Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 04:43
    mmoayyed commented #5169
  • 04:41
    apereocas-bot labeled #5133
  • 04:40
    mmoayyed converted_to_draft #5133
  • 02:32
    codecov[bot] commented #5169
  • 02:16
    codecov[bot] commented #5169
  • 02:03
    codecov[bot] commented #5169
  • 02:01
    codecov[bot] commented #5169
  • 01:59
    codecov[bot] commented #5169
  • 01:57
    codecov[bot] commented #5169
  • 01:55
    codecov[bot] commented #5169
  • 01:54
    codecov[bot] commented #5169
  • 01:53
    codecov[bot] commented #5169
  • 01:50
    codecov[bot] commented #5169
  • 01:48
    codecov[bot] commented #5169
  • 01:44
    codecov[bot] commented #5169
  • 01:43
    codecov[bot] commented #5169
  • 01:40
    codecov[bot] commented #5169
  • 01:39
    codecov[bot] commented #5169
  • 01:38
    codecov[bot] commented #5169
  • 01:36
    codecov[bot] commented #5169
mijutu
@mijutu:ellipsis.fi
[m]
You need to go to cas with a service parameter, like .../cas/login?service=https://url/to/service
VuPhungNgocKim
@VuPhungNgocKim
i seen error when download package from pac4j-*

Could not resolve org.pac4j:pac4j-core:3.1.0-SNAPSHOT.
Required by:
project :core:cas-server-core-util-api

Could not resolve org.pac4j:pac4j-core:3.1.0-SNAPSHOT.
Unable to load Maven meta-data from https://repo.spring.io/plugins-release/org/pac4j/pac4j-core/3.1.0-SNAPSHOT/maven-metadata.xml.
Could not get resource 'https://repo.spring.io/plugins-release/org/pac4j/pac4j-core/3.1.0-SNAPSHOT/maven-metadata.xml'.
Could not GET 'https://repo.spring.io/plugins-release/org/pac4j/pac4j-core/3.1.0-SNAPSHOT/maven-metadata.xml'. Received status code 401 from server: Unauthorized

ksphinx
@ksphinx:matrix.org
[m]

Hello Everyone - I'm having some trouble with CAS after upgrading from 6.1.5 to 6.3.3 and I was hoping you would be able to help... I have traced it back to this commit : https://github.com/apereo/cas/commit/7cd1f0cae4a5814ebc285cc39014a169a180ea5b#diff-a525be753615ee1c1b5f84f8b35ac6d79203f8a7a514abf7b628eecdd747b1e9

In a nutshell, I am trying to obtain an attribute from the attribute repository. This attribute has a value of 1. When going through this code it is translating it into a 'true' value. Its not a boolean - its a number.
I was going to create a PR to reverse the change but thought I'd better check in case it should be using toBooleanObject(final String str, final String trueString, final String falseString, final String nullString) or simlar instead. e.g.
if (claimValue.size() == 1) {
val value = CollectionUtils.firstElement(claimValue);
value.ifPresent(v -> {
val bool = BooleanUtils.toBooleanObject(v.toString(), "true", "false", null);
claims.setClaim(entry.getKey(), Objects.requireNonNullElse(bool, v));
});
}

ksphinx
@ksphinx:matrix.org
[m]
ok, spot the deliberate mistake. A better example would be: if (claimValue.size() == 1) {
val value = CollectionUtils.firstElement(claimValue);
value.ifPresent(v -> {
val bool = BooleanUtils.toBooleanObject(v.toString(), "t", "f", null);
claims.setClaim(entry.getKey(), Objects.requireNonNullElse(bool, v));
});
}
mijutu
@mijutu:ellipsis.fi
[m]
I just installed password policy overlay on slapd. How can I make cas warn when password is about to expire.
What means ${configurationKey}.warning-attribute-name?
Is it name of an attribute that cas generates as a warning or is it a name of an attribute that ldap is supposed to give to cas as a warning?
And when cas does warn about soon expiring password, is that done by showing a webpage before forwarding back to service or by adding an attribute?
chris_hodgson
@chris_hodgson:matrix.org
[m]
I have a random question about CAS and was wondering if you guys could help? Is it possible for a CAS server to process requests both using the CAS and OAuth2 protocols so that it is able to process requests using either. I am working on a very old codebase and need to integrate new services using modern Auth and want to know if I need to set up a second CAS server or not?
xiutian wang
@1584286140
How to integrate jwt in the latest version?
paulchauvet
@paulchauvet
Hi @chris_hodgson:matrix.org - I've not done this - but I'm almost positive you can. If you have both OAuth2 and CAS enabled - they'll both have different targets. A CAS protocol service would connect to (for example) /cas/validate, where a OAuth one would go to /cas/OAuth2.0/ (https://apereo.github.io/cas/5.2.x/installation/OAuth-OpenId-Authentication.html)
Sorry - I'm going a slightly different method to handle newer protocols and delegating auth from CAS to an external SAML provider (Azure) - and also pointing OAuth clients there instead of at CAS so haven't done it myself :(
Wilber Saca
@wsaca
Hi, how could I override OidcLogoutEndpointController? its adding the "client_id" to the "post_logout_redirect_uri" and I would like to avoid it, but this bean has not the annotation @ConditionalOnMissingBean...
runiq
@runiq
Hi :) Has there been any movement on nested LDAP groups (like described here or here)? We'd really like that for our university.
Brian Monroe
@ParadoxGuitarist
We have MFA enabled in our CAS stack, but I wasn't sure about all the config options. Currently when a new user gets enrolled for MFA, The OTP setup and keys are generated at next login. Is there a way to set that up prior to the next login?
springnirps
@springnirps
@chris_hodgson:matrix.org yes, CAS does support Oauth and CAS SSO .... cas/login and cas/oauth2.0. endpoints ... Only thing about CAS version of OAUth is that it does not support scope
springnirps
@springnirps
i'm using jpa with an entity, repository, service classes. I'm trying to autowire my service class but getting a been not defined . I already have included ComponentScan in my calling class but still not picking up my service class. Is there something special I need to do with CAS?
fbusselgln
@fbusselgln
Hey folks. I am trying to get a Spring Security based OIDC client to talk to a CAS 6.4.0-SNAPSHOT (current Master) instance with active cas-server-support-oidc module. The client is using the authorization code flow. After CAS has authenticated my test user, it creates a Service Ticket for the response, which is quite confusing. Of course the client which is registered as "@class" : "org.apereo.cas.services.OidcRegisteredService" does not understand the ST from the CAS protocol and expects an OIDC token. Logmessage from CAS: 2021-05-14 09:29:23,497 DEBUG [org.apereo.cas.authentication.principal.DefaultResponse] - <Final redirect response is [https://[myserver.tld]/testservice/login/oauth2/code/reg?ticket=ST-11-xgSjofkciebg00IvY1B-fdkDkh8-....]>
. Can anyone tell me this makes any sense at all or if it could be a bug in the current CAS version?
fbusselgln
@fbusselgln
tl;dr: Does it make sense to return an ST parameter to an OIDC redirect URL?
fbusselgln
@fbusselgln
In case this might be a bug and you need to view at some log files, this might help: https://pastebin.com/UXwjMNyu
Explicitly calling https://myhost.tld/testservice/oauth2/authorization/appOidcEndpoint afterwards on the other hand works perfectly fine.... :)
Qiukq
@Qiukq
hello,i am use the SAML2.0 protocol to connect cisco CMS.The program print ERROR when the CAS(IDP) signing the saml2 response.
Here is log: ERROR [org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner] - <Credential private key cannot be null>
net.shibboleth.utilities.java.support.logic.ConstraintViolationException: Credential private key cannot be null
I don't know why the private key is null
hazem-hosny
@hazem-hosny
Sugar Man Bed Payol Man I Know Man
tobia
@tobia
Hello.
I just realized that SSO (single sign-out) is not playing well with Spring sessions stored on the DB (spring.session.store-type=jdbc) at least on the project I'm working on. Apparently SingleSignOutFilter and SingleSignOutHandler cannot find the session to invalidate in SessionMappingStorage.
Can anybody confirm that this is indeed an issue?
Does anybody know of a fix or a workaround?
tobia
@tobia
Update: this has nothing to do with DB storage of the sessions. Apparently I'm receiving a SAML11 request, which has the parameter named "SAMLart" (instead of "ticket") and this is not recognized as an artifact parameter by SingleSignOutHandler.
tobia
@tobia
I have added a configuration directive in the vein of singleSignOutFilter.setArtifactParameterName("SAMLart") and now the code is executed, but the session is still not dropped. I will keep debugging.
mijutu
@mijutu:ellipsis.fi
[m]
When using CAS as oauth client with pac4j, what is my "Authorization callback URL" that I'm supposed to give to the oauth server?
mijutu
@mijutu:ellipsis.fi
[m]
I tried "https://my.address/cas/login", but that just brought me back from oauth server to cas login page and did not log me in.
mijutu
@mijutu:ellipsis.fi
[m]
Authorization callback URL is "https://my.addess/cas/login/NAME" where NAME is probably the value of cas.authn.pac4j.xxx.client-name from cas.properties. And at least for github: cas.authn.pac4j.github.callback-url-type=PATH_PARAMETER
chenbo6398
@chenbo6398
Unable to start ServletWebServerApplicationContext due to missing ServletWebServerFactory bean
What's wrong with this
mijutu
@mijutu:ellipsis.fi
[m]
What do I need to write to a service registry json file if I want a service to NOT be available with any delegated authentication methods? I have other services that need deletgated authentication and I don't want to confuse users of all services with the extra buttons on login screen.
I could probably hide the buttons by creating a new theme, but I'd rather just configure them out in the service registry json.
chenbo6398
@chenbo6398
I try to start cas (with version 6+),but it block when tomcat starting.......
image.png
apascuag
@apascuag

hi @mmoayyed. I have a problem with cas-management 6.3.1.
When adding a value in the "properties" tab, I get the following error:

ERROR TypeError: e.value.split is not a function

Is it reported? Is a patch expected?

xu20160924
@xu20160924
I face the problem of java.io.FileNotFoundException: /etc/cas/thekeystore when I run the image of docker (I pulled latest version). Has anyone experienced the same problem?
2 replies
fbusselgln
@fbusselgln
Does anyone know what I am doing wrong when CAS returns Servicetickets to an OIDC Registered Client?
futureideasworld
@futureideasworld
Hi, I am getting Cannot redirect after HTTP headers have been sent as I am using .Net dotnet-cas-client. Need help please
mixman68
@mixman68
Hi guys, my issue described here : https://groups.google.com/a/apereo.org/g/cas-user/c/rGU-xgmp-Mw/m/ISSqFkxFCwAJ
is resolved on last 6.4 rc but still here in the las 6.3, will the fix back to 6.3 ?
elion
@elion

Hello!

jcifs-ext is not accessible. The repository dl.bintray.com/uniconiam/maven/ is down. It is a dependency of cas-server-support-spnego.

bondsta
@bondsta
I’m having issues logging into hoonuit it’s saying my institution has a specific way to log in but when I click on it it’s says CAS not authorized
Neil
@RealNeilB_twitter
Is there a way to remove all TGTs for a user so they will be forced to re-login for all their current CAS sessions?
xgdz
@xgdz
Can cas6.2 log in without secret?
oauthtester01
@oauthtester01
Has anyone used vouch proxy with CAS OIDC to secure web apps ? I am getting following error
{"level":"error","ts":1623440653.4036229,"msg":"no User found in jwt"}
{"level":"debug","ts":1623440653.4036324,"msg":"setting the cookie domain to grouperdev.idm.xxx.edu"}
{"level":"debug","ts":1623440653.4036362,"msg":"deleting cookie: my-vouch-ct"}
{"level":"debug","ts":1623440653.4036474,"msg":"CaptureWriter.Write set w.StatusCode 401"}
this is the error i recieve post authentication
mixman68
@mixman68
hi guys, when cas 6.4 will be released (there is no milestone in schedules)