I did find erros in my configuration now its working fine : cas.monitor.endpoints.endpoint.health.access[0]=IP_ADDRESS cas.monitor.endpoints.endpoint.health.required-ip-addresses[0]=127.0.0.1|10.xx.xx.xx|10.xx.xx.xx|xxx.xxx.xxx.xx|10.xx.xx.*
I had to delete [0] and changed "|" to ", " then I stopped getting parse errors but it did't like wildcards so i had to put CIDR insted so in the end my config look like this : cas.monitor.endpoints.endpoint.health.access=IP_ADDRESS cas.monitor.endpoints.endpoint.health.required-ip-addresses=127.0.0.1,10.xx.xx.xx,10.xx.xx.xx,xxx.xxx.xxx.xx,10.xx.xx.xx/24 But like i said before my old config worked well in version 6.5.x sobota, 25 lutego 2023 o 08:03:35 UTC+1 Arkady Keppert napisał(a): > I did also notice that i get errors in catalina.out like this : > > 2023-02-25 07:45:38,706 ERROR > [org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer] - > <Cannot read/parse > [{"@class":"org.apereo.cas.services.CasRegisteredService","serviceId":" > https://xxx.xxx.xxxxxx.xxx.*","name":"xxx",...] to deserialize into type > [interface org.apereo.cas.services.RegisteredService]. This may be caused > in the absence of a configuration/support module that knows how to > interpret the fragment, specially if the fragment describes a CAS > registered service definition. Internal parsing error is [Could not resolve > type id 'org.apereo.cas.services.CasRegisteredService' as a subtype of > `org.apereo.cas.services.RegisteredService`: no such class found > > But in cas.log i dont see this errors is this normal ? > > sobota, 25 lutego 2023 o 07:43:26 UTC+1 Arkady Keppert napisał(a): > >> Ray, >> >> Yes i did try without '*' but the result is the same. I dont get it >> everything is working fine on version 6.5.9 but it dont work on 6.6.6 with >> exactly the same settings. Noone else is getting the same errors ? >> >> piątek, 24 lutego 2023 o 18:16:27 UTC+1 Ray Bon napisał(a): >> >>> Arkady, >>> >>> Did you try without the '*'? (i.e. use specific ips) >>> >>> Ray >>> >>> On Thu, 2023-02-23 at 23:48 -0800, Arkady Keppert wrote: >>> >>> Notice: This message was sent from outside the University of Victoria >>> email system. Please be cautious with links and sensitive information. >>> >>> If i leave only one ip addres everything is working fine. I did try >>> before with comma separated and the result is the same but when comma >>> separated it wont let me in even when i provide my ip addres. >>> >>> 2023-02-24 07:31:45,593 WARN >>> [org.apereo.cas.util.function.FunctionUtils] - <Failed to parse >>> address127.0.0.1,10.xx.xx.* >>> IpAddressMatcher.java:parseAddress:96 >>> IpAddressMatcher.java:<init>:58 >>> >>> CasWebSecurityConfigurerAdapter.java:lambda$configureEndpointAccessByIpAddress$10:297 >>> > >>> 2023-02-24 07:31:45,593 WARN >>> [org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter] - <Provided >>> regular expression or IP/netmask [[127.0.0.1,10.xx.xx.*]] does not match >>> [10.xx.xx.7]> >>> >>> Everything is working fine on version 6.5.9 with the same setting and >>> ip separated with | - like 127.0.0.1|10.xx.xx.* >>> >>> czwartek, 23 lutego 2023 o 18:33:49 UTC+1 Ray Bon napisał(a): >>> >>> And see the link that Dimitry provided in this convo, >>> https://groups.google.com/a/apereo.org/g/cas-user/c/4cfgQCOhx14/m/Ko-LwxttBAAJ >>> >>> Ray >>> >>> On Thu, 2023-02-23 at 06:00 -0800, Arkady Keppert wrote: >>> >>> Notice: This message was sent from outside the University of Victoria >>> email system. Please be cautious with links and sensitive information. >>> >>> I'm getting errors while checking the status of cas: >>> >>> 2023-02-23 14:48:34,931 WARN >>> [org.apereo.cas.util.function.FunctionUtils] - <Failed to parse >>> address127.0.0.1|10.xx.xx.xx|10.xx.xx.xx|xxx.xxx.xxx.xx|10.xx.xx.* >>> IpAddressMatcher.java:parseAddress:96 >>> IpAddressMatcher.java:<init>:58 >>> >>> CasWebSecurityConfigurerAdapter.java:lambda$configureEndpointAccessByIpAddress$10:297 >>> >>> my cas.properties looks like this : >>> >>> cas.monitor.endpoints.endpoint.defaults.access=IP_ADDRESS >>> cas.monitor.endpoints.endpoint.defaults.required-ip-addresses= >>> 127.0.0.1|10.xx.xx.xx|10.xx.xx.xx|10.xx.xx.* >>> >>> cas.monitor.endpoints.endpoint.health.access[0]=IP_ADDRESS >>> >>> cas.monitor.endpoints.endpoint.health.required-ip-addresses[0]=127.0.0.1|10.xx.xx.xx|10.xx.xx.xx|xxx.xxx.xxx.xx|10.xx.xx.* >>> cas.monitor.endpoints.endpoint.dashboard.access[0]=IP_ADDRESS >>> >>> cas.monitor.endpoints.endpoint.dashboard.required-ip-addresses[0]=127.0.0.1|10.xx.xx.xx|10.xx.xx.xx|xxx.xxx.xxx.xx|10.xx.xx.* >>> >>> # discoveryProfile used by cas-management, WORKS only by IP address >>> access. Restrict it. >>> cas.monitor.endpoints.endpoint.discoveryProfile.access[0]=IP_ADDRESS >>> >>> cas.monitor.endpoints.endpoint.discoveryProfile.required-ip-addresses[0]=127.0.0.1|10.xx.xx.xx|10.xx.xx.xx|xxx.xxx.xxx.xx|10.xx.xx.* >>> >>> cas version : 6.6.6 >>> tomcat version : 9.0.71 >>> >>> Does anyone have similar problems or a solution >>> >>> >>> >>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9f6d4882-a531-4b4d-b21a-a81e3fc63010n%40apereo.org.