Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
  • 00:03
    codecov[bot] commented #5487
  • 00:01
    codecov[bot] commented #5487
  • Jul 02 23:46
    codecov[bot] commented #5487
  • Jul 02 23:43
    codecov[bot] commented #5487
  • Jul 02 23:41
    codecov[bot] commented #5487
  • Jul 02 23:36
    codecov[bot] commented #5487
  • Jul 02 23:34
    codecov[bot] commented #5487
  • Jul 02 23:33
    codecov[bot] commented #5487
  • Jul 02 23:32
    codecov[bot] commented #5487
  • Jul 02 23:31
    codecov[bot] commented #5487
  • Jul 02 23:30
    codecov[bot] commented #5487
  • Jul 02 23:28
    codecov[bot] commented #5487
  • Jul 02 23:25
    codecov[bot] commented #5487
  • Jul 02 23:24
    codecov[bot] commented #5487
  • Jul 02 23:22
    codecov[bot] commented #5487
  • Jul 02 23:20
    codecov[bot] commented #5487
  • Jul 02 23:18
    codecov[bot] commented #5487
  • Jul 02 23:16
    codecov[bot] commented #5487
  • Jul 02 23:14
    codecov[bot] commented #5487
  • Jul 02 23:10
    codecov[bot] commented #5487
Wendel Schultz
java.lang.reflect.InaccessibleObjectException: Unable to make public long com.sun.management.internal.OperatingSystemImpl.getOpenFileDescriptorCount() accessible: module jdk.management does not "opens com.sun.management.internal" to unnamed module
Alternatively, upgrading the io.dropwizard.metrics libraries to 4.0.x can also address this. Is this an option running on Spring Boot 1.5.8 ?
Wendel Schultz
Can I change server prefix to empty?
Example, after build-run my service run on https://localhost:8443/cas I can to remove /cas keep https://localhost:8443/.
Had try to update cas.server.prefix but not working :(
1 reply
Francois Hervet
Hello ! Regarding log4j2 security vulnerability, we want to upgrade to the latest CAS version ( But the problem is that the dependency seems to not be present on Maven Central, we cannot find it... Can you help please?
i have same error to @choidkdk , but i have docker-compose and i use cas-overlay-template/tree/6.3 .
this error happens when I use 'docker-compose build'.
I will not install openjdk because I am in a container .
thanks for your help
Building cas
Step 1/20 : FROM adoptopenjdk/openjdk11:alpine-slim AS overlay
 ---> 68d79b94d8b9
Step 2/20 : RUN mkdir -p cas-overlay
 ---> Using cache
 ---> 2fbf67e30ccc
Step 3/20 : COPY ./src cas-overlay/src/
 ---> 492ae4217531
Step 4/20 : COPY ./gradle/ cas-overlay/gradle/
 ---> d44ca8ef2c0e
Step 5/20 : COPY ./gradlew ./settings.gradle ./build.gradle ./gradle.properties /cas-overlay/
 ---> 6c0d5aaa1d06
Step 6/20 : RUN mkdir -p ~/.gradle     && echo "org.gradle.daemon=false" >> ~/.gradle/gradle.properties     && echo "org.gradle.configureondemand=true" >> ~/.gradle/gradle.properties     && cd cas-overlay     && chmod 750 ./gradlew     && ./gradlew --version;
 ---> Running in 17e37e5f3ced
Downloading https://services.gradle.org/distributions/gradle-7.3.1-bin.zip

Welcome to Gradle 7.3.1!

Here are the highlights of this release:
 - Easily declare new test suites in Java projects
 - Support for Java 17
 - Support for Scala 3

For more details see https://docs.gradle.org/7.3.1/release-notes.html

Gradle 7.3.1

Build time:   2021-12-01 15:42:20 UTC
Revision:     2c62cec93e0b15a7d2cd68746f3348796d6d42bd

Kotlin:       1.5.31
Groovy:       3.0.9
Ant:          Apache Ant(TM) version 1.10.11 compiled on July 10 2021
JVM:          11.0.8 (AdoptOpenJDK 11.0.8+10)
OS:           Linux 4.18.0-348.2.1.el8_5.x86_64 amd64

Removing intermediate container 17e37e5f3ced
 ---> f0df1a5519e8
Step 7/20 : RUN cd cas-overlay     && ./gradlew clean build --parallel --no-daemon;
 ---> Running in 89755da20e71
To honour the JVM settings for this build a single-use Daemon process will be forked. See https://docs.gradle.org/7.3.1/userguide/gradle_daemon.html#sec:disabling_the_daemon.
Daemon will be stopped at the end of the build 
Configuration on demand is an incubating feature.
> Task :clean
> Task :extractCasBootWarOverlay
> Task :bootBuildInfo
> Task :generateMainEffectiveLombokConfig1
> Task :checkLombokConfig
> Task :compileJava FAILED

Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

See https://docs.gradle.org/7.3.1/userguide/command_line_interface.html#sec:command_line_warnings
6 actionable tasks: 6 executed

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':compileJava'.
> error: release version 11 not supported

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.

* Get more help at https://help.gradle.org

hello!, we update from 6.4.0 to 6.4.4 due to log4shell cas config working well but we have this error when return fron azureAD delegated auth, any thoughs?
java.lang.IllegalAccessError: class org.pac4j.oidc.profile.creator.OidcProfileCreator tried to access protected method 'void com.nimbusds.oauth2.sdk.ProtectedResourceRequest.<init>(java.net.URI, com.nimbusds.oauth2.sdk.token.AccessToken)' (org.pac4j.oidc.profile.creator.OidcProfileCreator and com.nimbusds.oauth2.sdk.ProtectedResourceRequest are in unnamed module of loader org.springframework.boot.loader.LaunchedURLClassLoader @277050dc)
    at org.pac4j.oidc.profile.creator.OidcProfileCreator.create(OidcProfileCreator.java:94)
    at org.pac4j.core.client.BaseClient.retrieveUserProfile(BaseClient.java:126)
    at org.pac4j.core.client.BaseClient.getUserProfile(BaseClient.java:105)
    at org.apereo.cas.support.pac4j.authentication.handler.support.DelegatedClientAuthenticationHandler.doAuthentication(DelegatedClientAuthenticationHandler.java:78)
    at org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:44)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

Hello I'm using CAS 6.4.2 (log4j 2.14.1) i rebuilding the project and i add these lines

-- add to build.gradle dependencies section

implementation "org.apache.logging.log4j:log4j-api:2.16.0"
implementation "org.apache.logging.log4j:log4j-core:2.16.0"
implementation "org.apache.logging.log4j:log4j-jcl:2.16.0"
implementation "org.apache.logging.log4j:log4j-jul:2.16.0"
implementation "org.apache.logging.log4j:log4j-web:2.16.0"
implementation "org.apache.logging.log4j:log4j-slf4j18-impl:2.16.0"

-- add to the end of build.gradle

bootWar {
entryCompression = ZipEntryCompression.STORED
overlays {
cas {
from "org.apereo.cas:cas-server-webapp${project.appServer}:${casServerVersion}@war"
provided = false
excludes = ["WEB-INF/lib/log4j2.12..jar","WEB-INF/lib/log4j2.14..jar"]

the buid is OK successfull so i want to know if my CAS use log4j2.16 now and how to verify it????
unzip -l cas.war | grep log4
Should only contain 2.16.0
Thank @rafiek but it's always 2.14
it's ok i juste want to copy the new cas.war
Hello guys i just install cas for remove log4j vulnability so i want to customize my CAS login view et logout view any idea ou suggestion please
Gandhi Reddy P

Hi, We are currently using 6.3.2 version of CAS. To fix the log4j Vulnerability, we have upgraded the cas version to After updating the version, we are facing the below issue

> Could not resolve all files for configuration ':casBootWarOverlay'.
   > Could not resolve org.apereo.cas:cas-server-webapp-tomcat:
     Required by:
         project :
      > Cannot choose between the following variants of org.apereo.cas:cas-server-webapp-tomcat:
          - master
          - samplessources
        All of them match the consumer attributes:
          - Variant 'master' capability org.apereo.cas:cas-server-webapp-tomcat:
              - Unmatched attributes:
                  - Provides org.gradle.status 'release' but the consumer didn't ask for it
                  - Provides org.gradle.usage 'java-runtime' but the consumer didn't ask for it
          - Variant 'samplessources' capability org.apereo.cas:cas-server-webapp-tomcat:
              - Unmatched attributes:
                  - Provides org.gradle.category 'documentation' but the consumer didn't ask for it
                  - Provides org.gradle.docstype 'samplessources' but the consumer didn't ask for it
                  - Provides org.gradle.status 'release' but the consumer didn't ask for it

As per the gradle documentation, looks like there are multiple variants. Can you please help me to resolve this issue?

1 reply
Pavel Horal
Hello, is there a way to disable "forgotten username" feature while leaving "reset password"? To me it seems that there is no toggle nor any easy way how to have only reset password.
(working with the newest CAS release)
hello, I am completely lost within the Apereo helpfile system. It contains so many looping links to identical pages that I have been reading the same pages for about 2,5 hours now.
There seems to be a possibility to run the war as a linux service: https://apereo.github.io/cas/6.4.x/installation/Configuring-Deployment-System-Service.html
But trying to find or build this WAR results in a bunch of files that want to create a docker machine on my virtual server and I don't want that.
Vaibhav Narula
Hi While upgrading the cas from 6.1.7 to we are seeing a issue where oidc 2022-01-10 22:30:38,625 TRACE [org.apereo.cas.oidc.util.OidcRequestSupport] - <Configured issuer [http://example.com] defined does not match the request issuer [http://local:8080/cas/oidc]>
2022-01-10 22:30:38,625 WARN [org.apereo.cas.oidc.web.controllers.discovery.OidcWellKnownEndpointController] - <Unable to accept request; issuer for endpoint [.well-known] is invalid>
Even on local we notice if no oidc config is provide it default to 8080 and not sue the tomcat port or the cas config.
whenever authentication flow fails due to invalid credentials, CAS returns HTTP status 401 with login page. Is there any way by which we can return HTTP status 200 for such cases?Because HTTP status 401 caused a monitoring alarm, I had to find a way to change it to HTTP status 200.
Luis Panadero Guardeño
Hey! Nobody noticed that the last version of CAS client for Java, its build for Java 8, but have a dependency to JAXB 2.3.1 that its for Java 9 ?
Also, the READMED should clarify what version of Java it's being supported.
cas-overlay-template( is not copying resources to the final generated build with gradlew.bat build. Only customizations are packed and all other html pages are not in final build
did anyone have issues?
never mind.. found out the problem.. I needed thymeleaf theme dependency
Luis Panadero Guardeño

Hey! Nobody noticed that the last version of CAS client for Java, its build for Java 8, but have a dependency to JAXB 2.3.1 that its for Java 9 ?
Also, the READMED should clarify what version of Java it's being supported.

Anyone could annotate this on the issues system that you are using ? I would liked to do this, but I don't see that I could done on GitHub repo, and I don't see a Jira o r Mantis to do it.

Hi guys
i have an issue with CAS 6.4.4, when i login into saml sp, cas will release all auth attributes + allowed, why ?
I put
attributeReleasePolicy: !<org.apereo.cas.services.ReturnMappedAttributeReleasePolicy>
  allowedAttributes: !<java.util.TreeMap>
    mail: !<java.util.ArrayList>
    - "mail"
  principalAttributesRepository: !<org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository>
    attributeRepositoryIds: !<java.util.HashSet>
    - "*"
  consentPolicy: !<org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy>
    status: "FALSE"
  excludeDefaultAttributes: true
  authorizedToReleaseAuthenticationAttributes: false
I am in the process of setting up two CAS servers with the same DNS rrcas.mydomain.com and the IP addresses are and Each CAS marks in isolation but if I activate the NGINX for both I have a ticket issue I would like to know how to configure Hazelcast (or another) to respond to the ticket issue.
if someone has already configure hazelcast or High Avalaibility CAS cluster please i need some help
Marc K.
Hey guys, i got a strange problem trying to activate acceptable-usage-policy with jdbc in - After LDAP User XXX logging in, they have to accept the policy. On "ACCEPT" they'll loop on this site. Logs showing no "aupAccepted"-Attribute but attribute with value "true" is written to database - even if there is no entry for the user. When working with enabled Caching for Attribute-Repository there will be a value "1" for aupAccepted but this looks like not or wrong converted to boolean, as aup is showing "NOT ACCEPTED. Anyone else with similar issue?!
when i try to run cas 6.4.5 in standalone mode, and try to force it read config file /etc/cas/config/cas.properties like this: java -jar -Dcas.standalone.configurationDirectory=/etc/cas/config ./build/libs/cas.war
it seems not working
hey guys, does someone meet same problem?
sorry wrong questions, the log shows it works, but when i tried to modify cas.server.name and cas.server.prefix options, it is not working~
Is anyone running into an issue where SAML services are not releasing any attributes in 6.5-SNAPSHOT? We're preparing our QA environment and noticed it pretty early in testing. CAS protocol attribute releases appear to be fine.

Could someone expand on the impact & purpose of this configuration?


The CAS Server scope. <--(only documentation found)


For 6.4x -> 6.5-SNAPSHOT we're trying to identify the following issue:

2022-02-03 12:19:54,805 -0700 WARN [io.netty.bootstrap.Bootstrap] - <Failed to set channel option 'CONNECT_TIMEOUT_MILLIS' with value '5000' for channel '[id: 0xf39d1e89]'>

This appears to break LDAP connection for the service registry.

We've also seen a few parameters change formatting in docs, but don't necessarily error/warn in the container, so it seems confusing to debug at the moment.

1 reply
Apparently 6.5 now displays all internal attributes on the login page to the user... "Principal" & "Authentication" (internal attributes here) where would one identify how to disable that?
Hi guys
i have haproxy and 2 nodes CAS but something i have this error : login?exception.message=Error+decoding+flow+execution HTTP/1.1" how to fix it (i use hazelcast)
Hi, i'm using CAS any one got a problem with REST Service Registry. When putting there OauthService ? CAs Response for me with Deserialziation problem
Caused by: com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize value of type java.lang.String from Array value (token JsonToken.START_ARRAY)
at [Source: UNKNOWN; line: -1, column: -1] (through reference chain: org.apereo.cas.support.oauth.services.OAuthRegisteredService["supportedGrantTypes"]->java.util.HashSet[1])
json is correct it work on normal json-service
Hello - I am new to CAS server. I am trying to integrate CAS management to CAS server but I am getting below error message.
Application Not Authorized to Use CAS
The application you attempted to authenticate to is not authorized to use CAS. This usually indicates that the application is not registered with CAS, or its authorization policy defined in its registration record prevents it from leveraging CAS functionality, or it's malformed and unrecognized by CAS. Contact your CAS administrator to learn how you might register and integrate your application with CAS.
I used below service configuration
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "https://localhost:8443/cas-management/",
"name" : "casManagement",
"id" : 1001,
"logoutType" : "BACK_CHANNEL",
"logoutUrl" : "https://localhost:8443/cas-management/logout"
1 reply