Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Hello Ray,
Thank you for reply. This is very useful.
cas.ticket.tgt.primary.max-time-to-live-in-seconds=240
cas.ticket.tgt.primary.time-to-kill-in-seconds=180
These are the setting and for testing I am following these steps.
I am login with cas credentials to web page, after login refresh page every 10second or so for about three mins, I am getting authenticate message and I am logged in in web page. That means cas server is not idle and in cas logs I can see ‘Authentication event occurred ’ .So even after server is not idle and with activity , page is getting logout screen after three mins as we set cas.ticket.tgt.primary.time-to-kill-in-second=180.
These settings work as expected if server is idle, but not with if server is not idle.
Not able to find why this is happening.
Thank you,
Niral
From: cas-...@apereo.org <cas-...@apereo.org> On Behalf Of
Ray Bon
Sent: Tuesday, May 30, 2023 2:09 PM
To: cas-...@apereo.org
Subject: Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5
WARNING: THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL SYSTEM. DO NOT CLICK links / attachments unless you know that the content is safe! For suspicious emails, report using the Phish Alert Report button on the upper left of your email. For marketing/SPAM emails, delete. |
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/45a68565c1a13c0295f8fbbbcd49ef99805ac6fa.camel%40uvic.ca.
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Hello Ray,
Ray,
A you said you may have to get cas to issue a new ST[to a different application]. How can I add this for testing?
I tested with two different browsers. Like login in chrome and did not touch it. I also login on edge and refreshing page every few mins, and I can see new service ticket open message in logs means server is active. I still got logged out from chrome after 3 mins as I set cas.ticket.tgt.primary.time-to-kill-in-seconds=180.
Thank you for your help!
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/27d203a9e36c1fffe0e04632a6b74b3e9a98563d.camel%40uvic.ca.
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/27d203a9e36c1fffe0e04632a6b74b3e9a98563d.camel%40uvic.ca.
Thank you Ray,
I notice even I issue new ticket and keep server busy/active, it is still killing session instead of expanding session. I am using CAS 6.5.9
What is best scenario to test this or some logs or setting I need to add.
Thank you,
Niral
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/27d203a9e36c1fffe0e04632a6b74b3e9a98563d.camel%40uvic.ca.
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/27d203a9e36c1fffe0e04632a6b74b3e9a98563d.camel%40uvic.ca.
Ray,
You are correct, I am doing these steps
Post your cas.ticket.tgt.* config and the steps that you are performing.
I just tested with 6.5.9 and can confirm that these settings work:
cas.ticket.tgt.primary.max-time-to-live-in-seconds=301
cas.ticket.tgt.primary.time-to-kill-in-seconds=120
Are there any dependencies I have to add or extra properties. Or Do I need to enable any other ticketing properties in configs?
One more question:
cas.ticket.tgt.primary.time-to-kill-in-seconds=120, for this even server is active/issuing new tickets, does session expire after 120 sec?
I don’t want it to expire if I am on that page for few mins, it is just keep expiring session even there is activity. Can you please send me link for repo you are using?
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e277ae05ca27972c7ce1e418db33325a81338311.camel%40uvic.ca.
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e277ae05ca27972c7ce1e418db33325a81338311.camel%40uvic.ca.
Ray,
When you say 'on that page for a few mins', what page are you talking about? – webpage of our app which is integrated with CAS login.
If I login from this page or refresh this page, it is creating new ticket and I can see that on logs.
I am using this repo: GitHub - apereo/cas at 5.3.x
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/393206864cf874d7758a2abc5b68ae89151345a9.camel%40uvic.ca.
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Ray,
When you say 'on that page for a few mins', what page are you talking about? – webpage of our app which is integrated with CAS login.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/393206864cf874d7758a2abc5b68ae89151345a9.camel%40uvic.ca.
Hello Ray,
As I am upgrading from 6.5.9 to 6.6.8 As we are using custom login page UI. I have to do few changes in src folder. I have below code in src/main/resources/templates/layouts.html.
<link rel="stylesheet" type="text/css" th:href="@{#{webjars.fontawesomemin.css}}"/>
I would like to add webjars dependency in build.gradle. I did not find any sample for this. Please help! As webjars not finding this it is displaying blank page instead of custom login page.
Thank you
Niral
You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit
https://groups.google.com/a/apereo.org/d/topic/cas-user/M-hrAO4jo3w/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/52ae00b8afd0b859887659f70094d323109a5710.camel%40uvic.ca.
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Hello Ray,
As I am upgrading from 6.5.9 to 6.6.8 As we are using custom login page UI. I have to do few changes in src folder. I have below code in src/main/resources/templates/layouts.html.
Thank you so much Ray for quick reply.
I am able to fix custom theme issue and page loading with all css properly and I am able to login to CAS and able to see my credentials with other profile info. But when I refresh page it is automatically log me out. Any suggestions or idea?
From: cas-...@apereo.org <cas-...@apereo.org> On Behalf Of
Ray Bon
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20ca731a0cea05c993d5d002b8fb4ad4ab196448.camel%40uvic.ca.
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20ca731a0cea05c993d5d002b8fb4ad4ab196448.camel%40uvic.ca.
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Ray,
It is cas default login page. https://stage.eclkc.info/cas/login. After refresh it is sending me again this login page.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ba33e3f3c3c3a1fce173922592919095bfc4136.camel%40uvic.ca.
Ray,
If I refresh page cas keep login information and it stayed on same page with profile info, but in browser at end of the url, I click and enter it is sending me to login page again and log me out.
This behavior is only with 6.6, our 6.5 version is working as expected and not sending me to logout even after refresh or click and enter in browser URL tab.
Are there any properties I need to set.
Thank you,
Niral
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d5a1e547a58789aed577887094af1decba143251.camel%40uvic.ca.
Ray,
You are correct. First login there is TGC cookie but after pressing enter in URL, somehow TGC cookies is not there.
Also,
I am using tomcat server 9.0.30 on our test environment, does it can be issue?
Thankyou,
Niral
From: Niral Kunadia
Sent: Wednesday, July 5, 2023 11:28 AM
To: cas-...@apereo.org
Subject: RE: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5
Ray,
I am upgraded CAS to 6.6.9 from 6.5.8, I am able to login to cas with authentication and on refresh somehow TGC is expiring and asking for login credentials again.
Is there any setting I have to add in cas.properties?
I did these steps:
If don’t do cas/logout, somehow tgc ticket is expiring.
But after few second somehow TGC is expiring. How can I add expiration time in 6.6.9. I don’t have any setting related to tgc in my 6.5.8 version.
From: cas-...@apereo.org <cas-...@apereo.org>
On Behalf Of Ray Bon
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ba33e3f3c3c3a1fce173922592919095bfc4136.camel%40uvic.ca.
Ray,
I am upgraded CAS to 6.6.9 from 6.5.8, I am able to login to cas with authentication and on refresh somehow TGC is expiring and asking for login credentials again.
Is there any setting I have to add in cas.properties?
I did these steps:
If don’t do cas/logout, somehow tgc ticket is expiring.
But after few second somehow TGC is expiring. How can I add expiration time in 6.6.9. I don’t have any setting related to tgc in my 6.5.8 version.
From: cas-...@apereo.org <cas-...@apereo.org> On Behalf Of
Ray Bon
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ba33e3f3c3c3a1fce173922592919095bfc4136.camel%40uvic.ca.
$ ./gradlew exportConfigMetadata
$ ./gradlew tasks
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Ray,
I am upgraded CAS to 6.6.9 from 6.5.8, I am able to login to cas with authentication and on refresh somehow TGC is expiring and asking for login credentials again.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ba33e3f3c3c3a1fce173922592919095bfc4136.camel%40uvic.ca.
Thank you Ray,
Are you deploying the war to more than one tomcat? : I created .war file with gradle on local and deploying to test environment which is some hosted environment.
Is the tomcat on your local dev computer or some hosted environment? : some hosted environment
Thank you for reply.
From: cas-...@apereo.org <cas-...@apereo.org> On Behalf Of
Ray Bon
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e1847d18154f067cd0cf948c349cca4b723228bc.camel%40uvic.ca.
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Thank you Ray,
Are you deploying the war to more than one tomcat? : I created .war file with gradle on local and deploying to test environment which is some hosted environment.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e1847d18154f067cd0cf948c349cca4b723228bc.camel%40uvic.ca.
Ray,
I can double check if hosted environment have more than one tomcat server. FYI, this was working perfectly fine with 6.5.9 , TGC ticket expiring only with 6.6.9 version.
Is there any public repo you are aware of with CAS 6.6.9 available for test with login and logout form.
Thank you for reply!
Niral
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e2392cb3c117ae6cb9a3b9a000eb7bdf54533f15.camel%40uvic.ca.
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Ray,
I can double check if hosted environment have more than one tomcat server. FYI, this was working perfectly fine with 6.5.9 , TGC ticket expiring only with 6.6.9 version.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e2392cb3c117ae6cb9a3b9a000eb7bdf54533f15.camel%40uvic.ca.
Ray,
I will do more debug with this. I also notice we are using custom JavaScript for handling two factor authentication. Is that can be issue?
Niral
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6f5e1d879fffcc4f50a0b84d7c1fb88750368f02.camel%40uvic.ca.
Ray,
We are using one tomcat only. I found we added code in “cas-overlay-template\src\main\java\org\apereo\cas\authentication\handler\support\AbstractUsernamePasswordAuthenticationHandler.java
” Which is calling CAS Rest API for two factor authentication.
Code is look like this in our 6.5.8:
protected void
transformPassword(final
UsernamePasswordCredential userPass)
throws FailedLoginException,
AccountNotFoundException
{
if
(StringUtils.isBlank(userPass.toPassword()))
{
throw new
FailedLoginException("Password
is null.");
}
LOGGER.debug("Attempting
to encode credential password via [{}] for [{}]", this.passwordEncoder.getClass().getName(),
userPass.getUsername());
/* REST api */
LOGGER.debug("Get
token [{}]", userPass.getCustomFields().get("tokenid").toString());
String password = new
String(userPass.getPassword());
if
(!StringUtils.isBlank(userPass.getCustomFields().get("tokenid").toString()))
{
try
{
String passToken = password
+
"<tokenid>"
+
userPass.getCustomFields().get("tokenid").toString();
password =
"Token_"
+
URLEncoder.encode(passToken,
"UTF-8");
} catch
(UnsupportedEncodingException
e) {
System.out.println("Issue
for encoding" +
e.getMessage());
}
}
As 6.9.8 was complaining some deprecated code I changed code for
String password = new String(userPass.getPassword());
to
String password = userPass.toPassword();
So new code look like this:
protected void transformPassword(final UsernamePasswordCredential userPass) throws FailedLoginException, AccountNotFoundException {
if (StringUtils.isBlank(userPass.toPassword())) {
throw new FailedLoginException("Password is null.");
}
LOGGER.debug("Attempting to encode credential password via [{}] for [{}]", this.passwordEncoder.getClass().getName(), userPass.getUsername());
/* REST api */
LOGGER.debug("Get token [{}]", userPass.getCustomFields().get("tokenid").toString());
String password = userPass.toPassword();
if
(!StringUtils.isBlank(userPass.getCustomFields().get("tokenid").toString()))
{
try
{
String passToken = password
+
"<tokenid>"
+
userPass.getCustomFields().get("tokenid").toString();
password =
"Token_"
+
URLEncoder.encode(passToken,
"UTF-8");
} catch
(UnsupportedEncodingException
e) {
System.out.println("Issue
for encoding" +
e.getMessage());
}
}
Do you think that is issue for expiring TGC ?
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6f5e1d879fffcc4f50a0b84d7c1fb88750368f02.camel%40uvic.ca.
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Ray,
We are using one tomcat only. I found we added code in “cas-overlay-template\src\main\java\org\apereo\cas\authentication\handler\support\AbstractUsernamePasswordAuthenticationHandler.java
” Which is calling CAS Rest API for two factor authentication.
Code is look like this in our 6.5.8:
protected voidtransformPassword(finalUsernamePasswordCredential userPass)throws FailedLoginException,AccountNotFoundException{
if(StringUtils.isBlank(userPass.toPassword
())) {
throw newFailedLoginException("Password is null.");
}
LOGGER.debug("Attempting to encode credential password via [{}] for [{}]", this.passwordEncoder.getClass().getName(), userPass.getUsername());
/* REST api */
LOGGER.debug("Get token [{}]", userPass.getCustomFields().get("tokenid").toString());
String password = newString(userPass.getPassword());
if(!StringUtils.isBlank(userPass.getCustomFields().get("tokenid").toString())) {
try{
String passToken = password+ "<tokenid>"+ userPass.getCustomFields().get("tokenid").toString();
password ="Token_"+ URLEncoder.encode(passToken,"UTF-8");
} catch(UnsupportedEncodingExceptione) {
System.out.println("Issue for encoding" +e.getMessage());
}
}
As 6.9.8 was complaining some deprecated code I changed code for
String password = new String(userPass.getPassword());
to
String password = userPass.toPassword();
So new code look like this:
protected void transformPassword(final UsernamePasswordCredential userPass) throws FailedLoginException, AccountNotFoundException {
if (StringUtils.isBlank(userPass.toPassword())) {
throw new FailedLoginException("Password is null.");
}
LOGGER.debug("Attempting to encode credential password via [{}] for [{}]", this.passwordEncoder.getClass().getName(), userPass.getUsername());
/* REST api */
LOGGER.debug("Get token [{}]", userPass.getCustomFields().get("tokenid").toString());
String password = userPass.toPassword();
if(!StringUtils.isBlank(userPass.getCustomFields().get("tokenid").toString())) {
try{
String passToken = password+ "<tokenid>"+ userPass.getCustomFields().get("tokenid").toString();
password ="Token_"+ URLEncoder.encode(passToken,"UTF-8");
} catch(UnsupportedEncodingExceptione) {
System.out.println("Issue for encoding" +e.getMessage());
}
}
Do you think that is issue for expiring TGC ?
From: cas-...@apereo.orgcas-...@apereo.org On Behalf Of Ray Bon
Sent: Friday, July 7, 2023 2:07 PM
To: cas-...@apereo.org
Subject: Re: [cas-user] CAS session management - Ticket Expiration Policies - CAS 6.5
WARNING: THIS IS AN EXTERNAL EMAIL THAT ORIGINATED OUTSIDE OF OUR EMAIL SYSTEM. DO NOT CLICK links / attachments unless you know that the content is safe! For suspicious emails, report using the Phish Alert Report button on the upper left of your email. For marketing/SPAM emails, delete.
Niral,
I would be surprised if there were any changes in the way tickets are handled by cas in the upgrade (it is fundamental in the way cas operates).
Spring is good at logging when there is a mismatch between your config and class properties. Is there anything in the logs that would suggest values are not being set?
Petr suggested using your browser's dev tools. If you step through the network traffic, you can see cookies and values being sent and you will see if a TGC is being resent [with a different value].
You do not need a real service to check cas's management of TGCs. I added a fake service to my service registry; I literally have this bookmark:
after login your browser will display a message about not findinghttps://blah (firefox displays: Hmm. We’re having trouble finding that site.), and in the address bar will be:
If you open a new tab and try to log in with the bookmark, you will not see the log in page but get redirected tohttps://blah with a new ST
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6f5e1d879fffcc4f50a0b84d7c1fb88750368f02.camel%40uvic.ca.
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Ray,
I am able to deploy cas.war file on server and it is working. Some how I am not able to access management endpoints. Do I have to add anything in cas.properties or as dependencies. I am getting this and also cas-managemnt displaying same error.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e2392cb3c117ae6cb9a3b9a000eb7bdf54533f15.camel%40uvic.ca.
Thank you Ray,
I am able to access info, health and metrics endpoint after adding them in cas.properties. I would like to add ssoSession.
I am following this doc (CAS - Configuring SSO Sessions (apereo.github.io)). When I try to add dependencies in buil.gradle (CAS 6.6.9). I am getting this error.
How can I fix this?
Niral
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c6f3fa3c77f488c3b9e5e789e21928b927063856.camel%40uvic.ca.
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Thank you Ray,
I am able to access info, health and metrics endpoint after adding them in cas.properties. I would like to add ssoSession.
I am following this doc (CAS - Configuring SSO Sessions (apereo.github.io)). When I try to add dependencies in buil.gradle (CAS 6.6.9). I am getting this error.
How can I fix this?
Niral
From: cas-...@apereo.org <cas-...@apereo.org> On Behalf OfRay Bon
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c6f3fa3c77f488c3b9e5e789e21928b927063856.camel%40uvic.ca.
Ray,
I am using this for management app (cas-management-overlay/gradle.properties at 6.6 · apereo/cas-management-overlay · GitHub) and this as cas overlay for cas(GitHub - apereo/cas-overlay-template at 6.6).
I am able to create cas.war file and cas-management.war file. I deploy it to server http://*.com/ in /tomcat9/webapps/ folder. Both webapplication and cas are on same directory. I have cas.properites and management.properties there.
Do I need to put all configs in cas.properies and don’t need management.properties as both are on same directory?
From: cas-...@apereo.org <cas-...@apereo.org> On Behalf Of
Ray Bon
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/18b047e7f39d959519652e4c1733456fa61aff65.camel%40uvic.ca.
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Ray,
I am using this for management app (cas-management-overlay/gradle.properties at 6.6 · apereo/cas-management-overlay · GitHub) and this as cas overlay for cas(GitHub - apereo/cas-overlay-template at 6.6).
I am able to create cas.war file and cas-management.war file. I deploy it to serverhttp://*.com/ in /tomcat9/webapps/ folder. Both webapplication and cas are on same directory. I have cas.properites and management.properties there.
Do I need to put all configs in cas.properies and don’t need management.properties as both are on same directory?
From: cas-...@apereo.org <cas-...@apereo.org> On Behalf OfRay Bon
Ray,
Currently I am trying in cas. But we used to have it working for cas management and cas for older version which is not working with 6.6.9
Niral
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5039ce1ded4dbfbf332b8ad648bf2bf2f79730a2.camel%40uvic.ca.