Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 19:22
    codecov[bot] commented #5318
  • 19:12
    codecov[bot] commented #5318
  • 19:06
    codecov[bot] commented #5318
  • 19:04
    codecov[bot] commented #5318
  • 18:59
    codecov[bot] commented #5318
  • 18:53
    codecov[bot] commented #5318
  • 18:48
    codecov[bot] commented #5318
  • 18:44
    codecov[bot] commented #5318
  • 18:40
    codecov[bot] commented #5318
  • 18:37
    codecov[bot] commented #5318
  • 18:32
    codecov[bot] commented #5318
  • 18:29
    codecov[bot] commented #5318
  • 18:28
    codecov[bot] commented #5318
  • 18:26
    codecov[bot] commented #5318
  • 18:24
    codecov[bot] commented #5318
  • 18:22
    codecov[bot] commented #5318
  • 18:21
    codecov[bot] commented #5318
  • 18:20
    codecov[bot] commented #5318
  • 18:18
    codecov[bot] commented #5318
  • 18:16
    codecov[bot] commented #5318
eike
@eike:matrix.elwms.org
[m]
does cas not produce own logfiles in tomcat?
i pushed it now up (i already get the 6.4 to work - it was my mistake, the build was successful, but the warning is irritating)
i also generate thekeystore with the url of the published tomcat container, its correct or not?
i renamed cas.war in ROOT.war for direct access to the container, as single host, but i only get a 404 error
i used tomcat 8.5 for this
apascuag
@apascuag

hi,

I'm still trying to use the functionality of cas-management 6.3.x

At the moment version 6.3.4 has errors in the "attribute release" and "access strategy" tabs. Version 6.3.5-SNAPSHOT, fixes this, but overrides the troubleshooting in the "properties" tab, Fixed error with authn policies tab # 194

Someone could help me solve or contribute to the solution of this.

Rishabh Ohri
@rohri_gitlab
In Cas version 6.4.0 RestAuthenticationHandler class is unable to deserialize the user attributes returned from a Rest Call. The rest call returns serialized SimplePrincipal in JSON format wiht id and attributes in key value pairs. When CAS tries to deserialize - Principal principalFromRest = (Principal)MAPPER.readValue(result, Principal.class); it throws exception - Could not resolve subtype of [map type; class java.util.Map, [simple type, class java.lang.String] -> [collection type; class java.util.List, contains [simple type, class java.lang.Object]]]: missing type id property '@class' (for POJO property 'attributes')
3 replies
springnirps
@springnirps
Trying to setup a webflow 1) do action classes need to be set in spring.factories or do use a package scan somehow? I tried to add to spring.factories but action is not executing. I do see my flow configuration doInit executing.
Ajtak
@Ajtak
Hi. CAS war not working on Tomcat 10.0.10, will it work later?
Hello
I am new to apereo I followed this tutorial (https://www.esup-portail.org/wiki/pages/viewpage.action?pageId=972292097) but when compiling it fails every time. who can share a good tutorial on CAS 6X with LDAP authentication please.
2 replies
Łukasz
@lgwozniak
Hi, do You know why url /oauth2.0/accessToken is protected with Basic auth ?
i'm using 6.3 version
Łukasz
@lgwozniak
I found a problem. We use oauth2.0 with PKCE and it requires client_secret. @mmoayyed do You know why it is required ?
Wesley Conley
@waconley
We are working on a CAS integration with a vendor that is tying the initial SAML assertion with the asynchronous account creation. The NotOnOrAfter expires before the user has time to click the "create new account" button. While the vendor states this is a feature and not a bug, we are attempting to either remove the NotOnOrAfter value from both the saml2:SubjectConfirmationData and saml2:Conditions. The skipGeneratingSubjectConfirmationNotOnOrAfter property will remove the value from the saml2:SubjectConfirmationData element, but there does not appear to be a property for removing the value from saml2:Conditions. Is there a way to remove the NotOnOrAfter from saml2:Conditions or is there a way to extend the value out further into the future?
fddev
@fddev_twitter

Hi, we are using CAS 6.4.0 with GoogleAuthenticator Multi-Factor enabled, but every time we reboot CAS the tokens provided by the GoogleAuthenticator App for the users stops working.
This seems to be related to the secret for the specific couple user/device that CAS is not able to recover after reboot (the internal service endpoint 'gauthCredentialRepository' doesn't return it in response to a GET /{username} endpoint).

To reproduce this issue:

  1. Configure CAS for MF GoogleAuthenticator
  2. Login with a user
  3. Scan the code with GoogleAuthenticator App and complete the device association
  4. Login using credential and the token provided by the app --> OK
  5. Reboot CAS
  6. Login using credential and the token provided by the app --> KO Token not valid

We think this is a bug, but any help to resolve this critical issue will be appreciated.

1 reply
numitor73
@numitor73
Hi, I am migrating CAS 3.x to 5.3.16. In version 5.3.16 the AbstractAuthenticationManager class disappears. In my project I have a class that extends this and I would need to know if it can be replaced by another that comes in version 5.x. Thanks.
Quang Le
@quanglee

Hi guys, I am setting up the CAS version 6.3.6 via K8s . I just prepare the image in the Container Registry. The gradle.build is remain the same as I don't add any new dependencies. But I don't know why it keeps saying this error.
"WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanDefinitionStoreException: Failed to process import candidates for configuration class [org.apereo.cas.web.CasWebApplication]; nested exception is java.lang.IllegalStateException: Error processing condition on org.springframework.boot.actuate.autoconfigure.quartz.QuartzEndpointAutoConfiguration>"

Hope someone helps me! Much appreciated

Andrew Boehner
@Boehner
Any idea why I am not receiving a PGT after calling p3/serviceValidate in CAS6 after migrating from CAS5? I have a authorizedToReleaseProxyGrantingTicket and proxyPolicy set on the service.
Andrew Boehner
@Boehner
"proxyPolicy": {
"@class": "org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
"pattern": ".*"
},
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"authorizedToReleaseProxyGrantingTicket": true
}
Andrew Boehner
@Boehner
I see ERROR [org.apereo.cas.services.RegisteredServicePublicKeyCipherExecutor] - <No public key is defined for service [AbstractRegisteredService
But thought the pgtiou would be defined since the service doesnt include the publicKey.
Federico Tolomei
@s17t

Hello, I am using jasig 6.3 and I am trying customize it with the overlay. I m trying to override some bean with Java code but the gradle build is unable to compile due to missing symbols, even the most core symbols are missing in the compilation process (i.e. UsernamePasswordCredential from cas-server-core-authentication.

Is there something to tune in build.gradle to allow override java beans?

j-garmatter
@j-garmatter
Does anyone know what the implications of this line are:
INFO [org.apereo.cas.web.CasWebApplicationServletInitializer] - <The following profiles are active: standalone>
Łukasz
@lgwozniak
Cas check conifguration in /etc/cas/config
Sridhar
@sridharchalimeti
Hi, I am new to Apereo CAS. Is there any example project where CAS is configured with Micronaut client?
OmarApQz
@omaraparicio07
Hi, I am new to Apereo CAS. Is there any example project where CAS is configured with openid connect and ldap?
mixman68
@mixman68
Hi guys, did you already have this
2021-10-12 18:06:47,586 ERROR [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <NullPointerException> java.lang.NullPointerException: null at java.util.HashMap.putMapEntries(Unknown Source) ~[?:?] at java.util.HashMap.putAll(Unknown Source) ~[?:?]
insky2005
@insky2005
hello. any body knows, how to use an access_token with oauth2 client_credentials to load profile?
1 reply
insky2005
@insky2005
I use cas 5.3.x
lexoio
@lexoio
hi, i want to install cas password management, well ive follow the instruction, but what url to the password management page??
lexoio
@lexoio
or what parameter i should add to cas.properties?
psevestre
@psevestre

Hi, I'm using the CAS (6.3.5) OIDC module and a REST authentication backend. It's working fine, but now I'd like to provide a better error explanation when using the "password grant" workflow. The REST backend is returning different 4xx codes according to the specific situation (invalid credentials, expired password, etc). However, this information is lost somewhere inside the authentication request, resulting in just a generic 401 error code.

Is there a way to customize the "unauthorized" message so it includes a message (or message key) related to the actual exception thrown by the backend provider ?

Mary BlackBonnet
@marybba:matrix.org
[m]
help! is someting wrong with CAS or did i get kicked out of school?
qxunio
@qxunio
In order to include custom Java source, it should be included under a src/main/java directory in the overlay project source tree.
but Page Not Found
what should I do
image.png
qxunio
@qxunio
I am new to Apereo CAS, help help help
Kelly Stobert
@kstobert_gitlab
Good afternoon, I was wondering if anyone has run into issues with the Capslock check being stuck "on". On our login page, no matter what the capslock setting is, the "CAPSLOCK key is turned on!" message is displayed. This happened after we ran a gradlew clean build. We're running 6.3.5
joson
@joson
Hi all. I'm using the CAS(5.3.16) and cas-template-overlay, And then got an bootstrap exception as below:
Caused by: java.lang.VerifyError: class org.apereo.cas.web.view.ChainingTemplateViewResolver overrides final method initialize.()V
joson
@joson
I've read the source code of ChainingTemplateViewResolver on cas-5.3.x. But there is no super.initialize method overrided as the message mentioned above. Which superclass's method had been overrided in fact?
joson
@joson
Hi, I've fixed my problem. The superclass of ChainingTemplateViewResolver is AbstractConfigurableTemplateResolver, from thymeleaf, version 3.0.11.RELEASE required. But I had given the release 2.x instead.
Michry-BBN
@BbnMichry_twitter

hi i install CAS 6.5 snapshot and i configure the LDAP authentication like this but i can't connexion with ldap users (ubuntu 20.04)
apt install tomcat9 tomcat9-admin tomcat9-user openjdk-11-jdk openjdk-11-jre maven build-essential git -y
echo "JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64/" >> /etc/environment
source /etc/environment
add this line /etc/default/tomcat9
JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64

add these lines /etc/tomcat9/tomcat-users.xml

<role rolename="admin-gui"/>

<user username="admin" password="passer" roles="manager-gui,admin-gui"/>
systemctl restart tomcat9
keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore cas.keystore
complete questions...
mv cas.keystore /etc/tomcat9/

add these lines /etc/tomcat9/server.xml

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/etc/tomcat7/cas.keystore" keystorePass="123456" />
service tomcat9 restart

cd /opt/
git clone https://github.com/apereo/cas-overlay-template

cd cas-overlay-template
add this line in build.gradle
dependencies {
// Add modules in format compatible with overlay casModules property
if (project.hasProperty("casModules")) {
def dependencies = project.getProperty("casModules").split(",")
dependencies.each {
def projectsToAdd = rootProject.subprojects.findAll {project ->
project.name == "cas-server-core-${it}" || project.name == "cas-server-support-${it}"
}
projectsToAdd.each {implementation it}
}
}
// CAS dependencies/modules may be listed here statically...

//i only add this line
implementation "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"

add these lines in cas.properties
cas.server.name=https://192.168.1.6:8443

#######mes mes ajouts

cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldap://192.168.1.6:389
cas.authn.ldap[0].baseDn=dc=retel,dc=sn
cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].bindDn=cn=admin,dc=retel,dc=sn
cas.authn.ldap[0].bindCredential=passer
cas.authn.ldap[0].principalAttributeId=uid

cas.authn.ldap[0].principalAttributePassword=password

########## fin ajout

cd /opt/cas-overlay-template
./gradlew clean

success
./gradlew clean copyCasConfiguration build

success
./gradlew createKeystore

success
cp /opt/cas-overlay-template/build/libs/cas.war /var/lib/tomcat9/webapps/

systemctl restart tomcat9.service

https://192.168.1.6:8443/cas i have the web interface
but connexion with ldap users failed

slapcat
617ea503 /etc/ldap/slapd.conf: line 103: rootdn is always granted unlimited privileges.
617ea503 /etc/ldap/slapd.conf: line 120: rootdn is always granted unlimited privileges.
dn: dc=retel,dc=sn
objectClass: top
objectClass: dcObject
objectClass: organization
o: retel.sn
dc: retel
structuralObjectClass: organization
entryUUID: 5d28ef16-ce92-103b-941c-010debc66135
creatorsName: cn=admin,dc=retel,dc=sn
createTimestamp: 20211031123232Z
entryCSN: 20211031123232.443947Z#000000#000#000000
modifiersName: cn=admin,dc=retel,dc=sn
modifyTimestamp: 20211031123232Z

dn: cn=admin,dc=retel,dc=sn
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9bnRBeUlGVlQyYU4wSzE1cnVUZ01UMUs2TjhIcVB2VmI=
structuralObjectClass: organizationalRole
entryUUID: 5d2ae1a4-ce92-103b-941d-010debc66135
creatorsName: cn=admin,dc=retel,dc=sn
createTimestamp: 20211031123232Z
entryCSN: 20211031123232.456707Z#000000#000#000000
modifiersName: cn=admin,dc=retel,dc=sn
modifyTimestamp: 20211031123232Z

dn: ou=people,dc=retel,dc=sn
objectClass: organizationalUnit
ou: people
structuralObjectClass: organizationalUnit
entryUUID: 67503832-ce92-103b-8113-ed77ac459179
creatorsName: cn=admin,dc=retel,dc=sn
createTimestamp: 20211031123249Z
entryCSN: 20211031123249.478623Z#000000#000#000000
modifiersName: cn=admi

mijutu
@mijutu:ellipsis.fi
[m]
@BbnMichry_twitter: I have this in my cas config:
cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
reason for it is
https://www.mail-archive.com/cas-user@apereo.org/msg08477.html
I'm not sure if that is a problem anymore in 6.5
Michry-BBN
@BbnMichry_twitter
@mijutu:ellipsis.fi i think the problem is the version 6.5 i success it with 6.4 and 6.3 with same config
lexoio
@lexoio
ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] - <Forwarding to error page from request [/login] due to exception [Exception thrown executing org.apereo.cas.pm.web.flow.actions.SendPasswordResetInstructionsAction@2adfdb23 in state 'sendPasswordResetInstructions' of flow 'login' -- action execution attributes were 'map[[empty]]']>
i face this error and only this error no other warn
i use ldaps