Hi, We have picked up a weird issue during our development of a our CAS upgrade. We are running two instances of CAS an instance handle only the delegation authentication for employee/students to Azure Ad and applicants to the second instance of CAS for on premise AD.
This issue when you try and run CAS configuration from another directory e.g. "/etc/applicantCas/config" and the main directory of "/etc/cas/config" is not accessible (not writtable). The issue looks that either the configuration is not be read or or something as I am getting the following error Caused by: java.io.FileNotFoundException: /etc/cas/config/keystore.jwks (Permission denied) Even though I have the following set cas.authn.oidc.jwks.fileSystem.jwks-file=file:/etc/applicantCas/config/defaultKeystore.jwks I have overlay configured with implementation "org.apereo.cas:cas-server-core-api-configuration-model" implementation "org.apereo.cas:cas-server-webapp-init" implementation "org.apereo.cas:cas-server-support-json-service-registry" implementation "org.apereo.cas:cas-server-support-oauth-webflow" implementation "org.apereo.cas:cas-server-support-oidc" implementation "org.apereo.cas:cas-server-support-ldap" Tomcat is set to with -Dcas.standalone.configuration-directory=/etc/applicantCas/config Tomcat is set to run from user/group tomcat1012 (tomcat 10 instance 2) The main CAS configuration "/etc/cas/config/" is set to user/group tomcat101 (tomcat 10 instance 1) and hence the main configuration is writtable from tomcat1012. I think part of the issue that in FileSystemOidcJsonWebKeystoreProperties.java the variable jwksFile is hardcoded to "file:/etc/cas/config/keystore.jwks" Should not the above variable honor the cas.standalone.configuration-directory setting. I apologies if this is not clear. Regards, Colin -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7113bf1d-7df9-44bc-960c-15d498dd71adn%40apereo.org.