[cas-user] SAML sp override idp-signing, overrides default after use - CAS6.6.15

The saml SP override works correctly on first use, but then the override signing certificate is taking precedence over the default IdP signing certificate, or even another override. This effectively breaks all other SP-integrations. This seems to happen with each new override. The intent here

[cas-user] Re: SAML sp override idp-signing, overrides default after use - CAS6.6.15

a unique cacheKey but the most recently resolved privateKey seems to take over all of the cache entities when used for signing. (See examples 2 and 4 in my previous post) -Mike On Monday, April 8, 2024 at 3:38:56 PM UTC-4 Michael Daley wrote: > The saml SP override works correctly on fir

[cas-user] SAML2 HTTP-POST binding URL too long? 400 Bad Request

Hi, A vendor (gartner) performing an sp-initiated SSO to our HTTP-POST binding in unable to complete the authentication webflow. The url that CAS send's the user to on the login page is over 3900 characters long, and appears to cause a browser error. We get 400 - Bad Request when clicking on "s

Re: [External]:Re: [cas-user] SAML2 HTTP-POST binding URL too long? 400 Bad Request

, Michael Daley wrote: > > Yes. We are behind an haproxy. I’ll take a look at that. Thank you! > > Sent from my iPhone. > > On Apr 2, 2020, at 12:24 PM, Michael J Barsic wrote: > >  > > CAUTION: This email was generated from outside of CCRI. Please do not > cli

Re: [cas-user] 6.1.0 RC6 Attributes Values being doubled when surrogacy is enabled

Robert, I'm running 6.1.5 and when I try this config for my surrogate authentication, no attributes get resolved for the surrogate (attributes were 'map[[empty]]'). I've found that I need to add a separate attribute repository for the same ldap in order to pull in any attributes for the surr

[cas-user] Surrogate ldap RECURSIVE_ENTRY

I've been having some trouble using the search-entry-handler with the surrogate ldap setup. The RECURSIVE_ENTRY handler does not seem to be used when searching user attributes. - Using Active Directory with the ldap attribute repository for authentication and attribute repository. This is wor

[cas-user] CAS 6.1.7 attribute for person A released during Person B login

CAS: 6.1.7 Hazelcast ticket storage, ldap auth and attribute storage, duo MFA Recently experienced and issue where an attribute for Person A was released during Person B session. This caused Person B to have access to Person A's mailbox (Office365). Trying to track down if this is due to a

Re: [cas-user] CAS 6.1.7 attribute for person A released during Person B login

27;uid'][0] }" }, released: principal=SimplePrincipal(id=PersonB, attributes={http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname=[DOMAIN\PersonA], http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn=[pers...@domain.example.edu]}),requiredAttributes={}] On Tuesday, Octobe