Cyrus,
You may need to add to attribute release policy:
{
"@class": "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "^https?://clientdev.uvic.ca/proxy/.*",
"name": "Demo CAS Client proxy client",
"id": 1512514873495,
"description": "proxy client",
"proxyPolicy":
{
"@class":
"org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
"pattern":
"^https://clientdev.uvic.ca/proxy/pgtCallback<https://democasclientdev.uvic.ca/proxy/pgtCallback>"
},
"evaluationOrder": 20145,
"usernameAttributeProvider":
{
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider",
"canonicalizationMode": "NONE",
"encryptUsername": false
},
"attributeReleasePolicy":
{
"@class": "org.apereo.cas.services.DenyAllAttributeReleasePolicy",
"principalAttributesRepository":
{
"@class":
"org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository",
"expiration": 2,
"timeUnit": "HOURS"
},
"authorizedToReleaseCredentialPassword": false,
"authorizedToReleaseProxyGrantingTicket": true,
"excludeDefaultAttributes": true
},
"multifactorPolicy":
{
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
"failureMode": "CLOSED",
"bypassEnabled": false
},
"accessStrategy":
{
"@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled": true,
"ssoEnabled": true,
"requireAllAttributes": false,
"caseInsensitive": false
},
"publicKey":
{
"@class": "org.apereo.cas.services.RegisteredServicePublicKeyImpl",
"location": "/home/cas/config/keys/client_public.key",
"algorithm": "RSA"
},
"properties":
{
"@class": "java.util.HashMap",
"test":
{
"@class": "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values":
[
"java.util.HashSet",
[
"FALSE"
]
]
}
}
}
The above is what I have for a test service. It was created with the management
application. You do not need the public key. I think the pgtcallback has to be
an https url. If you are using self signed certs, you will have to add them to
the java keystore.
Ray
On Fri, 2020-04-10 at 02:07 -0700, Cyrus wrote:
Thanks for your answer Ray.
Firstly, I managed to find finally a solution for my problem. I went to the
application.yml file and added
cas:
serviceRegistry:
json:
location: file:///C:/etc/cas/services
And now it's working.
Now, to explain what I'm doing : I'm trying to test the phpCAS proxy files.
Everything went for the best with the basic example and login when I was using
Jasig CAS 3.5.2 version. But when trying the "example_proxy_serviceWeb.php" I
got the following error :
Authentication failure: Ticket validated but no PGT Iou transmitted
So I've looked for an answered and I found one here :
https://github.com/apereo/phpCAS/issues/168
"A PGTiou is usually not transmitted if the "service" within the cas server is
not proxy enabled (via cas server admin gui) or if the callback authentication
to the cas client (your moodle service) fails. This callback is done via https
and requires a trusted and matching certificate to be used on the cas client
webserver."
So I wanted to proxy enable my service, but couldn't find out how to do it with
this old version of CAS but found out, what I thought at the time, was an
answer for a 5.X version of CAS. That's why I used that version and had to deal
with the service registry issue.
BUT...
Now that my json Service file works, I've added a "proxyPolicy"...but it still
doesn't work :
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
"proxyPolicy" : {
"@class" :
"org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
"pattern" : "^(https|imaps)://.*"
},
"description" : "This service definition authorizes all application urls that
support HTTPS and IMAPS protocols.",
"evaluationOrder" : 10000
}
And now I feel like I'm in a dead end :(
But anyway, thanks for your answer again !
Le jeudi 9 avril 2020 19:12:04 UTC+2, rbon a écrit :
Cyrus,
Here is a more up to date tutorial,
https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html
When doing a new deployment, go with the latest version at least 6.1.x. And
note that property names change between versions.
Leave the management app out of this until cas is working.
Add these to the log file
<!-- INFO Loaded [#] service(s) from [???ServiceRegistryDAO]
DEBUG Adding registered service [service URL] -->
<AsyncLogger name="org.apereo.cas.services.AbstractServicesManager"
level="debug" />
<!-- outputs only during startup -->
<AsyncLogger name="org.apereo.cas.config" level="debug" />
You can log in to cas without going to a service first,
https://cashost/cas/login. Then use the php example apps. Start with basic
login, the proxy example requires additional service configuration.
Ray
On Thu, 2020-04-09 at 02:24 -0700, Cyrus wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hi everybody,
I'm trying to develop a CASified app with phpCAS. To do so I've installed a CAS
server on my computer following this tutorial :
https://apereo.atlassian.net/wiki/spaces/CASUM/pages/103261432/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven+WAR+Overlay+Method
First I installed Tomcat, then Jasig CAS version 3.5.2. I also installed WAMP
for my php pages and all was going for the best, after few tweakings as I was
trying the example_service.php of phpCAS :
https://github.com/apereo/phpCAS/blob/master/docs/examples/example_service.php
But then I swiched to the 5.3.14 apereo version of CAS and I can't connect to
CAS anymore, getting the "Application not authorized to use cas".
It seems to be a registry problem, so I gathered infos and here is what I have
done :
* I'm on Windows 10
* I've downloaded the Maeven WAR overlay with cas-overlay-template-5.3,
imported it in Eclipse, tried few things but finally just added the following
lines in the pom.xml :
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-json-service-registry</artifactId>
<version>${cas.version}</version>
</dependency>
* Once that done, I don't know why but Eclipse seemed to download few
things before closing (maybe due to what I just added to the pom file). Anyway,
I then typed the mvnw clean package to rebuild the server and then pasted the
war file in the webapps file of tomcat
* I've looked for cas.properties, to change the properties of
cas.serviceRegistry.config.location but finally I think that this file doesn't
exist and that I should use the application.properties file in the
WEB-INF/classes file. At least this is what I've done adding those two lines :
serviceRegistry.initFromJson=true
serviceRegistry.config.location=file:C:/etc/cas/services
* There is a WEB-INF/classes/services file but I didn't know if the CAS
server was checking this file, that's why I definied C:/etc/cas/services as my
services file to be sure.
* First I thought that the service wasn't accepted because WAMP was not
configure into https, that's why :
* first I tried to add a new json : a copy of
HTTPSandIMAPS-10000001.json where I just replace https by http
* but it didn't work so I configure WAMP to allow https connection...but
it didn't work.
Finally, when I connect to CAS here is what is written in the address bar :
https://localhost:8443/cas2/login?service=https%3A%2F%2Flocalhost%2FCAS_clientproxy%2Fexample_service.php
And if I wasn't previously connected to CAS, the error message says that the
registry is empty and does not contain any service definition.
But if I was previously identified it gives me a longer message which says
pretty much the same.
* Last thing : I donwloaded the cas-management.war and placed it in the
webapps directory of Tomcat. I tried to use it to add new service. On the gui I
clicked on add new services tried to had directly
https://localhost/CAS_clientproxy/example_service.php (or with a ^ before the
address). Couldn't connect without restarting the tomcat. And when I restarted
the Tomcat server, it was even worst, not only it still wasn't working, but
when I was connecting to CAS-management, the services I added had disappeared.
As you can see I'm really lost, and thus I would be really thankful if somebody
could help me.
Thanking you in advance.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]<javascript:>
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]<mailto:[email protected]>
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/75fb0c9b362d32459a7ba907a9f26e666437fc2c.camel%40uvic.ca.
