Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Feb 25 21:57
    unfurl-links[bot] commented #5064
  • Feb 25 21:57
    apereocas-bot closed #5064
  • Feb 25 21:57
    apereocas-bot commented #5064
  • Feb 25 21:57
    apereocas-bot labeled #5064
  • Feb 25 21:57
    apereocas-bot labeled #5064
  • Feb 25 21:57
    CLAassistant commented #5064
  • Feb 25 21:57
    fmartelli opened #5064
  • Feb 25 18:06
    codecov[bot] commented #5051
  • Feb 25 18:03
    codecov[bot] commented #5051
  • Feb 25 18:02
    codecov[bot] commented #5051
  • Feb 25 18:01
    codecov[bot] commented #5051
  • Feb 25 18:00
    codecov[bot] commented #5051
  • Feb 25 17:59
    codecov[bot] commented #5051
  • Feb 25 17:59
    codecov[bot] commented #5051
  • Feb 25 17:23
    tsschmidt synchronize #5051
  • Feb 25 17:23

    tsschmidt on req-definition

    Fix tests (compare)

  • Feb 25 14:54

    mmoayyed on heroku-casinit

    remove tmate (compare)

  • Feb 25 12:45
    akunzai synchronize #5020
  • Feb 25 12:27

    mmoayyed on heroku-casinit

    enable debug to check cas mgmt (compare)

  • Feb 25 07:14

    mmoayyed on heroku-casinit

    updat jib (compare)

matrixbot
@matrixbot

mijutu Start with https://apereo.github.io/cas/6.2.x/

Clone https://github.com/apereo/cas-overlay-template

Checkout the 6.2 branch and then create a new branch from it for your own changes. Later you need to add more implementation-lines to build.gradle depending on your needs. Run ./gradlew build to get a war package.

You need to add configuration to /etc/cas/config/cas.properties to let CAS know from where it should verify passwords.

You need to write at least one /etc/cas/services/foo-1.json to tell CAS which service-parameters are allowed.

CAS documentation is actually quite good, but at first it might seem confusing. Note how all the configuration properties are listed in one huge webpage that you should not try to read all at once. Instead each topic has links to the correct places on the properties page.

I suggest you first build a war package and get it running. After that, decide how cas should validate user's passwords and add configuration for it.

Pierre Yager
@zedalaye_gitlab
I managed to use the cas-overlay-template to run ApereoCAS locally. Now I'm a bit blocked. Is there some documentation about service Json files ?
matrixbot
@matrixbot
mijutu https://apereo.github.io/cas/6.2.x/services/JSON-Service-Management.html#json-service-registry
matrixbot
@matrixbot
mijutu And the json service registry is only one option. (The "you need to" I wrote was actually wrong). Service definitions can be set up in many other ways: https://apereo.github.io/cas/6.2.x/services/Service-Management.html#storage
Pierre Yager
@zedalaye_gitlab
It works. I can now "authenticate" as casuser/Mellon
The next step is to "add users" ?
matrixbot
@matrixbot
mijutu Yes, add and configure some backend to check the passwords. I have used ldap so far, but there are many other ways.
mohsensaeedi
@mohsensaeedi
We are using some tags on ldap attributes. for example if we want to store user's cn in different language we can use cn and cn;lang-en-US and cn;lang-fr and ... or maybe when we want to store student number for BSC and MSC, we can use tags (called ldap attribute option too) for it. for example edu-bsc and edu-msc.
but the question is: How we can read and release this type of attributes with Apereo CAS. For example i defined studentNumber attribute on properties file, but it just return studentNumber without any tags! if we store attribute with tags, cas doesn't return that. anyone has a solution for this?
xgdz
@xgdz
Hello everyone, the cas5.x server connects to ldap and returns multiple attribute values, but the client cannot get the value. The configuration is as follows
image.png
image.png

=============================================================
WHO: P0888888
WHAT: [result=Service Access Granted,service=http://localhost:8088/index.jsp,principal=SimplePrincipal(id=P0888888, attributes={mail=[sstest3@pacteraedge.com], employeeNumber=[P0888888]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Nov 24 16:09:51 CST 2020
CLIENT IP ADDRESS: 127.0.0.1

SERVER IP ADDRESS: 127.0.0.1

>

2020-11-24 16:09:51,669 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

WHO: P0888888
WHAT: TGT-1-**-JXR63rzNhsBAC1500995-PC
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Nov 24 16:09:51 CST 2020
CLIENT IP ADDRESS: 127.0.0.1

SERVER IP ADDRESS: 127.0.0.1

>

2020-11-24 16:09:51,685 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

WHO: P0888888
WHAT: [result=Service Access Granted,service=http://localhost:8088/index.jsp,requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Nov 24 16:09:51 CST 2020
CLIENT IP ADDRESS: 127.0.0.1

SERVER IP ADDRESS: 127.0.0.1

>
2020-11-24 16:09:51,702 INFO [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted ticket [ST-1-xxYlJ4yG8XdlqLrnb1qx9AAdGdYBAC1500995-PC] for service [http://localhost:8088/index.jsp] and principal [P0888888]>

2020-11-24 16:09:51,706 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

WHO: P0888888
WHAT: ST-1-xxYlJ4yG8XdlqLrnb1qx9AAdGdYBAC1500995-PC for http://localhost:8088/index.jsp
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Nov 24 16:09:51 CST 2020
CLIENT IP ADDRESS: 127.0.0.1

SERVER IP ADDRESS: 127.0.0.1

>

2020-11-24 16:09:51,811 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

WHO: audit:unknown
WHAT: [result=Service Access Granted,service=http://localhost:8088/index.jsp,principal=SimplePrincipal(id=P0888888, attributes={}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Nov 24 16:09:51 CST 2020
CLIENT IP ADDRESS: 127.0.0.1

SERVER IP ADDRESS: 127.0.0.1

Łukasz
@lgwozniak
Try with cas.authn.attributeRepository.defaultAttributesToRelease, i have to add this with cas.authn.attributeRepository.merger policy
matrixbot
@matrixbot
mijutu I got it to work recently (with 6.2.5) by setting cas.authn.mfa.global-principal-attribute-name-triggers=foo and cas.authn.mfa.global-principal-attribute-value-regex=bar. Where foo is pricipal attribute name (not ldap attribute name) from cas.authn.ldap[0].principalAttributeList
Pierre Yager
@zedalaye_gitlab
Is there a way to allow redirect to "http" services (not https) during development ?
mohsensaeedi
@mohsensaeedi

We are using some tags on ldap attributes. for example if we want to store user's cn in different language we can use cn and cn;lang-en-US and cn;lang-fr and ... or maybe when we want to store student number for BSC and MSC, we can use tags (called ldap attribute option too) for it. for example edu-bsc and edu-msc.
but the question is: How we can read and release this type of attributes with Apereo CAS. For example i defined studentNumber attribute on properties file, but it just return studentNumber without any tags! if we store attribute with tags, cas doesn't return that. anyone has a solution for this?

who can help me about this matter?

Pierre Yager
@zedalaye_gitlab
@mohsensaeedi sorry I don't know anything about LDAP :)
Is it possible to overwrite variables defined in the configuration file /etc/cas/config/cas.properties using environment variables ?
mohsensaeedi
@mohsensaeedi
I have a deep knowledge about LDAP. but Apereo CAS does not return attribute with tags. I think a expert guy can help me. I think he is @mmoayyed :)
Cade Rea
@cade-rea
Hello. I am running the CAS overlay server (5.1.9) locally for development. It is not loading my JSON services config. I'm including cas-server-support-json-service-registry as a dependency in my pom. The app is allowing logins from any HTTPS service id, instead of the app listed in my JSON file (/etc/cas/services/casSecuredApp-8900.json). Any ideas about why my config is not being used?
Cade Rea
@cade-rea
I've been trying at this a few hours, and of course I figure it out once I post a question. I did not have cas.serviceRegistry.config.location defined correctly. Setting cas.serviceRegistry.config.location:file:/etc/cas/services fixed it.
Pierre Yager
@zedalaye_gitlab
Hello, I try to use the cas-management webui but it crashes at runtime and I just don't what to do :
cas-management_1 | 2020-11-26 14:58:24,452 WARN [org.apereo.cas.support.saml.SamlUtils] - <Resource [class path resource [incommon.pem]] cannot be located>
cas-management_1 | 2020-11-26 14:58:24,456 WARN [org.apereo.cas.mgmt.web.CasManagementWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlController' defined in class path resource [org/apereo/cas/mgmt/config/CasManagementSamlConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.mgmt.SamlController]: Factory method 'samlController' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadataAggregateResolver' defined in class path resource [org/apereo/cas/mgmt/config/CasManagementSamlConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.mgmt.MetadataAggregateResolver]: Factory method 'metadataAggregateResolver' threw exception; nested exception is java.lang.NullPointerException>
cas-management_1 | 2020-11-26 14:58:24,489 ERROR [org.springframework.boot.SpringApplication] - <Application run failed>
cas-management_1 | org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlController' defined in class path resource [org/apereo/cas/mgmt/config/CasManagementSamlConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.mgmt.SamlController]: Factory method 'samlController' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadataAggregateResolver' defined in class path resource [org/apereo/cas/mgmt/config/CasManagementSamlConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.mgmt.MetadataAggregateResolver]: Factory method 'metadataAggregateResolver' threw exception; nested exception is java.lang.NullPointerException
Pierre Yager
@zedalaye_gitlab
Hello, still trying to have an ApereoCAS instance up and running :) I set up JsonServiceRegistry and RestAuthentication. my test application successfully redirect to CAS Login page, but when I enter user credentials, the CAS cannot validate the SSL peer :
cas_1 | 2020-11-27 13:47:21,351 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [UsernamePasswordCredential(username=toto, source=null, customFields={})] of type [UsernamePasswordCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>
cas_1 | 2020-11-27 13:47:21,352 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[app_users]: [I/O error on POST request for "https://users.docker:3443/cas/authenticate": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target / PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]>
The fact is that I can navigate to https://users.docker:3443 from my local browser. Do you have any tip on how to make this work ?
matrixbot
@matrixbot
mijutu I guess you need to get java to trust the certificate of users.docker. I don't remember how to do that (I use letsencrypt), but those instructions should be easy to find. You need to add the ca cert that signed users.docker's certificate.
milu-milu
@milu-milu
Hi All
I'm dealing with CAS 5.3 using LDAP as backend...
I can authenticate....
but I want to retrieve the groups the user belongs to
I know both queries and it works as expected but...
I only able to provide the last group...
I use the cas.authn.attributeRepository.ldap[0]....
I also set the cas.authn.attributeRepository.ldap[0].allowMultipleDns=true
cas.authn.attributeRepository.ldap[0].allowMultipleEntries=true
Any Idea how to set a multi value?
i query all the groups with ldap://ldap_host '(&(objectClass=posixGroup)(memberUid={user}))'
and I know some user belongs to several groups but it only reports the last one
milu-milu
@milu-milu
@cade-rea can you see a line like 'cas.service-registry.json.location=file:/etc/cas/services"in you cas.properties'?
小虫哥
@imbugge
hello
hjthjw
@hjthjw
anyone here ?
milu-milu
@milu-milu
Yes, someone
Amir Hosseinbor
@Sprew
Hello, I have set up CAS with WSFED and the default configuration given by the documentation (https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties.html#ws-fed-delegated-authentication) but when I head over to the log-in page it says "Authorization Denied" and i get redirected to "/cas/wsfedredirect?wsfedclientid=77f30f54-6150-46a7-a75d-7518af062c55". So... I know something is working atleast. I suspect that I need more than "org.apereo.cas:cas-server-support-wsfederation-webflow:${project.'cas.version'}" as dependency to make this work. Any guidance?
heyiwu
@whuhyw
what files should i modify for slo?
Łukasz
@lgwozniak
Hi i have a question about Google Authenticator is there any possibility to show again QR Code after registration ?
anosingh1
@anosingh1
Hi, I have a CAS setup for 2-factor authentication and it works fine with Chrome browser but with I.E the 2FA window doesn't show up. This appears to be the problem with URL length limit in I.E https://support.microsoft.com/en-us/help/208427/maximum-url-length-is-2-083-characters-in-internet-explorer
Any suggestions on the above query is highly appreciated
Riley W.
@rileyw
@anosingh1 Is Internet Explorer a requirement for your use case?
anosingh1
@anosingh1
@rileyw, Yes, there is an Application that is hardcoded to use I.E for authentication
Riley W.
@rileyw
What type of 2FA are you trying to rollout? Duo, Google Authenticator?
anosingh1
@anosingh1
Its a Duo
life is fantastic
@lifeisfantasti5_twitter
Is there any CAS official member here?I want to say something secret.
Francisco Castel-Branco
@Khorsan
Hi, i'm having trouble delegating SAML from CAS. My requested attributes are not in the SAMLRequest. Anyone had a similar issue?