P2ENAi1D7rUoqhZQA-MigfWyzCG5lNd0ACZl2L4XrARmOA8Ial7GQ79KRtGvXUYnXyJ5G4AsfiOnSiQWcIn4S-eHxh_xtR7MBHWka2j-YonCYC4ER2MVgaLhfWIUF8RHXQi_75YsU830QslcsK_LOyP0kb0qZlDGHPXEr46hRf1Y3qtCh2j1Qv3sufP5y2mHHGZsz4PGOo8m2ReEQKLt4&client_name=login]> 2020-11-03 02:15:45,970 ERROR [org.apereo.cas.web.flow.DelegatedClientAuthenticationAction] - <> Can someone please help me. Trying to fix this from so many days.
springnirps
@springnirps
cas 6.2.1 ... after logging in I only see the default user attribute page. How do I get CAS to redirect me back to the application?
Rafiek
@rafiek
Hi all, I am configuring the /actuator/metrics endpoint and I am interested in more metrics like ldap and hazelcast. Is there a way to enable them and push statistics on the /metrics endpoint?
Łukasz
@lgwozniak
Hello. I got CAS 6.2 .We got problem with client that has dynamic IPs they always must log in after ip is changed. Any idea why ?
Łukasz
@lgwozniak
@mmoayyed can You help me with dynamic ip problem we have got CAS 6.2.1
bpariente
@bpariente
Hi all! I hope you can help me, you are my last chance! I have CAS 5.2.6 and we are using the login webflow and redis as the ticket registry. The webflow was modified having a second screen to be able to select a field needed in the token. Well, everything worked perfect with one instance until we wanted to have CAS in HA (2 instances). With more than one instance, after the webflow process it starts to redirect internally to login, callback and authorized 2, 3 or 15 times (random) and after that the login fails. We observed that in those redirections it is creating N ST tickets in Redis(one per redirection) and in some point those ST tickets don contains our custom attributes. If we look at the documentation it says that too many redirections means that something is wrong configured. I don't know what else try and why is failing if there are more than one instance. Could you help me?
ilpizze
@ilpizze
Hi everyone! I'm using CAS 6.0. In trusted authentication scenario is it possible to pass the principal attributes (mail, complete name, ecc.) to the cas? Thank you everyone.
matrixbot
@matrixbot
mijutu What is the default mfa-opt-in parameter name? Or if there is none, how do I configure it? https://apereo.github.io/cas/6.2.x/mfa/Configuring-Multifactor-Authentication-Triggers.html#opt-in-request-parameterheader
matrixbot
@matrixbot
mijutu I'd like to force mfa for certain users (already did that with global-principal-attribute-value-regex) and let other users turn mfa on if they want it.
mijutu I was thinking that I let users to opt in with url parameter and force mfa on for those who have opted in at some point.
matrixbot
@matrixbot
mijutu I'm using cas-server-support-gauth-redis so I thought I use a rest-mfa-trigger to look up from redis whether the user has set up gauth or not.
mijutu Have I missed something? Is there an easier way to do it?
matrixbot
@matrixbot
mijutu I didn't need to use opt-in url parameter. Adding a service which has mfa forced on does the same.
Trystan987687
@Trystan987687_twitter
Hello, I am trying to setup the CAS Management webapp 6.2.2 with CAS Server 6.2.5. but I am running into the following issue : when I log in the cas management app with a user that exists in the users.json file of the Management webapp, the authentication with cas is successfull but I get the message "Management app is not available" and in the cas-management.log, I get the error: ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas-management].[dispatcherServlet]] - <Servlet.service() for servlet [dispatcherServlet] in context with path [/cas-management] threw exception [Handler dispatch failed; nested exception is java.lang.NoSuchMethodError: 'org.pac4j.core.profile.InternalAttributeHandler org.pac4j.core.profile.ProfileHelper.getInternalAttributeHandler()'] with root cause>
java.lang.NoSuchMethodError: 'org.pac4j.core.profile.InternalAttributeHandler org.pac4j.core.profile.ProfileHelper.getInternalAttributeHandler()'
Any idea where this issue could come from?
From my understanding pac4j is the component evaluating the identity's attributes
in debug, I can see all the attributes of the identity in the cas-management log
Łukasz
@lgwozniak
I see in version 6.2.5 there is a problem with webflow decorators. In docker i got too many open files after 1h of working CAS
matrixbot
@matrixbot
mijutu I've been trying to set up trusted-mfa, but I don't understand why nothing seems to happen. After typing a totp, I just get redirected to the service and get no question whether to trust this device or not. Does that need to be configured separately? I already have cas.authn.mfa.trusted.device-fingerprint. and cas.authn.mfa.trusted.jpa. configs. And cas is creating table to the database. And cas.authn.mfa.trusted.device-registration-enabled=true
singhmanmohan432
@singhmanmohan432
Hello all ..can some help me on below exception getting while deploying wildfly16 server

yarra-srinivas Sep 28 18:41
Hi All, I have an issue with delegate authenticate to open id provider as keycloak; I stuck at login-flow.xml misconfiguration i believe;17:26:41,107|DEBUG|https-jsse-nio-0.0.0.0-8443-exec-2|org.springframework.webflow.engine.impl.FlowExecutionImpl|Attempting to handle [org.springframework.webflow.engine.NoMatchingTransitionException: No transition was matched on the event(s) signaled by the [1] action(s) that executed in this action state 'ticketGrantingTicketCheck' of flow 'login'; transitions must be defined to handle action result outcomes -- possible flow configuration error? Note: the eventIds signaled were: 'array<String>['success']', while the supported set of transitional criteria for this action state is 'array<TransitionCriteria>[notExists, invalid, valid]']
2020-09-28 17:26:41,107|DEBUG|https-jsse-nio-0.0.0.0-8443-exec-2|org.springframework.webflow.engine.impl.FlowExecutionImpl|Rethrowing unhandled flow execution exception
2020-09-28 17:26:41,107|DEBUG|https-jsse-nio-0.0.0.0-8443-exec-2|org.jasig.cas.web.FlowExecutionExceptionResolver|Ignoring the received exception due to a type mismatch
org.springframework.webflow.engine.NoMatchingTransitionException: No transition was matched on the event(s) signaled by the [1] action(s) that executed in this action state 'ticketGrantingTicketCheck' of flow 'login'; transitions must be defined to handle action result outcomes -- possible flow configuration error? Note: the eventIds signaled were: 'array<String>['success']', while the supported set of transitional criteria for this action state is 'array<TransitionCriteria>[notExists, invalid, valid]'
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:132)
at org.springframework.webflow.engine.State.enter(State.java:194)
at org.springframework.webflow.engine.Transition.execute(Transition.java:227)
at org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)
at org.springframework.webflow.engine.State.enter(State.java:194)
at org.springframework.webflow.engine.Flow.start(Flow.java:535)
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:366)
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:222)
at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)
at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193)

Khalidaba Sep 30 17:16
Hi, new in this dev world,
i saw there is a .NET CAS client, but i started a project in Blazor server side( last .NET Framwork),
is it possible to make it work with cas client, or its not compatible ?
Thanks for the help.
1 reply

Philipp Berger Oct 02 15:51
Hi,
I wanted to update some spring versions to get rid of the latest vulnerabilities in 5.3.x.
I created a pull-request #4950 but this has been closed immediately.
EOL of 5.3.x is end of October.
How can I contribute security-patches to 5.3.x?
Thanks for your help.

ArtiWavale Oct 03 14:41
Hello,

I have successfully completed password management tasks for LDAP, MySql and Active directory databases but When I am trying to integrate these three tasks at a cas.properties file in CAS server then reset password management working for only one database(LDAP or MySql or Active directory), Not working for three databases.

Do you have any solution on it?

how can we integrate password management for ldap, MySql and active directory at cas.properties file in CAS server and it will work with these three databases. I am really thankful for quick response.

Thanks and Regards
Arti

XpLoDWilD Oct 05 20:32
Hi, I'm trying to customize CAS view and stumbled upon "build.sh getview" references. However, it looks like this build.sh thing has disappered since, what's its new equivalent?

Terry Appleby Oct 06 06:05
If I wanted to add some new endpoints to a CAS instance (custom user confirmation + password reset flows) does it make sense to use a similar approach as the OAuth modules (custom ModeAndView's + using CasProtocolViewFa

singhmanmohan432
@singhmanmohan432
Hello ..all I getting below issue while deploying the cas war file in wildfiy server could some help me one this..
Caused by: java.lang.NoSuchMethodException: org.apereo.cas.ticket.registry.DefaultTicketRegistrySupportEnhancerBySpringCGLIBEnhancerBySpringCGLIB51689c97.<init>()"}}
08:27:53,767 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) WFLYSRV0010: Deployed "cas-server-webapp-6.2.4-SNAPSHOT.war" (runtime-name : "cas-server-webapp-6.2.4-SNAPSHOT.war")
08:27:53,768 INFO [org.jboss.as.controller] (DeploymentScanner-threads - 2) WFLYCTL0183: Service status report
WFLYCTL0186: Services which failed to start: service jboss.deployment.unit."cas-server-webapp-6.2.4-SNAPSHOT.war".undertow-deployment: java.lang.RuntimeException: org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'threadContextMDCServletFilter' defined in class path resource [org/apereo/cas/logging/config/CasLoggingConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.web.servlet.FilterRegistrationBean]: Factory method 'threadContextMDCServletFilter' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'defaultTicketRegistrySupport' defined in class path resource [org/apereo/cas/config/CasCoreTicketsConfiguration.class]: Initialization of bean failed; nested exception is org.springframework.aop.framework.AopConfigException: Unexpected AOP exception; nested exception is org.springframework.aop.framework.AopConfigException: Unable to instantiate proxy using Objenesis, and regular proxy instantiation via default constructor fails as well; nested exception is java.lang.NoSuchMethodException: org.apereo.cas.ticket.registry.DefaultTicketRegistrySupport$$E
Cas version .2
2.5.6
singhmanmohan432
@singhmanmohan432

Getting Exception on Cas-overlay 6.2.5 deployment on WILDFLY 16 server

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'threadContextMDCServletFilter' defined in class path resource [org/apereo/cas/logging/config/CasLoggingConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.web.servlet.FilterRegistrationBean]: Factory method 'threadContextMDCServletFilter' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'defaultTicketRegistrySupport' defined in class path resource [org/apereo/cas/config/CasCoreTicketsConfiguration.class]: Initialization of bean failed; nested exception is org.springframework.aop.framework.AopConfigException: Unexpected AOP exception; nested exception is org.springframework.aop.framework.AopConfigException: Unable to instantiate proxy using Objenesis, and regular proxy instantiation via default constructor fails as well; nested exception is java.lang.NoSuchMethodException: org.apereo.cas.ticket.registry.DefaultTicketRegistrySupportEnhancerBySpringCGLIBEnhancerBySpringCGLIB7af39688.<init>()
at org.wildfly.extension.undertow@16.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:834)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.JBossThread.run(JBossThread.java:485)
Caused by: java.lang.RuntimeException: org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'threadContextMDCServletFilter' defined in class path resource [org/apereo/cas/logging/config/CasLoggingConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.web.servlet.FilterRegistrationBean]: Factory method 'threadContextMDCServletFilter' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'defaultTicketRegistrySupport' defined in class path resource [org/apereo/cas/config/CasCoreTicketsConfiguration.class]: Initialization of bean failed; nested exception is org.springframework.aop.framework.AopConfigException: Unexpected AOP exception; nested exception is org.springframework.aop.framework.AopConfigException: Unable to instantiate proxy using Objenesis, and regular proxy instantiation via default constructor fails as well; nested exception is java.lang.NoSuchMethodException: org.apereo.cas.ticket.registry.DefaultTicketRegistrySupportEnhancerBySpringCGLIBEnhancerBySpringCGLIB7af39688.<init>()
at io.undertow.servlet@2.0.19.Final//io.undertow.servlet.core.DeploymentMa