Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
  • Nov 26 14:59

    mmoayyed on master

    add test for config profiles an… (compare)

  • Nov 26 12:55
    mmoayyed closed #5288
  • Nov 26 06:01

    mmoayyed on heroku-githubbot

    update notes (compare)

  • Nov 26 04:56
    apereocas-bot closed #5310
  • Nov 26 04:56
    apereocas-bot commented #5310
  • Nov 26 04:56
    apereocas-bot labeled #5310
  • Nov 26 04:56
    apereocas-bot labeled #5310
  • Nov 26 04:56
    apereocas-bot labeled #5310
  • Nov 26 04:55
    apereocas-bot unlabeled #5310
  • Nov 26 04:54
    ms3eed ready_for_review #5310
  • Nov 25 22:37
    CLAassistant commented #5310
  • Nov 25 21:51
    CLAassistant commented #5310
  • Nov 25 21:45
    CLAassistant commented #5308
  • Nov 25 21:33
    CLAassistant commented #5308
  • Nov 25 20:22
    apereocas-bot labeled #5310
  • Nov 25 20:22
    apereocas-bot milestoned #5310
  • Nov 25 20:22
    apereocas-bot labeled #5310
  • Nov 25 20:22
    apereocas-bot labeled #5310
  • Nov 25 20:21
    CLAassistant commented #5310
  • Nov 25 20:21
    ms3eed opened #5310
Hmm, I just tried with plain commit fd978af1 (cas 6.4) and commit 239b30f3 (cas 6.3). Ran ./gradlew build and no errors. Debian buster.
i used Ubuntu server 20.04, dont know its because of this
so good night, thanks to every one who try to help, i try the next steps tomorrow, hopefully it will be a success...
does cas not produce own logfiles in tomcat?
i pushed it now up (i already get the 6.4 to work - it was my mistake, the build was successful, but the warning is irritating)
i also generate thekeystore with the url of the published tomcat container, its correct or not?
i renamed cas.war in ROOT.war for direct access to the container, as single host, but i only get a 404 error
i used tomcat 8.5 for this


I'm still trying to use the functionality of cas-management 6.3.x

At the moment version 6.3.4 has errors in the "attribute release" and "access strategy" tabs. Version 6.3.5-SNAPSHOT, fixes this, but overrides the troubleshooting in the "properties" tab, Fixed error with authn policies tab # 194

Someone could help me solve or contribute to the solution of this.

Rishabh Ohri
In Cas version 6.4.0 RestAuthenticationHandler class is unable to deserialize the user attributes returned from a Rest Call. The rest call returns serialized SimplePrincipal in JSON format wiht id and attributes in key value pairs. When CAS tries to deserialize - Principal principalFromRest = (Principal)MAPPER.readValue(result, Principal.class); it throws exception - Could not resolve subtype of [map type; class java.util.Map, [simple type, class java.lang.String] -> [collection type; class java.util.List, contains [simple type, class java.lang.Object]]]: missing type id property '@class' (for POJO property 'attributes')
3 replies
Trying to setup a webflow 1) do action classes need to be set in spring.factories or do use a package scan somehow? I tried to add to spring.factories but action is not executing. I do see my flow configuration doInit executing.
Hi. CAS war not working on Tomcat 10.0.10, will it work later?
I am new to apereo I followed this tutorial (https://www.esup-portail.org/wiki/pages/viewpage.action?pageId=972292097) but when compiling it fails every time. who can share a good tutorial on CAS 6X with LDAP authentication please.
2 replies
Hi, do You know why url /oauth2.0/accessToken is protected with Basic auth ?
i'm using 6.3 version
I found a problem. We use oauth2.0 with PKCE and it requires client_secret. @mmoayyed do You know why it is required ?
Wesley Conley
We are working on a CAS integration with a vendor that is tying the initial SAML assertion with the asynchronous account creation. The NotOnOrAfter expires before the user has time to click the "create new account" button. While the vendor states this is a feature and not a bug, we are attempting to either remove the NotOnOrAfter value from both the saml2:SubjectConfirmationData and saml2:Conditions. The skipGeneratingSubjectConfirmationNotOnOrAfter property will remove the value from the saml2:SubjectConfirmationData element, but there does not appear to be a property for removing the value from saml2:Conditions. Is there a way to remove the NotOnOrAfter from saml2:Conditions or is there a way to extend the value out further into the future?

Hi, we are using CAS 6.4.0 with GoogleAuthenticator Multi-Factor enabled, but every time we reboot CAS the tokens provided by the GoogleAuthenticator App for the users stops working.
This seems to be related to the secret for the specific couple user/device that CAS is not able to recover after reboot (the internal service endpoint 'gauthCredentialRepository' doesn't return it in response to a GET /{username} endpoint).

To reproduce this issue:

  1. Configure CAS for MF GoogleAuthenticator
  2. Login with a user
  3. Scan the code with GoogleAuthenticator App and complete the device association
  4. Login using credential and the token provided by the app --> OK
  5. Reboot CAS
  6. Login using credential and the token provided by the app --> KO Token not valid

We think this is a bug, but any help to resolve this critical issue will be appreciated.

1 reply
Hi, I am migrating CAS 3.x to 5.3.16. In version 5.3.16 the AbstractAuthenticationManager class disappears. In my project I have a class that extends this and I would need to know if it can be replaced by another that comes in version 5.x. Thanks.
Quang Le

Hi guys, I am setting up the CAS version 6.3.6 via K8s . I just prepare the image in the Container Registry. The gradle.build is remain the same as I don't add any new dependencies. But I don't know why it keeps saying this error.
"WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanDefinitionStoreException: Failed to process import candidates for configuration class [org.apereo.cas.web.CasWebApplication]; nested exception is java.lang.IllegalStateException: Error processing condition on org.springframework.boot.actuate.autoconfigure.quartz.QuartzEndpointAutoConfiguration>"

Hope someone helps me! Much appreciated

Andrew Boehner
Any idea why I am not receiving a PGT after calling p3/serviceValidate in CAS6 after migrating from CAS5? I have a authorizedToReleaseProxyGrantingTicket and proxyPolicy set on the service.
Andrew Boehner
"proxyPolicy": {
"@class": "org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
"pattern": ".*"
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"authorizedToReleaseProxyGrantingTicket": true
Andrew Boehner
I see ERROR [org.apereo.cas.services.RegisteredServicePublicKeyCipherExecutor] - <No public key is defined for service [AbstractRegisteredService
But thought the pgtiou would be defined since the service doesnt include the publicKey.
Federico Tolomei

Hello, I am using jasig 6.3 and I am trying customize it with the overlay. I m trying to override some bean with Java code but the gradle build is unable to compile due to missing symbols, even the most core symbols are missing in the compilation process (i.e. UsernamePasswordCredential from cas-server-core-authentication.

Is there something to tune in build.gradle to allow override java beans?

Does anyone know what the implications of this line are:
INFO [org.apereo.cas.web.CasWebApplicationServletInitializer] - <The following profiles are active: standalone>
Cas check conifguration in /etc/cas/config
Hi, I am new to Apereo CAS. Is there any example project where CAS is configured with Micronaut client?
Hi, I am new to Apereo CAS. Is there any example project where CAS is configured with openid connect and ldap?
Hi guys, did you already have this
2021-10-12 18:06:47,586 ERROR [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <NullPointerException> java.lang.NullPointerException: null at java.util.HashMap.putMapEntries(Unknown Source) ~[?:?] at java.util.HashMap.putAll(Unknown Source) ~[?:?]
hello. any body knows, how to use an access_token with oauth2 client_credentials to load profile?
1 reply
I use cas 5.3.x
hi, i want to install cas password management, well ive follow the instruction, but what url to the password management page??
or what parameter i should add to cas.properties?

Hi, I'm using the CAS (6.3.5) OIDC module and a REST authentication backend. It's working fine, but now I'd like to provide a better error explanation when using the "password grant" workflow. The REST backend is returning different 4xx codes according to the specific situation (invalid credentials, expired password, etc). However, this information is lost somewhere inside the authentication request, resulting in just a generic 401 error code.

Is there a way to customize the "unauthorized" message so it includes a message (or message key) related to the actual exception thrown by the backend provider ?

Mary BlackBonnet
help! is someting wrong with CAS or did i get kicked out of school?
In order to include custom Java source, it should be included under a src/main/java directory in the overlay project source tree.
but Page Not Found
what should I do
I am new to Apereo CAS, help help help
Kelly Stobert
Good afternoon, I was wondering if anyone has run into issues with the Capslock check being stuck "on". On our login page, no matter what the capslock setting is, the "CAPSLOCK key is turned on!" message is displayed. This happened after we ran a gradlew clean build. We're running 6.3.5
Hi all. I'm using the CAS(5.3.16) and cas-template-overlay, And then got an bootstrap exception as below:
Caused by: java.lang.VerifyError: class org.apereo.cas.web.view.ChainingTemplateViewResolver overrides final method initialize.()V
I've read the source code of ChainingTemplateViewResolver on cas-5.3.x. But there is no super.initialize method overrided as the message mentioned above. Which superclass's method had been overrided in fact?
Hi, I've fixed my problem. The superclass of ChainingTemplateViewResolver is AbstractConfigurableTemplateResolver, from thymeleaf, version 3.0.11.RELEASE required. But I had given the release 2.x instead.

hi i install CAS 6.5 snapshot and i configure the LDAP authentication like this but i can't connexion with ldap users (ubuntu 20.04)
apt install tomcat9 tomcat9-admin tomcat9-user openjdk-11-jdk openjdk-11-jre maven build-essential git -y
echo "JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64/" >> /etc/environment
source /etc/environment
add this line /etc/default/tomcat9

add these lines /etc/tomcat9/tomcat-users.xml

<role rolename="admin-gui"/>

<user username="admin" password="passer" roles="manager-gui,admin-gui"/>
systemctl restart tomcat9
keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore cas.keystore
complete questions...
mv cas.keystore /etc/tomcat9/

add these lines /etc/tomcat9/server.xml

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/etc/tomcat7/cas.keystore" keystorePass="123456" />
service tomcat9 restart

cd /opt/
git clone https://github.com/apereo/cas-overlay-template

cd cas-overlay-template
add this line in build.gradle
dependencies {
// Add modules in format compatible with overlay casModules property
if (project.hasProperty("casModules")) {
def dependencies = project.getProperty("casModules").split(",")
dependencies.each {
def projectsToAdd = rootProject.subprojects.findAll {project ->
project.name == "cas-server-core-${it}" || project.name == "cas-server-support-${it}"
projectsToAdd.each {implementation it}
// CAS dependencies/modules may be listed here statically...

//i only add this line
implementation "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"

add these lines in cas.properties

#######mes mes ajouts



########## fin ajout

cd /opt/cas-overlay-template
./gradlew clean

./gradlew clean copyCasConfiguration build

./gradlew createKeystore

cp /opt/cas-overlay-template/build/libs/cas.war /var/lib/tomcat9/webapps/

systemctl restart tomcat9.service i have the web interface
but connexion with ldap users failed

617ea503 /etc/ldap/slapd.conf: line 103: rootdn is always granted unlimited privileges.
617ea503 /etc/ldap/slapd.conf: line 120: rootdn is always granted unlimited privileges.
dn: dc=retel,dc=sn
objectClass: top
objectClass: dcObject
objectClass: organization
o: retel.sn
dc: retel
structuralObjectClass: organization
entryUUID: 5d28ef16-ce92-103b-941c-010debc66135
creatorsName: cn=admin,dc=retel,dc=sn
createTimestamp: 20211031123232Z
entryCSN: 20211031123232.443947Z#000000#000#000000
modifiersName: cn=admin,dc=retel,dc=sn
modifyTimestamp: 20211031123232Z

dn: cn=admin,dc=retel,dc=sn
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9bnRBeUlGVlQyYU4wSzE1cnVUZ01UMUs2TjhIcVB2VmI=
structuralObjectClass: organizationalRole
entryUUID: 5d2ae1a4-ce92-103b-941d-010debc66135
creatorsName: cn=admin,dc=retel,dc=sn
createTimestamp: 20211031123232Z
entryCSN: 20211031123232.456707Z#000000#000#000000
modifiersName: cn=admin,dc=retel,dc=sn
modifyTimestamp: 20211031123232Z

dn: ou=people,dc=retel,dc=sn
objectClass: organizationalUnit
ou: people
structuralObjectClass: organizationalUnit
entryUUID: 67503832-ce92-103b-8113-ed77ac459179
creatorsName: cn=admin,dc=retel,dc=sn
createTimestamp: 20211031123249Z
entryCSN: 20211031123249.478623Z#000000#000#000000
modifiersName: cn=admi

@BbnMichry_twitter: I have this in my cas config:
reason for it is
I'm not sure if that is a problem anymore in 6.5
@mijutu:ellipsis.fi i think the problem is the version 6.5 i success it with 6.4 and 6.3 with same config