Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • May 15 13:29

    mmoayyed on 6.5.x

    fix: attribute encoder fails wi… (compare)

  • May 15 13:28

    mmoayyed on master

    fix build support webauthn devices for ac… deprecate digest and fortress m… and 4 more (compare)

  • May 13 16:15

    mmoayyed on 6.5.x

    Fix null issuer for JWS/JWE on … (compare)

  • May 13 16:15
    mmoayyed closed #5467
  • May 13 16:02

    mmoayyed on master

    use proper beans for attribute … minor formatting fixes fix issue with attribute encodi… (compare)

  • May 13 15:05

    mmoayyed on 6.5.x

    fix issue with attribute encodi… (compare)

  • May 13 12:12

    mmoayyed on master

    move registered service fields … allow saml2 sign responses to b… support rest-based policy for p… and 4 more (compare)

  • May 13 09:47
    apereocas-bot labeled #5467
  • May 13 09:47
    apereocas-bot labeled #5467
  • May 13 09:47
    apereocas-bot milestoned #5467
  • May 13 09:47
    apereocas-bot labeled #5467
  • May 13 09:46
    apereocas-bot labeled #5467
  • May 13 09:46
    leleuj commented #5464
  • May 13 09:46
    leleuj opened #5467
  • May 13 08:21
    mmoayyed commented #5464
  • May 13 07:24
    leleuj commented #5464
  • May 13 07:07

    mmoayyed on master

    Fix issuer null for JWS/JWE on … (compare)

  • May 13 07:07
    mmoayyed closed #5464
  • May 13 07:04
    codecov[bot] commented #5464
  • May 13 07:03
    leleuj synchronize #5464
oauthtester01
@oauthtester01
Has anyone used vouch proxy with CAS OIDC to secure web apps ? I am getting following error
{"level":"error","ts":1623440653.4036229,"msg":"no User found in jwt"}
{"level":"debug","ts":1623440653.4036324,"msg":"setting the cookie domain to grouperdev.idm.xxx.edu"}
{"level":"debug","ts":1623440653.4036362,"msg":"deleting cookie: my-vouch-ct"}
{"level":"debug","ts":1623440653.4036474,"msg":"CaptureWriter.Write set w.StatusCode 401"}
this is the error i recieve post authentication
mixman68
@mixman68
hi guys, when cas 6.4 will be released (there is no milestone in schedules)
Christopher Hoskin
@mans0954
Hello, is it possible to use https://casserver.herokuapp.com/ to test integration of a SAML SP with a CAS IdP? I looked for the IdP metadata at https://casserver.herokuapp.com/cas/idp/metadata but got a page not found. Thanks.
mwbi
@mwbi
hi guys, on centos7 with java-11-openjdk-11.0.11.0.9-1 after adding ldap and json-service-registry in the dependencies i've got an error
Task :compileJava FAILED
  • What went wrong:
    Execution failed for task ':compileJava'.
    error: release version 11 not supported
building from https://github.com/apereo/cas-overlay-template with gradlew
any hint for me ?
juandn
@juandn
hi, im configuring x509 auth, with ldap extra attributes, but i have a problem with matchin cert data with LDAP fields for filter. I have a principal like ABCD-1234567Z and need a searchfilter like cas.authn.attribute-repository.ldap[0].searchFilter=<ldapfield>=1234567Z, how can i trim principal in order to use them in searchfilter. thx
Marc K.
@V3ndetta
Hi, i'm trying to activate acceptable usage policy and get this Error: [..] in state 'acceptableUsagePolicyView' of flow 'login' -- action execution attributes were 'map[[empty]]' [..]
any ideas on how to fix this?
stourwalk-work
@stourwalk-work

Hi, i'm trying to activate acceptable usage policy and get this Error: [..] in state 'acceptableUsagePolicyView' of flow 'login' -- action execution attributes were 'map[[empty]]' [..]
any ideas on how to fix this?

Usually this happens when the query to find the aupAccepted value doesn't return anything at all. For example if you are using JDBC with 'SELECT aupAccepted from user where username = ?' and there is no row for the username specified then you will get the error you are seeing

Marc K.
@V3ndetta
@stourwalk-work Thanks, i'll try this later and debug the jdbc-connection. My first thought was something about webflow, so i looked at a very wrong end =)
yosbotnet
@yosbotnet

Anyone knows how to fix this error when creating an Oauth2 service on cas management?

2021-06-29 05:01:59,854 INFO [org.pac4j.core.profile.ProfileHelper] - <Building user profile based on typedId: [email]>
2021-06-29 05:02:33,169 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [email]
WHAT: IO error opening file stream.
ACTION: SAVE_SERVICE_FAILED
APPLICATION: CAS_Management
WHEN: Tue Jun 29 05:02:33 WGST 2021
CLIENT IP ADDRESS: 192.168.0.98
SERVER IP ADDRESS: 192.168.0.73
=============================================================

>
2021-06-29 05:02:33,185 ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas-management].[dispatcherServlet]] - <Servlet.service() for servlet [dispatcherServlet] in context with path [/cas-management] threw exception [Request processing failed; nested exception is java.lang.IllegalArgumentException: IO error opening file stream.] with root cause>
java.io.IOException: The service definition file could not be saved at /etc/cas/services/ex-1624950153058.json
        at org.apereo.cas.services.resource.AbstractResourceBasedServiceRegistry.save(AbstractResourceBasedServiceRegistry.java:184) ~[cas-server-core-services-registry-6.3.2.jar!/:6.3.2]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
        at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) ~[spring-core-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
        at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.12.RELEASE.jar!/:5.2.12.RELEASE]
        at com.sun.proxy.$Proxy119.save(Unknown Source) ~[?:?]
        at org.apereo.cas.services.DefaultChainingServiceRegistry.lambda$save$0(DefaultChainingServiceRegistry.java:44) ~[cas-server-core-services-registry-6.3.2.jar!/:6.3.2]
        at java.util.ArrayList.forEach(ArrayList.java:1541) ~[?:?]
        at org.apereo.cas.services.DefaultChainingServiceRegistry.save(DefaultChainingServiceRegistry.java:44) ~[cas-server-core-services-registry-6.3.2.jar!/:6.3.2]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
   [continues]

The program is being ran as root, so it should have access to the directory. Also this only happens for some services, for example open id works.

chenbo6398
@chenbo6398
how could i config CAS with Springboot DelegatingPasswordEncoder
thomas-bee
@thomas-bee
Concerning OIDC, we managed to get some custom attributes (claims) into the open_id token by adding a attributeReleasePolicyto the service definition and listing the allowedAttributes. However, it would be nice to control which attributes are returned for which standard or custom scope. How can this be accomplished?
Marc K.
@V3ndetta

Hi, i'm trying to activate acceptable usage policy and get this Error: [..] in state 'acceptableUsagePolicyView' of flow 'login' -- action execution attributes were 'map[[empty]]' [..]
any ideas on how to fix this?

Usually this happens when the query to find the aupAccepted value doesn't return anything at all. For example if you are using JDBC with 'SELECT aupAccepted from user where username = ?' and there is no row for the username specified then you will get the error you are seeing

Problem was a missing (and valid) cas.acceptable-usage-policy.aup-policy-terms-attribute-name=XXXXX config option. Wasn't aware that this is mandatory

stourwalk-work
@stourwalk-work

Hi, i'm trying to activate acceptable usage policy and get this Error: [..] in state 'acceptableUsagePolicyView' of flow 'login' -- action execution attributes were 'map[[empty]]' [..]
any ideas on how to fix this?

Usually this happens when the query to find the aupAccepted value doesn't return anything at all. For example if you are using JDBC with 'SELECT aupAccepted from user where username = ?' and there is no row for the username specified then you will get the error you are seeing

Problem was a missing (and valid) cas.acceptable-usage-policy.aup-policy-terms-attribute-name=XXXXX config option. Wasn't aware that this is mandatory

Glad you got it sorted! Having an invalid value would also lead to no row being returned which would throw the same error that I had come across before.

Marc K.
@V3ndetta
Is there a way to change CAS generated SAML Metadata .xml content like <ContactPerson contactType="administrative"> <GivenName>John Smith</GivenName>? didn't find anything in documentation. I'm curently triing to connect CAS with DFN:AAI - looks like a very hard job =D
Frédéric Praca
@FredPraca
Hi, I have a CAS version 6.3 which works correctly when directly accessed but I have a problem when using a reverse-proxy in front of it. In fact, when working with Apache through AJP, I receive the following message on CAS log ([org.apereo.cas.authentication.principal.WebApplicationServiceFactory] - <No service is specified in the request. Skipping service creation>) and thus the theme associated with my services is not correctly defined. Has anyone seen this before ?
mwbi
@mwbi
Hi, building the cas-configserver-overlay i got an error getting the resource https://dl.bintray.com/scalding/generic/waroverlay.gradle , because it looks like this URL is dead. Where can I find an alternative to build this project ? Any hints ?
apascuag
@apascuag

Hello,
I have a problem with cas-management, in the whole 6.3 series (including the latest 6.3.3).
I can't add any value in the "properties" tab.

Has it happened to someone or know of any report of this case?

mwbi
@mwbi
Hello, das someone know to fix this error :
The bean 'messageSource', defined in BeanDefinition defined in class path resource [org/apereo/cas/config/CasCoreWebConfiguration.class]
, could not be registered
After enabling spring.main.allow-bean-definition-overriding=true the cas application crash
2021-07-13 19:11:57,199 ERROR [org.springframework.boot.SpringApplication] - <Application run failed>
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'casServletWebServerFactory' defined in class pat
h resource [org/apereo/cas/config/CasEmbeddedContainerTomcatConfiguration.class]: Bean instantiation via factory method failed; nested e
xception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.web.servlet.server.Con
figurableServletWebServerFactory]: Factory method 'casServletWebServerFactory' threw exception; nested exception is java.lang.NullPointe
rException
Will be nice, if someone can help me
GegrLmtte
@GegrLmtte

Hi, i'm trying to activate acceptable usage policy and get this Error: [..] in state 'acceptableUsagePolicyView' of flow 'login' -- action execution attributes were 'map[[empty]]' [..]
any ideas on how to fix this?

Usually this happens when the query to find the aupAccepted value doesn't return anything at all. For example if you are using JDBC with 'SELECT aupAccepted from user where username = ?' and there is no row for the username specified then you will get the error you are seeing

Problem was a missing (and valid) cas.acceptable-usage-policy.aup-policy-terms-attribute-name=XXXXX config option. Wasn't aware that this is mandatory

Glad you got it sorted! Having an invalid value would also lead to no row being returned which would throw the same error that I had come across before.

CAS 6.3.2
Hi, i'm also trying to activate acceptable usage policy (with ldap storage) and the same error occur when my browser locale is set to fr (which matches messages_fr.properties file), no error when the browser locale is set to fr-FR

I don't understand what would be a valid cas.acceptable-usage-policy.aup-policy-terms-attribute-name=XXXXX config option, can someboby help me please ?

nava.cbe
@nava.cbe:matrix.org
[m]
Hi, I have upgraded the CAS 5.2 version to 6.3 , I have configured everything as documentation, but jsonService Registry working for me and jpa service registry not worked
1 reply
stourwalk-work
@stourwalk-work
Hi, I'm looking to override some internal CAS classes to make the functionality fit our requirements better - we are using the overlay build method, and if I add the class into src/main/java it errors because it can't find any of the dependencies, trying to add them all will make a rabbit's warren of files being imported that really aren't necessary - is there a better / easier way to overlay the overlay :)
Bert-Jan
@bert-janzwanepol

Hi, building the cas-configserver-overlay i got an error getting the resource https://dl.bintray.com/scalding/generic/waroverlay.gradle , because it looks like this URL is dead. Where can I find an alternative to build this project ? Any hints ?

I ran into the same problem. I solved it by changing my build.gradle:

   // on line 11 add  the following dependency
  classpath "org.scaldingspoon.gradle:gradle-waroverlay-plugin:0.9.3"

  // replace the following line
  apply from: "https://dl.bintray.com/scalding/generic/waroverlay.gradle"
  // with this one
  apply plugin: 'waroverlay'
Riwaz
@Riwaz
Hello. We are using CAS 6.3 and we are having trouble with setting CAS properties using ENV variables. We have configured default value in cas.properties file and we would like to override it via ENV variables (when run in Docker). But it doesn't work. It works only if we don't set the variable in cas.properties. So my question is if the cas.properties file has the top priority when setting properties or if there is a way we can override it using ENV variables. Or if we should use for example application.properties to set all the CAS properties because these should be overridable by the ENV variables. Thank you for your responses.
1 reply
mijutu
@mijutu:ellipsis.fi
[m]
I'm trying to delegate authentication to Shibboleth idp. What did I miss when CAS tells me: "Caused by: org.pac4j.saml.exceptions.SAMLException: No idp entityId found". Inotifywait tells me that CAS reads my /etc/cas/saml-client/idp-metadata.xml but it still can't find idp entityId.
mijutu
@mijutu:ellipsis.fi
[m]
My idp metadata was expired. Changing expiration date fixed that.
Patrice Ferlet
@metal3d
hello there, we have a weird problem with CAS 5.2 (and we can't upgrade for now) - We activated OIDC and added an application definition that requires scopes: openid, email, profile, offline_access - whatever we try, the "email" is never given by CAS to the application
we followed https://apereo.github.io/cas/5.0.x/installation/OIDC-Authentication.html
we have added the claim map to our mail field from our LDAP
the definition is like this:
{
  "@class" : "org.apereo.cas.services.OidcRegisteredService",
  "clientId": "registry",
  "clientSecret": "XXX",
  "serviceId" : "https://YYYYYYY/c/oidc/callback",
  "name": "Example",
  "id": 10,
  "scopes" : [ "java.util.HashSet", 
    [ "openid","profile", "email"]
  ]
}
the only claim info that I can get is "sub" :(
tomedalya
@tomedalya

Hello 👋,
I am trying to add new attributes to the "/oidc/profile" EP.
we added new claims that linked to a new scope, and attribute fetch from rest api.
the call to fetch the attributes from the rest api works well on login.
unfortunately, when we call the profile we cannot see the new attributes.

the additional envs to configure it are:

cas.auth.oidc.user-defined-scopes.newScope= claims list
cas.auth.oidc.scopes=openid,profile,email,newScope
cas.auth.attribute-repository.rest= (with the full configuration)

we add new attributes that relevent for our system, but unfortunately we can see only name/id/email, and language for example is not added.

any idea why? or if I am missing something?
thank you in advance

Upik Saleh
@upiksaleh

Error build CAS 6.3.6

2021-08-09 20:27:24,588 INFO [org.apereo.cas.configuration.DefaultCasConfigurationPropertiesSourceLocator] - <Configuration files found at [/etc/cas/config] are [[file [/etc/cas/config/cas.properties]]] under profile(s) [[standalone]]>
2021-08-09 20:27:25,070 INFO [org.apereo.cas.web.CasWebApplication] - <The following profiles are active: standalone>
2021-08-09 20:27:26,953 WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanDefinitionStoreException: Failed to process import candidates for configuration class [org.apereo.cas.web.CasWebApplication]; nested exception is java.lang.IllegalStateException: Error processing condition on org.springframework.boot.actuate.autoconfigure.quartz.QuartzEndpointAutoConfiguration>

pls solution?

washidepl
@washidepl
Hello, Cas 6.3.2 .I Would like Cas to be IDP via SAML for WordPress but :

=============================================================
WHO: audit:unknown
WHAT: For input string: "auto"
ACTION: SAML2_RESPONSE_CREATED
APPLICATION: CAS
WHEN: Thu Aug 12 14:05:51 GMT 2021
CLIENT IP ADDRESS: windows_browser_client

SERVER IP ADDRESS: 172.17.0.3 <-docker idp container

>
2021-08-12 14:05:51,401 DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception [java.lang.NumberFormatException: For input string: "auto"] due to a type mismatch with handler [org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPProfileCallbackHandlerController#handleCallbackProfileRequest(HttpServletResponse, HttpServletRequest)]>
2021-08-12 14:05:51,401 DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception [java.lang.NumberFormatException: For input string: "auto"] due to a type mismatch with handler [org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPProfileCallbackHandlerController#handleCallbackProfileRequest(HttpServletResponse, HttpServletRequest)]>
2021-08-12 14:05:51,404 ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/casphp].[dispatcherServlet]] - <Servlet.service() for servlet [dispatcherServlet] in context with path [/casphp] threw exception [Request processing failed; nested exception is java.lang.NumberFormatException: For input string: "auto"] with root cause>
java.lang.NumberFormatException: For input string: "auto"
at java.lang.NumberFormatException.forInputString(Unknown Source) ~[?:?]
at java.lang.Integer.parseInt(Unknown Source) ~[?:?]
at java.lang.Integer.valueOf(Unknown Source) ~[?:?]
at org.opensaml.saml.ext.saml2mdui.impl.LogoUnmarshaller.processAttribute(LogoUnmarshaller.java:36) ~[opensaml-saml-impl-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshallAttribute(AbstractXMLObjectUnmarshaller.java:224) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:116) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshallChildElement(AbstractXMLObjectUnmarshaller.java:337) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:128) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshallChildElement(AbstractXMLObjectUnmarshaller.java:337) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:128) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshallChildElement(AbstractXMLObjectUnmarshaller.java:337) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:128) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshallChildElement(AbstractXMLObjectUnmarshaller.java:337) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:128) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.saml.metadata.resolver.impl.DOMMetadataResolver.initMetadataResolver(DOMMetadataResolver.java:68) ~[opensaml-saml-impl-4.0.1.jar!/:?]
at org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver.initMetadataResolver(SamlIdPMetadataResolver.java:64) ~[cas-server-support-saml-idp-core-6.3.2.jar!/:6.3.2]
at org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver.doInitialize(AbstractMetadataResolver.java:289) ~[opensaml-saml-impl-4.0.1.jar!/:?]
at net.shibboleth.utilities.java.support.component.AbstractInitializableComponent.initialize(AbstractInitializableComponent.java:65) ~[java-support-8.1.0.jar!/:?]
at org.ape

i don know i have string auto , why it have trow "due to a type mismatch with handler" which handler ?
mijutu
@mijutu:ellipsis.fi
[m]

I'm trying to configure CAS to warn about soon expiring ldap password. I already managed to get

accountState=[org.ldaptive.auth.ext.PasswordPolicyAccountState@1977058880::accountWarnings=[[org.ldaptive.auth.AccountState$De
faultWarning@1311510613::expiration=2021-08-18T11:53:02.663310Z[Etc/UTC], loginsRemaining=-1]], accountErrors=null]

to log, but how do I configure cas to warn the user when that happens?

I could set "cas.authn.ldap[0].passwordPolicy.warning-attribute-name", but I'm not getting any kind of warning attribute to the user by default.
Can I make that warning to be an attribute? How?
mijutu
@mijutu:ellipsis.fi
[m]
More specifically: Normal attributes are listed as org.ldaptive.LdapAttributes in log and I can easily use them by adding their names to cas.authn.ldap[0].principalAttributeList. But password policy is not shown as org.ldaptive.LdapAttribute.
elankaruppasamy
@elankaruppasamy
Hi i'm using cas 5.3.3.. trying to encrypt passwords in properties file
https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties-Security.html#standalone
encrypted passwords using Jaspty