[cas-user] Two instances of CAS

Sun, 26 Mar 2023 22:39:55 -0700 

Hi,

We have picked up a weird issue during our development of a our CAS 
upgrade. We are running two instances of CAS an instance handle only the 
delegation authentication for employee/students to Azure Ad and applicants 
to the second instance of CAS for on premise AD.

This issue when you try and run CAS configuration from another directory 
e.g. "/etc/applicantCas/config" and the main directory of "/etc/cas/config" 
is not accessible (not writtable).

The issue looks that either the configuration is not be read or or 
something as I am getting the following error

Caused by: java.io.FileNotFoundException: /etc/cas/config/keystore.jwks 
(Permission denied)

Even though I have the following set

cas.authn.oidc.jwks.fileSystem.jwks-file=file:/etc/applicantCas/config/defaultKeystore.jwks

I have overlay configured with
    implementation "org.apereo.cas:cas-server-core-api-configuration-model"
    implementation "org.apereo.cas:cas-server-webapp-init"
    implementation "org.apereo.cas:cas-server-support-json-service-registry"
    implementation "org.apereo.cas:cas-server-support-oauth-webflow"
    implementation "org.apereo.cas:cas-server-support-oidc"
    implementation "org.apereo.cas:cas-server-support-ldap"

Tomcat is set to 
with -Dcas.standalone.configuration-directory=/etc/applicantCas/config
Tomcat is set to run from user/group tomcat1012 (tomcat 10 instance 2)

The main CAS configuration "/etc/cas/config/" is set to user/group 
tomcat101 (tomcat 10 instance 1) and hence the main configuration is 
writtable from tomcat1012.

I think part of the issue that 
in FileSystemOidcJsonWebKeystoreProperties.java the variable  jwksFile is 
hardcoded to  "file:/etc/cas/config/keystore.jwks"

Should not the above variable honor the  
cas.standalone.configuration-directory setting.

I apologies if this is not clear.

Regards,
Colin

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7113bf1d-7df9-44bc-960c-15d498dd71adn%40apereo.org.

Reply via email to