by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 04:35

    apereocas-bot on gh-pages

    Published docs [gh-pages]. (compare)

  • 04:34

    mmoayyed on master

    added tests added tests added tests and 1 more (compare)

  • 04:15

    mmoayyed on master

    Update jmeter perf tests to not… (compare)

  • 04:15

    mmoayyed on jmeter3

    (compare)

  • 04:14
    mmoayyed closed #4919
  • 03:17
    codecov[bot] commented #4920
  • 03:06
    apereocas-bot labeled #4920
  • 03:06
    apereocas-bot milestoned #4920
  • 03:06
    hdeadman opened #4920
  • 02:59

    hdeadman on obtaincookie

    Check for null client info from… (compare)

  • 01:46
    hdeadman commented #4919
  • 01:31
    hdeadman synchronize #4919
  • 01:31

    hdeadman on jmeter3

    add comments and change test pl… (compare)

  • Aug 10 22:24
    mmoayyed commented #4919
  • Aug 10 00:35
    codecov[bot] commented #4919
  • Aug 10 00:34
    codecov[bot] commented #4919
  • Aug 10 00:25
    apereocas-bot labeled #4919
  • Aug 10 00:25
    apereocas-bot labeled #4919
  • Aug 10 00:25
    apereocas-bot labeled #4919
  • Aug 10 00:25
    apereocas-bot labeled #4919
mahyar_shariati
@MahyarShariati_twitter
Hi guys
i have a specific question from you developers
on scale of 1 to 5 (low to high) how do you rate your "teamWork" skill?
kakson68
@kakson68
@Sabi610 I am having same issue were you able to resolove it. If so , can you please share it.
MARC Matthieu
@blink38
Hi, I am configuring CAS 6.1 and I am trying to get prometheus actuator working. I added the following configuration lines to my application.properties :
management.endpoints.web.exposure.include=info,health,status,scheduledtasks,refresh,metrics,prometheus,configprops
management.endpoint.prometheus.enabled=true
cas.monitor.endpoints.endpoint.prometheus.access=ANONYMOUS
But when I go to /actuator I do not see the prometheus one, and /actuator/prometheus return me 404.
Do someone can give me working configuration to get prometheus work? Thanks.
Eduardo Asafe
@asafe-eduardo

hi folks.

i using cas 6.1 and i wanna know if is possible configure 2 jdbc queries to authenticate ? and if is possible how i do it?

example: do my query to authenticate, if user dont exist try another different query

thanks in advance

VikashChandra1996
@VikashChandra1996
Hi All,
I want to implement SAML using CAS. I have made CAS as IDP and ADFS or Shibboleth as and SP. I have an other java application which will be authenticated by idp.
could you let me know how to handle the login of java application via saml with CAS as IDP and ADFS/shibboleth as SP
Eduardo Asafe
@asafe-eduardo

Hi All,

hi, i did do a authentication with CAS with SAML, but the application that use CAS as IDP stay in a jboss and jboss have the libs that comunicate with my CAS.

how i did to work its put the saml libs in pom.xml of CAS, after this i created the service SAML in serviceRegistry configuration and created a xml with idp-metadata.

may seems generic but you can follow the documentation
and if you have some specific doubt (very common) i will try help.
mohsensaeedi
@mohsensaeedi

Hi All,
I have a problem when use new cas overlay version. the problem is after build. i built cas.war without any problem with ldap support. I define ldapUrl, bindDn, bindCredential.
when i try to start tomcat, it fails. it try to initialize ldap. and try to connect to ldap server defined on cas config. but suddenly switch to localhost:389. I am confused. After 3 weeks i can't solve it.
I ask a question in below link on Google group:
https://groups.google.com/a/apereo.org/g/cas-user/c/bHCtF4XNUvw

Logs and config file can be seen in that link. please help me.

mohsensaeedi
@mohsensaeedi

Hi All,
I have a problem when use new cas overlay version. the problem is after build. i built cas.war without any problem with ldap support. I define ldapUrl, bindDn, bindCredential.
when i try to start tomcat, it fails. it try to initialize ldap. and try to connect to ldap server defined on cas config. but suddenly switch to localhost:389. I am confused. After 3 weeks i can't solve it.
I ask a question in below link on Google group:
https://groups.google.com/a/apereo.org/g/cas-user/c/bHCtF4XNUvw

Logs and config file can be seen in that link. please help me.

and i have experience for more than 7 years on CAS from version 3.5

Eduardo Asafe
@asafe-eduardo
hi
you are overwrite this configuration by file properties or bean overlay?
mohsensaeedi
@mohsensaeedi
hi. I just use cas.properties for cas configuration parameters.
mohsensaeedi
@mohsensaeedi
I think i added cas-server-support-ldap-service-registry as dependency. and i don't have any configuration parameter for that. maybe the problem caused for that!!! I will test again and send result here
mohsensaeedi
@mohsensaeedi

I think i added cas-server-support-ldap-service-registry as dependency. and i don't have any configuration parameter for that. maybe the problem caused for that!!! I will test again and send result here

The problem solved! with remove cas-server-support-ldap-service-registry from pom.xml. Thanks @asafe-eduardo

Eduardo Asafe
@asafe-eduardo
nice @mohsensaeedi

hi folks.

i using cas 6.1 and i wanna know if is possible configure 2 jdbc queries to authenticate ? and if is possible how i do it?

example: do my query to authenticate, if user dont exist try another different query

thanks in advance

my problem too has solved, i did do a bean overwrite of cas create my own authenticationHandler extending AbstractJdbcUsernamePasswordAuthenticationHandler and i can able to customize my login method.

Łukasz
@lgwozniak
Hi, any one got problem on cas-overlay-template with jakarta.mail package? I cannot override CommunicationsManager. Got error error: cannot access MimeMessage
var message = this.mailSender.createMimeMessage();
^
CAS 6.2.1 is compiling with jakarta.mail witch has package javax.mail :/
Łukasz
@lgwozniak
i needed to add jakarta.mail module to project
Cardo Kambla
@CardoKambla
I think the jdbc audit module has some problems. It is trying to cast to some class and is getting a ClassCastException. I noticed that it is a problem from version 6.2.0-RC5.
2020-08-04 13:02:00,170 ERROR [org.springframework.scheduling.support.TaskUtils$LoggingErrorHandler] - <Unexpected error occurred in scheduled task> java.lang.ClassCastException: Cannot cast com.sun.proxy.$Proxy218 to org.apereo.inspektr.common.Cleanable at java.lang.Class.cast(Class.java:3606) ~[?:?] at org.apereo.cas.audit.config.CasSupportJdbcAuditConfiguration$1.clean(CasSupportJdbcAuditConfiguration.java:139) ~[cas-server-support-audit-jdbc-6.2.1.jar!/:6.2.1] at jdk.internal.reflect.GeneratedMethodAccessor219.invoke(Unknown Source) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:84) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE] at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) ~[?:?] at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305) ~[?:?] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) ~[?:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?] at java.lang.Thread.run(Thread.java:834) [?:?]
Łukasz
@lgwozniak
anyone was checking oidc office365 logging in 6.2.1 version ?
Łukasz
@lgwozniak
can anyone help what is wrong with this oidc delegation after update i got: 2020-08-04 15:20:10,839 ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/].[dispatcherServlet]] - <Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@e23af91 in state 'delegatedAuthenticationAction' of flow 'login' -- action execution attributes were 'map[[empty]]'] with root cause>
Łukasz
@lgwozniak
I got diffrent session when request come back from Office365 set sessionId 4b90c26f-4932-4220-b794-6ef946f56252 for keyOffice365$stateSessionParameter get sessionId c0c6c25f-c2da-4427-884e-a54c8bfb9249 for keyOffice365$stateSessionParameter
Can it be problem with embedded tomcat ?
Marco Crank
@MCrank

Hello. I am trying to get to get Redis running with the Google Authenticator? I have my Redis Sentinel system up and running. I am able to write the registration records to Redis when clients register their MFA devices but on subsequent logins it does not seem to be pulling the registrations from Redis and goes back to the Device Registration QR code page? Any idea what I might be missing config wise? Here is what I have for my Redis config:

CAS v6.2.x

Not sure I need the regular redis.host settings but I have tried to put them in just to see if I got different results.

cas.authn.mfa.gauth.redis.host=redis.cas.svc.cluster.local
cas.authn.mfa.gauth.redis.port=6379
cas.authn.mfa.gauth.redis.database=0
cas.authn.mfa.gauth.redis.read-from=MASTER
cas.authn.mfa.gauth.redis.sentinel.master=mymaster
cas.authn.mfa.gauth.redis.sentinel.node[0]=redis.cas.svc.cluster.local:26379

I just wanted to follow up on this in case someone else comes across this issue. I had configured persistence for storing MFA device registrations in Redis. I was able to write the values to the store but once my container restarted it would no longer read the values. I could see the read requests hit the DB for the key but, CAS would just throw me back to the device registration page like it was a new device. I also tried the local JSON file as well with the same results.

I could not get/find an answer anywhere and even found a person on here with the exact same issue. This morning I started troubleshooting again and after staring at the logs for a long time I noticed one thing in the log that soon became apparent. I was not specifying the following settings and allowed CAS to autogenerate them. After thinking about these settings for a minute it made sense to me:

cas.authn.mfa.gauth.crypto.encryption.key
cas.authn.mfa.gauth.crypto.signing.key

Since the keys would be the same upon restart CAS was able to decrypt the Device Registration keys it was storing in the DB. It would be nice if there was an error thrown in the logs or if the documentation indicated that the autogenerated keys could cause an issue like this. It could have saved me a substantial amount of time.

Łukasz
@lgwozniak
W oidc and embedded tomcat i had to add 'cas.session-replication.cookie.path=/'
Łukasz
@lgwozniak
Anyone know how to configure git service registry over ssh session ?
VikashChandra1996
@VikashChandra1996

Hi All,

I am using cas version 5.2.9.
I have implemented password management through LDAP. Whenever I click on reset your password, a new screen is coming and it asks for providing a username.

Upon giving username,,a secure link will go to my mail for reset option.

But I want to break this flow. My requirement is , whenever a user enters his username ,security ques page should come and upon answering it I can change my password. I don't want any link in my mails for reset password.

Is this flow possible? Plzz guide.

jphan169
@jphan169

Hi, I deployed CAS 6.3 on a local server and be able to login with default account casuser/Mellon. I tried to add a custom service to service registry but when I forward to CAS login page, it still throw Application Not Authorized to Use CAS error. I tried a few suggestions but nothing seems working. These are my configuration:
build.gradle

compile "org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"

cas.properties

cas.server.name=https://'my-dormain-name':8443
cas.server.prefix=${cas.server.name}/cas
cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.json.location=file:/etc/cas/services-repo
logging.config=file:/etc/cas/config/log4j2.xml
server.ssl.enabled=true
server.ssl.keyStore=/etc/cas/thekeystore
server.ssl.keyStorePassword=changeit
server.ssl.keyPassword=changeit

service.json

{
  @class: org.apereo.cas.services.RegexRegisteredService
  serviceId: 'https://'my-hostname'/login/index.php?authCAS=CAS'
  name: custom
  id: 1596620416602
  accessStrategy:
  {
    @class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
    order: 0
    enabled: true
    ssoEnabled: true
    delegatedAuthenticationPolicy:
    {
      @class: org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy
      allowedProviders:
      [
        java.util.ArrayList
        []
      ]
      permitUndefined: true
      exclusive: false
    }
    requireAllAttributes: true
    requiredAttributes:
    {
      @class: java.util.LinkedHashMap
    }
    rejectedAttributes:
    {
      @class: java.util.LinkedHashMap
    }
    caseInsensitive: false
  }

Please give me some advice
. Thank you all.

Here is the logs:
2020-08-08 05:07:47,866 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [1] service(s) from [JsonServiceRegistry].>
2020-08-08 05:08:37,876 WARN [org.apereo.cas.services.AbstractRegisteredService] - <Assigning a collection of required authentication handlers to a registered service is deprecated. This field is scheduled to be removed in the future. If you need to, consider defining an authentication policy for the registered service instead to specify required authentication handlers [[]]>
2020-08-08 05:08:37,877 WARN [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - <Unauthorized Service Access. Service [] is not found in service registry.>
VikashChandra1996
@VikashChandra1996
Could u check whether endpoints for client applications is set properly or not
Łukasz
@lgwozniak
I include to my project in version 6.2.1 git service-support and i got problem with okhttp library
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [okhttp3.OkHttpClient$Builder]: Factory method 'okHttpClientBuilder' threw exception; nested exception is java.lang.NoSuchFieldError: Companion
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:651)
... 60 more
Caused by: java.lang.NoSuchFieldError: Companion
at okhttp3.internal.Util.<clinit>(Util.kt:72)
at okhttp3.internal.concurrent.TaskRunner.<clinit>(TaskRunner.kt:309)
at okhttp3.ConnectionPool.<init>(ConnectionPool.kt:41)
at okhttp3.ConnectionPool.<init>(ConnectionPool.kt:47)
at okhttp3.OkHttpClient$Builder.<init>(OkHttpClient.kt:471)
at org.springframework.cloud.commons.httpclient.HttpClientConfiguration$OkHttpClientConfiguration.okHttpClientBuilder(HttpClientConfiguration.java:77)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
... 61 more
can anyone helm me ?
Łukasz
@lgwozniak
in my project there is 2 libary on runtime okhttp in version 3.14.9 and 4.7.1.
rhoque
@rhoque

Hi All,

I am using CAS version 5.2.3.
I have an issue for my application in IdP initiated scenario with Okta. It's working fine in SP initiated scenario.
I have four applications /app-a, /app-b, /app-c, /app-d and /cas is for SSO, where app-b, app-c, app-d Rest APIs are being called from app-a.

From Okta, I set the Single Sign on URL as: https://[server].com/cas/login?client_name=xyz
In the Default Relay State set as: https://[server].com/cas/login?service=https%3A%2F%2F[server].com%2Fapp-a%2Flogin%2Fcas%2F

After login to Okta, I see my app in the list, so when I click on that icon, it eventually load my /app-a in a separated browser tab (I saw from server log TGT and ST (Ticket) has been generated for /app-a) and then it's also generates the ST (Ticket) for app-b, app-c and app-d, which works fine as expected.

If I close the that browser tab and click the icon from Okta app list page again, it goes to /app-d instead of /app-a page and same things happens after all the time.

Is this something Relay State is NOT working as expected or I have to configure something from Okta or CAS pespective?
Please shed some light on this.

wf2016uu
@wf2016uu_gitlab
in 6.2.1 , how should i custom my jdbc configuration? I just have done with this:

cas.authn.pm.jdbc.user=root
cas.authn.pm.jdbc.password=pwd
cas.authn.pm.jdbc.driver-class=com.mysql.jdbc.Driver
cas.authn.pm.jdbc.url=jdbc:mysql://ip:3306/qxgl?useUnicode=true&characterEncoding=utf-8&autoReconnect=true&zeroDateTimeBehavior=convertToNull&serverTimezone=Asia/Shanghai

cas.authn.pm.jdbc.password-encoder.type=NONE

cas.authn.pm.jdbc.password-encoder.character-encoding=utf-8

cas.authn.pm.jdbc.sql-security-questions=select question, answer from table where user=?

but I dont know how to specific username and password configuration-properties
hainamtvvt
@hainamtvvt
hi all,
I cannot establish a connection from the cas server with mysql. please help me
wf2016uu
@wf2016uu_gitlab
you can make configuration file like this

cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].password=pwd
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect

cas.authn.jdbc.query[0].url=jdbc:mysql://ip:3306/test?useUnicode=true&characterEncoding=utf-8
cas.authn.jdbc.query[0].passwordEncoder.type=NONE

cas.authn.jdbc.query[0].name=user
cas.authn.jdbc.query[0].order=0
cas.authn.jdbc.query[0].sql=SELECT * FROM tb_user WHERE user=?
cas.authn.jdbc.query[0].fieldPassword=password
cas.authn.jdbc.query[0].fieldExpired=expired
cas.authn.jdbc.query[0].fieldDisabled=expired

i tried and it work while
and who can help me, how can i get online users
How to get online users?
hainamtvvt
@hainamtvvt
@wf2016uu_gitlab . you can share docs ?