Re: [cas-user] Re: CAS 7.0.10 and Apache Tomcat version

[Andrew Tillinghast]

Rather than comment out the tomcat version specify the version you want,
just be aware that might cause other issues with incompatible jars.

On Thu, Apr 10, 2025 at 4:12 AM Vincent Weber  wrote:

> Hello,
> Any ideas on this ?
> Thanks
>
> Le vendredi 28 mars 2025 à 17:04:09 UTC+1, Vincent Weber a écrit :
>
>> Hello,
>>
>> I am running CAS 7.0.10 build with overlay and embedded Tomcat.
>> When it start, I have the message :
>> *Apache Tomcat Version: Apache Tomcat/10.1.31*
>>
>> I tried to edit gradle.properties to uncomment this line and have a more
>> recent Tomcat version :
>> # tomcatVersion=10.1.39
>>
>> But then when I do :
>> *./gradlew clean copyCasConfiguration build run --refresh-dependencies*
>>
>> I receive this error :
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *   2025-03-28 16:17:55,001 ERROR
>> [org.springframework.boot.SpringApplication] - > failed>java.lang.NoClassDefFoundError: org/apache/catalina/util/ServerInfo
>>   at
>> org.apereo.cas.CasTomcatBanner.injectEnvironmentInfo(CasTomcatBanner.java:20)
>>   at
>> org.apereo.cas.util.spring.boot.AbstractCasBanner.collectEnvironmentInfo(AbstractCasBanner.java:77)
>>   at
>> org.apereo.cas.util.spring.boot.AbstractCasBanner.printBanner(AbstractCasBanner.java:33)
>>   at
>> org.springframework.boot.SpringApplicationBannerPrinter.print(SpringApplicationBannerPrinter.java:67)
>>   at
>> org.springframework.boot.SpringApplication.printBanner(SpringApplication.java:586)
>>   at
>> org.springframework.boot.SpringApplication.run(SpringApplication.java:330)
>>   at
>> org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:149)
>>   at
>> org.apereo.cas.web.CasWebApplication.main(CasWebApplication.java:57)
>> at
>> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
>>   at java.base/java.lang.reflect.Method.invoke(Method.java:580)
>> at
>> org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:91)
>> at
>> org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:53)
>> at
>> org.springframework.boot.loader.launch.WarLauncher.main(WarLauncher.java:57)Caused
>> by: java.lang.ClassNotFoundException: org.apache.catalina.util.ServerInfo
>>   at
>> java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
>> at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:593)
>> at
>> org.springframework.boot.loader.net.protocol.jar.JarUrlClassLoader.loadClass(JarUrlClassLoader.java:104)
>>   at
>> org.springframework.boot.loader.launch.LaunchedClassLoader.loadClass(LaunchedClassLoader.java:91)
>>   at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
>> ... 13 more> Task :run FAILEDFAILURE: Build failed with an exception.*
>>
>> Did I miss something ?
>>
>> Regards,
>> Vincent
>>
>>
>> --
> - Website: https://apereo.github.io/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/330c1faa-9bab-42db-bf00-aabfbfcd83a8n%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAPt3vHX3C9o0R20QbzP2VdwTOq-VW8PJdO8czS-seGYyL_5W9Q%40mail.gmail.com.

Re: [cas-user] Using remote discovery service with delegated SAML authentication (CAS 7)

[Michal Voců]

Hi Tomi,

   you may want to have a look at the 
https://github.com/mvocu/cas-server-cuni/tree/cuni-6.x-devel/src/main/java/cz/cuni/cas/opensaml 



I have implemented there some flow changes to use external WAYF service 
for the CAS 6.5 version, but it may give you some guidance how to do it 
in CAS 7. There are also modifications to use eIDAS, but they should be 
easily identified and do not mix or depend on the WAYF code.


Regards,

Michal V.

On 4/10/25 13:27, Tomi Karlstedt wrote:

Hi,

We're replacing an old Spring/OpenSAML service provider microservice 
with an existing CAS implementation as the SP. This means we need to 
integrate our CAS 7.0 with a Shibboleth instance using SAML. The 
authentication delegation works fine. CAS sends user to the Shibboleth 
which then picks the first defined IDP in the metadata. However we're 
having a hard time figuring out how to use the Shibboleth's remote 
WAYF/Discovery Service so that the user can choose their IDP.


How would one go about integrating such a service with CAS? As far as 
I can tell, the old SP microservice just saves the original return URL 
(i.e. service in CAS terminology), redirects to the Discovery Service, 
and has a registered return URL in the SP metadata describet below. 
Returning to this predefined URL then starts the login process with 
the received IDP.


xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" 
Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" 
Location="" index="1"/>


To me this looks like we need to do a custom server side redirect to 
the Shibboleth WAYF from CAS and save the service url to session or 
something similar. Then use the 
*org.apereo.cas:cas-server-support-saml-idp-discovery* package to 
handle the IDP redirect (wonder if it works with 7.0). Is this the 
correct way or is there a ready-made solution for remote DS?


Tomi
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to cas-user+unsubscr...@apereo.org.
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ae8f6d08-9998-481d-9b97-5cafdd8d6c3en%40apereo.org 
.


--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b9edbce1-3046-4201-af2b-b5b8deca5043%40gmail.com.

Re: [cas-user] Re: CAS 7.0.10 and Apache Tomcat version

['Jonathon Taylor' via CAS Community]

The default version will be in the CAS branch here:
https://github.com/apereo/cas/blob/7.0.x/gradle.properties

If you comment out tomcatVersion= in your overlay gradle.properties it will
use whatever is in the CAS repo.  Is that what you are looking for?

On Thu, Apr 10, 2025 at 8:38 AM Vincent Weber  wrote:

> Thanks for your responses.
> How to know the default tomcat version that CAS 7.0.10 should use when
> using the overlay ?
>
> Le jeudi 10 avril 2025 à 16:55:46 UTC+2, Mohamed Amdouni a écrit :
>
>> Hi,
>>
>> Check this discussion
>>
>> https://groups.google.com/a/apereo.org/g/cas-user/c/Lw19PuKwi-0/m/BgXBdp-6BwAJ?utm_medium=email&utm_source=footer&pli=1
>>
>> Best regards
>>
>>
>> Le jeu. 10 avr. 2025 à 16:22, Andrew Tillinghast 
>> a écrit :
>>
>>> Rather than comment out the tomcat version specify the version you want,
>>> just be aware that might cause other issues with incompatible jars.
>>>
>>> On Thu, Apr 10, 2025 at 4:12 AM Vincent Weber  wrote:
>>>
 Hello,
 Any ideas on this ?
 Thanks

 Le vendredi 28 mars 2025 à 17:04:09 UTC+1, Vincent Weber a écrit :

> Hello,
>
> I am running CAS 7.0.10 build with overlay and embedded Tomcat.
> When it start, I have the message :
> *Apache Tomcat Version: Apache Tomcat/10.1.31*
>
> I tried to edit gradle.properties to uncomment this line and have a
> more recent Tomcat version :
> # tomcatVersion=10.1.39
>
> But then when I do :
> *./gradlew clean copyCasConfiguration build run --refresh-dependencies*
>
> I receive this error :
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *   2025-03-28 16:17:55,001 ERROR
> [org.springframework.boot.SpringApplication] -  failed>java.lang.NoClassDefFoundError: org/apache/catalina/util/ServerInfo
>   at
> org.apereo.cas.CasTomcatBanner.injectEnvironmentInfo(CasTomcatBanner.java:20)
>   at
> org.apereo.cas.util.spring.boot.AbstractCasBanner.collectEnvironmentInfo(AbstractCasBanner.java:77)
>   at
> org.apereo.cas.util.spring.boot.AbstractCasBanner.printBanner(AbstractCasBanner.java:33)
>   at
> org.springframework.boot.SpringApplicationBannerPrinter.print(SpringApplicationBannerPrinter.java:67)
>   at
> org.springframework.boot.SpringApplication.printBanner(SpringApplication.java:586)
>   at
> org.springframework.boot.SpringApplication.run(SpringApplication.java:330)
>   at
> org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:149)
>   at
> org.apereo.cas.web.CasWebApplication.main(CasWebApplication.java:57)
> at
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
>   at java.base/java.lang.reflect.Method.invoke(Method.java:580)
> at
> org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:91)
> at
> org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:53)
> at
> org.springframework.boot.loader.launch.WarLauncher.main(WarLauncher.java:57)Caused
> by: java.lang.ClassNotFoundException: org.apache.catalina.util.ServerInfo
>   at
> java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
> at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:593)
> at
> org.springframework.boot.loader.net.protocol.jar.JarUrlClassLoader.loadClass(JarUrlClassLoader.java:104)
>   at
> org.springframework.boot.loader.launch.LaunchedClassLoader.loadClass(LaunchedClassLoader.java:91)
>   at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
> ... 13 more> Task :run FAILEDFAILURE: Build failed with an exception.*
>
> Did I miss something ?
>
> Regards,
> Vincent
>
>
> --
 - Website: https://apereo.github.io/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 ---
 You received this message because you are subscribed to the Google
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to cas-user+u...@apereo.org.
 To view this discussion visit
 https://groups.google.com/a/apereo.org/d/msgid/cas-user/330c1faa-9bab-42db-bf00-aabfbfcd83a8n%40apereo.org
 
 .

>>> --
>>> - Website: https://apereo.github.io/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas

Re: [cas-user] Re: CAS 7.0.10 and Apache Tomcat version

[Mohamed Amdouni]

Check the logs and generate an overlay from scratch. There is the site of
cas initializer

Le jeu. 10 avr. 2025 à 17:38, Vincent Weber  a écrit :

> Thanks for your responses.
> How to know the default tomcat version that CAS 7.0.10 should use when
> using the overlay ?
>
> Le jeudi 10 avril 2025 à 16:55:46 UTC+2, Mohamed Amdouni a écrit :
>
>> Hi,
>>
>> Check this discussion
>>
>> https://groups.google.com/a/apereo.org/g/cas-user/c/Lw19PuKwi-0/m/BgXBdp-6BwAJ?utm_medium=email&utm_source=footer&pli=1
>>
>> Best regards
>>
>>
>> Le jeu. 10 avr. 2025 à 16:22, Andrew Tillinghast 
>> a écrit :
>>
>>> Rather than comment out the tomcat version specify the version you want,
>>> just be aware that might cause other issues with incompatible jars.
>>>
>>> On Thu, Apr 10, 2025 at 4:12 AM Vincent Weber  wrote:
>>>
>> Hello,
 Any ideas on this ?
 Thanks

 Le vendredi 28 mars 2025 à 17:04:09 UTC+1, Vincent Weber a écrit :

> Hello,
>
> I am running CAS 7.0.10 build with overlay and embedded Tomcat.
> When it start, I have the message :
> *Apache Tomcat Version: Apache Tomcat/10.1.31*
>
> I tried to edit gradle.properties to uncomment this line and have a
> more recent Tomcat version :
> # tomcatVersion=10.1.39
>
> But then when I do :
> *./gradlew clean copyCasConfiguration build run --refresh-dependencies*
>
> I receive this error :
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *   2025-03-28 16:17:55,001 ERROR
> [org.springframework.boot.SpringApplication] -  failed>java.lang.NoClassDefFoundError: org/apache/catalina/util/ServerInfo
>   at
> org.apereo.cas.CasTomcatBanner.injectEnvironmentInfo(CasTomcatBanner.java:20)
>   at
> org.apereo.cas.util.spring.boot.AbstractCasBanner.collectEnvironmentInfo(AbstractCasBanner.java:77)
>   at
> org.apereo.cas.util.spring.boot.AbstractCasBanner.printBanner(AbstractCasBanner.java:33)
>   at
> org.springframework.boot.SpringApplicationBannerPrinter.print(SpringApplicationBannerPrinter.java:67)
>   at
> org.springframework.boot.SpringApplication.printBanner(SpringApplication.java:586)
>   at
> org.springframework.boot.SpringApplication.run(SpringApplication.java:330)
>   at
> org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:149)
>   at
> org.apereo.cas.web.CasWebApplication.main(CasWebApplication.java:57)
> at
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
>   at java.base/java.lang.reflect.Method.invoke(Method.java:580)
> at
> org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:91)
> at
> org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:53)
> at
> org.springframework.boot.loader.launch.WarLauncher.main(WarLauncher.java:57)Caused
> by: java.lang.ClassNotFoundException: org.apache.catalina.util.ServerInfo
>   at
> java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
> at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:593)
> at
> org.springframework.boot.loader.net.protocol.jar.JarUrlClassLoader.loadClass(JarUrlClassLoader.java:104)
>   at
> org.springframework.boot.loader.launch.LaunchedClassLoader.loadClass(LaunchedClassLoader.java:91)
>   at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
> ... 13 more> Task :run FAILEDFAILURE: Build failed with an exception.*
>
> Did I miss something ?
>
> Regards,
> Vincent
>
>
> --
 - Website: https://apereo.github.io/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 ---
 You received this message because you are subscribed to the Google
 Groups "CAS Community" group.

>>> To unsubscribe from this group and stop receiving emails from it, send
 an email to cas-user+u...@apereo.org.
 To view this discussion visit
 https://groups.google.com/a/apereo.org/d/msgid/cas-user/330c1faa-9bab-42db-bf00-aabfbfcd83a8n%40apereo.org
 
 .

>>> --
>>> - Website: https://apereo.github.io/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>>
>> To view this discussion visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAPt3vHX3C9o0R20QbzP2VdwTOq-VW8PJdO8czS-seG

Re: [cas-user] Android WebView in Gmail App Fails Due to CAS 7.x LocalStorage Usage

['Jonathon Taylor' via CAS Community]

Agreed.  This does not just affect Gmail on Android, but also common
applications such as GlobalProtect VPN clients and I'm sure other commonly
used software.  I do appreciate the pull request and we will likely be
using the solution Mark posted.

On Wed, Apr 2, 2025 at 4:50 AM David Gelhar  wrote:

> Hi Mark,
>
> Thank you for posting that pull request. We have encountered similar
> problems since upgrading to CAS7 so your analysis (and workaround) is going
> to prove very helpful.
>
> The attitude of the CAS project around this issue is frankly
> incomprehensible. They have introduced a change that completely breaks
> authentication for a very significant user population (Gmail on an Andoid
> device is not exactly a "edge case"), and then declined to accept a fix
> because it would be "not worth maintaining".
>
> Thanks,
>
> David
>
> On Wednesday, March 12, 2025 at 9:00:46 AM UTC-4 Mark Oliver wrote:
>
>> Hi Jonathan,
>>
>> Unfortunately, that was a mistake on my part—a fix isn’t in the mentioned
>> file.
>>
>> I did submit a pull request for a fix here, but it was rejected because
>> it changed the core functionality of CAS, and the project doesn’t want to
>> maintain that, which is fair enough:
>> https://github.com/apereo/cas/pull/6305
>>
>> Going forward, we’re managing our own version of the file. Given that,
>> I’ve simplified it by solely relying on sessionStorage.
>>
>> Cheers,
>> Mark
>> On Thursday, 6 March 2025 at 13:52:01 UTC Jonathon Taylor wrote:
>>
>>> Hi Mark,
>>>
>>> We are running into this same issue.  Would you mind pointing me to what
>>> in the master branch version resolved this issue for you?  We are seeing
>>> the issue with 7.1.4 currently.
>>>
>>> On Thu, Jan 9, 2025 at 9:12 AM 'Mark Oliver' via CAS Community <
>>> cas-...@apereo.org> wrote:
>>>
 Thanks Ray,

 I was able to find the latest file on the master branch which looks
 like it's been fixed:

 https://github.com/apereo/cas/blob/master/support/cas-server-support-thymeleaf/src/main/resources/static/js/cas.js

 Cheers.
 Mark
>>>
>>>

 On Tuesday, 7 January 2025 at 06:26:59 UTC Ray Bon wrote:

> Mark,
>
> You can start with
> https://apereo.github.io/cas/developer/Contributor-Guidelines.html
> 
>
> Ray
>
> On Mon, 2025-01-06 at 06:30 -0800, 'Mark Oliver' via CAS Community
> wrote:
>
> Hello,
>
> We recently attempted to upgrade our CAS installation from 6.6 to 7.x
> and encountered a blocking issue with Android’s embedded WebView
> (specifically in the Gmail app).
>
> In CAS 7.x, the default src/main/static/js/cas.js file appears to rely
> more heavily on localStorage. However, the Gmail app’s built-in WebView
> which is used for registering an account does not properly support
> localStorage. This leads to errors in the authentication flow, causing the
> WebView browser to hang after CAS credentials are submitted. In CAS 6.6,
> the code primarily used sessionStorage, and this issue never arose.
>
> To work around the problem, I’ve updated cas.js so that it first
> checks if localStorage is available, and if not, it falls back to an
> in-memory object or to sessionStorage. This resolves the problem for our
> users.
>
> - So firstly is this a known issue, as of 7.1.3 that issue still
> remains.
> - If a fix is welcome, where should I submit a pull request for the
> src/main/static/js/cas.js file?
>
> Cheers.
> Mark
>
>
> --
 - Website: https://apereo.github.io/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 ---
 You received this message because you are subscribed to the Google
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to cas-user+u...@apereo.org.
 To view this discussion visit
 https://groups.google.com/a/apereo.org/d/msgid/cas-user/0f4c6d2c-a7b3-461f-9dee-d448da800e8bn%40apereo.org
 
 .

>>>
>>>
>>> --
>>> Jonathon Taylor (he/him)
>>> Information Security Office
>>> jona...@berkeley.edu
>>>
>>

-- 
Jonathon Taylor (he/him)
Information Security Office
jonath...@berkeley.edu

-- 
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABzqDo-HEUoVYd3szx_f1XsAjWWWQwO1a3z5aq243PwX_GOO4A%40mail.gmail.com.

Re: [cas-user] Re: CAS 7.0.10 and Apache Tomcat version

[Vincent Weber]

Thanks for your responses.
How to know the default tomcat version that CAS 7.0.10 should use when 
using the overlay ?

Le jeudi 10 avril 2025 à 16:55:46 UTC+2, Mohamed Amdouni a écrit :

> Hi,
>
> Check this discussion 
>
> https://groups.google.com/a/apereo.org/g/cas-user/c/Lw19PuKwi-0/m/BgXBdp-6BwAJ?utm_medium=email&utm_source=footer&pli=1
>
> Best regards
>
>
> Le jeu. 10 avr. 2025 à 16:22, Andrew Tillinghast  a 
> écrit :
>
>> Rather than comment out the tomcat version specify the version you want, 
>> just be aware that might cause other issues with incompatible jars.
>>
>> On Thu, Apr 10, 2025 at 4:12 AM Vincent Weber  wrote:
>>
>>> Hello,
>>> Any ideas on this ?
>>> Thanks
>>>
>>> Le vendredi 28 mars 2025 à 17:04:09 UTC+1, Vincent Weber a écrit :
>>>
 Hello,

 I am running CAS 7.0.10 build with overlay and embedded Tomcat.
 When it start, I have the message : 
 *Apache Tomcat Version: Apache Tomcat/10.1.31*

 I tried to edit gradle.properties to uncomment this line and have a 
 more recent Tomcat version : 
 # tomcatVersion=10.1.39

 But then when I do : 
 *./gradlew clean copyCasConfiguration build run --refresh-dependencies*

 I receive this error : 

























 *   2025-03-28 16:17:55,001 ERROR 
 [org.springframework.boot.SpringApplication] - >>> failed>java.lang.NoClassDefFoundError: org/apache/catalina/util/ServerInfo 
  
   at 
 org.apereo.cas.CasTomcatBanner.injectEnvironmentInfo(CasTomcatBanner.java:20)
   
   at 
 org.apereo.cas.util.spring.boot.AbstractCasBanner.collectEnvironmentInfo(AbstractCasBanner.java:77)
   
   at 
 org.apereo.cas.util.spring.boot.AbstractCasBanner.printBanner(AbstractCasBanner.java:33)
   
   at 
 org.springframework.boot.SpringApplicationBannerPrinter.print(SpringApplicationBannerPrinter.java:67)
   
   at 
 org.springframework.boot.SpringApplication.printBanner(SpringApplication.java:586)
   
   at 
 org.springframework.boot.SpringApplication.run(SpringApplication.java:330) 
  
   at 
 org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:149)
   
   at 
 org.apereo.cas.web.CasWebApplication.main(CasWebApplication.java:57)   
  
 at 
 java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
   
   at java.base/java.lang.reflect.Method.invoke(Method.java:580)
 at 
 org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:91)   
  
 at 
 org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:53)   
  
 at 
 org.springframework.boot.loader.launch.WarLauncher.main(WarLauncher.java:57)Caused
  
 by: java.lang.ClassNotFoundException: org.apache.catalina.util.ServerInfo  
   at 
 java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)   
  
 at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:593)
 at 
 org.springframework.boot.loader.net.protocol.jar.JarUrlClassLoader.loadClass(JarUrlClassLoader.java:104)
   
   at 
 org.springframework.boot.loader.launch.LaunchedClassLoader.loadClass(LaunchedClassLoader.java:91)
   
   at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)   
  
 ... 13 more> Task :run FAILEDFAILURE: Build failed with an exception.*

 Did I miss something ?

 Regards,
 Vincent


 -- 
>>> - Website: https://apereo.github.io/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> --- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion visit 
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/330c1faa-9bab-42db-bf00-aabfbfcd83a8n%40apereo.org
>>>  
>>> 
>>> .
>>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org.
>>
> To view this discussion visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAPt3vHX3C9o0R20QbzP2VdwTOq-VW8PJdO8czS-seGYyL_5W9Q%40mail.gmail.com
>>  
>> 

Re: [cas-user] Re: CAS 7.0.10 and Apache Tomcat version

[Mohamed Amdouni]

Hi,

Check this discussion
https://groups.google.com/a/apereo.org/g/cas-user/c/Lw19PuKwi-0/m/BgXBdp-6BwAJ?utm_medium=email&utm_source=footer&pli=1

Best regards


Le jeu. 10 avr. 2025 à 16:22, Andrew Tillinghast 
a écrit :

> Rather than comment out the tomcat version specify the version you want,
> just be aware that might cause other issues with incompatible jars.
>
> On Thu, Apr 10, 2025 at 4:12 AM Vincent Weber  wrote:
>
>> Hello,
>> Any ideas on this ?
>> Thanks
>>
>> Le vendredi 28 mars 2025 à 17:04:09 UTC+1, Vincent Weber a écrit :
>>
>>> Hello,
>>>
>>> I am running CAS 7.0.10 build with overlay and embedded Tomcat.
>>> When it start, I have the message :
>>> *Apache Tomcat Version: Apache Tomcat/10.1.31*
>>>
>>> I tried to edit gradle.properties to uncomment this line and have a more
>>> recent Tomcat version :
>>> # tomcatVersion=10.1.39
>>>
>>> But then when I do :
>>> *./gradlew clean copyCasConfiguration build run --refresh-dependencies*
>>>
>>> I receive this error :
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *   2025-03-28 16:17:55,001 ERROR
>>> [org.springframework.boot.SpringApplication] - >> failed>java.lang.NoClassDefFoundError: org/apache/catalina/util/ServerInfo
>>>   at
>>> org.apereo.cas.CasTomcatBanner.injectEnvironmentInfo(CasTomcatBanner.java:20)
>>>   at
>>> org.apereo.cas.util.spring.boot.AbstractCasBanner.collectEnvironmentInfo(AbstractCasBanner.java:77)
>>>   at
>>> org.apereo.cas.util.spring.boot.AbstractCasBanner.printBanner(AbstractCasBanner.java:33)
>>>   at
>>> org.springframework.boot.SpringApplicationBannerPrinter.print(SpringApplicationBannerPrinter.java:67)
>>>   at
>>> org.springframework.boot.SpringApplication.printBanner(SpringApplication.java:586)
>>>   at
>>> org.springframework.boot.SpringApplication.run(SpringApplication.java:330)
>>>   at
>>> org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:149)
>>>   at
>>> org.apereo.cas.web.CasWebApplication.main(CasWebApplication.java:57)
>>> at
>>> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
>>>   at java.base/java.lang.reflect.Method.invoke(Method.java:580)
>>> at
>>> org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:91)
>>> at
>>> org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:53)
>>> at
>>> org.springframework.boot.loader.launch.WarLauncher.main(WarLauncher.java:57)Caused
>>> by: java.lang.ClassNotFoundException: org.apache.catalina.util.ServerInfo
>>>   at
>>> java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
>>> at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:593)
>>> at
>>> org.springframework.boot.loader.net.protocol.jar.JarUrlClassLoader.loadClass(JarUrlClassLoader.java:104)
>>>   at
>>> org.springframework.boot.loader.launch.LaunchedClassLoader.loadClass(LaunchedClassLoader.java:91)
>>>   at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
>>> ... 13 more> Task :run FAILEDFAILURE: Build failed with an exception.*
>>>
>>> Did I miss something ?
>>>
>>> Regards,
>>> Vincent
>>>
>>>
>>> --
>> - Website: https://apereo.github.io/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/330c1faa-9bab-42db-bf00-aabfbfcd83a8n%40apereo.org
>> 
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAPt3vHX3C9o0R20QbzP2VdwTOq-VW8PJdO8czS-seGYyL_5W9Q%40mail.gmail.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion visit 
https://groups.google.com/a/apereo

[cas-user] Using remote discovery service with delegated SAML authentication (CAS 7)

[Tomi Karlstedt]

Hi,

We're replacing an old Spring/OpenSAML service provider microservice with 
an existing CAS implementation as the SP. This means we need to integrate 
our CAS 7.0 with a Shibboleth instance using SAML. The authentication 
delegation works fine. CAS sends user to the Shibboleth which then picks 
the first defined IDP in the metadata. However we're having a hard time 
figuring out how to use the Shibboleth's remote WAYF/Discovery Service so 
that the user can choose their IDP.

How would one go about integrating such a service with CAS? As far as I can 
tell, the old SP microservice just saves the original return URL (i.e. 
service in CAS terminology), redirects to the Discovery Service, and has a 
registered return URL in the SP metadata describet below. Returning to this 
predefined URL then starts the login process with the received IDP.



To me this looks like we need to do a custom server side redirect to the 
Shibboleth WAYF from CAS and save the service url to session or something 
similar. Then use the *org.apereo.cas:cas-server-support-saml-idp-discovery* 
package to handle the IDP redirect (wonder if it works with 7.0). Is this 
the correct way or is there a ready-made solution for remote DS?

Tomi

-- 
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ae8f6d08-9998-481d-9b97-5cafdd8d6c3en%40apereo.org.

[cas-user] Re: CAS 7.0.10 and Apache Tomcat version

[Vincent Weber]

Hello,
Any ideas on this ?
Thanks

Le vendredi 28 mars 2025 à 17:04:09 UTC+1, Vincent Weber a écrit :

> Hello,
>
> I am running CAS 7.0.10 build with overlay and embedded Tomcat.
> When it start, I have the message : 
> *Apache Tomcat Version: Apache Tomcat/10.1.31*
>
> I tried to edit gradle.properties to uncomment this line and have a more 
> recent Tomcat version : 
> # tomcatVersion=10.1.39
>
> But then when I do : 
> *./gradlew clean copyCasConfiguration build run --refresh-dependencies*
>
> I receive this error : 
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *   2025-03-28 16:17:55,001 ERROR 
> [org.springframework.boot.SpringApplication] -  failed>java.lang.NoClassDefFoundError: org/apache/catalina/util/ServerInfo  
>   at 
> org.apereo.cas.CasTomcatBanner.injectEnvironmentInfo(CasTomcatBanner.java:20) 
>  
>   at 
> org.apereo.cas.util.spring.boot.AbstractCasBanner.collectEnvironmentInfo(AbstractCasBanner.java:77)
>   
>   at 
> org.apereo.cas.util.spring.boot.AbstractCasBanner.printBanner(AbstractCasBanner.java:33)
>   
>   at 
> org.springframework.boot.SpringApplicationBannerPrinter.print(SpringApplicationBannerPrinter.java:67)
>   
>   at 
> org.springframework.boot.SpringApplication.printBanner(SpringApplication.java:586)
>   
>   at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:330)  
>   at 
> org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:149)
>   
>   at 
> org.apereo.cas.web.CasWebApplication.main(CasWebApplication.java:57)
> at 
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
>   
>   at java.base/java.lang.reflect.Method.invoke(Method.java:580)
> at 
> org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:91)
> at 
> org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:53)
> at 
> org.springframework.boot.loader.launch.WarLauncher.main(WarLauncher.java:57)Caused
>  
> by: java.lang.ClassNotFoundException: org.apache.catalina.util.ServerInfo  
>   at 
> java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
> at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:593)
> at 
> org.springframework.boot.loader.net.protocol.jar.JarUrlClassLoader.loadClass(JarUrlClassLoader.java:104)
>   
>   at 
> org.springframework.boot.loader.launch.LaunchedClassLoader.loadClass(LaunchedClassLoader.java:91)
>   
>   at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
> ... 13 more> Task :run FAILEDFAILURE: Build failed with an exception.*
>
> Did I miss something ?
>
> Regards,
> Vincent
>
>
>

-- 
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/330c1faa-9bab-42db-bf00-aabfbfcd83a8n%40apereo.org.

[cas-user] OpenId Connect

[Xavier Rodríguez]

 Hello, 

I am configuring Apereo CAS 6.4.6.6 as an OpenId Connect server. Following 
the CAS documentation, I added the property to the server: 

cas.authn.oidc.jwks.file-system.jwks-file=file:/etc/cas/config/keystore.jwks 

Looking at the documentation on how to define a client in this protocol:

https://apereo.github.io/cas/7.2.x/authentication/OIDC-Authentication-Clients.html

This is very similar to CASE 6.4.6.6, it is written: 

jwks -> Optional. Resource path to the keystore location that holds the 
keys for this application.

Isn't this the keytore.jwks that should sign the Id Token when it is 
generated for this service? 

For example, I have:

{
  "@class" : "org.apereo.cas.services.OidcRegisteredService",
  "serviceId" : "https:localhost:8443/openid-connect-demo/.*",
  "clientId": "openid_connect",
  "clientSecret": "AA",
  "name" : "Cas Server",
  "id" : 10290,
  "evaluationOrder" : 290,
  "bypassApprovalPrompt": true,
  "generateRefreshToken" : true,
  "jsonFormat" : true,
  "supportedGrantTypes" : [ "java.util.HashSet", [ "authorization_code", 
"password", "client_credentials", "refresh_token" ] ],
  "supportedResponseTypes" : [ "java.util.HashSet", [ "code", "token" ] ],
   
  "jwks": "file:/etc/cas/config/localhost/oidc/keystore3.jwks"
} 

When I have the jwks property in this file, CAS automatically adds this new 
key to the path:

https://{SERVER_CAS_PATH}/cas/oidc/jwks

But when you have to sign the ID Token, always use the: 

cas.authn.oidc.jwks.file-system.jwks-file=file:/etc/cas/config/keystore.jwks

Shouldn't I use the signature defined in "jwks"? Am I doing something 
wrong? Am I missing something else to configure? 

Thanks!

- Xavier -



-- 
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/07f60180-e7ed-4c1b-a6fa-f5d119c2f0a1n%40apereo.org.

[cas-user] Re: web-authn and Account Profile Managment

[Frédéric Dussurget]

Hi,
Your fix seems to have been included ion the latest 7.2, I can now register 
webauthn devices through the account profile management BUT, I still cannot 
register webauthn devices if I have multiples MFA providers (in my cas 
webauthn and gauth)
Regards,

here are my logs when I try to register a webauthn device with both MFA 
poviders :

browser's console : 
Request :



*_csrf: "pPOlLr91F7EsX5z[... blahblahblah ...]w_XI-nzfe9type: 
"webauthn"_eventId_register: "Register"execution: 
537c7786-8f9b-4a65[...blahblahblah...]pZWlhOVUyOFo2TjVn*

server logs :




*2025-04-10 14:37:51,113 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 2025-04-10 14:37:51,114 
DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 2025-04-10 14:37:51,116 DEBUG 
[org.apereo.cas.web.flow.CasFlowHandlerMapping] - 2025-04-10 14:37:51,130 
DEBUG 
[org.apereo.cas.otp.web.flow.OneTimeTokenAccountCreateRegistrationAction] - 
2025-04-10 
14:37:51,422 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] 
- *

... and when I'm trying to do the same thing with only the webauth MFA 
provider (flushed gauth from everywhere : build.gradle, services, cas.yml):




*2025-04-10 15:02:06,834 DEBUG 
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - 2025-04-10 
15:02:06,835 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] 
- 2025-04-10 15:02:06,838 DEBUG 
[org.apereo.cas.web.flow.CasFlowHandlerMapping] - 2025-04-10 15:02:06,861 
DEBUG [org.apereo.cas.webauthn.web.flow.WebAuthnStartRegistrationAction] - 
 Thanks a lot for that ! I hope someone will fix it with your fix.
> Until now, I had to register my webauthn devices for testing by accessing 
> directly to a service protected by webauthn 
> Regards,
>
> Le jeudi 5 décembre 2024 à 15:19:01 UTC+1, P Assenger a écrit :
>
>> Two PRs should correct the issue with webauthn device registration.  I do 
>> not know if the crossover with mfa-gauth  is also corrected, as I  wanted 
>> to get webauthn registration working for POC purpose, only.
>>
>> Note that, for now, the two PRs are rejected as there is no test 
>> associated to them:
>>
>>- PR ( 7.1.x)  https://github.com/apereo/cas/pull/6252
>>- PR (master) : https://github.com/apereo/cas/pull/6254
>>
>>
>> Modification is trivial so the patch should be easy to apply for other 
>> revisions.
>>
>> Regards,
>>
>> P.
>> Le jeudi 28 novembre 2024 à 02:59:25 UTC+1, P Assenger a écrit :
>>
>>> Hi,
>>>  We encounter the same issue under v7.1.2, with only the web-authn 
>>> dependencies : while the new device is registered, an error occurs at the 
>>> interface.
>>>
>>> In CAS logs, the error is as you described it : *Exception thrown in 
>>> state 'viewRegistrationWebAuthn' of flow 'account'.* Albeit with this 
>>> added message : *no ''saveRegistration' state in flow 'account'.*
>>>
>>> The culprit code seems to be in "
>>> *support/cas-server-support-webauthn-core-webflow/src/main/java/org/apereo/cas/webauthn/web/flow/account/WebAuthnMultifactorAccountProfileWebflowConfigurer.java*'.
>>>  
>>> BTW, this class does not seem to have a TestCase. 
>>>
>>> Harsh to be blocked on such a problem :(.
>>>
>>> P. 
>>>
>>> Le mercredi 11 septembre 2024 à 16:21:46 UTC+2, Frédéric Dussurget a 
>>> écrit :
>>>
 Hi,

 Context : version=7.2.0-SNAPSHOT 

 Extract of build.gradle :
 //MFA TOTP
 implementation "org.apereo.cas:cas-server-support-gauth"
 implementation "org.apereo.cas:cas-server-support-gauth-redis"

 // MFA FIDO2 WEBAUTHN
 implementation "org.apereo.cas:cas-server-support-webauthn"
 implementation "org.apereo.cas:cas-server-support-webauthn-redis"

 //MFA TRUSTED DEVICE
 implementation "org.apereo.cas:cas-server-support-trusted-mfa"
 implementation 
 "org.apereo.cas:cas-server-support-trusted-mfa-redis" 

 My issue :
 I have an issue with Account Profile Management (/cas/login page), but 
 only with webauthn devices (mfa-gauth devices work fine) :

 - with build.gradle containing only web-authn dependencies, I'm able to 
 register a webauthn device thru account profile management, but I get an 
 500 error message at the very end of the ceremony : 
 Error: jakarta.servlet.ServletException: Request processing failed: 
 org.springframework.webflow.execution.FlowExecutionException: Exception 
 thrown in state 'viewRegistrationWebAuthn' of flow 'account'

 BUT, the webauthn device is registered and fully functionnal.

 - with build.gradle containing web-authn AND mfa-gauth dependencies, I 
 cannot get the webauthn device registering ceremony : every time I end up 
 on the mfa-gauth device registering ceremony. So, the only way to register 
 mfa-webauthn devices is on the fly, accessing directly to a service.

 Regards,



-- 
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Con

[cas-user] How to connect Docker CAS to Docker MySQL database？

[Suoke Sou]

Hi,
I have some problems with running CAS using the Docker image 
apereo/cas:7.2.0-SNAPSHOT,Can anyone help me?

When CAS running without application.properties,I can use casuser and Mellon as 
the username and password to test the default authentication scheme in CAS.

But when I use the application.properties to make CAS working with the 
Docker image mysql:8.0.21, CAS can not connecting to the mysql database.

This problem has been bothering me for two weeks. I hope someone can help 
me.

Here is my docker command:
docker run --name CAS --network=cas -e TZ=Asia/Shanghai -e 
SERVER_SSL_ENABLED=false -e SERVER_PORT=8080 -v /docker/cas:/etc/cas -p 
8181:8080 apereo/cas:7.2.0-SNAPSHOT 
Copy
docker run --name mysql --network=cas -e TZ=Asia/Shanghai -v 
/docker/mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=11 -p 3308:3306 -d 
mysql:8.0.21 
Copy
docker run --name phpmyadmin --network=cas -e PMA_HOSTS=172.18.0.2 -p 81:80 
phpmyadmin:latest 
Copy

Here is my application.properties in /docker/cas/config:
cas.server.name=http://1.1.1.1:8181 
cas.server.prefix=${cas.server.name}/cas logging.level.org.apereo=DEBUG 
logging.level.org.apereo.cas=DEBUG cas.authn.accept.users= 
cas.authn.jdbc.query[0].field-password=password 
cas.authn.jdbc.query[0].field-expired=expired 
cas.authn.jdbc.query[0].field-disabled=disabled 
cas.authn.jdbc.query[0].driver-class=com.mysql.cj.jdbc.Driver 
cas.authn.jdbc.query[0].password-encoder.type=NONE 
cas.authn.jdbc.query[0].user=root cas.authn.jdbc.query[0].password=11 
cas.authn.jdbc.query[0].sql=select * from user where name=? 
cas.authn.jdbc.query[0].url=jdbc:mysql://172.18.0.2:3306/cas?serverTimezone=Asia/Shanghai&useUnicode=true&characterEncoding=utf8&useSSL=false
 
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect 
Copy

And I also put the database driver mysql-connector-java-8.0.21.jar 
(https://cdn.mysql.com/archives/mysql-connector-java-8.0/mysql-connector-java-8.0.21.zip)
 

 in /docker/cas/lib.

The phpmyadmin can connecting to mysql database, But I can not see any 
sessions from CAS to mysql in phpmyadmin.

Can anyone help me?

-- 
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fbbb04a2-76c1-4b3f-8105-6b58c4bd1aa8n%40apereo.org.

Re: [cas-user] Android WebView in Gmail App Fails Due to CAS 7.x LocalStorage Usage

['Jonathon Taylor' via CAS Community]

I can confirm that this fixed my issue with our Palo Alto Global Protect
VPN client, which requires the Android WebView.  I do not have a way to
test the Gmail app in my QA environment but I suspect it will be the same.

Thanks Misagh if you are reading this.  Hopefully this can be backported
into the 7.2 branch :-)

On Thu, Apr 10, 2025 at 4:24 PM Jonathon Taylor 
wrote:

> Hi All,
>
> There appears to be a potential solution for this being worked on in the
> 7.3.0-SNAPSHOT version of CAS.  The commit is here:
>
>
> https://github.com/apereo/cas/commit/bf27b046e43029666dea64aba1a866bb67c010e9
>
> I just tested this by changing my 7.2.1-SNAPSHOT build to 7.3.0-SNAPSHOT.
> You can then use this property:
>
> # This defaults to BROWSER_STORAGE
> cas.authn.mfa.duo[0].session-storage-type=TICKET_REGISTRY
>
> This appears to work and skips the interstitial pages that read/write from
> localstorage in the browser.  I have not yet tested this for Android but
> will.
>
> On Thu, Apr 10, 2025 at 8:15 AM Jonathon Taylor 
> wrote:
>
>> Agreed.  This does not just affect Gmail on Android, but also common
>> applications such as GlobalProtect VPN clients and I'm sure other commonly
>> used software.  I do appreciate the pull request and we will likely be
>> using the solution Mark posted.
>>
>> On Wed, Apr 2, 2025 at 4:50 AM David Gelhar 
>> wrote:
>>
>>> Hi Mark,
>>>
>>> Thank you for posting that pull request. We have encountered similar
>>> problems since upgrading to CAS7 so your analysis (and workaround) is going
>>> to prove very helpful.
>>>
>>> The attitude of the CAS project around this issue is frankly
>>> incomprehensible. They have introduced a change that completely breaks
>>> authentication for a very significant user population (Gmail on an Andoid
>>> device is not exactly a "edge case"), and then declined to accept a fix
>>> because it would be "not worth maintaining".
>>>
>>> Thanks,
>>>
>>> David
>>>
>>> On Wednesday, March 12, 2025 at 9:00:46 AM UTC-4 Mark Oliver wrote:
>>>
 Hi Jonathan,

 Unfortunately, that was a mistake on my part—a fix isn’t in the
 mentioned file.

 I did submit a pull request for a fix here, but it was rejected because
 it changed the core functionality of CAS, and the project doesn’t want to
 maintain that, which is fair enough:
 https://github.com/apereo/cas/pull/6305

 Going forward, we’re managing our own version of the file. Given that,
 I’ve simplified it by solely relying on sessionStorage.

 Cheers,
 Mark
 On Thursday, 6 March 2025 at 13:52:01 UTC Jonathon Taylor wrote:

> Hi Mark,
>
> We are running into this same issue.  Would you mind pointing me to
> what in the master branch version resolved this issue for you?  We are
> seeing the issue with 7.1.4 currently.
>
> On Thu, Jan 9, 2025 at 9:12 AM 'Mark Oliver' via CAS Community <
> cas-...@apereo.org> wrote:
>
>> Thanks Ray,
>>
>> I was able to find the latest file on the master branch which looks
>> like it's been fixed:
>>
>> https://github.com/apereo/cas/blob/master/support/cas-server-support-thymeleaf/src/main/resources/static/js/cas.js
>>
>> Cheers.
>> Mark
>
>
>>
>> On Tuesday, 7 January 2025 at 06:26:59 UTC Ray Bon wrote:
>>
>>> Mark,
>>>
>>> You can start with
>>> https://apereo.github.io/cas/developer/Contributor-Guidelines.html
>>> 
>>>
>>> Ray
>>>
>>> On Mon, 2025-01-06 at 06:30 -0800, 'Mark Oliver' via CAS Community
>>> wrote:
>>>
>>> Hello,
>>>
>>> We recently attempted to upgrade our CAS installation from 6.6 to
>>> 7.x and encountered a blocking issue with Android’s embedded WebView
>>> (specifically in the Gmail app).
>>>
>>> In CAS 7.x, the default src/main/static/js/cas.js file appears to
>>> rely more heavily on localStorage. However, the Gmail app’s built-in
>>> WebView which is used for registering an account does not properly 
>>> support
>>> localStorage. This leads to errors in the authentication flow, causing 
>>> the
>>> WebView browser to hang after CAS credentials are submitted. In CAS 6.6,
>>> the code primarily used sessionStorage, and this issue never arose.
>>>
>>> To work around the problem, I’ve updated cas.js so that it first
>>> checks if localStorage is available, and if not, it falls back to an
>>> in-memory object or to sessionStorage. This resolves the problem for our
>>> users.
>>>
>>> - So firstly is this a known issue, as of 7.1.3 that issue still
>>> remains.
>>> - If a fix is welcome, where should I submit a pull request for the
>>> src/main/static/js/cas.js file?
>>>
>>> Cheers.
>>> Mark
>>>
>>>
>>> --
>> - Website: https://apereo.github.io/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>

Re: [cas-user] Android WebView in Gmail App Fails Due to CAS 7.x LocalStorage Usage

['Jonathon Taylor' via CAS Community]

Hi All,

There appears to be a potential solution for this being worked on in the
7.3.0-SNAPSHOT version of CAS.  The commit is here:

https://github.com/apereo/cas/commit/bf27b046e43029666dea64aba1a866bb67c010e9

I just tested this by changing my 7.2.1-SNAPSHOT build to 7.3.0-SNAPSHOT.
You can then use this property:

# This defaults to BROWSER_STORAGE
cas.authn.mfa.duo[0].session-storage-type=TICKET_REGISTRY

This appears to work and skips the interstitial pages that read/write from
localstorage in the browser.  I have not yet tested this for Android but
will.

On Thu, Apr 10, 2025 at 8:15 AM Jonathon Taylor 
wrote:

> Agreed.  This does not just affect Gmail on Android, but also common
> applications such as GlobalProtect VPN clients and I'm sure other commonly
> used software.  I do appreciate the pull request and we will likely be
> using the solution Mark posted.
>
> On Wed, Apr 2, 2025 at 4:50 AM David Gelhar 
> wrote:
>
>> Hi Mark,
>>
>> Thank you for posting that pull request. We have encountered similar
>> problems since upgrading to CAS7 so your analysis (and workaround) is going
>> to prove very helpful.
>>
>> The attitude of the CAS project around this issue is frankly
>> incomprehensible. They have introduced a change that completely breaks
>> authentication for a very significant user population (Gmail on an Andoid
>> device is not exactly a "edge case"), and then declined to accept a fix
>> because it would be "not worth maintaining".
>>
>> Thanks,
>>
>> David
>>
>> On Wednesday, March 12, 2025 at 9:00:46 AM UTC-4 Mark Oliver wrote:
>>
>>> Hi Jonathan,
>>>
>>> Unfortunately, that was a mistake on my part—a fix isn’t in the
>>> mentioned file.
>>>
>>> I did submit a pull request for a fix here, but it was rejected because
>>> it changed the core functionality of CAS, and the project doesn’t want to
>>> maintain that, which is fair enough:
>>> https://github.com/apereo/cas/pull/6305
>>>
>>> Going forward, we’re managing our own version of the file. Given that,
>>> I’ve simplified it by solely relying on sessionStorage.
>>>
>>> Cheers,
>>> Mark
>>> On Thursday, 6 March 2025 at 13:52:01 UTC Jonathon Taylor wrote:
>>>
 Hi Mark,

 We are running into this same issue.  Would you mind pointing me to
 what in the master branch version resolved this issue for you?  We are
 seeing the issue with 7.1.4 currently.

 On Thu, Jan 9, 2025 at 9:12 AM 'Mark Oliver' via CAS Community <
 cas-...@apereo.org> wrote:

> Thanks Ray,
>
> I was able to find the latest file on the master branch which looks
> like it's been fixed:
>
> https://github.com/apereo/cas/blob/master/support/cas-server-support-thymeleaf/src/main/resources/static/js/cas.js
>
> Cheers.
> Mark


>
> On Tuesday, 7 January 2025 at 06:26:59 UTC Ray Bon wrote:
>
>> Mark,
>>
>> You can start with
>> https://apereo.github.io/cas/developer/Contributor-Guidelines.html
>> 
>>
>> Ray
>>
>> On Mon, 2025-01-06 at 06:30 -0800, 'Mark Oliver' via CAS Community
>> wrote:
>>
>> Hello,
>>
>> We recently attempted to upgrade our CAS installation from 6.6 to 7.x
>> and encountered a blocking issue with Android’s embedded WebView
>> (specifically in the Gmail app).
>>
>> In CAS 7.x, the default src/main/static/js/cas.js file appears to
>> rely more heavily on localStorage. However, the Gmail app’s built-in
>> WebView which is used for registering an account does not properly 
>> support
>> localStorage. This leads to errors in the authentication flow, causing 
>> the
>> WebView browser to hang after CAS credentials are submitted. In CAS 6.6,
>> the code primarily used sessionStorage, and this issue never arose.
>>
>> To work around the problem, I’ve updated cas.js so that it first
>> checks if localStorage is available, and if not, it falls back to an
>> in-memory object or to sessionStorage. This resolves the problem for our
>> users.
>>
>> - So firstly is this a known issue, as of 7.1.3 that issue still
>> remains.
>> - If a fix is welcome, where should I submit a pull request for the
>> src/main/static/js/cas.js file?
>>
>> Cheers.
>> Mark
>>
>>
>> --
> - Website: https://apereo.github.io/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+u...@apereo.org.
> To view this discussion visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0f4c6d2c-a7b3-461f-9dee-d448da800e8bn%40apereo.org
>