Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 07:02

    apereocas-bot on gh-pages

    Published docs to [gh-pages] fr… (compare)

  • 06:30

    mmoayyed on jgithttp

    (compare)

  • 06:30

    mmoayyed on master

    add support for alternate jgit … (compare)

  • 06:30
    mmoayyed closed #5131
  • 06:29

    mmoayyed on heroku-githubbot

    improve label detection by chan… (compare)

  • 06:28
    apereocas-bot labeled #4971
  • 06:28
    apereocas-bot labeled #4971
  • 06:27
    apereocas-bot labeled #5131
  • 06:27
    mmoayyed unlabeled #4971
  • 06:25
    apereocas-bot labeled #5101
  • 06:25
    apereocas-bot labeled #5112
  • 06:25
    apereocas-bot labeled #5131
  • 06:20
    apereocas-bot labeled #5131
  • Apr 19 17:18
    codecov[bot] commented #5131
  • Apr 19 17:16
    codecov[bot] commented #5131
  • Apr 19 17:14
    codecov[bot] commented #5131
  • Apr 19 17:13
    codecov[bot] commented #5131
  • Apr 19 17:12
    codecov[bot] commented #5131
  • Apr 19 16:43
    apereocas-bot milestoned #5131
  • Apr 19 16:43
    apereocas-bot labeled #5131
milu-milu
@milu-milu
I know both queries and it works as expected but...
I only able to provide the last group...
I use the cas.authn.attributeRepository.ldap[0]....
I also set the cas.authn.attributeRepository.ldap[0].allowMultipleDns=true
cas.authn.attributeRepository.ldap[0].allowMultipleEntries=true
Any Idea how to set a multi value?
i query all the groups with ldap://ldap_host '(&(objectClass=posixGroup)(memberUid={user}))'
and I know some user belongs to several groups but it only reports the last one
milu-milu
@milu-milu
@cade-rea can you see a line like 'cas.service-registry.json.location=file:/etc/cas/services"in you cas.properties'?
小虫哥
@imbugge
hello
hjthjw
@hjthjw
anyone here ?
milu-milu
@milu-milu
Yes, someone
Amir Hosseinbor
@Sprew
Hello, I have set up CAS with WSFED and the default configuration given by the documentation (https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties.html#ws-fed-delegated-authentication) but when I head over to the log-in page it says "Authorization Denied" and i get redirected to "/cas/wsfedredirect?wsfedclientid=77f30f54-6150-46a7-a75d-7518af062c55". So... I know something is working atleast. I suspect that I need more than "org.apereo.cas:cas-server-support-wsfederation-webflow:${project.'cas.version'}" as dependency to make this work. Any guidance?
heyiwu
@whuhyw
what files should i modify for slo?
Łukasz
@lgwozniak
Hi i have a question about Google Authenticator is there any possibility to show again QR Code after registration ?
anosingh1
@anosingh1
Hi, I have a CAS setup for 2-factor authentication and it works fine with Chrome browser but with I.E the 2FA window doesn't show up. This appears to be the problem with URL length limit in I.E https://support.microsoft.com/en-us/help/208427/maximum-url-length-is-2-083-characters-in-internet-explorer
Any suggestions on the above query is highly appreciated
Riley W.
@rileyw
@anosingh1 Is Internet Explorer a requirement for your use case?
anosingh1
@anosingh1
@rileyw, Yes, there is an Application that is hardcoded to use I.E for authentication
Riley W.
@rileyw
What type of 2FA are you trying to rollout? Duo, Google Authenticator?
anosingh1
@anosingh1
Its a Duo
life is fantastic
@lifeisfantasti5_twitter
Is there any CAS official member here?I want to say something secret.
Francisco Castel-Branco
@Khorsan
Hi, i'm having trouble delegating SAML from CAS. My requested attributes are not in the SAMLRequest. Anyone had a similar issue?
P.O. TERRISSE
@PTerrisse_twitter
Hi Francisco, you have to permit attribute release, see https://apereo.github.io/cas/6.2.x/integration/Attribute-Release-Policies.html.
Francisco Castel-Branco
@Khorsan
@PTerrisse_twitter That was not the problem. pac4j (therefore, CAS) does not support Extensions for SAML AuthnRequest.
Dominick Piganell
@DPiganell
Hi All! Quick question. I'm using ClearPass in a load-balanced environment. However, when making a request to clearpass, only the tier that was originally logged in with has the password. I'm on CAS 5.1. Is there a standard solution to this?
imythu
@imythu
Can cas.server.prefix be dynamically generated ?
lshc
@lshc666
Guys, how to configure awsRoles, awsRoleSessionName using CAS to integrate AWS?
image.png
I received the above warning and the integration failed
Łukasz
@lgwozniak
Hi, in MFA Google Authenticator is there any possibility to check that user add TOTP QR code ? Like this is done in big applications (AZURE, GOOGLE ) ?
2/3 people just miss to scan this code and click next
lshc
@lshc666
@lgwozniak
I think this check is done by the Google Authenticator plug-in integrated by CAS. After user registration, Google Authenticator will be stored in the place you specify, such as a file in JSON format.
You can delete the QR records of these users in the records and let the users re-register
Jognu
@Jognu
Hello. I use CAS server with SAML, and I defined the metadataLocation on the services config file. But it seems that the metadata are downloaded on the file /etc/cas/saml/metadata-backups/metadata for every services, so if I have 2 services, I can't use both
Abhishek-Kun
@Abhishek-Kun
@singhmanmohan432 im facing the same issue were you able to fix it
Rafiek
@rafiek
Hi, is it possible to get an authenticated principal through ldap, but the credentials are unknown in ldap?
Rafiek
@rafiek
Does anyone know how to sanitize the username? We are able to submit almost anything, but we would like to limit the allowed set of characters.
ChrisSom
@chrissomm_twitter
After migration from Cas 6.2.6 to 6.3 I am getting an Exception while authenticating via OIDC: org.jose4j.lang.InvalidAlgorithmException: Signature algorithm header (alg) not set. Anyone who experienced the same?
Łukasz
@lgwozniak
@chrissomm_twitter i will be migrating from 6.2 to 6.3 and i will tell You. If i got th same.
guojianning
@guojianning
image.png
image.png
cas 5.3.2 客户端通过SecurityUtils.getSubject().getPrincipals() 获取的Map为空,但是id又能获取到 这是为什么呢?
Curtis Ruck
@ruckc
my organization has a long history with CAS, and about 9 years ago we wrapped our web services in CAS w/ CAS Protocol 2.0... and i'm trying to figure out a better way to handle webapp and thick client authentication to web services with something like a JWT bearer token that can be sent on every request, and doesn't require handling an expired cookie/session and catching 302 redirects... i.e. what is a good transparent method for simple CAS secured API authentication?
George Papakyriakopoulos
@gpapakyriakopoulos

Hello everyone, there seems to be a weird behaviour with the CAS audit log on CAS 6.2.X using SAML with Google Auth MFA. When a user provides a wrong OTP value and authentication fails the audit log file shows the following entry, which seems to have the WHO incorrectly logging the token value instead of the username. Any ideas ? :

Audit trail record BEGIN =============================================================
WHO: 039328
WHAT: Supplied credentials: [OneTimeTokenCredential(token=039328)]

bloodmc
@bloodmc
Using CAS 5.3.15.1, sometimes users get "Application Not Authorized to Use CAS". Clearing cache usually resolves it. Any idea why this occurs?
bloodmc
@bloodmc
I'm also seeing "No cookie could be found to determine session state" sometimes in logs.
Andrew Marker
@atmarker
@bloodmc I have seen that when I am adding a new service and the update has not refreshed on the various nodes in service. I think much of that has to do with what type of config strategy and the "watch" cycle. I'm using files at the moment.
@bloodmc the No cookie, I believe is from a user who is leveraging browser history of a poorly created bookmark. Not 100% sure.
Łukasz
@lgwozniak
@mmoayyed In 6.3.x there is big security issue. if the user's password is intercepted, someone can register annother device. Adding device should be protected by some sms or email.
nicolopez77
@nicolopez77
Hi All. I'd like to ask what is the "normal" performance of a login action in CAS. In our fresh environment is aboutn 5 seconds, and we see every time a user logs-in, the processor goes up to 100% for about 3 or 4 seconds. Is this a normal behavior? We are using a VM in Azure with 2 processors and 4GB RAM (just 1GB in use as it is not in production yet).