Re: [cas-user] cas 3.5.2 not authorized service despite bean being present.

[Ray Bon]

Jennifer,

Perhaps there are some typos in your examples.
The log is looking for https://xxx.uni.edu:4443 but your service is either 
xxx.uni.bridgew.edu:4443 or xxx.uni.edu:4447
and the third example is 'http://xxx'

Does 3.5.2 allow regular expressions for serviceId?

Otherwise, set serviceId to be what the service is sending.

Ray

On Tue, 2020-04-14 at 11:09 -0700, Jennifer LaVoie wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hi everyone

Background:
I am running an old implementation of jasig cas (3.5.2) on redhat 5.  We are 
working on going to our new Apero cas but we have one app that simply won't 
work in the new environment.  So to try to get the rest of our apps over to the 
new cas, we decided to (vmware) CLONE the cas.production server to a new 
VMserver, so that just this ONE app can stay on the old version of cas until 
the app gets upgraded in July.  I have been supporting cas for like 6 years, 
and I have added many apps into the deployerConfig file.

So...new clone...I update all the server and cas config files so that cas now 
knows it's cas-te.

I added the bean.

I get unauthorized server...

I can't figure out what I am doing wrong...

I copied the bean from our old cas-test server too...and the app works 
there...but not on this new cas-te.

I am so stuck

Here is my bean

WORKS IN 3.5.2 prod
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
                        <property name="id" value="5" />
                        <property name="name" value="Travel and Expense PROD" />
                        <property name="description" value="TE PROD" />
                        <property name="serviceId" 
value="https://xxx.uni.edu:4447/tvlexp/**"; />
                        <property name="evaluationOrder" value="1" />
                        <property name="allowedAttributes">
                                <list>
                                        <value>UDC_IDENTIFIER</value>
                                </list>
                        </property>
                    </bean>


WORKS IN 3.5.2 TEST BUT NOT 3.5.2 CAS-TE
 <bean class="org.jasig.cas.services.RegisteredServiceImpl">
                        <property name="id" value="48" />
                        <property name="name" value="T and E TEST" />
                        <property name="description" value="T and E TEST" />
                        <property name="serviceId" 
value="https://xxx.uni.bridgew.edu:4443/tvlexp/tvlexp-flex/index.jsp"; />
                        <property name="evaluationOrder" value="1" />
                        <property name="allowedAttributes">
                                <list>
                                        <value>UDC_IDENTIFIER</value>
                                </list>
                        </property>
                    </bean>



WORKS IN 3.5.2 TEST BUT NOT 3.5.2 CAS-TE

 <bean class="org.jasig.cas.services.RegisteredServiceImpl">
                        <property name="id" value="49" />
                        <property name="name" value="Travel and Expense CAS" />
                        <property name="description" value="Travel and Expense 
CAS SSO" />
                        <property name="serviceId" 
value="http://xxx.campus.uni.edu:7777/tvlexp/tvlexp-flex/index.jsp"; />
                        <property name="evaluationOrder" value="1" />
                        <property name="allowedAttributes">
                                <list>
                                        <value>UDC_IDENTIFIER</value>
                                </list>
                        </property>

When I try to log in to the service, I see this in my catalina.out



2020-04-14 11:14:37,007 WARN [org.jasig.cas.CentralAuthenticationServiceImpl] - 
<ServiceManagement: Unauthorized Service Access. Service 
[https://xxx.uni.edu:4443/tvlexp/tvlexp-flex/index.jsp] not found in Service 
Registry.>
2020-04-14 11:14:37,008 INFO 
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN
=============================================================
WHO: JENNIFER.LAVOIE
WHAT: https://txxx.uni.edu:4443/tvlexp/tvlexp-flex/index.jsp
ACTION: SERVICE_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Tue Apr 14 11:14:37 EDT 2020
CLIENT IP ADDRESS: xxx
SERVER IP ADDRESS: xxx
=============================================================

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/67ca34483d28fbd04ea193117b4a6b8110dc000e.camel%40uvic.ca.