unt'.* Albeit with this
>>> added message : *no ''saveRegistration' state in flow 'account'.*
>>>
>>> The culprit code seems to be in "
>>> *support/cas-server-support-webauthn-core-webflow/src/main/java/org/apereo/cas/webauthn/web
Hi Marcin,
I can register webauthn devices when I'm directly accessing a webauthn
protected service with all the conf you'll find below (hope it will help)
You might be able to register your webauthn device on the fly directly
accessing to a webauthn protected service with this conf below, but my
Hi Phil have you activated the Accountmanagement interface ? ->
CasFeatureModule.AccountManagement.enabled: true
Have a look here :
https://fawnoos.com/2023/10/06/cas70x-account-management-profile/
Regards,
Fred
Le jeudi 20 mars 2025 à 04:01:08 UTC+1, Phil Hale a écrit :
> Hello,
>
> Thank yo
ce I am using a Redis compatible replacement the search function
> isn't included.
>
> I may end up switching to hazelcast or something else though, if I can't
> find another good active-active redis compatible solution.
>
> Thank you,
> Matt
>
> On Thursday, Februa
Hi Misagh, could you add frederic.dussur...@universite-lyon.fr ?
Regards,
Le jeudi 20 mars 2025 à 16:48:10 UTC+1, David Porter a écrit :
> Can you please add david@savvas.com to the slack workspace please?
>
> David Porter
> Software Developer
>
> Savvas Learning Company
>
> Mobile: (435)
g. Seems to be Redis specific. Did you happen to
> make any progress on this?
>
> Thank you,
> Matt
>
> On Monday, November 4, 2024 at 5:05:43 AM UTC-5 Frédéric Dussurget wrote:
>
>> Hi,
>> from cas-overlay-template 7.2.0-RC2 , server does not start, I've go
e user:
> authenticationMethod LdapAuthenticationHandler
> credentialType UsernamePasswordCredential
>
> My surrogate does get the following attribute, but I suspect
> credentialType is the important field.
> authnContextClass mfa-duo
>
> Ray
>
> On Thu, 2025-02-13
Hi,
I have these dependancies :
implementation "org.apereo.cas:cas-server-support-redis-ticket-registry"
implementation
"org.apereo.cas:cas-server-support-redis-service-registry"
implementation "org.apereo.cas:cas-server-support-gauth-redis"
implementation "org.apereo.cas:cas-serv
Hi, we noticed issues when trying to surrogate on a service protected by
gauth or web-authn.
Both MFA work perfectly when not using surrogate privilege elevation.
Surrogate work perfectly on services not protected by any MFA merthod.
regards,
Below is the log :
2025-02-13 12:13:01,235 INFO [org.
mes change between versions.
>
> You can also delete your $USER/.m2/repository (or a sub portion of it that
> includes cas).
>
> Ray
>
> On Thu, 2024-12-19 at 02:47 -0800, Frédéric Dussurget wrote:
>
> Hi, I still cannot run v7.2.X because of LettuceRedisModulesOperat
Hi, I still cannot run v7.2.X because of LettuceRedisModulesOperations. It
might be linked with the redis ticket registry deps ?
My context :
- redis for all (tickets, services and mfa devices : gauth and webauthn)
Stack :
Caused by:
org.springframework.beans.factory.UnsatisfiedDependen
-support-webauthn-core-webflow/src/main/java/org/apereo/cas/webauthn/web/flow/account/WebAuthnMultifactorAccountProfileWebflowConfigurer.java*'.
>>
>> BTW, this class does not seem to have a TestCase.
>>
>> Harsh to be blocked on such a problem :(.
I'd be curious though. How could one register a gauth device « on the fly
> » ?
>
> Thanks in advance
>
> regards,
>
> Pierre
> Le mardi 3 décembre 2024 à 15:02:36 UTC+1, Frédéric Dussurget a écrit :
>
>> Hi Bruno,
>> on my side, I'm able to regi
ationCheck' of flow 'mfa-gauth' -- action execution
> attributes were 'map[[empty]]'
>
> Any news here ?
>
>
> Regards,
>
> Bruno
>
> Le mardi 2 juillet 2024 à 12:03:20 UTC+2, Frédéric Dussurget a écrit :
>
>> Hi Artur,
>> I g
Hi, just to follow, I'm interested too by this topic.
I know there are alternatives with Symphony or directly accessing
/serviceValidate but ...
Le mercredi 20 novembre 2024 à 13:58:19 UTC+1, Rainer Rillke a écrit :
> Hi Community,
> the phpCAS project is looking for a maintainer and I wonder i
parate process...
> but this needs to be confirmed, I'm not sure what I'm saying.
>
> Le ven. 15 nov. 2024, 14:13, Frédéric Dussurget a
> écrit :
>
>> Hi,
>> Correct me if I'm wrong but it looks as Redis caching is cleaning up
>> objects on its
Hi,
Correct me if I'm wrong but it looks as Redis caching is cleaning up
objects on its own ... based on the ticket TTL
https://apereo.github.io/cas/7.0.x/ticketing/Redis-Ticket-Registry.html
As I'm interested in this topic, I'll keep on an eye on following answers
to get more accurate info ...
R
some more info :
https://github.com/apereo/cas/commit/ff4c2624d206ecbd7a9521aa6b20239fe5e5ca1a
Le jeudi 31 octobre 2024 à 15:04:38 UTC+1, Frédéric Dussurget a écrit :
> Ok, the explication is right there :
> https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.4.0-RC1-R
Hi,
from cas-overlay-template 7.2.0-RC2 , server does not start, I've got an
issue with compatible versions of the classes
com.redis.lettucemod.StatefulRedisModulesConnectionImpl and
io.lettuce.core.StatefulRedisConnectionImpl
regards,
I'm using "redis for everything", here is the context :
c
Ok, the explication is right there :
https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.4.0-RC1-Release-Notes
We should expect soon configuration changes in cas.properties ...
Le jeudi 31 octobre 2024 à 10:33:23 UTC+1, Frédéric Dussurget a écrit :
> I found out that there is
30 octobre 2024 à 17:51:58 UTC+1, Frédéric Dussurget a écrit :
> Hi,
> I've got an issue when trying to access actuator endpoints after deploying
> compiled this version (gradle.properties) :
> cas.version=7.2.0-RC1
> springBootVersion=3.4.0-M3
>
>
Hi,
I've got an issue when trying to access actuator endpoints after deploying
compiled this version (gradle.properties) :
cas.version=7.2.0-RC1
springBootVersion=3.4.0-M3
Spring webflow and security logs say :
*2024-10-30 15:20:04,791 DEBUG
[org.springframework.webflow.mvc.servle
Hi,
Context : version=7.2.0-SNAPSHOT
Extract of build.gradle :
//MFA TOTP
implementation "org.apereo.cas:cas-server-support-gauth"
implementation "org.apereo.cas:cas-server-support-gauth-redis"
// MFA FIDO2 WEBAUTHN
implementation "org.apereo.cas:cas-server-support-webauthn"
Fixed on v7.2. Many thanks to the devs !
Le mercredi 24 juillet 2024 à 17:33:22 UTC+2, Frédéric Dussurget a écrit :
> Hi,
> For those who are tracking mfa-gauth progress on Cas V7.1, here are some
> more info :
>
> Know that if I activate Profile Account Management as described
Hi there,
for info
version=7.1.0-SNAPSHOT
cas.version=7.1.0-SNAPSHOT
springBootVersion=3.3.2
I'd like to switch from cas-management to palantir but build fails when I
add this dep : implementation "org.apereo.cas:cas-server-support-palantir"
Regards,
Hi there,
I tried to migrate from 6.6 to 7.0 and I'm doing the same observation as
you all :
it is looping forever.
And when turning off cas authn ( mgmt.cas-sso=false) it starts to work
again ... It's not going to go to production but, still, I'm happy to work
with tomcat10, jdk21, etc.
Let's w
Hi,
For those who are tracking mfa-gauth progress on Cas V7.1, here are some
more info :
Know that if I activate Profile Account Management as described here :
https://fawnoos.com/2023/10/06/cas70x-account-management-profile/
Then, I'm able to register new mfa-gauth devices if I request the
/ca
Keytool is an external tool provided by java so I guess it's juste a matter
of path on your system ... Here is what I have on linux.
As the doc says, you should create this file /etc/cas/thekeystore as cas
expects by default and, without any file extension.
Prior to that, check this (let's assum
Hi Benjamin,
as saml and services folders are not mandatory (saml is optionnal and you
may store your services elsewhere, eg. in a mongo/redit/postgres db ...)
you'll have to handle this on your own
You might write your cas.properties file from scratch (know that cas
properties could also be s
in
> 7.0,7.1 ?
>
> On Monday, June 3, 2024 at 11:45:16 AM UTC+2 Frédéric Dussurget wrote:
>
>> Thanks Lukasz, so ... no official fix for the moment ... wait and see :)
>> regards,
>>
>>
>> Le mercredi 29 mai 2024 à 03:48:46 UTC+2, Łukasz Woźniak a écrit :
>
C+2 Frédéric Dussurget wrote:
>
>> Thanks Lukasz, so ... no official fix for the moment ... wait and see :)
>> regards,
>>
>>
>> Le mercredi 29 mai 2024 à 03:48:46 UTC+2, Łukasz Woźniak a écrit :
>>
>>> We override view and Madej change from mfa-gauth to
lationFilter@2410c8fa,
>>>>
>>>> org.springframework.security.web.access.intercept.AuthorizationFilter@19ff9d9a]]
>>>>
>>>> (1/1)>
>>>> 2024-01-10 15:49:13,503 DEBUG
>>>> [org.springframework.security.web.FilterChainProxy
Hi,
yes it runs fine on ;
- Debian 12
- Tomcat10 from distro
- openjdk 21 from download.java.net/java/GA/jdk21/... ( Just be sure to
link CA certificates files to those of the distro, something like this
:sudo ln -s /etc/ssl/certs/java/cacerts
/usr/lib/jvm/java-21-openjdk-amd64/lib/security/cace
Hi Issaka, in case you choose to go with bundled totp GoogleAuthenticator
(mfa-gauth) as said Florian, just keep in mind that today, it still needs a
fix on CAS v7, have a look here :
https://groups.google.com/a/apereo.org/g/cas-user/c/H4fvKej9NSs
and here :
https://groups.google.com/a/apereo
Thanks Lukasz, so ... no official fix for the moment ... wait and see :)
regards,
Le mercredi 29 mai 2024 à 03:48:46 UTC+2, Łukasz Woźniak a écrit :
> We override view and Madej change from mfa-gauth to login.
>
> pon., 27 maj 2024, 11:47 użytkownik Frédéric Dussurget
> napisał:
&
Hi there,
just asking if somebody managed to resolve this pending issue ?
regards,
Le mardi 16 avril 2024 à 18:03:32 UTC+2, Frédéric Dussurget a écrit :
> Hi,
> context : mfa-gauth issue, since october, we have a 401 error trying to
> acces /cas/mfa-gauth when trying to register ne
Hi Jerome, just to confirm that mfa-webauthn device registering is working
fine now, thanks again
Le jeudi 25 avril 2024 à 13:08:58 UTC+2, Frédéric Dussurget a écrit :
> Hi,
> thank you very much, Jérôme, that's very good news :) Be sure I'll keep
> you posted.
> Have
is should be fixed in the latest 7.1.0-SNAPSHOT.
>
> Thanks.
> Best regards,
> Jérôme
>
>
> Le jeu. 25 avr. 2024 à 07:14, Frédéric Dussurget a
> écrit :
>
>> Yet another info with spring web logs :
>>
>> 2024-04-23 16:46:27,232 DEBUG
>> [org.spring
4-04-23 16:46:27,273 DEBUG
[org.springframework.web.servlet.DispatcherServlet] -
2024-04-23 16:46:27,273 DEBUG
[org.springframework.security.web.authentication.AnonymousAuthenticationFilter]
-
Le mercredi 24 avril 2024 à 05:54:03 UTC+2, Frédéric Dussurget a écrit :
> Hi,
> Some additional info : The base64 for decoded res
Hi,
Some additional info : The base64 for decoded response is :
--- !
timestamp: "2024-04-23T14:14:08.165+00:00"
status: 403
error: "Forbidden"
message: "Forbidden"
path: "/cas/webauthn/register"
Le jeudi 18 avril 2024 à 11:56:56 UTC+2, Frédéric Dussurg
Hi,
We cannot register devices anymore with mfa-webauthn since last week.
It works with a clone of cas-overlay-template from April 11th but not with
today's clone (April 18th). Same dependencies and same cas.properties
directives. Master CAS 7 branch.
When trying to register a new device, I have
Hi,
context : mfa-gauth issue, since october, we have a 401 error trying to
acces /cas/mfa-gauth when trying to register new devices.
according to this commit :
https://github.com/apereo/cas/commit/15580dc#diff-217a31a51bb1b4b527e8866140a331dedf1278c2a806421a985a54ad1568986f
When I roll back t
Hi Jérémie,
If you choose to go for CAS v7 and openjdk 21 on debian ... I had this
little issue :
- I had troubles with CA certificate store when installing openjdk 21 (from
https://download.java.net/java/GA/jdk21/./openjdk-21_linux-x64_bin.tar.gz
) on debian 12, because they're not bu
Hi Issaka,
to save some of your precious time, know that Google Gauth MFA is not fixed
yet in the master branch version (Cas 7). This is discussed here :
https://groups.google.com/a/apereo.org/g/cas-user/c/XKFgFS__U9M
and someone found a workaround here :
https://groups.google.com/a/apereo.org/
Hi Al,
I've got the same issue, could not fixed it. F12 console in your browser
might throw a 401 error ... (for info my db backend is redis)
we have a topic here :
https://groups.google.com/a/apereo.org/g/cas-user/c/XKFgFS__U9M
regards,
Le mercredi 10 janvier 2024 à 05:26:03 UTC+1, Al Faller a
ub.com/apereo/cas/releases/tag/v7.0.0-RC9 ?
>
>
> El sábado, 2 de diciembre de 2023 a las 8:06:20 UTC, Javi Finarfin
> escribió:
>
>> Im afraid we hadn't make progress
>>
>> El vie, 1 dic 2023 13:28, Frédéric Dussurget
>> escribió:
>>
>>> Hi
Context : master branch, cas-overlay-template out of yesterday (Dec, 20th)
Hello,
A new issue popped out from this week's cas-overlay-template release :
mfa-webauthn make accessStrategy break. (For info, it still worked 10 days
ago when I tried)
I doublechecked those two cases :
- Webauthn work
()
> escribió:
>
>> Live debugging...
>>
>> El vie, 3 nov 2023 14:08, Frédéric Dussurget
>> escribió:
>>
>>> Hi Javi,
>>> how do you "add" this endpoint ? through your service ? or do you mean
>>> in the cas.monitor.endp
atch(DispatcherServlet.java:1069)
>
> ~[spring-webmvc-6.1.0-M5.jar:6.1.0-M5]
> El martes, 31 de octubre de 2023 a las 11:30:52 UTC, Javi Finarfin
> escribió:
>
>> For the record, it *looks like* it needs a service parameter, but I´m
>> yet receiving a 403
>>
>
Hi,
I'm interessed in this issue : what did you set as js files in your
custom_theme.properties ?
this line :
cas.standard.js.file=/js/cas.js,/js/material.js
I tried to add webauthn/webauthn.js but I had to remove it because I had a
failure ...
regards,
Le vendredi 27 octobre 2023 à 10:30:55 U
gauth 401 (Unauthorized)
send @ jquery.min.js:2
ajax @ jquery.min.js:2
ce. @ jquery.min.js:2
(anonymous) @ login:261
Le mercredi 18 octobre 2023 à 12:41:56 UTC+2, Frédéric Dussurget a écrit :
> Hi
> For further investigations, I flushed the redis db (just kept my 3
> services)
> For
Hi,
do you have this one in your build.gradle : implementation
"org.apereo.cas:cas-server-support-json-service-registry" ?
you also might need the dependency linked to your backend (redis, backend,
hazelcast etc.) for your service registry. Eg, for redis : implementation
"org.apereo.cas:cas-serv
Hi Aleix, I managed to made it work with my CAS v7 instance with the second
repo : https://github.com/apereo/cas-management-overlay
I also followed the 6.3 documentation :
https://apereo.github.io/cas-management/6.3.x/installation/Installing-ServicesMgmt-Webapp.html
Tomcat 9 + jdk 11, so I kept C
web:
exposure:
include: '*'
enabled-by-default: true
Le mardi 17 octobre 2023 à 12:43:46 UTC+2, Frédéric Dussurget a écrit :
> Hi Ray,
> thank you very much for your help. There are no ERROR message except this
> DEBUG error 401 me
requiredIpAddresses: blah blah blah multiFactorTrustedDevices:
access: IP_ADDRESS requiredIpAddresses: blah blah blah
management: endpoints:web: exposure:include: '*'
enabled-by-default: true*
Le mardi 17 octobre 2023 à 12:43:46 UTC+2, Frédé
=blahblah",
"OU=blahblah",
"DC=blahblah",
"DC=myuniversity",
"CN=casmanagers",
"DC=fr"
]
]
}
},
Le mardi 17 octobre 2023 à 04:22:16 UTC+
Hi,
latest build broke MFA (both gauth and web-authn). I have kept besides a
cas.war from august 22nd which is working fine with the exact same
build.gradle deps and /etc/cas/config/cas/yml config. One difference is
that the new cas.war was compiled and run (external tomcat) with openjdk 21
vs
Same thing here ...
Le dimanche 25 juin 2023 à 17:39:59 UTC+2, favk...@gmail.com a écrit :
> and it creates spring.6.1.0-M1.jar.lock.lock file on my gradle cashe
>
> On Saturday, June 24, 2023 at 5:38:15 PM UTC fasr favk wrote:
>
>> Hello, i cant run my cas server anymore, i cleared .gradle cash
Hi Graham,
I gave it a try this morning (but on branch master 7.0.0-SNAPSHOT) and ...
it's eventually working great :) Thanks to Misagh and the dev team !
What I've done is removing every workaround we did on this topic : removed
config/WebAuthnConfiguration.java + webauthn/web/WebAuthnController
.zz, aa.bb.cc.dd,etc.
> [...]
> management:
> endpoints:
> web:
> exposure:
> include: '*'
> enabled-by-default: true
>
Le ven. 12 mai 2023 à 12:10, Frédéric Dussurget a
écrit :
> Hi Graham,
>
> I gave it a try this morning (but on branch m
Hi,
as the cas alias "existe déjà", you might list certificates that are
stored in your keystore (/etc/cas/thekeystore) then delete the cas entry :
keytool -list -v -keystore /etc/cas/thekeystore -storepass changeit (or
whatever your password is)
keytool -delete -alias your_cas_server_alias -k
This issue has been fixed this morning with a fresh new 7-snapshot, thanks
to the devs :)
Regards,
Le jeudi 13 avril 2023 à 06:38:00 UTC+2, Frédéric Dussurget a écrit :
> Hi,
> I have been facing a new issue on the latest master branch since I
> recompiled everything from ca
Hi,
I have been facing a new issue on the latest master branch since I
recompiled everything from cas-overlay-template v7.0.0-SNAPSHOT from Github
last week (around april 6th or 7th 2023)
After tweaking gradle.properties, I can state that :
version=7.0.0-RC3 Works
version=7.0.0-RC4 does not bec
Hi,
I'm now able to register my webauthn device, to login, and trust my device.
What I noticed is that the allowed-origins (device registering) property
and application-id extension (connect) seem now mandatory to me, (though it
was not in 6.5.9).
Without those two settings, I'm stuck.
w
Thank you, you saved me lots of time, actually I needed those two :
implementation "org.springframework.security:spring-security-config"
implementation "org.springframework.security:spring-security-web"
But I still have an js issue (JSON.Parse) when registering my device :
"Registration f
Hi, I've got quite the same issue : it works perfectly with CAS 6.5.9 but
not on 6.6 nor on the master branch 7.x.
On 6.6, after basic auth, a popup asks for the Yubikey pin and then, when I
press the register button,the flow breaks at POST
https://xxx.xx/cas/webauthn/register/finish.
(FF
66 matches
Mail list logo
