Hi there, I am on 5.3.7 and the 'cas.authn.pac4j.autoRedirect=true' is no longer work. I got this error: Error creating bean with name 'cas-org.apereo.cas.configuration.CasConfigurationProperties': Could not bind properties to CasConfigurationProperties (prefix=cas, ignoreInvalidFields=false, ignoreUnknownFields=false, ignoreNestedProperties=false); nested exception is org.springframework.boot.bind.RelaxedBindingNotWritablePropertyException: Failed to bind 'cas.authn.pac4j.autoRedirect' from 'file:///etc/cas/config/cas-test.properties' to 'authn.pac4j.autoRedirect' property on 'org.apereo.cas.configuration.model.core.authentication.AuthenticationProperties'
and CAS is failed to start. Any help is appreciated! Thanks, Thai On Monday, January 28, 2019 at 6:32:33 AM UTC-8, oneill wrote: > > Jérôme, > > > > Thanks for confirming what I’m seeing and for the heads up that the > behavior is adjusted in 5.3. > > I updated my troubleshooting environment to 5.3 over the weekend and > everything looks good after some initial testing. > > > > Thank you for the help and your contributions to the project, > > Tom > > > > *From:* [email protected] <javascript:> <[email protected] <javascript:>> > *On Behalf Of *Jérôme LELEU > *Sent:* Friday, January 25, 2019 2:06 AM > *To:* [email protected] <javascript:> > *Subject:* Re: [cas-user] RE: CAS 5.2 PAC4J SAML 2.0 Delegation Behavior > > > > Hi, > > > > You're right: the TGT should be checked first. Notice that things have > been fixed in 5.3, the autoRedirect property is still computed in the > DelegationAuthenticationClientAction, but the redirection is applied on the > HTML page. > > Thanks. > > Best regards, > > Jérôme > > > > Le jeu. 24 janv. 2019 à 23:25, Tom O'Neill <[email protected] > <javascript:>> a écrit : > > Hi All, > > > > I did some additional testing and thought I’d provide an update… > > > > It seems to me that when autoRedirect is set to ‘true’, the CAS TGT is > ignored and the user is always sent on to authenticate at the IdP. > > When autoRedirect is set to ‘false’ the CAS session is recognized OR the > user can click a button which will delegate authentication to the IdP. > > > > In other words, having autoRedirect set to true seems to negate the CAS > TGT check. > > I could see an argument for delegating every time and I could be > overlooking a detail but I think it would be better to have it check for a > CAS session and only delegate if the user isn’t already authenticated. > > > > Thanks, > > Tom > > > > *From:* [email protected] <javascript:> <[email protected] <javascript:>> > *On Behalf Of *Tom O'Neill > *Sent:* Thursday, January 24, 2019 2:41 PM > *To:* [email protected] <javascript:> > *Subject:* [cas-user] CAS 5.2 PAC4J SAML 2.0 Delegation Behavior > > > > Hi All, > > > > I am troubleshooting application integration and looking for some insight. > > > > We have a CAS 5.2 instance with the PAC4J module, which is being used to > delegate authentication to an IdP using SAML 2.0. > > Based on some testing, it seems like the CAS server is delegating > authentication to the IdP any time the CAS login method is hit. > > > > We’re have the PAC4J autoRedirect property set to true – so I don’t expect > or want CAS to present a login page but I also didn’t expect it to redirect > to the IDP if the user has a valid TGT. > > cas.authn.pac4j.autoRedirect=true > > > > Can anyone confirm that this is the designed and expected behavior? > > Is anyone aware of a different setting or combination of settings that > might adjust the behavior to what I’m looking for? > > > > Hopefully I’m missing something. > > > > Thanks!!! > > Tom > > > > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN7PR02MB50098001DBCF6CAF1552DCE2CB9A0%40BN7PR02MB5009.namprd02.prod.outlook.com > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN7PR02MB50098001DBCF6CAF1552DCE2CB9A0%40BN7PR02MB5009.namprd02.prod.outlook.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN7PR02MB5009C0CF6348943A69A8BEC9CB9A0%40BN7PR02MB5009.namprd02.prod.outlook.com > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN7PR02MB5009C0CF6348943A69A8BEC9CB9A0%40BN7PR02MB5009.namprd02.prod.outlook.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lwg6dFCi-Eo3oNwc5705KR_ErNdhjy324P6%2BkdLrWs3Aw%40mail.gmail.com > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lwg6dFCi-Eo3oNwc5705KR_ErNdhjy324P6%2BkdLrWs3Aw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f92554b4-534b-4500-827a-df019ad7c3d3%40apereo.org.
