Perfect David,


I cannot tell you how many different combination of that user.properties 
files I tried to no avail.



Thanks again





===========================

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Friday, February 23, 2018 10:58 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS5 management



As for the cheesiness of it, I believe it's inherited from Spring Security 
(which is an alternative way you can protect the management webapp):



https://docs.spring.io/spring-security/site/docs/2.0.x/reference/html/authentication-common-auth-services.html



So blame them, not the CAS project. :-)



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:53 AM, David Curry <david.cu...@newschool.edu 
<mailto:david.cu...@newschool.edu> > wrote:

You still need the (unused) password in there, like this:



ccheltenham-ext=notused,ROLE_ADMIN,enabled



(and you don't really need the "enabled"). Note that "ccheltenham-ext" 
should then be a user that can authenticate via CAS, since you're protecting 
the management webapp with CAS.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:51 AM, Cheltenham, Chris 
<ccheltenham-...@philasd.org <mailto:ccheltenham-...@philasd.org> > wrote:

Ok I see David,



So I tried this and still doesn’t work.



ccheltenham-ext=ROLE_ADMIN,enabled



I gotta say this is a really stupid and cheesy way to do this.





===========================

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of 
David Curry
Sent: Friday, February 23, 2018 10:48 AM


To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] CAS5 management



Gnarls the Narwhal is The New School's mascot.



https://www.newschool.edu/recreation/where-is-gnarls/



I wanted a "dummy" account to use in my CAS testing and documentation, and 
"casuser" was already taken, so... :-)



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:42 AM, Cheltenham, Chris 
<ccheltenham-...@philasd.org <mailto:ccheltenham-...@philasd.org> > wrote:

Thanks David,



What is gnarls?







===========================

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of 
David Curry
Sent: Friday, February 23, 2018 10:33 AM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] CAS5 management



Your users.properties file is not formatted correctly. It's the same format 
(and in fact can be the same file) as the one for the admin pages:



# The syntax for each line is:

#

# username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]

#

gnarls=passwordnotused,ROLE_ADMIN



The above allows a user named "gnarls" to have access.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:28 AM, Cheltenham, Chris 
<ccheltenham-...@philasd.org <mailto:ccheltenham-...@philasd.org> > wrote:



Hello Everyone,



Still having problems with access denied on /cas-management



I turned on DEBUG and I see this in the logs.



22T13:22:12.379-05:00[America/New_York], authenticationMethod=Employee-LDAP, 
successfulAuthenticationHandlers=Employee-LDAP,

longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: [] 
| isRemembered: false | clientName: CasClient |

linkedId: null |] does not contain the required role [ROLE_ADMIN]





My users.properties files look thusly –

     casuser=ROLE_ADMIN,<myid>



and yes ROLE_ADMIN is stated in the management.properties file.

     cas.mgmt.adminRoles[0]=ROLE_ADMIN



There is a Json file in /etc/cas/services or the users.properties file.



That is stated in cas.properties

   cas.serviceRegistry.config.location=file:/etc/cas/services



Is there a way to format the users. Properties file so anyone can use the 
management portal?







===========================

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/008301d3acba%24f0e4fe30%24d2aefa90%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/008301d3acba%24f0e4fe30%24d2aefa90%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .

To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOZfm-azTX0TzCFs7AYmY2DkvNLF%2Bv82mJqicSZntatMA%40mail.gmail.com
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOZfm-azTX0TzCFs7AYmY2DkvNLF%2Bv82mJqicSZntatMA%40mail.gmail.com?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/009501d3acbc%24e8d7c400%24ba874c00%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/009501d3acbc%24e8d7c400%24ba874c00%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .

To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPsxTh%3D1Szic2XDDQtjgpOyP2Mf3k_CHObmFbd2bOPhKg%40mail.gmail.com
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPsxTh%3D1Szic2XDDQtjgpOyP2Mf3k_CHObmFbd2bOPhKg%40mail.gmail.com?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00b301d3acbe%2425967f20%2470c37d60%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/00b301d3acbe%2425967f20%2470c37d60%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.





-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XANVEgO%2B8MJrQNAjMN%2B4Nb3_WnGCTfGm04QHKDCNgSuMkg%40mail.gmail.com
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XANVEgO%2B8MJrQNAjMN%2B4Nb3_WnGCTfGm04QHKDCNgSuMkg%40mail.gmail.com?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00d701d3acc0%244ace51d0%24e06af570%24%40philasd.org.

Reply via email to