Hi all, It does redirect to IdP's login page.
Thanks, Thai On Wednesday, January 30, 2019 at 1:05:19 PM UTC-8, thai.q.nguyen wrote: > > Hi Charaf, > > Thank for the tip! > cas.authn.pac4j.saml[0].autoRedirect=true clears the error and CAS is > started. > However, CAS shows the login page (instead of redirect to IdP's login > page). > > Not sure if I miss something else. > > Thanks, > > Thai > > On Tuesday, January 29, 2019 at 3:34:05 PM UTC-8, Charafeddine Youssef > wrote: >> >> hi, >> >> In CAS 5.3.7 many properties had changed and autoRedirect is one of them. >> So CAS does not recognize your syntax. Of memory i would say, autoRedirect >> is now specified fot each external saml 2 identity provider. So the right >> syntax is cas.authn.pac4j.saml[0].autoRedirect=true. >> >> Best regards, >> Charaf >> >> Le mer. 30 janv. 2019 à 00:04, thai.q.nguyen <[email protected]> a >> écrit : >> >>> Hi there, >>> >>> I am on 5.3.7 and the 'cas.authn.pac4j.autoRedirect=true' is no longer >>> work. >>> I got this error: >>> Error creating bean with name >>> 'cas-org.apereo.cas.configuration.CasConfigurationProperties': Could not >>> bind properties to CasConfigurationProperties (prefix=cas, >>> ignoreInvalidFields=false, ignoreUnknownFields=false, >>> ignoreNestedProperties=false); nested exception is >>> org.springframework.boot.bind.RelaxedBindingNotWritablePropertyException: >>> Failed to bind 'cas.authn.pac4j.autoRedirect' from >>> 'file:///etc/cas/config/cas-test.properties' to 'authn.pac4j.autoRedirect' >>> property on >>> 'org.apereo.cas.configuration.model.core.authentication.AuthenticationProperties' >>> >>> and CAS is failed to start. >>> >>> Any help is appreciated! >>> >>> Thanks, >>> >>> Thai >>> >>> On Monday, January 28, 2019 at 6:32:33 AM UTC-8, oneill wrote: >>>> >>>> Jérôme, >>>> >>>> >>>> >>>> Thanks for confirming what I’m seeing and for the heads up that the >>>> behavior is adjusted in 5.3. >>>> >>>> I updated my troubleshooting environment to 5.3 over the weekend and >>>> everything looks good after some initial testing. >>>> >>>> >>>> >>>> Thank you for the help and your contributions to the project, >>>> >>>> Tom >>>> >>>> >>>> >>>> *From:* [email protected] <[email protected]> *On Behalf Of *Jérôme >>>> LELEU >>>> *Sent:* Friday, January 25, 2019 2:06 AM >>>> *To:* [email protected] >>>> *Subject:* Re: [cas-user] RE: CAS 5.2 PAC4J SAML 2.0 Delegation >>>> Behavior >>>> >>>> >>>> >>>> Hi, >>>> >>>> >>>> >>>> You're right: the TGT should be checked first. Notice that things have >>>> been fixed in 5.3, the autoRedirect property is still computed in the >>>> DelegationAuthenticationClientAction, but the redirection is applied on >>>> the >>>> HTML page. >>>> >>>> Thanks. >>>> >>>> Best regards, >>>> >>>> Jérôme >>>> >>>> >>>> >>>> Le jeu. 24 janv. 2019 à 23:25, Tom O'Neill <[email protected]> a >>>> écrit : >>>> >>>> Hi All, >>>> >>>> >>>> >>>> I did some additional testing and thought I’d provide an update… >>>> >>>> >>>> >>>> It seems to me that when autoRedirect is set to ‘true’, the CAS TGT is >>>> ignored and the user is always sent on to authenticate at the IdP. >>>> >>>> When autoRedirect is set to ‘false’ the CAS session is recognized OR >>>> the user can click a button which will delegate authentication to the IdP. >>>> >>>> >>>> >>>> In other words, having autoRedirect set to true seems to negate the CAS >>>> TGT check. >>>> >>>> I could see an argument for delegating every time and I could be >>>> overlooking a detail but I think it would be better to have it check for a >>>> CAS session and only delegate if the user isn’t already authenticated. >>>> >>>> >>>> >>>> Thanks, >>>> >>>> Tom >>>> >>>> >>>> >>>> *From:* [email protected] <[email protected]> *On Behalf Of *Tom >>>> O'Neill >>>> *Sent:* Thursday, January 24, 2019 2:41 PM >>>> *To:* [email protected] >>>> *Subject:* [cas-user] CAS 5.2 PAC4J SAML 2.0 Delegation Behavior >>>> >>>> >>>> >>>> Hi All, >>>> >>>> >>>> >>>> I am troubleshooting application integration and looking for some >>>> insight. >>>> >>>> >>>> >>>> We have a CAS 5.2 instance with the PAC4J module, which is being used >>>> to delegate authentication to an IdP using SAML 2.0. >>>> >>>> Based on some testing, it seems like the CAS server is delegating >>>> authentication to the IdP any time the CAS login method is hit. >>>> >>>> >>>> >>>> We’re have the PAC4J autoRedirect property set to true – so I don’t >>>> expect or want CAS to present a login page but I also didn’t expect it to >>>> redirect to the IDP if the user has a valid TGT. >>>> >>>> cas.authn.pac4j.autoRedirect=true >>>> >>>> >>>> >>>> Can anyone confirm that this is the designed and expected behavior? >>>> >>>> Is anyone aware of a different setting or combination of settings that >>>> might adjust the behavior to what I’m looking for? >>>> >>>> >>>> >>>> Hopefully I’m missing something. >>>> >>>> >>>> >>>> Thanks!!! >>>> >>>> Tom >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN7PR02MB50098001DBCF6CAF1552DCE2CB9A0%40BN7PR02MB5009.namprd02.prod.outlook.com >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN7PR02MB50098001DBCF6CAF1552DCE2CB9A0%40BN7PR02MB5009.namprd02.prod.outlook.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN7PR02MB5009C0CF6348943A69A8BEC9CB9A0%40BN7PR02MB5009.namprd02.prod.outlook.com >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN7PR02MB5009C0CF6348943A69A8BEC9CB9A0%40BN7PR02MB5009.namprd02.prod.outlook.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lwg6dFCi-Eo3oNwc5705KR_ErNdhjy324P6%2BkdLrWs3Aw%40mail.gmail.com >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lwg6dFCi-Eo3oNwc5705KR_ErNdhjy324P6%2BkdLrWs3Aw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f92554b4-534b-4500-827a-df019ad7c3d3%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f92554b4-534b-4500-827a-df019ad7c3d3%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5f95620a-b6e7-4fbd-b85d-2b3218f1a485%40apereo.org.
