CAS upgrade from 3.5.4 to 6.2.2

[Sobhen C]

I was  trying to upgrade the CAS application from version 3.5.4 into 6.2.2. I went through the 6.2.2 password policy. Now, I am wondering if CAS 6.2 supports Ippe configurations. In the existing application, all the configurations are mentioned in the lppe.configuration.xml file. But, in the latest version, I didn't find a way to mention all the configuration which was there in the  lppe.configuration.xml.

Please provide some guidance on this? How we can use the similar configurations which we were using in the existing CAS 3.5.4 version.

Also, can anyone provide some guidance on this upgrade?

1. Do we need to rewrite the jsp pages into thymeleaf?

2. how to write customized user authentication using LDAP?

3. Currently, we are using web flow, are we able reuse those web flow configurations?

With regards,

Sobhen

[Ray Bon]

Sobhen,

A lot has changed between those two versions.

The short answer; plan to start from scratch.

Cas now has many more builtin capabilities. Some things that you had to implement may just need some configuration.

In our 3.5 version I used LPPE for throttling, now I use cas configuration. Password management is here, https://apereo.github.io/cas/6.2.x/password_management/Password-Management.html

Ray

On Wed, 2020-11-25 at 02:59 -0800, Sobhen C wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

-- 

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.

[Sobhen C]

Thank you Ray for a quick response. 

Yes, as you mentioned, my approach is the same that the application is developing from scratch. 

you have mentioned that "In our 3.5 version I used LPPE for throttling, now I use cas configuration.", I am actually stuck here only, can you put some light on this item. How the existing CAS configurations are used. If possible, could you please quote some properties which are relevant?

Currently, I configured the following properties in css.properties. If the response is expired, then how can we hold on that? Do we need a customized configuration class for that?

cas.authn.ldap[0].type=
cas.authn.ldap[0].ldapUrl=
cas.authn.ldap[0].baseDn=
cas.authn.ldap[0].bindDn=
cas.authn.ldap[0].bindCredential=

With regards,

Sobhen

 

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/dbf712988401f650b1f531fef708b19b74a68231.camel%40uvic.ca.

[Ray Bon]

Sobhen,

Throttling overview is here, https://apereo.github.io/cas/6.2.x/installation/Configuring-Authentication-Throttling.html, and properties are, https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties.html#authentication-throttling

This is my test config

# this is a rate of failed attempts: threshold / rangeSeconds

cas.authn.throttle.failure.threshold=1

cas.authn.throttle.failure.rangeSeconds=3

meaning no more than one login attempt within 3 seconds.

This means that your cas properties should be more restrictive than ldap. The cas settings are simpler than LPPE so I did not pursue it.

Ray

[Sobhen C]

Thanks a lot Ray. That helps.

[Sobhen C]

Hi,

I got some confusion over the view presentation in the new CAS. Based on the different errors, we have separate view templates. I want to display the error messages directly on the CasLoginView.html page itself. As of now, CasLoginView.html is customized as per our requirements. Can anyone guide me to get an idea, how to get hold on the response after the LDAP based authentication? Also, we need to display the captcha after the first submission of the page, so is there any way to get hold of the response after the LDAP authentication?

Basically, I wanted to know how to get hold of the handler once the LDAP authentication completed?

With regards,

Sobhen

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ca7631f1-1713-4a8d-8d97-9965f638b96bn%40apereo.org.