cas.server.prefix=${cas.server.name}/cas
cas.serviceRegistry.initFromJson=truecas.serviceRegistry.json.location=file:/etc/cas/services
cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName,eduPersonTargettedId:SOME_IDENTIFIER
cas.authn.ldap[0].collectDnAttribute=falsecas.authn.ldap[0].principalDnAttributeName=principalLdapDncas.authn.ldap[0].allowMultiplePrincipalAttributeValues=truecas.authn.ldap[0].allowMissingPrincipalAttributeValue=truecas.authn.ldap[0].credentialCriteria=
logging.config: file:/etc/cas/config/log4j2.xml
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "https://app.example.org",
"name" : "ApplicationName",
"id" : 1001,
"evaluationOrder" : 10
}
buildscript { repositories { mavenLocal() mavenCentral() jcenter() maven { url "https://repo.spring.io/libs-milestone" } maven { url "https://repo.spring.io/libs-snapshot" } maven { url "https://plugins.gradle.org/m2/" } } dependencies { classpath "de.undercouch:gradle-download-task:${project.gradleDownloadTaskVersion}" classpath "org.springframework.boot:spring-boot-gradle-plugin:${project.springBootVersion}" classpath "gradle.plugin.com.google.cloud.tools:jib-gradle-plugin:${project.jibVersion}" classpath "io.freefair.gradle:maven-plugin:${project.gradleMavenPluginVersion}" }}
repositories { mavenLocal() mavenCentral() jcenter() maven { url "https://oss.sonatype.org/content/repositories/snapshots" } maven { url "https://repo.spring.io/milestone/" } maven { url "https://repo.spring.io/snapshot/" } maven { url "https://oss.jfrog.org/artifactory/oss-snapshot-local" }}
def casServerVersion = project.'cas.version'def casWebApplicationBinaryName = "cas.war"
project.ext."casServerVersion" = casServerVersionproject.ext."casWebApplicationBinaryName" = casWebApplicationBinaryName
apply plugin: "io.freefair.war-overlay"apply from: rootProject.file("gradle/tasks.gradle")
apply plugin: "war"apply plugin: "eclipse"apply plugin: "idea"
apply from: rootProject.file("gradle/springboot.gradle")apply from: rootProject.file("gradle/dockerjib.gradle")
dependencies { // Other CAS dependencies/modules may be listed here... compile "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}" compile "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"}
tasks.findByName("jibDockerBuild") .dependsOn(copyWebAppIntoJib, copyConfigIntoJib) .finalizedBy(deleteWebAppFromJib)
tasks.findByName("jib") .dependsOn(copyWebAppIntoJib, copyConfigIntoJib) .finalizedBy(deleteWebAppFromJib) configurations.all { resolutionStrategy { cacheChangingModulesFor 0, "seconds" cacheDynamicVersionsFor 0, "seconds"
preferProjectModules()
def failIfConflict = project.hasProperty("failOnVersionConflict") && Boolean.valueOf(project.getProperty("failOnVersionConflict")) if (failIfConflict) { failOnVersionConflict() } }}
eclipse { classpath { downloadSources = true downloadJavadoc = true }}
idea { module { downloadJavadoc = true downloadSources = true }}
bootWar { entryCompression = ZipEntryCompression.STORED overlays { // Note: The "excludes" property is only for files in the war dependency. // If a jar is excluded from the war, it could be brought back into the final war as a dependency // of non-war dependencies. Those should be excluded via normal gradle dependency exclusions. cas { from "org.apereo.cas:cas-server-webapp${project.appServer}:${casServerVersion}@war" provided = false //excludes = ["WEB-INF/lib/somejar-1.0*"] } }}
wrapper { distributionType = Wrapper.DistributionType.BIN gradleVersion = "${project.gradleVersion}"}
compile "org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"
compile "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}"
Hi folks,
This message is related to this Pull Request #4426 and #4427 in CAS 6.1.2 and 6.2 version. The PR fix is working only at first login and if all cookies are cleared after, the problem is that the JSESSIONID cookie exist again even if you logout as it's not cleared, and so It tries to retrieve the session/ticket from an older value and it link the transient service ticket to the old value.
I'm guessing if someone know a way to avoid that ? I tried to find a way to force the cookie value change but i's not really applied everywhere (as it doesn't applied before a page is viewed), or I didn't find where to do it. If someone have an idea feel free to purpose it !
On an other side I'm guessing if it's a good way to do ? I think it would be better to avoid to use a cookie as in this case the session could be retrieved on an other way. As example with SAML AuthnRequest an ID is generated and the IDP in his response provide it (attribute inResponseTo). So why not using this attribute and let to tomcat the JSESSIONID cookie ? It's an idea only. After I'm not sure if this will work in an UNSOLICITED request (I can't test it).
Any overview would be appreciated !
Thanks
Julien