--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/541cb878-ace9-e180-fb86-4f8f66b5ab65%40wheatoncollege.edu.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/541cb878-ace9-e180-fb86-4f8f66b5ab65%40wheatoncollege.edu.
I think that's it!
Thanks, I'll do some testing and report back.
Appreciate your help.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAN4Q%3DDucyHb-sK0qB_STumqg_Aua_egPxz_DFBeyK9bMg%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAN4Q%3DDucyHb-sK0qB_STumqg_Aua_egPxz_DFBeyK9bMg%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/88affc8e-1a7a-228f-0f23-225209c8f29b%40wheatoncollege.edu.
Hi all,
Couple of questions regarding Surrogate Authentication....
1. Does the user that logs in have to also be a CAS admin? I'd like to map a specific non-admin user to another non-admin user.
2. If I am using LDAP authentication in CAS 5.1.2 do I have to do the surrogate mapping via LDAP as well? I've pulled in the surrogate dependency in my pom.xml file and added this to my cas.properties file...
cas.authn.surrogate.separator=+
cas.authn.surrogate.simple.surrogates.casuser=mary,bob
I thought I could then put "mary+bob" in the username field along
with bob's password and I'd be logged in as mary but I just end up
getting logged in as bob with nothing mentioned about mary in the
log files.
Thanks for any help you can provide.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJ%3D0EZyPC6L93NxpAUmXGhrwG4%3DCq2QKg0sNy_Gypwx_FgfPLQ%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1e4d6c44-b65a-6276-5c42-03c8a31c6b53%40wheatoncollege.edu.
Hi everyone,
Dirk, thanks for all the suggestions, I 'think' I am close. I created the c:\etc\cas\config\surrogates.json file and it looks like this...
{
"bob": ["mary", "jim"]
}
and I am referencing the surrogates.json file from my cas.properties file like this...
cas.authn.surrogate.separator=+
cas.authn.surrogate.json.config.location=file:/etc/cas/config/surrogates.json
When I go to log into a service I enter "mary+bob" in the username field along with bob's password and I get taken to the service successfully as bob (unfortunately not mary) and this is what I see in the logs...
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
WHO: (Real user: [bob], Surrogate user: [mary])
WHAT: Supplied credentials: [[surrogateUsername=mary]]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Tue Jan 22 16:14:47 EST 2019
CLIENT IP ADDRESS: <HIDDEN>
SERVER IP ADDRESS: <HIDDEN>
2019-01-22 16:14:47,559 WARN
[org.apereo.cas.authentication.DefaultAuthenticationResultBuilder]
- <Authentication attribute
[samlAuthenticationStatementAuthMethod] has no value and is
not collected>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Any ideas on what I'm missing? I don't think I need the
surrogate-authentication-rest dependencies since I believe that
has to do with building a web page with surrogate users to choose
from and in our case we are explicitly referencing the target's
name with the personA+PersonB syntax.
Thanks!
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJ%3D0EZyvXAZONPLMeYzWLMrVypq%2BWBGx-cBbLmpf7jrtpEtfNw%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fc224497-52e5-ca24-9911-f14b9d62b968%40wheatoncollege.edu.
Hi Dirk,
Unfortunately when I add the "cas-server-support-surrogate-webflow" dependency to my pom.xml file I get the following error when I do "mvn clean package"
[ERROR] Failed to execute goal on project cas-overlay: Could
not resolve depende
ncies for project org.apereo.cas:cas-overlay:war:1.0: Could
not find artifact or
g.apereo.cas:cas-server-support-surrogate-webflow:jar:5.1.2
in sonatype-releases
(http://oss.sonatype.org/content/repositories/releases/)
-> [Help 1]
[ERROR]
From what I remember reading, the 5.1.x docs only mentioned the "cas-server-support-surrogate-authentication" dependency in the Surrogate setup directions and the other surrogate webflow and rest dependencies only started appearing (I think) in the 5.2 docs and above.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJ%3D0EZyN2eC-Kk9e8S5qYPyku1sbTqt4HvH2cBO4JY%3DPUmy9XQ%40mail.gmail.com.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/541cb878-ace9-e180-fb86-4f8f66b5ab65%40wheatoncollege.edu.
On Wed, Jan 9, 2019 at 2:48 PM Brian Gibson <gibson...@wheatoncollege.edu> wrote:
Hi all,
Is there a way within a service entry in CAS 5.1 to say that if person A
logs in successfully, send them to the service as person B?
I checked the 5.1 service-related docs but couldn't find anything.
Thanks,
Brian
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/541cb878-ace9-e180-fb86-4f8f66b5ab65%40wheatoncollege.edu.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAN4Q%3DDucyHb-sK0qB_STumqg_Aua_egPxz_DFBeyK9bMg%40mail.gmail.com.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.