I have setup CAS server in Java and using RubyCas-client for my application. Now my application runs on sub-domain so my concern is once I am authenticated by CAS server for some particular sub-domain, I am able to access others sub-domain also.
Here is brief example:-
My CAS server URL is https://localhost:8443/cas/login
I have given credentials for sub-domain1.mydomain.com and got authenticated for same but when I am trying to access sub-domain2.mydomain.com, getting authenticated for sub-domain2 and sub-domain3 and so on also.
What I want to do that for each sub-domain it will ask me for credentials. Is this possible.
Thanks in advance!
Related
I am trying to integrate apereo CAS management with CAS server and the only tutorial that I found is this for a passwordless authentication(More precisely QR code authentication) and I am finding difficulties in the final step cas server works perfectly but cas management is display
Application Not Authorized to Use CAS
The application you attempted to authenticate to is not authorized to use CAS.
I tried to add casManagement as a service into cas server(both overlay versions)
I tried running them on different machines and that could not help
I tried building from code base but it didn't work
I have installed CAS6.4 and CAS Management .
I am able to access https://CNNAME/cas/login & it successfully login .
I could also Login to https://hostanme/cas-management/ and it redirect back to cas management.
I have added service URL in cas management as below :
^(http|https)://CNNAME*/**
http*://hostname2/*
But when i access these URL, i get error as
Application Not Authorized to Use CAS
The application you attempted to authenticate to is not authorized to use CAS. This usually indicates that the application is not registered with CAS, or its authorization policy defined in its registration record prevents it from leveraging CAS functionality, or it's malformed and unrecognized by CAS. Contact your CAS administrator to learn how you might register and integrate your application with CAS.
In the logs i get error as :
2021-03-01 07:15:39,111 WARN [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - <Unauthorized Service Access. Service [https://hostanme/callback] is not found in service registry.>
I have been struggling to get this solved for for days, could someone please help me with this.
I am trying to do custom authentication in my solution that will use Power BI Report Server. The user will see the report through an IFrame pointing to the Report hosted in PBIRS. We want to use CustomAuthentication, only user logged in the site will see the report.
Is It possible to the IIS that will host my Asp page and the PBIRS are in different machines? Or they need to be in the same machine?
I think is not possible, because in one tutorial they said that the IIS web.config and the PBIRS web.config need to have the same machine keys; but I need confirmation.
Thank You
Conclusion: It is possible, taken that both machine hard code the same machine key in the web config, and the cookie can be shared.
You can refer https://stackoverflow.com/a/61456301/7040747, this is a solution on how you connect them together.
C# authenticate a user by decrypting the login cookie using the Machine Key. So if your Power BI Report Server (PBIRS) is able to receive the login credential cookie from your ASP, and able to validate the cookie by successfully decrypting it, PBIRS will then be able to authenticate the user who entered the system.
I'm starting to work with CAS on my company. This is totally new for me, so I had to read lot of documents and how to's to have an idea of how CAS works.
So, we have to provide a single sign on service in our server to a company with two different applications. One of those, uses SAML2.
My CAS server is now working against a MySQL database, so I'll have the users of those 2 apps on my database to provide authentication service.
What I don't get clear is about SAML. All the tutorials I've read about SAML2 integrated with CAS 4.0.0 are using Google Accounts. I don't know why! I have some SAML2 configuration on a xml on my CAS directories, but I don't know how to prove if it's working or not.
If you are going to authenticate both of the applications using your single database, CAS is enough, SAML not required. With SAML you can connect to an external application(which supports SAML), both might be having their own internal authentication, but they will commnicate each other through SAML2 protocol/agreement
CAS is ideal ,if you want to setup a web single sign-on to different web applications (exclusively for a single institution), which all use the same authentication (DB, LDAP or whatever). With this the authentication will be centralized for all these different applications.
For users from another external institution to use your web application, SAML would be the choice, provided the External application also should support SAML.
Using CAS 4.0.1 and successfully build with maven cas webapp and cas management app.
Accessing the cas-management app shows the services gui with the following error:
"The CAS management webapp is Unavailable
There was an error trying to complete your request. Please notify your support desk or try again."
I am able to solve my problem and I hope it might help you as well.
The reason behind this error is the security certificate was not in the VM parameter for my CAS server, namely
-Djavax.net.ssl.trustStore=truststore -Djavax.net.ssl.trustStorePassword=trustword"
If the CAS server has both cas and cas-management, then it requires the client certificate of this server to be part of the VM param.
The link http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore shows how to create server and client certificates.