I'm excited to start working with CAS 5 and setup all in the config file,
but I'm having issues getting switched over to auth in the database. (IE
casuser/Mellon is still the only login that works to login.)
I've been trying to work slowly changing only what I need to at the time so
I don't think I've changed any other files other than cas.properties
(copied in below), but please let me know if some other file would be
useful to include.
I'm seeing this error in catalina.out which may be related:
2016-08-03 15:18:40,206 Log4j2-AsyncLoggerConfig-14 ERROR An exception
occurred processing Appender casAudit java.lang.NullPointerException
at org.apereo.cas.logging.CasAppender.append(CasAppender.java:85)
at
org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:155)
at
org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:128)
at
org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:119)
at
org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
at
org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:390)
at
org.apache.logging.log4j.core.async.AsyncLoggerConfig.asyncCallAppenders(AsyncLoggerConfig.java:113)
at
org.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor$Log4jEventWrapperHandler.onEvent(AsyncLoggerConfigDisruptor.java:111)
at
org.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor$Log4jEventWrapperHandler.onEvent(AsyncLoggerConfigDisruptor.java:97)
at
com.lmax.disruptor.BatchEventProcessor.run(BatchEventProcessor.java:129)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
I haven't found any CAS log files yet (looking in /var/log/cas where they
used to be) so let me know if I should be looking somewhere new for those).
Here is my cas.properties file:
cas.server.name: https://webdev-g.sbts.edu
cas.server.prefix: https://webdev-g.sbts.edu/cas
cas.adminPagesSecurity.ip=(10)(\.(241|244|245|247|99))(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2}
# 8 hours - negative value = never expires
cas.ticket.tgt.maxTimeToLiveInSeconds=28800
# 40 minutes (Set to a negative value to never expire tickets)
cas.ticket.tgt.timeToKillInSeconds=2400
##
# CAS SSO Cookie Generation & Security
# See https://github.com/mitreid-connect/json-web-key-generator
#
# Do note that the following settings MUST be generated per deployment.
#
# Defaults at spring-configuration/ticketGrantingTicketCookieGenerator.xml
# The encryption secret key. By default, must be a octet string of size 256.
tgc.encryption.key=stuff...
# The signing secret key. By default, must be a octet string of size 512.
tgc.signing.key=stuf...
##
# Service Ticket Timeout
# Default sourced from
WEB-INF/spring-configuration/ticketExpirationPolices.xml
#
# Service Ticket timeout - typically kept short as a control against replay
attacks, default is 10s. You'll want to
# increase this timeout if you are manually testing service ticket
creation/validation via tamperdata or similar tools
cas.ticket.st.timeToKillInSeconds=45
cas.ticket.st.numberOfUses=1
cas.googleAnalytics.googleAnalyticsTrackingId=UA-801923423-2
cas.slo.disabled=true
# cas.slo.asynchronous=true
logging.config: file:/etc/cas/config/log4j2.xml
##
# CAS Logout Behavior
# WEB-INF/cas-servlet.xml
#
# Specify whether CAS should redirect to the specified service parameter on
/logout requests
cas.logout.followServiceRedirects=true
# cas.serviceRegistry.config.location: classpath:/services
# Authentication
# Throttle - I honestly have no idea what units these things are in... May
the docs are better by now...
#
https://apereo.github.io/cas/development/installation/Configuration-Properties.html#authentication-throttling
cas.authn.throttle.usernameParameter=username
cas.authn.throttle.startDelay=10000
cas.authn.throttle.repeatInterval=20000
cas.authn.throttle.appcode=CAS
cas.authn.throttle.failure.threshold=100
cas.authn.throttle.failure.code=AUTHENTICATION_FAILED
cas.authn.throttle.failure.rangeSeconds=60
cas.authn.jdbc.search[0].fieldUser=username
cas.authn.jdbc.search[0].tableUsers=users
cas.authn.jdbc.search[0].fieldPassword=passwordsha1
cas.authn.jdbc.search[0].healthQuery=SELECT 1
cas.authn.jdbc.search[0].isolateInternalQueries=false
cas.authn.jdbc.search[0].url=jdbc:sqlserver://oeuoue;databaseName=qjkrcg
cas.authn.jdbc.search[0].failFast=true
cas.authn.jdbc.search[0].isolationLevelName=ISOLATION_READ_COMMITTED
cas.authn.jdbc.search[0].dialect=org.hibernate.dialect.SQLServer2008Dialect
cas.authn.jdbc.search[0].leakThreshold=10
cas.authn.jdbc.search[0].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.jdbc.search[0].batchSize=1
cas.authn.jdbc.search[0].user=CAS_User
cas.authn.jdbc.search[0].ddlAuto=validate
cas.authn.jdbc.search[0].maxAgeDays=180
cas.authn.jdbc.search[0].password=ououeo
cas.authn.jdbc.search[0].autocommit=false
cas.authn.jdbc.search[0].driverClass=com.microsoft.sqlserver.jdbc.SQLServerDriver
cas.authn.jdbc.search[0].idleTimeout=5000
cas.authn.jdbc.search[0].passwordEncoder.type=STANDARD
cas.authn.jdbc.search[0].passwordEncoder.characterEncoding=UTF-8
cas.authn.jdbc.search[0].passwordEncoder.encodingAlgorithm=SHA1
cas.authn.jdbc.search[0].passwordEncoder.secret=
cas.authn.jdbc.search[0].passwordEncoder.strength=16
cas.authn.jdbc.bind[0].principalTransformation.suffix=
cas.authn.jdbc.bind[0].principalTransformation.caseConversion=LOWERCASE
cas.authn.jdbc.bind[0].principalTransformation.prefix=
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3179fbe9-67cc-4944-b8a1-e32519b7621e%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
