Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
  • 09:10

    mmoayyed on master

    fix build issues (compare)

  • Jan 22 17:56

    mmoayyed on master

    add docs for puppeteer test scr… add ability to run multiple ins… fix build issues and 1 more (compare)

  • Jan 22 13:52

    mmoayyed on master

    add tests for saml mdui clean up config; fewer LOC clean up tests and 3 more (compare)

  • Jan 21 14:24
    mmoayyed commented #5341
  • Jan 21 14:23
    codecov[bot] commented #5341
  • Jan 21 14:23
    leleuj commented #5341
  • Jan 21 14:22
    leleuj synchronize #5341
  • Jan 21 14:22
    leleuj commented #5341
  • Jan 21 11:18
    mmoayyed commented #5347
  • Jan 21 11:17
    mmoayyed commented #5347
  • Jan 21 10:47
    marcinroman commented #5347
  • Jan 21 08:55
    mmoayyed commented #5347
  • Jan 21 08:53
    marcinroman commented #5347
  • Jan 21 08:33
    mmoayyed commented #5347
  • Jan 21 08:23
    marcinroman commented #5347
  • Jan 21 08:08
    ilgrosso commented #5346
  • Jan 21 08:07
    mmoayyed commented #5347
  • Jan 21 08:06
    mmoayyed closed #5346
  • Jan 21 08:05
    mmoayyed commented #5346
  • Jan 21 08:04
    mmoayyed commented #5346
2021-07-13 19:11:57,199 ERROR [org.springframework.boot.SpringApplication] - <Application run failed>
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'casServletWebServerFactory' defined in class pat
h resource [org/apereo/cas/config/CasEmbeddedContainerTomcatConfiguration.class]: Bean instantiation via factory method failed; nested e
xception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.web.servlet.server.Con
figurableServletWebServerFactory]: Factory method 'casServletWebServerFactory' threw exception; nested exception is java.lang.NullPointe
Will be nice, if someone can help me

Hi, i'm trying to activate acceptable usage policy and get this Error: [..] in state 'acceptableUsagePolicyView' of flow 'login' -- action execution attributes were 'map[[empty]]' [..]
any ideas on how to fix this?

Usually this happens when the query to find the aupAccepted value doesn't return anything at all. For example if you are using JDBC with 'SELECT aupAccepted from user where username = ?' and there is no row for the username specified then you will get the error you are seeing

Problem was a missing (and valid) cas.acceptable-usage-policy.aup-policy-terms-attribute-name=XXXXX config option. Wasn't aware that this is mandatory

Glad you got it sorted! Having an invalid value would also lead to no row being returned which would throw the same error that I had come across before.

CAS 6.3.2
Hi, i'm also trying to activate acceptable usage policy (with ldap storage) and the same error occur when my browser locale is set to fr (which matches messages_fr.properties file), no error when the browser locale is set to fr-FR

I don't understand what would be a valid cas.acceptable-usage-policy.aup-policy-terms-attribute-name=XXXXX config option, can someboby help me please ?

Hi, I have upgraded the CAS 5.2 version to 6.3 , I have configured everything as documentation, but jsonService Registry working for me and jpa service registry not worked
1 reply
Hi, I'm looking to override some internal CAS classes to make the functionality fit our requirements better - we are using the overlay build method, and if I add the class into src/main/java it errors because it can't find any of the dependencies, trying to add them all will make a rabbit's warren of files being imported that really aren't necessary - is there a better / easier way to overlay the overlay :)

Hi, building the cas-configserver-overlay i got an error getting the resource https://dl.bintray.com/scalding/generic/waroverlay.gradle , because it looks like this URL is dead. Where can I find an alternative to build this project ? Any hints ?

I ran into the same problem. I solved it by changing my build.gradle:

   // on line 11 add  the following dependency
  classpath "org.scaldingspoon.gradle:gradle-waroverlay-plugin:0.9.3"

  // replace the following line
  apply from: "https://dl.bintray.com/scalding/generic/waroverlay.gradle"
  // with this one
  apply plugin: 'waroverlay'
Hello. We are using CAS 6.3 and we are having trouble with setting CAS properties using ENV variables. We have configured default value in cas.properties file and we would like to override it via ENV variables (when run in Docker). But it doesn't work. It works only if we don't set the variable in cas.properties. So my question is if the cas.properties file has the top priority when setting properties or if there is a way we can override it using ENV variables. Or if we should use for example application.properties to set all the CAS properties because these should be overridable by the ENV variables. Thank you for your responses.
1 reply
I'm trying to delegate authentication to Shibboleth idp. What did I miss when CAS tells me: "Caused by: org.pac4j.saml.exceptions.SAMLException: No idp entityId found". Inotifywait tells me that CAS reads my /etc/cas/saml-client/idp-metadata.xml but it still can't find idp entityId.
My idp metadata was expired. Changing expiration date fixed that.
Patrice Ferlet
hello there, we have a weird problem with CAS 5.2 (and we can't upgrade for now) - We activated OIDC and added an application definition that requires scopes: openid, email, profile, offline_access - whatever we try, the "email" is never given by CAS to the application
we have added the claim map to our mail field from our LDAP
the definition is like this:
  "@class" : "org.apereo.cas.services.OidcRegisteredService",
  "clientId": "registry",
  "clientSecret": "XXX",
  "serviceId" : "https://YYYYYYY/c/oidc/callback",
  "name": "Example",
  "id": 10,
  "scopes" : [ "java.util.HashSet", 
    [ "openid","profile", "email"]
the only claim info that I can get is "sub" :(

Hello 👋,
I am trying to add new attributes to the "/oidc/profile" EP.
we added new claims that linked to a new scope, and attribute fetch from rest api.
the call to fetch the attributes from the rest api works well on login.
unfortunately, when we call the profile we cannot see the new attributes.

the additional envs to configure it are:

cas.auth.oidc.user-defined-scopes.newScope= claims list
cas.auth.attribute-repository.rest= (with the full configuration)

we add new attributes that relevent for our system, but unfortunately we can see only name/id/email, and language for example is not added.

any idea why? or if I am missing something?
thank you in advance

Upik Saleh

Error build CAS 6.3.6

2021-08-09 20:27:24,588 INFO [org.apereo.cas.configuration.DefaultCasConfigurationPropertiesSourceLocator] - <Configuration files found at [/etc/cas/config] are [[file [/etc/cas/config/cas.properties]]] under profile(s) [[standalone]]>
2021-08-09 20:27:25,070 INFO [org.apereo.cas.web.CasWebApplication] - <The following profiles are active: standalone>
2021-08-09 20:27:26,953 WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanDefinitionStoreException: Failed to process import candidates for configuration class [org.apereo.cas.web.CasWebApplication]; nested exception is java.lang.IllegalStateException: Error processing condition on org.springframework.boot.actuate.autoconfigure.quartz.QuartzEndpointAutoConfiguration>

pls solution?

Hello, Cas 6.3.2 .I Would like Cas to be IDP via SAML for WordPress but :

WHO: audit:unknown
WHAT: For input string: "auto"
WHEN: Thu Aug 12 14:05:51 GMT 2021
CLIENT IP ADDRESS: windows_browser_client

SERVER IP ADDRESS: <-docker idp container

2021-08-12 14:05:51,401 DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception [java.lang.NumberFormatException: For input string: "auto"] due to a type mismatch with handler [org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPProfileCallbackHandlerController#handleCallbackProfileRequest(HttpServletResponse, HttpServletRequest)]>
2021-08-12 14:05:51,401 DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - <Ignoring the received exception [java.lang.NumberFormatException: For input string: "auto"] due to a type mismatch with handler [org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPProfileCallbackHandlerController#handleCallbackProfileRequest(HttpServletResponse, HttpServletRequest)]>
2021-08-12 14:05:51,404 ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/casphp].[dispatcherServlet]] - <Servlet.service() for servlet [dispatcherServlet] in context with path [/casphp] threw exception [Request processing failed; nested exception is java.lang.NumberFormatException: For input string: "auto"] with root cause>
java.lang.NumberFormatException: For input string: "auto"
at java.lang.NumberFormatException.forInputString(Unknown Source) ~[?:?]
at java.lang.Integer.parseInt(Unknown Source) ~[?:?]
at java.lang.Integer.valueOf(Unknown Source) ~[?:?]
at org.opensaml.saml.ext.saml2mdui.impl.LogoUnmarshaller.processAttribute(LogoUnmarshaller.java:36) ~[opensaml-saml-impl-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshallAttribute(AbstractXMLObjectUnmarshaller.java:224) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:116) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshallChildElement(AbstractXMLObjectUnmarshaller.java:337) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:128) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshallChildElement(AbstractXMLObjectUnmarshaller.java:337) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:128) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshallChildElement(AbstractXMLObjectUnmarshaller.java:337) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:128) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshallChildElement(AbstractXMLObjectUnmarshaller.java:337) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.core.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:128) ~[opensaml-core-4.0.1.jar!/:?]
at org.opensaml.saml.metadata.resolver.impl.DOMMetadataResolver.initMetadataResolver(DOMMetadataResolver.java:68) ~[opensaml-saml-impl-4.0.1.jar!/:?]
at org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver.initMetadataResolver(SamlIdPMetadataResolver.java:64) ~[cas-server-support-saml-idp-core-6.3.2.jar!/:6.3.2]
at org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver.doInitialize(AbstractMetadataResolver.java:289) ~[opensaml-saml-impl-4.0.1.jar!/:?]
at net.shibboleth.utilities.java.support.component.AbstractInitializableComponent.initialize(AbstractInitializableComponent.java:65) ~[java-support-8.1.0.jar!/:?]
at org.ape

i don know i have string auto , why it have trow "due to a type mismatch with handler" which handler ?

I'm trying to configure CAS to warn about soon expiring ldap password. I already managed to get

faultWarning@1311510613::expiration=2021-08-18T11:53:02.663310Z[Etc/UTC], loginsRemaining=-1]], accountErrors=null]

to log, but how do I configure cas to warn the user when that happens?

I could set "cas.authn.ldap[0].passwordPolicy.warning-attribute-name", but I'm not getting any kind of warning attribute to the user by default.
Can I make that warning to be an attribute? How?
More specifically: Normal attributes are listed as org.ldaptive.LdapAttributes in log and I can easily use them by adding their names to cas.authn.ldap[0].principalAttributeList. But password policy is not shown as org.ldaptive.LdapAttribute.
Hi i'm using cas 5.3.3.. trying to encrypt passwords in properties file
encrypted passwords using Jaspty
now server failed to start with error unable to decrypt password
Caused by: java.lang.IllegalStateException: Cannot decrypt: key=cas.authn.jdbc.query[0].password
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:201)
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:165)
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.initialize(EnvironmentDecryptApplicationInitializer.java:95)
at org.springframework.cloud.bootstrap.BootstrapApplicationListener$DelegatingEnvironmentDecryptApplicationInitializer.initialize(BootstrapApplicationListener.java:394)
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:567)
at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:338)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:301)
at org.springframework.boot.web.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:154)
at org.springframework.boot.web.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:134)
at org.springframework.boot.web.support.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:87)
at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:169)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5196)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 10 more
Caused by: java.lang.UnsupportedOperationException: No decryption for FailsafeTextEncryptor. Did you configure the keystore correctly?
at org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration$FailsafeTextEncryptor.decrypt(EncryptionBootstrapConfiguration.java:159)
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:193)
... 22 more
Hello, current have Shibboleth running with a CAS plugin. Looking at configuring CAS 6.x to use Shibboleth out of the box. Any guide available on migrating SP metadata, keys, and idp metadata from standalone Shibboleth to CAS's out of the box Shib?
okay, figured out the SP metadata, now need to find out where the keys and idp metadata get migrated to
I think I figured it out. On startup keyts, certs, idp-metdata get created in /etc/cas/saml defined by cas.authn.saml-idp.metadata.location property. I can then overwrite those from my standalone shib instance
Hi. I'm looking for some assistance with the groovy scripts. I want to modify my unauthorizedRedirectURL based on user attributes but the user attributes are not available inside that function "getUnauthorizedRedirectUrl". Wondering how I can retrieve this data from groovy. Thanks.
Hi i'm able to resolve the issue that i reported earlier. Until last week i have properties in classpath and cas.standalone.configurationDirectory=classpath:/, after moving properties to external location jasypt encryption works fine in standalone mode.
now i stuck with another issue, i have MFA enabled in cas using DUO it was working fine earlier. recently i deleted all my .m2 directory, now build failing with due to unable to download DUO dependencies
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Building cas-overlay 1.0
[INFO] ------------------------------------------------------------------------
Downloading: https://dl.bintray.com/uniconiam/maven/com/nimbusds/lang-tag/maven-metadata.xml
Downloading: https://repo.spring.io/plugins-release/com/nimbusds/lang-tag/maven-metadata.xml
Downloading: https://dl.bintray.com/uniconiam/maven/com/nimbusds/lang-tag/maven-metadata.xml
Downloading: https://dl.bintray.com/uniconiam/maven/com/nimbusds/lang-tag/maven-metadata.xml
[WARNING] Could not transfer metadata com.nimbusds:lang-tag/maven-metadata.xml from/to duo-unicon (https://dl.bintray.com/uniconiam/maven): Access denied to: https://dl.bintray.com/uniconiam/maven/com/nimbusds/lang-tag/maven-metadata.xml , ReasonPhrase:Forbidden.
[WARNING] Could not transfer metadata com.nimbusds:lang-tag/maven-metadata.xml from/to duo (https://dl.bintray.com/uniconiam/maven): Access denied to: https://dl.bintray.com/uniconiam/maven/com/nimbusds/lang-tag/maven-metadata.xml , ReasonPhrase:Forbidden.
[WARNING] Could not transfer metadata com.nimbusds:lang-tag/maven-metadata.xml from/to spring-plugins (https://repo.spring.io/plugins-release/): Not authorized , ReasonPhrase:.
[WARNING] Could not transfer metadata com.nimbusds:lang-tag/maven-metadata.xml from/to uniconiam (https://dl.bintray.com/uniconiam/maven): Access denied to: https://dl.bintray.com/uniconiam/maven/com/nimbusds/lang-tag/maven-metadata.xml , ReasonPhrase:Forbidden.
Downloading: https://dl.bintray.com/uniconiam/maven/net/unicon/iam/duo-client/0.2.2/duo-client-0.2.2.pom
Downloading: https://dl.bintray.com/uniconiam/maven/net/unicon/iam/duo-client/0.2.2/duo-client-0.2.2.pom
Downloading: https://repo.spring.io/plugins-release/net/unicon/iam/duo-client/0.2.2/duo-client-0.2.2.pom
Downloading: https://dl.bintray.com/uniconiam/maven/net/unicon/iam/duo-client/0.2.2/duo-client-0.2.2.pom
Downloading: https://dl.bintray.com/uniconiam/maven/com/duosecurity/duo-client/0.2.1/duo-client-0.2.1.pom
Downloading: https://dl.bintray.com/uniconiam/maven/com/duosecurity/duo-client/0.2.1/duo-client-0.2.1.pom
[INFO] ------------------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 6.791 s
[INFO] Finished at: 2021-08-24T12:46:28-04:00
[INFO] Final Memory: 42M/425M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project cas-overlay: Could not resolve dependencies for project org.apereo.cas:cas-overlay:war:1.0: Failed to collect dependencies at org.apereo.cas:cas-server-support-duo:jar:5.3.3 -> org.apereo.cas:cas-server-support-duo-core:jar:5.3.3 -> net.unicon.iam:duo-client:jar:0.2.2: Failed to read artifact descriptor for net.unicon.iam:duo-client:jar:0.2.2: Could not transfer artifact net.unicon.iam:duo-client:pom:0.2.2 from/to duo-unicon (https://dl.bintray.com/uniconiam/maven): Access denied to: https://dl.bintray.com/uniconiam/maven/net/unicon/iam/duo-client/0.2.2/duo-client-0.2.2.pom , ReasonPhrase:Forbidden. -> [Help 1]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
Hello, i start to work with cas 6.3.3. Aside from authentication methods as login/pass or identity providers, i need to add new authentication method from initial page. Anybody can guide/help me ? Thanks
hi, anyone know how to configure groovy script in ldap search like cas.authn.attribute-repository.ldap[0].searchFilter=file:/etc/cas/config/x509_groovy_filter.groovy
hello there, i don't get it and im completly new to CAS, is there no easy walkthrough to install test and understand CAS?
i scrolled now for 3 hours to understand the basics, but i don't get it, and it seems i need this project to use another usefull project named unitime, for production use... i know SAML/OAuth and LDAP a bit... but CAS seems to be a bit horrible, because there is no concrete how to path for it in the web?! Anyone can help by this?
and please dont mind the official documentation, as i explained i read it know for 3 hours and dont get anything to work, when possible i want to work with docker
I have been using cas for a while and tried shibboleth for the first time. It felt like saml+shibboleth was horrible and cas was nice and easy :-)
I suggest you create cas.war with the overlay method and add the thing that verifies users's passwords, for example add
implementation "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
to dependencies section of build.gradle
And also
implementation "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}"
that makes setting up services easy.
Hmm, I'm not sure which is the correct way to set the version.
Then ./gradlew build and run build/libs/cas.war in jetty or tomcat.
Then you can add configuration in /etc/cas/config/cas.properties to connect to ldap. After that you should be able to log in to cas. Then add service registry jsons to /etc/cas/services/ to allow web apps to use cas for logging in users.
yeah thanks as i played now with MS Ubuntu wsl, installed all tools, like sdk, gradle (Ubuntu have Not the right Version, all of this is completly undocumented on github), right jdk Version and so on. i know build the war sucessful myself and deploy it within an own scripted dockercontainer with tomcat. hopefully the documentation for configuration is better, because i will use a office365 saml with cas
thank your for now mijutu, i was a Little Bit outrage to come Hefe, Not fair, but the Plattform has to work After werkend for test/demo
So are you using cas as saml client that connects to office365?
ich hasse autokorrektur am Handy ^^