Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 04:06

    mmoayyed on master

    display attribute consent recor… add tests for oauth uma resourc… documentation updates and 2 more (compare)

  • May 16 15:25

    mmoayyed on 6.5.x

    Update tomcat (compare)

  • May 15 13:29

    mmoayyed on 6.5.x

    fix: attribute encoder fails wi… (compare)

  • May 15 13:28

    mmoayyed on master

    fix build support webauthn devices for ac… deprecate digest and fortress m… and 4 more (compare)

  • May 13 16:15

    mmoayyed on 6.5.x

    Fix null issuer for JWS/JWE on … (compare)

  • May 13 16:15
    mmoayyed closed #5467
  • May 13 16:02

    mmoayyed on master

    use proper beans for attribute … minor formatting fixes fix issue with attribute encodi… (compare)

  • May 13 15:05

    mmoayyed on 6.5.x

    fix issue with attribute encodi… (compare)

  • May 13 12:12

    mmoayyed on master

    move registered service fields … allow saml2 sign responses to b… support rest-based policy for p… and 4 more (compare)

  • May 13 09:47
    apereocas-bot labeled #5467
  • May 13 09:47
    apereocas-bot labeled #5467
  • May 13 09:47
    apereocas-bot milestoned #5467
  • May 13 09:47
    apereocas-bot labeled #5467
  • May 13 09:46
    apereocas-bot labeled #5467
  • May 13 09:46
    leleuj commented #5464
  • May 13 09:46
    leleuj opened #5467
  • May 13 08:21
    mmoayyed commented #5464
  • May 13 07:24
    leleuj commented #5464
  • May 13 07:07

    mmoayyed on master

    Fix issuer null for JWS/JWE on … (compare)

  • May 13 07:07
    mmoayyed closed #5464
Łukasz
@lgwozniak
Hi, do You know why url /oauth2.0/accessToken is protected with Basic auth ?
i'm using 6.3 version
Łukasz
@lgwozniak
I found a problem. We use oauth2.0 with PKCE and it requires client_secret. @mmoayyed do You know why it is required ?
Wesley Conley
@waconley
We are working on a CAS integration with a vendor that is tying the initial SAML assertion with the asynchronous account creation. The NotOnOrAfter expires before the user has time to click the "create new account" button. While the vendor states this is a feature and not a bug, we are attempting to either remove the NotOnOrAfter value from both the saml2:SubjectConfirmationData and saml2:Conditions. The skipGeneratingSubjectConfirmationNotOnOrAfter property will remove the value from the saml2:SubjectConfirmationData element, but there does not appear to be a property for removing the value from saml2:Conditions. Is there a way to remove the NotOnOrAfter from saml2:Conditions or is there a way to extend the value out further into the future?
fddev
@fddev_twitter

Hi, we are using CAS 6.4.0 with GoogleAuthenticator Multi-Factor enabled, but every time we reboot CAS the tokens provided by the GoogleAuthenticator App for the users stops working.
This seems to be related to the secret for the specific couple user/device that CAS is not able to recover after reboot (the internal service endpoint 'gauthCredentialRepository' doesn't return it in response to a GET /{username} endpoint).

To reproduce this issue:

  1. Configure CAS for MF GoogleAuthenticator
  2. Login with a user
  3. Scan the code with GoogleAuthenticator App and complete the device association
  4. Login using credential and the token provided by the app --> OK
  5. Reboot CAS
  6. Login using credential and the token provided by the app --> KO Token not valid

We think this is a bug, but any help to resolve this critical issue will be appreciated.

1 reply
numitor73
@numitor73
Hi, I am migrating CAS 3.x to 5.3.16. In version 5.3.16 the AbstractAuthenticationManager class disappears. In my project I have a class that extends this and I would need to know if it can be replaced by another that comes in version 5.x. Thanks.
Quang Le
@quanglee

Hi guys, I am setting up the CAS version 6.3.6 via K8s . I just prepare the image in the Container Registry. The gradle.build is remain the same as I don't add any new dependencies. But I don't know why it keeps saying this error.
"WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanDefinitionStoreException: Failed to process import candidates for configuration class [org.apereo.cas.web.CasWebApplication]; nested exception is java.lang.IllegalStateException: Error processing condition on org.springframework.boot.actuate.autoconfigure.quartz.QuartzEndpointAutoConfiguration>"

Hope someone helps me! Much appreciated

Andrew Boehner
@Boehner
Any idea why I am not receiving a PGT after calling p3/serviceValidate in CAS6 after migrating from CAS5? I have a authorizedToReleaseProxyGrantingTicket and proxyPolicy set on the service.
Andrew Boehner
@Boehner
"proxyPolicy": {
"@class": "org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
"pattern": ".*"
},
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"authorizedToReleaseProxyGrantingTicket": true
}
Andrew Boehner
@Boehner
I see ERROR [org.apereo.cas.services.RegisteredServicePublicKeyCipherExecutor] - <No public key is defined for service [AbstractRegisteredService
But thought the pgtiou would be defined since the service doesnt include the publicKey.
Federico Tolomei
@s17t

Hello, I am using jasig 6.3 and I am trying customize it with the overlay. I m trying to override some bean with Java code but the gradle build is unable to compile due to missing symbols, even the most core symbols are missing in the compilation process (i.e. UsernamePasswordCredential from cas-server-core-authentication.

Is there something to tune in build.gradle to allow override java beans?

j-garmatter
@j-garmatter
Does anyone know what the implications of this line are:
INFO [org.apereo.cas.web.CasWebApplicationServletInitializer] - <The following profiles are active: standalone>
Łukasz
@lgwozniak
Cas check conifguration in /etc/cas/config
Sridhar
@sridharchalimeti
Hi, I am new to Apereo CAS. Is there any example project where CAS is configured with Micronaut client?
OmarApQz
@omaraparicio07
Hi, I am new to Apereo CAS. Is there any example project where CAS is configured with openid connect and ldap?
mixman68
@mixman68
Hi guys, did you already have this
2021-10-12 18:06:47,586 ERROR [org.apereo.cas.support.saml.web.idp.profile.AbstractSamlIdPProfileHandlerController] - <NullPointerException> java.lang.NullPointerException: null at java.util.HashMap.putMapEntries(Unknown Source) ~[?:?] at java.util.HashMap.putAll(Unknown Source) ~[?:?]
insky2005
@insky2005
hello. any body knows, how to use an access_token with oauth2 client_credentials to load profile?
1 reply
insky2005
@insky2005
I use cas 5.3.x
lexoio
@lexoio
hi, i want to install cas password management, well ive follow the instruction, but what url to the password management page??
lexoio
@lexoio
or what parameter i should add to cas.properties?
psevestre
@psevestre

Hi, I'm using the CAS (6.3.5) OIDC module and a REST authentication backend. It's working fine, but now I'd like to provide a better error explanation when using the "password grant" workflow. The REST backend is returning different 4xx codes according to the specific situation (invalid credentials, expired password, etc). However, this information is lost somewhere inside the authentication request, resulting in just a generic 401 error code.

Is there a way to customize the "unauthorized" message so it includes a message (or message key) related to the actual exception thrown by the backend provider ?

Mary BlackBonnet
@marybba:matrix.org
[m]
help! is someting wrong with CAS or did i get kicked out of school?
qxunio
@qxunio
In order to include custom Java source, it should be included under a src/main/java directory in the overlay project source tree.
but Page Not Found
what should I do
image.png
qxunio
@qxunio
I am new to Apereo CAS, help help help
1 reply
Kelly Stobert
@kstobert_gitlab
Good afternoon, I was wondering if anyone has run into issues with the Capslock check being stuck "on". On our login page, no matter what the capslock setting is, the "CAPSLOCK key is turned on!" message is displayed. This happened after we ran a gradlew clean build. We're running 6.3.5
joson
@joson
Hi all. I'm using the CAS(5.3.16) and cas-template-overlay, And then got an bootstrap exception as below:
Caused by: java.lang.VerifyError: class org.apereo.cas.web.view.ChainingTemplateViewResolver overrides final method initialize.()V
joson
@joson
I've read the source code of ChainingTemplateViewResolver on cas-5.3.x. But there is no super.initialize method overrided as the message mentioned above. Which superclass's method had been overrided in fact?
joson
@joson
Hi, I've fixed my problem. The superclass of ChainingTemplateViewResolver is AbstractConfigurableTemplateResolver, from thymeleaf, version 3.0.11.RELEASE required. But I had given the release 2.x instead.
Michry-BBN
@BbnMichry_twitter

hi i install CAS 6.5 snapshot and i configure the LDAP authentication like this but i can't connexion with ldap users (ubuntu 20.04)
apt install tomcat9 tomcat9-admin tomcat9-user openjdk-11-jdk openjdk-11-jre maven build-essential git -y
echo "JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64/" >> /etc/environment
source /etc/environment
add this line /etc/default/tomcat9
JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64

add these lines /etc/tomcat9/tomcat-users.xml

<role rolename="admin-gui"/>

<user username="admin" password="passer" roles="manager-gui,admin-gui"/>
systemctl restart tomcat9
keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore cas.keystore
complete questions...
mv cas.keystore /etc/tomcat9/

add these lines /etc/tomcat9/server.xml

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/etc/tomcat7/cas.keystore" keystorePass="123456" />
service tomcat9 restart

cd /opt/
git clone https://github.com/apereo/cas-overlay-template

cd cas-overlay-template
add this line in build.gradle
dependencies {
// Add modules in format compatible with overlay casModules property
if (project.hasProperty("casModules")) {
def dependencies = project.getProperty("casModules").split(",")
dependencies.each {
def projectsToAdd = rootProject.subprojects.findAll {project ->
project.name == "cas-server-core-${it}" || project.name == "cas-server-support-${it}"
}
projectsToAdd.each {implementation it}
}
}
// CAS dependencies/modules may be listed here statically...

//i only add this line
implementation "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"

add these lines in cas.properties
cas.server.name=https://192.168.1.6:8443

#######mes mes ajouts

cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldap://192.168.1.6:389
cas.authn.ldap[0].baseDn=dc=retel,dc=sn
cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].bindDn=cn=admin,dc=retel,dc=sn
cas.authn.ldap[0].bindCredential=passer
cas.authn.ldap[0].principalAttributeId=uid

cas.authn.ldap[0].principalAttributePassword=password

########## fin ajout

cd /opt/cas-overlay-template
./gradlew clean

success
./gradlew clean copyCasConfiguration build

success
./gradlew createKeystore

success
cp /opt/cas-overlay-template/build/libs/cas.war /var/lib/tomcat9/webapps/

systemctl restart tomcat9.service

https://192.168.1.6:8443/cas i have the web interface
but connexion with ldap users failed

slapcat
617ea503 /etc/ldap/slapd.conf: line 103: rootdn is always granted unlimited privileges.
617ea503 /etc/ldap/slapd.conf: line 120: rootdn is always granted unlimited privileges.
dn: dc=retel,dc=sn
objectClass: top
objectClass: dcObject
objectClass: organization
o: retel.sn
dc: retel
structuralObjectClass: organization
entryUUID: 5d28ef16-ce92-103b-941c-010debc66135
creatorsName: cn=admin,dc=retel,dc=sn
createTimestamp: 20211031123232Z
entryCSN: 20211031123232.443947Z#000000#000#000000
modifiersName: cn=admin,dc=retel,dc=sn
modifyTimestamp: 20211031123232Z

dn: cn=admin,dc=retel,dc=sn
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9bnRBeUlGVlQyYU4wSzE1cnVUZ01UMUs2TjhIcVB2VmI=
structuralObjectClass: organizationalRole
entryUUID: 5d2ae1a4-ce92-103b-941d-010debc66135
creatorsName: cn=admin,dc=retel,dc=sn
createTimestamp: 20211031123232Z
entryCSN: 20211031123232.456707Z#000000#000#000000
modifiersName: cn=admin,dc=retel,dc=sn
modifyTimestamp: 20211031123232Z

dn: ou=people,dc=retel,dc=sn
objectClass: organizationalUnit
ou: people
structuralObjectClass: organizationalUnit
entryUUID: 67503832-ce92-103b-8113-ed77ac459179
creatorsName: cn=admin,dc=retel,dc=sn
createTimestamp: 20211031123249Z
entryCSN: 20211031123249.478623Z#000000#000#000000
modifiersName: cn=admi

mijutu
@mijutu:ellipsis.fi
[m]
@BbnMichry_twitter: I have this in my cas config:
cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
reason for it is
https://www.mail-archive.com/cas-user@apereo.org/msg08477.html
I'm not sure if that is a problem anymore in 6.5
Michry-BBN
@BbnMichry_twitter
@mijutu:ellipsis.fi i think the problem is the version 6.5 i success it with 6.4 and 6.3 with same config
lexoio
@lexoio
ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] - <Forwarding to error page from request [/login] due to exception [Exception thrown executing org.apereo.cas.pm.web.flow.actions.SendPasswordResetInstructionsAction@2adfdb23 in state 'sendPasswordResetInstructions' of flow 'login' -- action execution attributes were 'map[[empty]]']>
i face this error and only this error no other warn
i use ldaps
what makes this error??
Michry-BBN
@BbnMichry_twitter
Hi i try to build cas.war with gradle but i always have error failed

i have add these lines
dependencies {
// Add modules in format compatible with overlay casModules property
if (project.hasProperty("casModules")) {
def dependencies = project.getProperty("casModules").split(",")
dependencies.each {
def projectsToAdd = rootProject.subprojects.findAll {project ->
project.name == "cas-server-core-${it}" || project.name == "cas-server-support-${it}"
}
projectsToAdd.each {implementation it}
}
}
// CAS dependencies/modules may be listed here statically...

implementation "org.apereo.cas:cas-server-webapp-init:${casServerVersion}"
implementation "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}"

}
they dont know casServerVersion only ${project.'casversion'} works

Michry-BBN
@BbnMichry_twitter
image.png
Hi How to fix this problem????
Łukasz
@lgwozniak

image.png

You must register service to be able to autorize with CAS

Question. Can I override RegexRegisteredService with my own implementation as a template ?
Michry-BBN
@BbnMichry_twitter
@lgwozniak yes but how to do it?
Łukasz
@lgwozniak
https://apereo.github.io/cas/6.3.x/services/JSON-Service-Management.html#json-service-registry
habib-halaoui
@habib-halaoui

Hello,

I have a web application which uses for the react js front part and the symfony backend and a cas sso authentication server.
I have configured react to authenticate with case and the backend part also configured with case. The user is authenticated on both applications. But the problem that I can not use the api rest of the backend because it is not recognized that it is connected to because via axios http requests.
I saw that it was necessary to set up a proxy case.
Do you have any information on this use case and how to do it?
Does your example take into account the proxy case?
This link details the API call in case.
https://apereo.github.io/cas/5.0.x/installation/Configuring-Proxy-Authentication.html
Regards

Ripplet
@ripplet:matrix.org
[m]
Hello everyone, I'm trying to implement SSO in a java application. I've tried getting the service ticket expiration date in the xml response to serviceValidate, but with no success. And I've seen that the "validUntilDate" in the assertion always gets set to null in the costructur. Why is it there then? Thank you for the help