CASify JBoss Applications
Is there any Tutorial or Example on how to integrate CAS into JBoss (for EJB and WebClient Authentication) without using JBoss Portal ? ...
cas
CAS (Central Authentication Service) example with JSF
Does anybody have a simple login JSF example with JA-SIG CAS? I got their web example up and running. But, in my case I need more than that, in my application when an user logs in (there are many roles: manager/sales/tech supports), then the user needs to be redirected to a defined page that contains the application menu which the user ...
How can I restrict/prevent .net code execution on internet?
I develop a series of .NET class libraries and I don't want them to run from a web site. That is, users could only use/call my libraries through windows desktop applications. For example I don't want the users to be able to use these libraries in an ASP.NET web application, on a web site. Is there a way to achieve this? ...
caspol.exe doesn't grant Full trust to the Intranet share on fw2.0 machines
I have few pre .net 3.5 Sp1 machines where i need to run an exe from a local intranet share. Here is the sample CAS commnad I am using to grant full trust to the local intranet share. CasPol.exe -m -ag 1.2 -url file://\\Server/Sahare/folder1/folder2/AppFolder/* FullTrust It alters the local intranet policy and grants Full trust to 1.2...
Implementation issues with SSO
Let me preface this by saying I'm a beginner in a PHP environment so there may be a simple answer here. We're trying to use phpCAS to connect to our university's CAS server. Our server has been set up to match these requirements: http://www.ja-sig.org/wiki/display/CASC/phpCAS+requirements, and we have installed phpCAS to it's own access...
Authenticating from a "child" application via CAS
I have a portal application that loads external content (widgets) via an iframe. Users login to CAS via the portal itself. There are a few portal APIs, though, that need to be called from that external content. What information do I have to pass from the portal to the widgets that the widgets can use to make these calls without being rej...
trust set to Full, but web part still causes SecurityException
I've got a web part that accesses the SP object model, packaged in an assembly which is signed and deployed to the GAC. The web.config is set for "Full" trust, and yet my web part throws a SecurityException. The offending lines of code: SPSecurity.RunWithElevatedPrivileges(new SPSecurity.CodeToRunElevated(() => { foreach (SPGroup ...
Grant FullTrust in trusted assembly called by partial trust assembly
Hi Stackoverflowers :) imagine the following environment: an XBAP application running in partial trust mode (default behaviour; requiring Full Trust is not an option - but before you ask, if full trust is given to the XBAP, everything works as expected) is referencing a locally installed assembly, which is located in the GAC. To achieve...
WIF using SAML 2 protocol / Federate AD FS 2.0 with CAS
I'am are trying to implement a Web SSO with claim based identity using WIF and AD FS 2.0 right now. Right now I have a existing ASP.Net application which delegates authentification to the AD FS 2.0 server and trust issued security tokens. That works just fine. However, in the organization there is an existing JA-SIG Central Authenticati...
Auto login after signup in CAS
I am setting up my own CAS. A authentication handler was written and username/password are authenticated against a MySQL db. I also add signup page and related logic. Now I would like to let user automatically log on when he/she has registered as a user. How to achieve this? ...
IIS 7.5 refuses to load 64-bit assembly - possible CAS problem?
Hi, I just downloaded the Orchard CMS, opened it up in VS2008 and hit F5: Everything runs fine. I then created a website in IIS 7.5 and pointed it to the web project's directory and set up permissions correctly (I hope). I downloaded the 64-bit version System.Data.SQLite as suggested here: Orchard Work Item 14798 and here: SO: Could n...
How to access/use custom attribute in spring security based CAS client
I need send certain attributes(say, human readable user name) from server to client after a successful authentication. Server part was done. Now attribute was sent to client. From log, I can see: 2010-03-28 23:48:56,669 DEBUG Cas20ServiceTicketValidator:185 - Server response: [email protected] <cas:proxyGrantingT...
HTTP 500 ERROR on CAS Server while setting SSLVerifyClent as "required"
I have 3 servers, a Apache Server, a JBOSS Server and a CAS Server for SSO. The Apache Server resolve all request with a domain such as www.request.com, and the path of CAS Server is www.request.com/cas, and JBOSS Server is www.request.com/jboss (This app got a CAS client). My problem is if I set SSLVerifyClient require for the Name...
Thin, Sinatra, and intercepting static file request to do CAS authentication
I'm using the casrack-the-authenticator gem for CAS authentication. My server is running Thin on top of Sinatra. I've gotten the CAS authentication bit working, but I'm not sure how to tell Rack to intercept "/index.html" requests to confirm the CAS login, and if the user is not allowed to view the page, return a HTTP 403 response inst...
JavaScript computer algebra system
I am looking for a simple computer algebra system (cas) for JavaScript but I can't find anything with google. I only need basic functionality: simplify expressions to some canonic form. Ability to check if two expressions are the same, i.e., a(x+y) == ax+ay parse mathematical formulas. I want it to be able to read expressions like ax²+...
Sharepoint: Is it possible to automate the deployment of a custom CAS policy?
Hi all, I'm looking for a way to automate the deployment of a custom CAS policy in SharePoint. What i would like to achieve is the following: All assemblies that have been built and signed by our build server (with a secret key) should run in SharePoint under the 'higher than normal' trust level. Now I can manually edit the cas poli...
If you deny assertion rights in .NET, does it have any effect?
In .NET you can deny the security permission 'Assertion' for callers higher on the stack, but would this actually work since Assert() ignores permissions lower on the stack? Since it's the end of the working day I don't presently have time to experiment. Guidance appreciated! ...
Does CAS Support Application Level Impersonation?
I have a PHP application that is successfully authenticating against a CAS server. One of the features supported by the application is impersonation; a user with the appropriate privileges can impersonate another of the application. Generally, this isn't a problem because the app itself can keep track of who the user is impersonating and...
.net 2.0 assembly security
Hi, I have an assembly and want to restrict the assemblies and applications that can call/use this assemblies functionality. Can anyone provide detailed information on how this can be achieved ? From what I have read on the internet this is not possible because any "fully trusted" assembly will automatically be granted access. I am u...
REST Layer Security And Integration
I have an widget-based front end talking to a REST layer. To use the front-end, a human needs to log in with a username and password. Once in, the user can interact with the widgets, which make calls to the REST layer. At this point, no authorization is done at the REST layer. If you have logged in successfully, you can do whatever you w...