Re: [cas-user] Re: OIDC JWT access token attributes missing after migration to v. 6.6.15.2

I believe this was a security-related change with the latest 6.6. For the 'non-standard' attributes that aren't already part of the OIDC spec you will need to do something like the example below. You can add that in addition to the scope releases. "attributeReleasePolicy": { "@class": "org.apere

Re: [cas-user] Android WebView in Gmail App Fails Due to CAS 7.x LocalStorage Usage

I can confirm that this fixed my issue with our Palo Alto Global Protect VPN client, which requires the Android WebView. I do not have a way to test the Gmail app in my QA environment but I suspect it will be the same. Thanks Misagh if you are reading this. Hopefully this can be backported into

Re: [cas-user] Android WebView in Gmail App Fails Due to CAS 7.x LocalStorage Usage

Hi All, There appears to be a potential solution for this being worked on in the 7.3.0-SNAPSHOT version of CAS. The commit is here: https://github.com/apereo/cas/commit/bf27b046e43029666dea64aba1a866bb67c010e9 I just tested this by changing my 7.2.1-SNAPSHOT build to 7.3.0-SNAPSHOT. You can the

Re: [cas-user] Re: CAS 7.0.10 and Apache Tomcat version

The default version will be in the CAS branch here: https://github.com/apereo/cas/blob/7.0.x/gradle.properties If you comment out tomcatVersion= in your overlay gradle.properties it will use whatever is in the CAS repo. Is that what you are looking for? On Thu, Apr 10, 2025 at 8:38 AM Vincent We

Re: [cas-user] Android WebView in Gmail App Fails Due to CAS 7.x LocalStorage Usage

Agreed. This does not just affect Gmail on Android, but also common applications such as GlobalProtect VPN clients and I'm sure other commonly used software. I do appreciate the pull request and we will likely be using the solution Mark posted. On Wed, Apr 2, 2025 at 4:50 AM David Gelhar wrote:

Re: [cas-user] Android WebView in Gmail App Fails Due to CAS 7.x LocalStorage Usage

Hi Mark, We are running into this same issue. Would you mind pointing me to what in the master branch version resolved this issue for you? We are seeing the issue with 7.1.4 currently. On Thu, Jan 9, 2025 at 9:12 AM 'Mark Oliver' via CAS Community < cas-user@apereo.org> wrote: > Thanks Ray, >

Re: [cas-user] Re: Issue with Safari bowser running on IOS 18.00 and CAS 7.1.0 with Duo

FYI - This is resolved for us in 7.1.3. On Wed, Sep 18, 2024 at 2:21 AM Patryk Sondej wrote: > I have same problem (but without Duo). It happens randomly after refresing > /login page 1000 times. > > java.lang.RuntimeException: jakarta.servlet.ServletException: Request > processing failed: > org

Re: [cas-user] Re: Error parsing incommon metadata

This might be a long shot but have you tried to URL encode the entity ID if that's what you are putting in the serviceID? For example: https%3A%2F% 2Fconncoll.reclaimhosting.com. We are not yet using CAS for SAML2 so just a guess as I know the MDQ endpoint needs it that way. On Mon, Oct 28, 2024

Re: [cas-user] Re: Issue with Safari bowser running on IOS 18.00 and CAS 7.1.0 with Duo

Hi Robin and Patryk, Have you noticed any improvement with either CAS 7.1.1 or IOS 18.0.1? On Thu, Sep 19, 2024 at 12:56 PM Robin Joseph wrote: > It is happening to me on the first try, it is also happening to others on > the first try with IOS 8.0 and Safari. > > On Wednesday, September 18, 2

Re: [cas-user] 7.0.8 vs 7.1.0 pac4j saml delegatedClient

Hi Michael, With 7.1 the SAML delegation components all got moved under org.apereo.cas:cas-server-support-pac4j-saml. Hopefully it's as simple as adding that to your build. On Mon, Sep 23, 2024 at 6:52 AM Michael Gettes wrote: > Hello cas-user, > > I have a single saml pac4j delegated client

Re: [cas-user] 7.0.8 vs 7.1.0 pac4j saml delegatedClient

Also, I know some of the properties got changed, so I updated the following when coming from 6.6. I'm not sure if they changed in 7 or 7.1... old: cas.authn.pac4j.saml[0].identity-provider-metadata-path cas.authn.pac4j.saml[0].principal-attribute-id cas.authn.pac4j.saml[0].service-provider-metad

Re: [cas-user] Combination of Delegated Authentication and Surrogate webflow issue in CAS7.0.6

Hi Isan, We use the same functionality and are currently on 6.6.x. When testing 7.1.x we ran into the same issue and reported it through our paid/commercial support channel which got it fixed in a subsequent SNAPSHOT release of 7.1.x. https://github.com/apereo/cas/commit/0f243843a4c2b766483cc43c

Re: [cas-user] Update tomcat version only

I think that was a mistake on my part. We actually have that third section embedded in a stand-alone bootWar block and NOT within the buildscript block. Here's what that definition looks like in full: bootWar { def executable = project.hasProperty("executable") && Boolean. valueOf(project.getPro

Re: [cas-user] CAS 6.6.9 Hazelcast and Ticket Registry errors

Not sure why it's complaining about an IP address that's not in your configuration. I wonder if it's picking up a second IP that's configured? You could try setting this: cas.ticket.registry.hazelcast.cluster.core.instance-name=localhost cas.ticket.registry.hazelcast.cluster.network.public-addres

Re: [cas-user] Update tomcat version only

We've had a need from time-to-time to upgrade the embedded Tomcat separately and a kind soul helped us so I'll share what he showed us. Just setting tomcat.version in gradle.properties will not work. You can modify your build.gradle as follows: configurations.all { resolutionStrategy { cacheChan