Thank you very much, that did the trick. Your site is a huge help, very nice to have clear examples and explanations. The only thing I am still not sure about is how to secure the /status endpoint.
On Fri, Oct 25, 2019 at 3:45 AM David Curry <[email protected]> wrote: > At first blush it looks like your cas.properties property names are wrong; > there might be other things too that you didn't happen to quote. Here's a > step-by-step for enabling them all, if you find it helpful: > > > https://dacurry-tns.github.io/deploying-apereo-cas/building_server_dashboard_overview.html > > > --Dave > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR • INFORMATION SECURITY & PRIVACY* > THE NEW SCHOOL • INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 646 909-4728 • [email protected] > > > On Fri, Oct 25, 2019 at 1:09 AM Sam Erie <[email protected]> wrote: > >> I have been struggling to get access to development CAS v5.2.4 status >> endpoints. I was unable to get them unsecured and went on to add Spring >> Security with master user, who it is correctly validating, but somehow my >> IP is still not authorized. Following are relevant properties and logs. I'm >> confused by the fact that it should be matching any IP with .+ yet it still >> says Unauthorized IP address. Any help would be much appreciated. >> >> >> endpoints.status.enabled=true >> endpoints.status.sensitive=false >> endpoints.dashboard.enabled=true >> endpoints.dashboard.sensitive=false >> cas.adminPagesSecurity.ip=.+ >> security.user.name=admin >> security.user.password=admin >> >> >> 2019-10-23 21:58:11,093 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >> <=== >> SECURITY ===> >> >> 2019-10-23 21:58:11,093 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >> <url: >> https://sanitized/cas/status> >> >> 2019-10-23 21:58:11,093 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >> <matchers: null> >> >> 2019-10-23 21:58:11,093 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >> <clients: IpClient> >> 2019-10-23 21:58:11,094 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] >> - <currentClients: [ >> #IpClient# | name: IpClient | credentialsExtractor: null | authenticator: >> IpRegexpAuthenticator[.+ ] >> >> | profileCreator: >> org.pac4j.core.profile.creator.AuthenticatorProfileCreator@290e9599 >> | authorizationGenerators: [] |]> >> >> 2019-10-23 21:58:11,095 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >> <loadProfilesFromSession: false> >> >> 2019-10-23 21:58:11,110 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >> <profiles: []> >> 2019-10-23 21:58:11,110 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] >> - <Performing authentication for direct client: >> #IpClient# | name: IpClient | credentialsExtractor: null | authenticator: >> IpRegexpAuthenticator[.+ ] >> >> | profileCreator: >> org.pac4j.core.profile.creator.AuthenticatorProfileCreator@290e9599 >> | authorizationGenerators: [] |> >> >> 2019-10-23 21:58:11,126 DEBUG [org.pac4j.http.client.direct.IpClient] - >> <Credentials validation took: 14 ms> >> >> 2019-10-23 21:58:11,126 INFO [org.pac4j.http.client.direct.IpClient] - >> <Failed to retrieve or validate credentials: Unauthorized IP address: >> 172.21.96.74> >> >> 2019-10-23 21:58:11,126 DEBUG [org.pac4j.http.client.direct.IpClient] - >> <Failed to retrieve or validate credentials> >> >> org.pac4j.core.exception.CredentialsException: Unauthorized IP address: >> 172.21.96.74 >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BLYuO2dihVM96XAKC-EXEJBjMqyYhqau1jHMBwHJ9Bncw%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BLYuO2dihVM96XAKC-EXEJBjMqyYhqau1jHMBwHJ9Bncw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAP6HfJqfdVtX2J639vo7XnMHY_vwGaFqyp0Z7OLYqs%3DSA%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAP6HfJqfdVtX2J639vo7XnMHY_vwGaFqyp0Z7OLYqs%3DSA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BLvRdUREtvdmYROA9NkA%3DQYne8Htv0%2Bm6SZ8XHXbfcUkA%40mail.gmail.com.
