Hello,
I'm trying to test a POC with *CAS Delegated Authentication* *PAC4J*.
The target Authentication flow is the following:
1. Client requests access to SP (SAML client)
2. SP redirects to my CAS Server (SAML IDP)
3. CAS IDP displays the authentication methods (MENU)
4. User select
Hello,
I would like to have your feedback about migrations.
What’s the best method? :
1- create a new overlay from scratch and modify property files :
cas.properties
Or
2- modify only the cas.version
Is it required/ recommended to use gradle in overlay ?
My current project is with maven. Migrat
Hello,
When using cas version 6.6.12 for example the embedded tomcat server is
9.0.80.
What is the best way to upgrade only the tomcat server to 9.0.81.
For spring boot application with maven it required only to set the
tomcat.version pom properties.
Best regards,
--
- Website: https://apereo.
Hello,
I'm migrating the cas from 5.X to 6.6.12
So I created a new template from Cas Initializer and try to apply the
properties i cas.properties.
Actually the server is started with the Ready message.
The authentication with an ldap user is OK.
But when testing cas as a SAML Idp, I have some
Hello try to give more memory (set the Xmx jvm property ) 512 is very low
in my opinion.
Best regards.
Le lun. 30 oct. 2023 à 17:45, Sathish Sekar a
écrit :
> Hi Team,
>
> I have upgraded CAS 6.3.7.4 to 6.6.9. After deployment I'm getting
> *java.lang.OutOfMemoryError:
> Java heap space *and se
Thank you this is what I’m looking for. Changing only the tomcat version.
Best regards.
Le jeu. 19 oct. 2023 à 12:13, Mohamed Amdouni a
écrit :
> Hello,
>
> When using cas version 6.6.12 for example the embedded tomcat server is
> 9.0.80.
> What is the best way to upgrade
Hi,
Update : when requesting the /idp/metadata I get a null pointer exception
because the registered service is null.
I checked the required properties for saml like entity id etc and they are
all specified …
Thank you in advance
Le ven. 27 oct. 2023 à 18:02, Mohamed Amdouni a
écrit
understand
Jpa is used for per service metadata which is not the case for me. My cas
server is acting as a saml idp. The dependencies was already present in the
old version 5.3
Thank you for your help.
Best regards.
Le mar. 31 oct. 2023 à 18:19, Mohamed Amdouni a
écrit :
> Hi,
>
> Upda
> On Thu, 2023-11-02 at 18:24 +0100, Mohamed Amdouni wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> Hello,
>
> When removing the saml-idp-metadata-jpa from the
Hello,
Could be related to http/2 multiplexing features.
Multiplexing should enhance performance but in some situations it does not
(if the browser is not compatible etc)
I would try disabling http2 to confirm the root cause by setting.
server.http2.enabled=false
Best regards.
Le sam. 4 nov.
Hello,
When starting my cas application, I encountered an error with the
messagesource bean. There is a conflict with two classes,
MessageSourceAutoConfiguration and CasCoreWebMessageSourceConfiguration.
The setting of
spring.main.allow-bean-defenition-overriding to true resolve the issue as
sugge
Hello,
Given a cas project with these dependencies :
implementation "org.apereo.cas:cas-server-support-saml"
implementation "org.apereo.cas:cas-server-support-saml-idp"
implementation "org.apereo.cas:cas-server-support-saml-idp-metadata-jpa"
implementation "org.apereo.cas:cas-server-support-ldap"
Hello,
Did you figured out what is the root cause?
I have a similar problem with null as principal after versio upgrade.
Thanks.
Le jeudi 24 février 2022 à 11:29:04 UTC+1, spfma...@e.mail.fr a écrit :
> Hi,
>
> I am setting a new CAS server in order to replace our well working 3.5.1,
> and
Hi,
Please post the stack trace
Did you configurer the Jvm to generate a heap dump when out of memory
exception is encouraged ?
Is it about meta space ?
Best regards
Le jeu. 16 nov. 2023 à 05:35, Sathish Sekar a
écrit :
> Hi Team,
>
> I have upgraded to CAS 6.3.7.4 to 6.6.9 recently and I'm fac
pl.java:137) ~[?:?]
>> at sun.nio.ch.SelectorImpl.lockAndDoSelect(SelectorImpl.java:124) ~[?:?]
>> at sun.nio.ch.SelectorImpl.select(SelectorImpl.java:136) ~[?:?] at
>> com.hazelcast.internal.networking.nio.NioThread.selectLoop(
>> NioThread.java:292) ~[hazelcast-5.1.7.jar:5.1.7]
Hello,
I’m testing a saml client after cas migration from 5.3 to 6.6.
The saml authentication is processed successfully ( using spnego &
Kerberos): no login details are entered, the spnego token is sent and
validated .After a long idle period, if I refresh the page I got an error
on the wall clie
when more than
one transaction manager is present
- override the ticket and service bean to not use the spring integration
bean that calls @ transactional without qualifier.
Thank you for your help.
Le jeu. 9 nov. 2023 à 00:26, Mohamed Amdouni a
écrit :
> Hello,
>
> Given a cas pro
ut not the same ST?
Thank you.
Best Regards,
Le jeudi 23 novembre 2023 à 06:38:55 UTC+1, Mohamed Amdouni a écrit :
> Hello,
>
> I’m testing a saml client after cas migration from 5.3 to 6.6.
>
> The saml authentication is processed successfully ( using spnego &
> Ker
Hello,
I think that it could be possible using pac4j (cas delegated
authentication) and you choose the dynamic type with some groovy scripts :
https://apereo.github.io/cas/6.5.x/integration/Delegate-Authentication.html
But I don’t know if you can process the ldap authentication with the same
cas
Hello,
Would you please share the whole trace with caused by etc.
I think it’s similar to what I have encountered using two jpa module : see
my question about a similar error.
I think that it’s a bug in cas because it should use a default Primary
transaction manager when a spring integration def
ne
> risk calculator enabled for error to occur. I use:
>
> *cas.authn.adaptive.risk.ip.enabled=true*
>
>
> Kind regards,
>
> Michał Nowakowski
>
> wtorek, 28 listopada 2023 o 15:46:09 UTC+1 Mohamed Amdouni napisał(a):
>
>> Hello,
>>
>> Would you plea
es not display error messages.
>
>
> Do you know which parameter in cas 6.6.X that update the *AuthnInstance*
> when used with the same TGT but not the same ST?
>
> Thank you.
>
>
>
> Best Regards,
>
> Le jeudi 23 novembre 2023 à 06:38:55 UTC+1, Mohamed Amdoun
Hello,
In cas 6.X how to force Callback profile for SAML requests?
I mean when a post request is initiated from the SP, it becomes a Get
request with Saml AuthnRequest in the url
Best regards
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guid
2 60 45 63 / 01 40 08 80 48
>
> Le jeu. 30 nov. 2023, 11:31, Mohamed Amdouni a
> écrit :
>
>> Hello,
>>
>> When comparing the behavior between cas 5.X and cas 6.X there are some
>> differences in building the SAML2 Response :
>>
>> *CAS 5.X
>
> https://learn.microsoft.com/en-us/entra/identity-platform/single-sign-on-saml-protocol
>
>- The AuthnInstant attribute specifies the time at which the user
>authenticated with Microsoft Entra ID.
>
>
> On Dec 1, 2023, at 9:50 AM, Mohamed Amdouni wrote:
>
>
Hello,
I’m in the same situation.
I think that I will re-enter them using a backup.
I used the option drop create to migrate the schema. The I was not able to
log in my manager, I have to use file system json service for manager. Then
will import the backup. But if there are some tips to migrate
Hello,
I didn’t find such a service in cas 5 but there is this blog post that
explains service migration solution. It’s the blog of Misagh so could be
used as a reference.
https://fawnoos.com/2021/01/19/cas53-service-registry-migration-to-cas63/
For me I will use manual export import because it
Hello,
For me it is a migration from 5.x to 6.x.
I think that enabling export services needs also some spring management
properties to be added ( in addition to cas if it exists )
Best regards
Le sam. 20 janv. 2024 à 06:16, Ray Bon a écrit :
> To get a list of all properties (and some defunc
eol-schedule
> You can move to version 7 without going through 6 first.
>
> Ray
>
> On Sat, 2024-01-20 at 08:38 +0100, Mohamed Amdouni wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive info
Hi,
Did you tried to add the driver dependency ?
cas-server-support-jdbc-drivers
Le ven. 26 janv. 2024 à 18:42, Yan Zhou a écrit :
> Hi there,
>
> I maybe missing something obvious.
>
> I created my own JDBC-based authenticator, I noticed that the JDBC
> authentication is Not registered, s
pereo.cas:cas-server-support-jpa-util"
> implementation "org.apereo.cas:cas-server-support-oidc"
>
> if (project.hasProperty("casModules")) {
> def dependencies = project.getProperty("casModules").split(",")
> dependencies.each {
Hello,
First will suggest to check the documentation here
https://apereo.github.io/cas/7.0.x/mfa/Configuring-Multifactor-Authentication.html
And the blog here :
https://fawnoos.com/2022/01/31/cas65x-simple-mfa-provider/
Best regards
Le mer. 31 janv. 2024 à 11:26, Issaka Rabo Moutari a
écrit :
Hi,
How you build your app?
What are your dependencies ?
Did you tried using embedded Tomcat ? Java -jar cas.war
Is it required to have external tomacat?
Le lun. 5 févr. 2024 à 09:24, Jérémie Pilette a
écrit :
>
> Hi Pablo,
> I never have the possibility to see the authentification form. It
Did you get the ready message on the server start up ?
You have a 404 error so check if the context is ok in the cas.properties.
And put debug level in log configuration.
A blog post that could help you :
https://fawnoos.com/2022/03/04/cas65-gettingstarted-overlay/
Le lun. 5 févr. 2024 à 10:19
level in log4j2.xml, I have no debug logs...
>
> Le lun. 5 févr. 2024 à 10:29, Mohamed Amdouni a
> écrit :
>
>> Did you get the ready message on the server start up ?
>>
>> You have a 404 error so check if the context is ok in the cas.properties.
>>
>> And
11:01:32 +0100] "GET
> /DevMgmt/DiscoveryTree.xml HTTP/1.1" 404 719
> 192.168.1.197 - - [05/Feb/2024:11:07:12 +0100] "GET /cas/ HTTP/1.1" 404 698
> 192.168.1.174 - - [05/Feb/2024:11:31:52 +0100] "GET
> /DevMgmt/DiscoveryTree.xml HTTP/1.1" 404 719
> 192.168.1
Hello,
I have the same problem with CAS management.
Try to connect to https://localhost:8443/cas-management/ redirects me to
cas.example.org:8443/cas/login?service
Even with management.properties updated with cas server.
In the log file I see that it loads an application.properties/
manage
fault files and their properties come from the main project.
>
> Ray
>
> On Wed, 2024-02-07 at 08:28 -0800, Mohamed Amdouni wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive informatio
Hi Ray,
Would it be possible to share with me your build.gradke the dependencies
section.
I think that I miss the dependency that contains the definition of the
security filter chain.
Best regards.
Le mer. 7 févr. 2024 à 19:15, Mohamed Amdouni a
écrit :
> You mean 6.4? The only vers
Hello,
I’m using cas management 6.6.4 and cas 6.6.15
I have an instance of cas management that uses standalone mode. I use the
cas.standalone.configuration-directory property to set the configuration
folder where I have my management.properties application.properties and
bootstrap.properties.
Al
ise it will load an empty memory database for cas management...
Best Regards.
Le mer. 6 mars 2024 à 03:46, Ray Bon a écrit :
> Mohamed,
>
> I was having similar problems with v6.5.
> Maybe try version 7.0
>
> Ray
>
> On Tue, 2024-03-05 at 10:53 +0100, Mohamed Amdouni wrote
And you should also add the attribute definitions :
cas.authn.attribute-repository.*
These attaributes mapping will be added in the saml2 response claims
Le ven. 22 mars 2024 à 15:43, Mohamed Amdouni a
écrit :
> Hello,
>
> I have a working instance with :
>
> In addition,
>
Hello,
I have a working instance with :
In addition,
cas.server.prefix
cas.server.scope
cas.server.name
And
implementation "org.apereo.cas:cas-server-support-saml:${project.'
cas.version'}"
But I think it s not required because it s for saml1
Le ven. 22 mars 2024 à 14:09, Xavier Rodríguez a
Hello,
I had a similar issue running cas management 6.6.4 and it was related to
https.
My cas management was started with ssl disabled and this version of cas
management requires SSL (see the security adapter ) and in the logs it says
requires secure channel.
I tried to override the adapter but
Hello,
I configured a cas management with :
mgmt.admin-roles[0]=ROLE_ADMIN
mgmt.user-properties-file=
I would like to give access using the ldap attribute memberOf instead of
hardcoding users in the file "mgmt.user-properties-file".
I mean, if a user is a memeber of the cas-admin ldap group
sultExpression = [null]]; result = error>
>>>> 2024-03-28 09:43:41,073 DEBUG
>>>> [org.springframework.webflow.engine.Transition] - >>> [Transition@1b2a72b9 on = *, to =
>>>> initialAuthenticationRequestValidationCheck]>
>>>> 2024-03-28
have
> description: ROLE_ADMIN
>
> I believe the attribute value must be ROLE_ADMIN.
> You may be able to remap the value from your ldap group.
>
> Ray
> --
> *From:* cas-user@apereo.org on behalf of Mohamed
> Amdouni
> *Sent:* 15 July 2024 08:27
&g
and CORS, something
> must have changed between 6.6 and 7.0.
>
> But I haven't been able to solve it yet.
>
> Best Regards
>
> Hartmut
> Mohamed Amdouni schrieb am Montag, 15. Juli 2024 um 18:45:03 UTC+2:
>
>> Hello,
>>
>> Will explain what was t
Hello,
We are encoutering this exception : *"SAML request could not be determined
from the authentication request"*
Description of the flow :
1- Third Application that includes iFrame
2- the iFrame contains the SP (the application secured by CAS with SAML2
protocol)
When calling the SP within
Hello may be this tutorial blog will help you.
https://fawnoos.com/2022/09/16/cas70x-delegated-authn-azure-ad/
The application is secured using which protocol and you will use such
protocol to delegate to azure ad ? Oidc ?
Best regards
Le jeu. 22 août 2024 à 21:18, Doe a écrit :
> Hello All
want to use group membership, you may have to convert it into a new
> attribute with ROLE_ADMIN as its value
> https://apereo.github.io/cas/7.0.x/integration/Attribute-Definitions.html
>
> Ray
> ----------
> *From:* cas-user@apereo.org on behalf of Mohamed
>
Hi,
What I suggest you to check are:
- does the path to metadata accessible by cas ?
- is there traces that this service was loaded by cas ?
- is it present in the declared services, there is an endpoint for this
check but you should include some reporting dependencies
- does the sp-metadata.xml c
Hello,
I recently upgraded cas from 5.x to 6.6.x
I recommend you to strat a new branch and don’t try to upgrade.
- you will use gradle instead of maven : use the cas initializer to create
a brand new project
- you don’t need to upgrade version by version just read the release notes
on GitHub or
Hello,
I think that you should go for a more recent version and use Cas
initializer to generate you overlay
https://getcas.apereo.org/ui
If you want to keep this version try to generate from cas initializer then
check for missing dependencies by comparing the gradle files…
Best regards.
Le jeu
Good luck 🤞
Best regards.
Le jeu. 19 déc. 2024 à 12:41, Christian a
écrit :
> Hello
> Mohamed Amdouni, thanks for answering, even so I don't know if it would be
> a good idea at all. I have a question here.
> Could I make this version change without any problem? The fact is th
Hello,
Be careful about the attribute in the metadata
validUntil="2025-01-19T14:44:57Z"
This will unregister the application after this date.
Best regards.
Le sam. 18 janv. 2025 à 04:39, K. Asef Erfan a
écrit :
> Hello ,
> just wanted post an update here that we got CAS working , Ill post our
i 10 avril 2025 à 16:55:46 UTC+2, Mohamed Amdouni a écrit :
>
>> Hi,
>>
>> Check this discussion
>>
>> https://groups.google.com/a/apereo.org/g/cas-user/c/Lw19PuKwi-0/m/BgXBdp-6BwAJ?utm_medium=email&utm_source=footer&pli=1
>>
>> Best regards
&
Hi,
Check this discussion
https://groups.google.com/a/apereo.org/g/cas-user/c/Lw19PuKwi-0/m/BgXBdp-6BwAJ?utm_medium=email&utm_source=footer&pli=1
Best regards
Le jeu. 10 avr. 2025 à 16:22, Andrew Tillinghast
a écrit :
> Rather than comment out the tomcat version specify the version you want,
58 matches
Mail list logo
