Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Feb 27 03:26
    codecov[bot] commented #5020
  • Feb 27 03:09
    codecov[bot] commented #5020
  • Feb 27 03:08
    codecov[bot] commented #5020
  • Feb 27 03:07
    codecov[bot] commented #5020
  • Feb 27 03:06
    codecov[bot] commented #5020
  • Feb 27 03:05
    codecov[bot] commented #5020
  • Feb 27 03:04
    codecov[bot] commented #5020
  • Feb 27 03:03
    codecov[bot] commented #5020
  • Feb 27 03:02
    codecov[bot] commented #5020
  • Feb 27 03:02
    codecov[bot] commented #5020
  • Feb 27 03:01
    codecov[bot] commented #5020
  • Feb 27 03:00
    codecov[bot] commented #5020
  • Feb 27 03:00
    codecov[bot] commented #5020
  • Feb 27 02:59
    codecov[bot] commented #5020
  • Feb 27 02:59
    codecov[bot] commented #5020
  • Feb 27 02:58
    codecov[bot] commented #5020
  • Feb 27 02:30
    akunzai edited #5020
  • Feb 27 02:29
    akunzai synchronize #5020
  • Feb 26 19:03
    codecov[bot] commented #5020
  • Feb 26 19:02
    codecov[bot] commented #5020
matrixbot
@matrixbot
mijutu I got it to work recently (with 6.2.5) by setting cas.authn.mfa.global-principal-attribute-name-triggers=foo and cas.authn.mfa.global-principal-attribute-value-regex=bar. Where foo is pricipal attribute name (not ldap attribute name) from cas.authn.ldap[0].principalAttributeList
Pierre Yager
@zedalaye_gitlab
Is there a way to allow redirect to "http" services (not https) during development ?
mohsensaeedi
@mohsensaeedi

We are using some tags on ldap attributes. for example if we want to store user's cn in different language we can use cn and cn;lang-en-US and cn;lang-fr and ... or maybe when we want to store student number for BSC and MSC, we can use tags (called ldap attribute option too) for it. for example edu-bsc and edu-msc.
but the question is: How we can read and release this type of attributes with Apereo CAS. For example i defined studentNumber attribute on properties file, but it just return studentNumber without any tags! if we store attribute with tags, cas doesn't return that. anyone has a solution for this?

who can help me about this matter?

Pierre Yager
@zedalaye_gitlab
@mohsensaeedi sorry I don't know anything about LDAP :)
Is it possible to overwrite variables defined in the configuration file /etc/cas/config/cas.properties using environment variables ?
mohsensaeedi
@mohsensaeedi
I have a deep knowledge about LDAP. but Apereo CAS does not return attribute with tags. I think a expert guy can help me. I think he is @mmoayyed :)
Cade Rea
@cade-rea
Hello. I am running the CAS overlay server (5.1.9) locally for development. It is not loading my JSON services config. I'm including cas-server-support-json-service-registry as a dependency in my pom. The app is allowing logins from any HTTPS service id, instead of the app listed in my JSON file (/etc/cas/services/casSecuredApp-8900.json). Any ideas about why my config is not being used?
Cade Rea
@cade-rea
I've been trying at this a few hours, and of course I figure it out once I post a question. I did not have cas.serviceRegistry.config.location defined correctly. Setting cas.serviceRegistry.config.location:file:/etc/cas/services fixed it.
Pierre Yager
@zedalaye_gitlab
Hello, I try to use the cas-management webui but it crashes at runtime and I just don't what to do :
cas-management_1 | 2020-11-26 14:58:24,452 WARN [org.apereo.cas.support.saml.SamlUtils] - <Resource [class path resource [incommon.pem]] cannot be located>
cas-management_1 | 2020-11-26 14:58:24,456 WARN [org.apereo.cas.mgmt.web.CasManagementWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlController' defined in class path resource [org/apereo/cas/mgmt/config/CasManagementSamlConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.mgmt.SamlController]: Factory method 'samlController' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadataAggregateResolver' defined in class path resource [org/apereo/cas/mgmt/config/CasManagementSamlConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.mgmt.MetadataAggregateResolver]: Factory method 'metadataAggregateResolver' threw exception; nested exception is java.lang.NullPointerException>
cas-management_1 | 2020-11-26 14:58:24,489 ERROR [org.springframework.boot.SpringApplication] - <Application run failed>
cas-management_1 | org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlController' defined in class path resource [org/apereo/cas/mgmt/config/CasManagementSamlConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.mgmt.SamlController]: Factory method 'samlController' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadataAggregateResolver' defined in class path resource [org/apereo/cas/mgmt/config/CasManagementSamlConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.mgmt.MetadataAggregateResolver]: Factory method 'metadataAggregateResolver' threw exception; nested exception is java.lang.NullPointerException
Pierre Yager
@zedalaye_gitlab
Hello, still trying to have an ApereoCAS instance up and running :) I set up JsonServiceRegistry and RestAuthentication. my test application successfully redirect to CAS Login page, but when I enter user credentials, the CAS cannot validate the SSL peer :
cas_1 | 2020-11-27 13:47:21,351 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [UsernamePasswordCredential(username=toto, source=null, customFields={})] of type [UsernamePasswordCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>
cas_1 | 2020-11-27 13:47:21,352 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[app_users]: [I/O error on POST request for "https://users.docker:3443/cas/authenticate": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target / PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]>
The fact is that I can navigate to https://users.docker:3443 from my local browser. Do you have any tip on how to make this work ?
matrixbot
@matrixbot
mijutu I guess you need to get java to trust the certificate of users.docker. I don't remember how to do that (I use letsencrypt), but those instructions should be easy to find. You need to add the ca cert that signed users.docker's certificate.
milu-milu
@milu-milu
Hi All
I'm dealing with CAS 5.3 using LDAP as backend...
I can authenticate....
but I want to retrieve the groups the user belongs to
I know both queries and it works as expected but...
I only able to provide the last group...
I use the cas.authn.attributeRepository.ldap[0]....
I also set the cas.authn.attributeRepository.ldap[0].allowMultipleDns=true
cas.authn.attributeRepository.ldap[0].allowMultipleEntries=true
Any Idea how to set a multi value?
i query all the groups with ldap://ldap_host '(&(objectClass=posixGroup)(memberUid={user}))'
and I know some user belongs to several groups but it only reports the last one
milu-milu
@milu-milu
@cade-rea can you see a line like 'cas.service-registry.json.location=file:/etc/cas/services"in you cas.properties'?
小虫哥
@imbugge
hello
hjthjw
@hjthjw
anyone here ?
milu-milu
@milu-milu
Yes, someone
Amir Hosseinbor
@Sprew
Hello, I have set up CAS with WSFED and the default configuration given by the documentation (https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties.html#ws-fed-delegated-authentication) but when I head over to the log-in page it says "Authorization Denied" and i get redirected to "/cas/wsfedredirect?wsfedclientid=77f30f54-6150-46a7-a75d-7518af062c55". So... I know something is working atleast. I suspect that I need more than "org.apereo.cas:cas-server-support-wsfederation-webflow:${project.'cas.version'}" as dependency to make this work. Any guidance?
heyiwu
@whuhyw
what files should i modify for slo?
Łukasz
@lgwozniak
Hi i have a question about Google Authenticator is there any possibility to show again QR Code after registration ?
anosingh1
@anosingh1
Hi, I have a CAS setup for 2-factor authentication and it works fine with Chrome browser but with I.E the 2FA window doesn't show up. This appears to be the problem with URL length limit in I.E https://support.microsoft.com/en-us/help/208427/maximum-url-length-is-2-083-characters-in-internet-explorer
Any suggestions on the above query is highly appreciated
Riley W.
@rileyw
@anosingh1 Is Internet Explorer a requirement for your use case?
anosingh1
@anosingh1
@rileyw, Yes, there is an Application that is hardcoded to use I.E for authentication
Riley W.
@rileyw
What type of 2FA are you trying to rollout? Duo, Google Authenticator?
anosingh1
@anosingh1
Its a Duo
life is fantastic
@lifeisfantasti5_twitter
Is there any CAS official member here?I want to say something secret.
Francisco Castel-Branco
@Khorsan
Hi, i'm having trouble delegating SAML from CAS. My requested attributes are not in the SAMLRequest. Anyone had a similar issue?
P.O. TERRISSE
@PTerrisse_twitter
Hi Francisco, you have to permit attribute release, see https://apereo.github.io/cas/6.2.x/integration/Attribute-Release-Policies.html.
Francisco Castel-Branco
@Khorsan
@PTerrisse_twitter That was not the problem. pac4j (therefore, CAS) does not support Extensions for SAML AuthnRequest.
Dominick Piganell
@DPiganell
Hi All! Quick question. I'm using ClearPass in a load-balanced environment. However, when making a request to clearpass, only the tier that was originally logged in with has the password. I'm on CAS 5.1. Is there a standard solution to this?
imythu
@imythu
Can cas.server.prefix be dynamically generated ?
lshc
@lshc666
Guys, how to configure awsRoles, awsRoleSessionName using CAS to integrate AWS?
image.png
I received the above warning and the integration failed
Łukasz
@lgwozniak
Hi, in MFA Google Authenticator is there any possibility to check that user add TOTP QR code ? Like this is done in big applications (AZURE, GOOGLE ) ?
2/3 people just miss to scan this code and click next
lshc
@lshc666
@lgwozniak
I think this check is done by the Google Authenticator plug-in integrated by CAS. After user registration, Google Authenticator will be stored in the place you specify, such as a file in JSON format.
You can delete the QR records of these users in the records and let the users re-register
Jognu
@Jognu
Hello. I use CAS server with SAML, and I defined the metadataLocation on the services config file. But it seems that the metadata are downloaded on the file /etc/cas/saml/metadata-backups/metadata for every services, so if I have 2 services, I can't use both
Abhishek-Kun
@Abhishek-Kun
@singhmanmohan432 im facing the same issue were you able to fix it