Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Aug 11 11:08

    mmoayyed on master

    support ldap throttling support expiration window for l… upgrade dependencies (compare)

  • Aug 10 04:16
    mmoayyed closed #5501
  • Aug 10 04:16

    mmoayyed on 6.5.x

    Handle multi use token for rese… (compare)

  • Aug 10 03:44

    mmoayyed on master

    fix build failures fix tests (compare)

  • Aug 10 03:38
    apereocas-bot labeled #5501
  • Aug 10 03:38
    apereocas-bot unlabeled #5501
  • Aug 10 03:38
    apereocas-bot commented #5501
  • Aug 10 03:38
    mmoayyed commented #5501
  • Aug 09 14:42
    CLAassistant commented #5501
  • Aug 09 14:42
    apereocas-bot labeled #5501
  • Aug 09 14:42
    apereocas-bot labeled #5501
  • Aug 09 14:42
    apereocas-bot labeled #5501
  • Aug 09 14:42
    apereocas-bot milestoned #5501
  • Aug 09 14:42
    apereocas-bot labeled #5501
  • Aug 09 14:42
    apereocas-bot labeled #5501
  • Aug 09 14:42
    leleuj opened #5501
  • Aug 09 09:18

    mmoayyed on master

    Handle multi use token for rese… (compare)

  • Aug 09 09:18
    mmoayyed closed #5499
  • Aug 09 09:18
    codecov[bot] commented #5499
  • Aug 09 09:18
    codecov[bot] commented #5499
Rafiek
@rafiek
unzip -l cas.war | grep log4
Should only contain 2.16.0
Michry-BBN
@BbnMichry_twitter
Thank @rafiek but it's always 2.14
it's ok i juste want to copy the new cas.war
Michry-BBN
@BbnMichry_twitter
Hello guys i just install cas 6.4.4.1 for remove log4j vulnability so i want to customize my CAS login view et logout view any idea ou suggestion please
Gandhi Reddy P
@gandhireddy

Hi, We are currently using 6.3.2 version of CAS. To fix the log4j Vulnerability, we have upgraded the cas version to 6.3.7.4. After updating the version, we are facing the below issue

> Could not resolve all files for configuration ':casBootWarOverlay'.
   > Could not resolve org.apereo.cas:cas-server-webapp-tomcat:6.3.7.4.
     Required by:
         project :
      > Cannot choose between the following variants of org.apereo.cas:cas-server-webapp-tomcat:6.3.7.4:
          - master
          - samplessources
        All of them match the consumer attributes:
          - Variant 'master' capability org.apereo.cas:cas-server-webapp-tomcat:6.3.7.4:
              - Unmatched attributes:
                  - Provides org.gradle.status 'release' but the consumer didn't ask for it
                  - Provides org.gradle.usage 'java-runtime' but the consumer didn't ask for it
          - Variant 'samplessources' capability org.apereo.cas:cas-server-webapp-tomcat:6.3.7.4:
              - Unmatched attributes:
                  - Provides org.gradle.category 'documentation' but the consumer didn't ask for it
                  - Provides org.gradle.docstype 'samplessources' but the consumer didn't ask for it
                  - Provides org.gradle.status 'release' but the consumer didn't ask for it

As per the gradle documentation, looks like there are multiple variants. Can you please help me to resolve this issue?

1 reply
Pavel Horal
@pavelhoral
Hello, is there a way to disable "forgotten username" feature while leaving "reset password"? To me it seems that there is no toggle nor any easy way how to have only reset password.
(working with the newest CAS release)
infinity202
@infinity202
hello, I am completely lost within the Apereo helpfile system. It contains so many looping links to identical pages that I have been reading the same pages for about 2,5 hours now.
There seems to be a possibility to run the war as a linux service: https://apereo.github.io/cas/6.4.x/installation/Configuring-Deployment-System-Service.html
But trying to find or build this WAR results in a bunch of files that want to create a docker machine on my virtual server and I don't want that.
Vaibhav Narula
@VaibhavNarula8_twitter
Hi While upgrading the cas from 6.1.7 to 6.4.4.2 we are seeing a issue where oidc 2022-01-10 22:30:38,625 TRACE [org.apereo.cas.oidc.util.OidcRequestSupport] - <Configured issuer [http://example.com] defined does not match the request issuer [http://local:8080/cas/oidc]>
2022-01-10 22:30:38,625 WARN [org.apereo.cas.oidc.web.controllers.discovery.OidcWellKnownEndpointController] - <Unable to accept request; issuer for endpoint [.well-known] is invalid>
Even on local we notice if no oidc config is provide it default to 8080 and not sue the tomcat port or the cas config.
beermedlar
@beermedlar
whenever authentication flow fails due to invalid credentials, CAS returns HTTP status 401 with login page. Is there any way by which we can return HTTP status 200 for such cases?Because HTTP status 401 caused a monitoring alarm, I had to find a way to change it to HTTP status 200.
Luis Panadero Guardeño
@Zardoz89
Hey! Nobody noticed that the last version of CAS client for Java, its build for Java 8, but have a dependency to JAXB 2.3.1 that its for Java 9 ?
Also, the READMED should clarify what version of Java it's being supported.
pvemi
@vphanibhushanreddy
cas-overlay-template(6.4.4.2) is not copying resources to the final generated build with gradlew.bat build. Only customizations are packed and all other html pages are not in final build
did anyone have issues?
pvemi
@vphanibhushanreddy
image.png
pvemi
@vphanibhushanreddy
never mind.. found out the problem.. I needed thymeleaf theme dependency
Luis Panadero Guardeño
@Zardoz89

Hey! Nobody noticed that the last version of CAS client for Java, its build for Java 8, but have a dependency to JAXB 2.3.1 that its for Java 9 ?
Also, the READMED should clarify what version of Java it's being supported.

Anyone could annotate this on the issues system that you are using ? I would liked to do this, but I don't see that I could done on GitHub repo, and I don't see a Jira o r Mantis to do it.

mixman68
@mixman68
Hi guys
i have an issue with CAS 6.4.4, when i login into saml sp, cas will release all auth attributes + allowed, why ?
I put
attributeReleasePolicy: !<org.apereo.cas.services.ReturnMappedAttributeReleasePolicy>
  allowedAttributes: !<java.util.TreeMap>
    mail: !<java.util.ArrayList>
    - "mail"
  principalAttributesRepository: !<org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository>
    attributeRepositoryIds: !<java.util.HashSet>
    - "*"
  consentPolicy: !<org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy>
    status: "FALSE"
  excludeDefaultAttributes: true
  authorizedToReleaseAuthenticationAttributes: false
Michry-BBN
@BbnMichry_twitter
Hi
I am in the process of setting up two CAS servers with the same DNS rrcas.mydomain.com and the IP addresses are 10.10.10.10 and 10.10.10.11. Each CAS marks in isolation but if I activate the NGINX for both I have a ticket issue I would like to know how to configure Hazelcast (or another) to respond to the ticket issue.
if someone has already configure hazelcast or High Avalaibility CAS cluster please i need some help
Marc K.
@V3ndetta
Hey guys, i got a strange problem trying to activate acceptable-usage-policy with jdbc in 6.3.7.4 - After LDAP User XXX logging in, they have to accept the policy. On "ACCEPT" they'll loop on this site. Logs showing no "aupAccepted"-Attribute but attribute with value "true" is written to database - even if there is no entry for the user. When working with enabled Caching for Attribute-Repository there will be a value "1" for aupAccepted but this looks like not or wrong converted to boolean, as aup is showing "NOT ACCEPTED. Anyone else with similar issue?!
lwp007
@lwp007
when i try to run cas 6.4.5 in standalone mode, and try to force it read config file /etc/cas/config/cas.properties like this: java -jar -Dcas.standalone.configurationDirectory=/etc/cas/config ./build/libs/cas.war
it seems not working
hey guys, does someone meet same problem?
lwp007
@lwp007
sorry wrong questions, the log shows it works, but when i tried to modify cas.server.name and cas.server.prefix options, it is not working~
katrix
@katrix:xirtak.com
[m]
Is anyone running into an issue where SAML services are not releasing any attributes in 6.5-SNAPSHOT? We're preparing our QA environment and noticed it pretty early in testing. CAS protocol attribute releases appear to be fine.
raymondrewalker
@raymondrewalker

Could someone expand on the impact & purpose of this configuration?

cas.server.scope=example.org

The CAS Server scope. <--(only documentation found)

raymondrewalker
@raymondrewalker

For 6.4x -> 6.5-SNAPSHOT we're trying to identify the following issue:

2022-02-03 12:19:54,805 -0700 WARN [io.netty.bootstrap.Bootstrap] - <Failed to set channel option 'CONNECT_TIMEOUT_MILLIS' with value '5000' for channel '[id: 0xf39d1e89]'>

This appears to break LDAP connection for the service registry.

We've also seen a few parameters change formatting in docs, but don't necessarily error/warn in the container, so it seems confusing to debug at the moment.

1 reply
raymondrewalker
@raymondrewalker
Apparently 6.5 now displays all internal attributes on the login page to the user... "Principal" & "Authentication" (internal attributes here) where would one identify how to disable that?
Michry-BBN
@BbnMichry_twitter
Hi guys
i have haproxy and 2 nodes CAS but something i have this error : login?exception.message=Error+decoding+flow+execution HTTP/1.1" how to fix it (i use hazelcast)
Łukasz
@lgwozniak
Hi, i'm using CAS 6.3.7.2 any one got a problem with REST Service Registry. When putting there OauthService ? CAs Response for me with Deserialziation problem
Caused by: com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize value of type java.lang.String from Array value (token JsonToken.START_ARRAY)
at [Source: UNKNOWN; line: -1, column: -1] (through reference chain: org.apereo.cas.support.oauth.services.OAuthRegisteredService["supportedGrantTypes"]->java.util.HashSet[1])
json is correct it work on normal json-service
sauravsh28
@sauravsh28
Hello - I am new to CAS server. I am trying to integrate CAS management to CAS server but I am getting below error message.
Application Not Authorized to Use CAS
The application you attempted to authenticate to is not authorized to use CAS. This usually indicates that the application is not registered with CAS, or its authorization policy defined in its registration record prevents it from leveraging CAS functionality, or it's malformed and unrecognized by CAS. Contact your CAS administrator to learn how you might register and integrate your application with CAS.
I used below service configuration
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "https://localhost:8443/cas-management/",
"name" : "casManagement",
"id" : 1001,
"logoutType" : "BACK_CHANNEL",
"logoutUrl" : "https://localhost:8443/cas-management/logout"
}
1 reply
lwp007
@lwp007
hello i am using /cas/v1/tickets rest api when integating qr login, but when i curl this api like this: “curl -X POST -k -d 'username=user1@test.com&password=testpass&token=true&additionalParam1=paramvalue' "https://localhost:8442/cas/v1/tickets”
I got this error:
"Service is not found in service registry."
can anyone help? thanks
lwp007
@lwp007

hello i am using /cas/v1/tickets rest api when integating qr login, but when i curl this api like this: “curl -X POST -k -d 'username=user1@test.com&password=testpass&token=true&additionalParam1=paramvalue' "https://localhost:8442/cas/v1/tickets”
I got this error:
"Service is not found in service registry."

solved, appending a service param can solve this.

raymondrewalker
@raymondrewalker
In CAS 6.5 when logging in (/cas/login) all internal attributes and values are showing up on the login page, even after manually disabling attribute release, by adding this:
cas.authn.authentication-attribute-release.enabled=false
Never enabled it in the past, don't use CAS for attribute release, so this is new default behavior.
1 reply
Upul
@UpulK
We are using CAS 6.1.7 and we have set up delegated authentication with Google, Microsoft etc. Once login with Google(or with any external SSO provider like Microsoft) and then logout from the CAS, user will be logout not only from CAS but with Google account as well. Could you please someone can tell whether there a option in CAS to avoid this behavior? i.e. I want to keep Google session alive when login out from CAS. Thank you.
mj77886699
@mj77886699

I want to define a register using overlay, I put a controller directly into the src/main/java directory

@RestController
public class RegisterController {

@RequestMapping("/register")
public String register(String userName,String password) {
    return "register success " + userName;
}

}

1 reply
Luis Faria
@luis100
Hello, I found an issue with the latest release (6.5.0) when enabling cas.authn.pac4j.cas[0].auto-redirect-type=SERVER, the first login works fine, but if the application tries to login again and CAS still has the login session, the redirect to the service gets confused with the redirect to the delegated authentication and an exception is thrown, anyone else getting this issue?
2022-02-18 10:35:33,281 ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]] - <Servlet.service() for servlet [dispatcherServlet] in context with path [/cas] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed] with root cause>
java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
    at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:488) ~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
(...)
    at org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:28) ~[cas-server-core-web-api-6.5.0.jar!/:6.5.0]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
    at org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:401) ~[cas-server-core-web-api-6.5.0.jar!/:6.5.0]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.58.jar!/:9.0.58]
    at org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:200) ~[cas-server-core-web-api-6.5.0.jar!/:6.5.0]
(...)
4 replies
katrix
@katrix:xirtak.com
[m]
Is anyone running into an issue where SAML services are not releasing any attributes in 6.5-SNAPSHOT? We're preparing our QA environment and noticed it pretty early in testing. CAS protocol attribute releases appear to be fine.
lshc
@lshc666

Hello there,

We are trying to enable FIDO2 WebAuthN support in CAS with both Yubikeys and using the built-in browser support for FIDO2, namely for Safari on Mac OS.

While Yubikey registration and authentication works fine out of the box, when trying to register a FIDO2 device using the native Safari support for FIDO2 (without a Yubikey), we are presented with the following error on the registration step :

"java.lang.IllegalArgumentException: Failed to obtain attestation trust anchors."

Any ideas why this is happening and maybe how we can configure our own attestation trust anchors to include other sources than Yubikeys ?