Hello,
Technically MDQ is an API so not really set of XML files, sorry for
mistaking you a bit. But returning document is a valid XML, so... :)
If you do not need to use InCommon (or possibly other MDQ registry), you
can leave the property empty.
Otherwise,
https://github.com/apereo/cas-management/blob/0396f5a5a69af22845b4dd4e633cf74dda195e63/api/cas-mgmt-api-configuration/src/main/java/org/apereo/cas/configuration/CasManagementConfigurationProperties.java#L157
Cheers,
Fiisch
On 03/11/2022 01:48 PM, Juan María Reina Ortiz wrote:
Leaving this parameter empty allowed me tyo start cas-management, but
I'm still considering to have this xml locally downloaded. But, here's
another thing I need to ask: What is the URL from I could download the
xml file?
Again, thanks in advance. Your help is being very valuable
Cheers!
El viernes, 11 de marzo de 2022 a las 12:27:27 UTC+1,
[email protected] escribió:
Hello,
MDQ metadata endpoint is basically one huge XML file (or a set of
small ones) with SAML metadata of various organizations, in this
case, members of InCommon community.
MDQ as a technical standard is an IETF thing.
But what it means for CAS and Mgmt apps...
https://apereo.github.io/cas/6.5.x/installation/Configuring-SAML2-DynamicMetadata.html
- When you are creating a SAML registration in Mgmt app, the Mgmt
app can give you a choice of ready-made SAML metadata
configurations because it downloaded them upon its startup.
- CAS does not need to store the SAML metadata locally, it can
gather them from MDQ endpoint. This implies that CAS administrator
doesn't need to manage local metadata files of various connected
3rd parties.
- If you cannot access InCommon MDQ, you cannot consume 3rd party
SAML metadata automatically. So you are back to manual management
of metadata XML files. That is all.
Other than automating tasks around SAML metadata upkeeping, there
is no impact on the functionality.
However, even without proxy access, you can work around the issue.
You can, for example, periodically download the metadata with wget
and let CAS read the file locally or from some internal webserver.
You have a property (mgmt.in-common-mdq-url) which you can
configure, so if there is a will, there is a way. :) But I would
do it only if you really desperately need to access the InCommon
MDQ registry.
Cheers,
Fiisch
On 03/11/2022 11:05 AM, Juan María Reina Ortiz wrote:
Thanks, Petr
Having read that tread, what I've understood is that disabling
mdq would allow the process to start, but, what would be the
consecuences? I don't have a knowledge deep enough to foresee
what it will happen by not using this feature...
Thanks in advance
El viernes, 11 de marzo de 2022 a las 8:29:03 UTC+1,
[email protected] escribió:
Hello,
If the proxy settings do not work, you still should be able
to manipulate the URL of InCommon service... either to point
it somewhere where it can reach the data or to disable it
completely.
If i remember the source code correctly, you do not have to
specify only an URL but a filesystem path (file:///somepath)
might work too.
Check this thread
https://groups.google.com/a/apereo.org/g/cas-user/c/8eJvw8oikPw/m/tNAH1jIKBgAJ
Cheers,
Fiisch
On 03/10/2022 07:20 PM, Juan María Reina Ortiz wrote:
Hello everybody
Doesn't anybody have to deal with this? I mean, having a
cas-management installed on a server behind a proxy...
In that case, can anybody point me to a different place
where I could find some help?
Cheers!
El jueves, 3 de marzo de 2022 a las 8:16:11 UTC+1, Juan
María Reina Ortiz escribió:
Hello everybody
Ray, first of all, I have to confirm that I'm using 6.3.
And, yes, some of the options were probably wrong, so I
stuck to the ones you've mentioned. Anyway, it doesn't
work as the request are not passing through the proxy...
And I have to say that proxy is working well as I've had
to configure it to build the product (gradle.properties)
This failure prevent my cas-management to start
Thanks for your help.
El 02/03/2022 a las 18:49, Ray Bon escribió:
Juan,
I am unable to find proxy-host in the cas 6.4 docs. It
is in 6.3.
Is it still a property in 6.4?
Some cas. ... properties are available in
cas-management. I searched around the code but could
not find a place where proxy-host is used.
In cas 6.3 docs, I see only these proxy options
# cas.http-client.proxy-host=
# cas.http-client.proxy-port=0
I see that incommon is still hard coded into cas
management app; which is a shame.
Are you trying to get the incommon metadata?
Is that failure preventing cas management from working?
As a work around, you could filter out those log messages.
Ray
On Wed, 2022-03-02 at 14:13 +0100, Juan María Reina
Ortiz wrote:
Notice: This message was sent from outside the
University of Victoria email system. Please be
cautious with links and sensitive information.
Well, just changing "cas" to "mgmt" didn't work... I'm
trying to configure proxy parameters when starting
java, but, it neither doesn't work
Cheers!
El 02/03/2022 a las 13:18, Petr Fišer escribió:
Hello,
cas.* properties are meant to configure CAS, not the
management app. Properties for management app start
with "mgmt."
Skimming through
https://github.com/apereo/cas-management/blob/6.3.x/api/cas-mgmt-api-configuration/src/main/java/org/apereo/cas/configuration/CasManagementConfigurationProperties.java
there is no obvious property to configure a proxy.
Cheers,
Fiisch
On 03/02/2022 01:00 PM, Juan María Reina Ortiz wrote:
I did some research and I don't see traffic through
proxy, but through firewall, so I'm affraid proxy
is not configured properly. I did it adding the
above lines in management.properties...
Cheers
El miércoles, 2 de marzo de 2022 a las 12:17:34
UTC+1, Juan María Reina Ortiz escribió:
Good morning everybody
I'm trying to start cas-management and after a
while, the process shows me the following:
ERROR [org.apereo.cas.util.HttpUtils] - <Connect to
mdq.incommon.org:443 <http://mdq.incommon.org:443>
[mdq.incommon.org/13.33.232.95
<http://mdq.incommon.org/13.33.232.95>,
mdq.incommon.org/13.33.232.10
<http://mdq.incommon.org/13.33.232.10>,
mdq.incommon.org/13.33.232.66
<http://mdq.incommon.org/13.33.232.66>,
mdq.incommon.org/13.33.232.102
<http://mdq.incommon.org/13.33.232.102>] failed:
Expiró el tiempo de conexión (Connection timed out)>
org.apache.http.conn.HttpHostConnectException:
Connect to mdq.incommon.org:443
<http://mdq.incommon.org:443>
[mdq.incommon.org/13.33.232.95
<http://mdq.incommon.org/13.33.232.95>,
mdq.incommon.org/13.33.232.10
<http://mdq.incommon.org/13.33.232.10>,
mdq.incommon.org/13.33.232.66
<http://mdq.incommon.org/13.33.232.66>,
mdq.incommon.org/13.33.232.102
<http://mdq.incommon.org/13.33.232.102>] failed:
Expiró el tiempo de conexión (Connection timed out)
My server is behind a proxy so I've configured the
following:
cas.http-client.proxy-host=my_proxy_hostname
cas.http-client.proxy-port=my_proxy_port
cas.http-client.proxy-nonproxyihosts=
domain_1,domain_2,domain_3
cas.https-client.proxy-host= my_proxy_hostname
cas.https-client.proxy-port= my_proxy_port
cas.https-client.proxy-nonproxyihosts=domain_1,domain_2,domain_3
But the situation persists. I've also tried to set
the above when start the process
java -jar PATH_TO_CAS_MAN/cas-management.war
-Dhttp.proxySet=true -Dhttps.proxySet=true
-Dhttp.proxyHost=my_proxy_hostname...
It doesn't work
What I have to configure? What's happening?
Thanks in advance
--
- Website: https://apereo.github.io/cas
<https://apereo.github.io/cas>
- Gitter Chatroom: https://gitter.im/apereo/cas
<https://gitter.im/apereo/cas>
- List Guidelines: https://goo.gl/1VRrw7
<https://goo.gl/1VRrw7>
- Contributions: https://goo.gl/mh7qDG
<https://goo.gl/mh7qDG>
---
You received this message because you are subscribed
to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving
emails from it, send an email to
[email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bf1b275f-4182-4708-8725-87818fb5adb2n%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/bf1b275f-4182-4708-8725-87818fb5adb2n%40apereo.org?utm_medium=email&utm_source=footer>.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 <tel:%28250%29%20721-8831> | CLE 019 |
[email protected]
I acknowledge and respect the lək̓ʷəŋən peoples on
whose traditional territory the university stands, and
the Songhees, Esquimalt and WSÁNEĆ peoples whose
historical relationships with the land continue to this
day.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to
a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit
https://groups.google.com/a/apereo.org/d/topic/cas-user/1NIV6j269I8/unsubscribe.
To unsubscribe from this group and all its topics, send
an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c06c58a6cfbf6cde3f2a124425f72231dfcbe8d1.camel%40uvic.ca
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/c06c58a6cfbf6cde3f2a124425f72231dfcbe8d1.camel%40uvic.ca?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the
Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails
from it, send an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/973a8aa7-61ce-44d5-b46f-4fb191f0b4c4n%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/973a8aa7-61ce-44d5-b46f-4fb191f0b4c4n%40apereo.org?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/71ebc7ea-838a-410f-b0e1-4a7859d10e67%40gmail.com.
