Well, your other error about logs went away. So something’s up with permissions and/or tomcat that reads them perhaps.
If you want to get db authn working, it’s not enough to simply include the properties. You’ll also need to declare the relevant module to express your intention. Your overlay didnt show it. https://apereo.github.io/cas/development/installation/Database-Authentication.html -- Misagh From: Loren Klingman <[email protected]> Reply: Loren Klingman <[email protected]> Date: August 3, 2016 at 2:36:22 PM To: CAS Community <[email protected]> Cc: [email protected] <[email protected]> Subject: Re: [cas-user] CAS 5 Connect to JDBC for Authentication I still get the static login from ./bulid.sh run. It seems to generate a bunch of keys which should have already been set in my cas.properties file which leads me to think at least part of the problem is with that. The file is in /etc/cas/config/cas.properties (seems to be a new location from the former /etc/cas/cas.properties). The file (and folders) are owned by root:root, but the are all world readable. If nothing rings a bell in any of that, could you put the exact overlay template you are using with database authentication online somewhere, and I'll try pulling that in? (Of course, I'll have to change the database, but even if I didn't if I can get to an error with the database connection that would be progress.) Also, thanks so much for your help! I try to keep detailed notes so I'll post my full install guide for Ubuntu 16.04 when I get it running and hopefully that will help others. Here is my output: __ ____ _ ____ __ / / / ___| / \ / ___| \ \ | | | | / _ \ \___ \ | | | | | |___ / ___ \ ___) | | | | | \____|/_/ \_\|____/ | | \_\ /_/ CAS Version: 5.0.0.RC1-SNAPSHOT Build Date/Time: 2016-08-03T21:18:38Z Java Home: /usr/lib/jvm/java-8-openjdk-amd64/jre Java Vendor: Oracle Corporation Java Version: 1.8.0_91 OS Architecture: amd64 OS Name: Linux OS Version: 4.4.0-21-generic 2016-08-03 17:19:09,728 INFO [org.apereo.cas.web.CasWebApplication] - <The following profiles are active: native> 2016-08-03 17:20:17,567 INFO [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 0 services from InMemoryServiceRegistryDaoImpl.> 2016-08-03 17:21:09,669 WARN [org.apereo.cas.WebflowConversationStateCipherExecutor] - <Secret key for signing is not defined. CAS will attempt to auto-generate the signing key> 2016-08-03 17:21:09,738 WARN [org.apereo.cas.WebflowConversationStateCipherExecutor] - <Generated signing key rIH_jLu8goRjqDI7nhatbyZiUGXHBcDxPmTQzPY9EoueP6ZicsQ77qnXkS1txOaDQinVQ7AWjBAV0leD9iE7TA of size 512. The generated key MUST be added to CAS settings.> 2016-08-03 17:21:09,739 WARN [org.apereo.cas.WebflowConversationStateCipherExecutor] - <No encryption key is defined. CAS will attempt to auto-generate keys> 2016-08-03 17:21:09,740 WARN [org.apereo.cas.WebflowConversationStateCipherExecutor] - <Generated encryption key YlXiwAUdrcsYlUjG of size 16. The generated key MUST be added to CAS settings.> 2016-08-03 17:21:10,808 WARN [org.apereo.cas.config.CasSecurityContextConfiguration] - <> 2016-08-03 17:21:10,825 WARN [org.apereo.cas.config.CasSecurityContextConfiguration] - < ____ _____ ___ ____ _ / ___| |_ _| / _ \ | _ \ | | \___ \ | | | | | || |_) || | ___) | | | | |_| || __/ |_| |____/ |_| \___/ |_| (_) CAS is configured to accept a static list of credentials for authentication. While this is generally useful for demo purposes, it is STRONGLY recommended that you DISABLE this authentication method (by REMOVING 'cas.authn.accept.users' from your configuration) and switch to a mode that is more suitable for production. > 2016-08-03 17:21:10,831 WARN [org.apereo.cas.config.CasSecurityContextConfiguration] - <> 2016-08-03 17:21:22,793 WARN [org.apereo.cas.services.InMemoryServiceRegistryDaoImpl] - <Runtime memory is used as the persistence storage for retrieving and persisting service definitions. Changes that are made to service definitions during runtime will be LOST upon container restarts.> 2016-08-03 17:21:22,811 WARN [org.apereo.cas.services.InMemoryServiceRegistryDaoImpl] - <Runtime memory is used as the persistence storage for retrieving and persisting service definitions. Changes that are made to service definitions during runtime will be LOST upon container restarts.> 2016-08-03 17:21:22,827 INFO [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services from InMemoryServiceRegistryDaoImpl.> 2016-08-03 17:22:04,182 INFO [org.apereo.cas.configuration.CasConfigurationRebinder] - <Reloading CAS configuration via cas-org.apereo.cas.configuration.CasConfigurationProperties> 2016-08-03 17:22:04,653 INFO [org.apereo.cas.configuration.CasConfigurationRebinder] - <Reloaded CAS configuration cas-org.apereo.cas.configuration.CasConfigurationProperties> 2016-08-03 17:22:11,319 INFO [org.apereo.cas.web.CasWebApplication] - <The following profiles are active: native> 2016-08-03 17:22:12,953 INFO [org.apereo.cas.web.CasWebApplication] - <Started CasWebApplication in 6.475 seconds (JVM running for 208.508)> 2016-08-03 17:22:13,694 WARN [org.apereo.cas.util.TicketGrantingCookieCipherExecutor] - <Secret key for encryption is not defined. CAS will attempt to auto-generate the encryption key> 2016-08-03 17:22:13,695 WARN [org.apereo.cas.util.TicketGrantingCookieCipherExecutor] - <Generated encryption key ufXZRKBro-62lLFa79hlFrx94V2BTZHeRdpqY1iydgQ of size 256. The generated key MUST be added to CAS settings.> 2016-08-03 17:22:13,696 WARN [org.apereo.cas.util.TicketGrantingCookieCipherExecutor] - <Secret key for signing is not defined. CAS will attempt to auto-generate the signing key> 2016-08-03 17:22:13,696 WARN [org.apereo.cas.util.TicketGrantingCookieCipherExecutor] - <Generated signing key IeXJFidypAEpbWuUCpaEJh3c6Ghi9_eAhQs_6mUTFWUSmiVv137Fimp2HVdRVPnbT2HynF7gvJGbBYirLrON_w of size 512. The generated key MUST be added to CAS settings.> 2016-08-03 17:22:14,152 INFO [org.apereo.cas.configuration.support.Beans] - <Ticket registry encryption/signing is turned off. This may NOT be safe in a clustered production environment. Consider using other choices to handle encryption, signing and verification of ticket registry tickets.> 2016-08-03 17:22:18,770 INFO [org.apereo.cas.web.CasWebApplication] - <Started CasWebApplication in 207.005 seconds (JVM running for 214.325)> 2016-08-03 17:22:27,505 INFO [org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter] - <Beginning audit cleanup...> 2016-08-03 17:22:37,505 INFO [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services from InMemoryServiceRegistryDaoImpl.> 2016-08-03 17:22:37,539 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Beginning ticket cleanup...> 2016-08-03 17:22:37,546 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <0 expired tickets removed.> 2016-08-03 17:22:37,546 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Finished ticket cleanup.> 2016-08-03 17:22:47,506 INFO [org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter] - <Beginning audit cleanup...> 2016-08-03 17:23:07,507 INFO [org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter] - <Beginning audit cleanup...> Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< - expected >JDWP-Handshake< Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< - expected >JDWP-Handshake< Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< - expected >JDWP-Handshake< Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< - expected >JDWP-Handshake< Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< - expected >JDWP-Handshake< Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< - expected >JDWP-Handshake< Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< - expected >JDWP-Handshake< Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< - expected >JDWP-Handshake< Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< - expected >JDWP-Handshake< Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< - expected >JDWP-Handshake< 2016-08-03 17:23:27,507 INFO [org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter] - <Beginning audit cleanup...> 2016-08-03 17:23:37,505 INFO [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services from InMemoryServiceRegistryDaoImpl.> 2016-08-03 17:23:37,554 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Beginning ticket cleanup...> 2016-08-03 17:23:37,555 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <0 expired tickets removed.> 2016-08-03 17:23:37,555 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Finished ticket cleanup.> 2016-08-03 17:23:43,749 INFO [org.apereo.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies for warn cookie generator to: /cas/ > 2016-08-03 17:23:43,758 INFO [org.apereo.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies for TGC cookie generator to: /cas/ > 2016-08-03 17:23:47,508 INFO [org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter] - <Beginning audit cleanup...> 2016-08-03 17:23:57,560 INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <AcceptUsersAuthenticationHandler failed authenticating lklingman112> 2016-08-03 17:23:57,561 WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [lklingman112] of type [UsernamePasswordCredential], which suggests a configuration problem.> 2016-08-03 17:23:57,576 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN On Wednesday, August 3, 2016 at 4:56:35 PM UTC-4, Misagh Moayyed wrote: Cant duplicate. I’ll blame permissions, or tomcat. What happens when you run "./build.sh run”? -- Misagh From: Loren Klingman <[email protected]> Reply: Loren Klingman <[email protected]> Date: August 3, 2016 at 1:13:05 PM To: CAS Community <[email protected]> Cc: [email protected] <[email protected]> Subject: Re: [cas-user] CAS 5 Connect to JDBC for Authentication Reposting because I failed to post the last reply publically. Thanks, I've changed the cas.properties file as you requested. That line is actually exactly out of the overlay template on github (https://github.com/apereo/cas-overlay-template/blob/5.0/etc/cas/config/cas.properties) so if it's wrong it probably needs to be updated there also. My log4j2.xml should be an exact copy from the 5.0 branch of the overlay template, but I'm attaching it here just in case I changed something by mistake. Since I don't want to push database passwords up, I did not push up any changes to cas.properties to the overlay (which means it's actually exactly the same as the master one) but for good measure and in case I need it for future testing, I did push up what I'm using (the 5.0 branch): https://github.com/loren138/cas-overlay-test For deployment, I'm using the following commands to build and then send the war file over to tomcat8: sudo ./build.sh package sudo service tomcat8 stop && sudo rm -rf /var/lib/tomcat8/webapps/ROOT && sudo cp ./target/cas.war /var/lib/tomcat8/webapps/ROOT.war && sudo service tomcat8 start Loren Klingman On Wednesday, August 3, 2016 at 3:40:49 PM UTC-4, Misagh Moayyed wrote: And, this: logging.config: file:/etc/cas/config/log4j2.xml Probably should be: logging.config=file:/etc/cas/config/log4j2.xml And you want to make sure that file exists. If it does, please share that too. -- Misagh From: Misagh Moayyed <[email protected]> Reply: Misagh Moayyed <[email protected]> Date: August 3, 2016 at 12:36:10 PM To: CAS Community <[email protected]> Subject: Re: [cas-user] CAS 5 Connect to JDBC for Authentication Got an overlay you can share? -- Misagh From: Loren Klingman <[email protected]> Reply: Loren Klingman <[email protected]> Date: August 3, 2016 at 12:27:18 PM To: CAS Community <[email protected]> Subject: [cas-user] CAS 5 Connect to JDBC for Authentication I'm excited to start working with CAS 5 and setup all in the config file, but I'm having issues getting switched over to auth in the database. (IE casuser/Mellon is still the only login that works to login.) I've been trying to work slowly changing only what I need to at the time so I don't think I've changed any other files other than cas.properties (copied in below), but please let me know if some other file would be useful to include. I'm seeing this error in catalina.out which may be related: 2016-08-03 15:18:40,206 Log4j2-AsyncLoggerConfig-14 ERROR An exception occurred processing Appender casAudit java.lang.NullPointerException at org.apereo.cas.logging.CasAppender.append(CasAppender.java:85) at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:155) at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:128) at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:119) at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84) at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:390) at org.apache.logging.log4j.core.async.AsyncLoggerConfig.asyncCallAppenders(AsyncLoggerConfig.java:113) at org.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor$Log4jEventWrapperHandler.onEvent(AsyncLoggerConfigDisruptor.java:111) at org.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor$Log4jEventWrapperHandler.onEvent(AsyncLoggerConfigDisruptor.java:97) at com.lmax.disruptor.BatchEventProcessor.run(BatchEventProcessor.java:129) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) I haven't found any CAS log files yet (looking in /var/log/cas where they used to be) so let me know if I should be looking somewhere new for those). Here is my cas.properties file: cas.server.name: https://webdev-g.sbts.edu cas.server.prefix: https://webdev-g.sbts.edu/cas cas.adminPagesSecurity.ip=(10)(\.(241|244|245|247|99))(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2} # 8 hours - negative value = never expires cas.ticket.tgt.maxTimeToLiveInSeconds=28800 # 40 minutes (Set to a negative value to never expire tickets) cas.ticket.tgt.timeToKillInSeconds=2400 ## # CAS SSO Cookie Generation & Security # See https://github.com/mitreid-connect/json-web-key-generator # # Do note that the following settings MUST be generated per deployment. # # Defaults at spring-configuration/ticketGrantingTicketCookieGenerator.xml # The encryption secret key. By default, must be a octet string of size 256. tgc.encryption.key=stuff... # The signing secret key. By default, must be a octet string of size 512. tgc.signing.key=stuf... ## # Service Ticket Timeout # Default sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml # # Service Ticket timeout - typically kept short as a control against replay attacks, default is 10s. You'll want to # increase this timeout if you are manually testing service ticket creation/validation via tamperdata or similar tools cas.ticket.st.timeToKillInSeconds=45 cas.ticket.st.numberOfUses=1 cas.googleAnalytics.googleAnalyticsTrackingId=UA-801923423-2 cas.slo.disabled=true # cas.slo.asynchronous=true logging.config: file:/etc/cas/config/log4j2.xml ## # CAS Logout Behavior # WEB-INF/cas-servlet.xml # # Specify whether CAS should redirect to the specified service parameter on /logout requests cas.logout.followServiceRedirects=true # cas.serviceRegistry.config.location: classpath:/services # Authentication # Throttle - I honestly have no idea what units these things are in... May the docs are better by now... # https://apereo.github.io/cas/development/installation/Configuration-Properties.html#authentication-throttling cas.authn.throttle.usernameParameter=username cas.authn.throttle.startDelay=10000 cas.authn.throttle.repeatInterval=20000 cas.authn.throttle.appcode=CAS cas.authn.throttle.failure.threshold=100 cas.authn.throttle.failure.code=AUTHENTICATION_FAILED cas.authn.throttle.failure.rangeSeconds=60 cas.authn.jdbc.search[0].fieldUser=username cas.authn.jdbc.search[0].tableUsers=users cas.authn.jdbc.search[0].fieldPassword=passwordsha1 cas.authn.jdbc.search[0].healthQuery=SELECT 1 cas.authn.jdbc.search[0].isolateInternalQueries=false cas.authn.jdbc.search[0].url=jdbc:sqlserver://oeuoue;databaseName=qjkrcg cas.authn.jdbc.search[0].failFast=true cas.authn.jdbc.search[0].isolationLevelName=ISOLATION_READ_COMMITTED cas.authn.jdbc.search[0].dialect=org.hibernate.dialect.SQLServer2008Dialect cas.authn.jdbc.search[0].leakThreshold=10 cas.authn.jdbc.search[0].propagationBehaviorName=PROPAGATION_REQUIRED cas.authn.jdbc.search[0].batchSize=1 cas.authn.jdbc.search[0].user=CAS_User cas.authn.jdbc.search[0].ddlAuto=validate cas.authn.jdbc.search[0].maxAgeDays=180 cas.authn.jdbc.search[0].password=ououeo cas.authn.jdbc.search[0].autocommit=false cas.authn.jdbc.search[0].driverClass=com.microsoft.sqlserver.jdbc.SQLServerDriver cas.authn.jdbc.search[0].idleTimeout=5000 cas.authn.jdbc.search[0].passwordEncoder.type=STANDARD cas.authn.jdbc.search[0].passwordEncoder.characterEncoding=UTF-8 cas.authn.jdbc.search[0].passwordEncoder.encodingAlgorithm=SHA1 cas.authn.jdbc.search[0].passwordEncoder.secret= cas.authn.jdbc.search[0].passwordEncoder.strength=16 cas.authn.jdbc.bind[0].principalTransformation.suffix= cas.authn.jdbc.bind[0].principalTransformation.caseConversion=LOWERCASE cas.authn.jdbc.bind[0].principalTransformation.prefix= -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3179fbe9-67cc-4944-b8a1-e32519b7621e%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/448e90ff-5edf-4c5b-a64e-afc6496f970e%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57a269c7.544c61f6.232b%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
