Hi Pablo, Two version of tomcat running under separate users.
CAS1 Details, Tomcat Location: /opt/tomcat1 CAS Config: /etc/cas/config Tomcat User: tomcat101 CAS2 Details, Tomcat Location: /opt/tomcat2 CAS Config: /etc/cas2/config Tomcat User: tomcat1012 This issue should be able to be replicated via one instance, just config the cas another directory other than default e.g /etc/anotherCAS/config rather than /etc/cas/config and make sure that tomcat is not able to write to /etc/cas and the issue should be replicated. Regards, Colin On Thursday, 20 April 2023 at 03:25:45 UTC+10 Pablo Vidaurri wrote: > are you running two instances of cas under the same jvm (same tomcat)? > > On Monday, March 27, 2023 at 12:39:54 AM UTC-5 wilc...@gmail.com wrote: > >> Hi, >> >> We have picked up a weird issue during our development of a our CAS >> upgrade. We are running two instances of CAS an instance handle only the >> delegation authentication for employee/students to Azure Ad and applicants >> to the second instance of CAS for on premise AD. >> >> This issue when you try and run CAS configuration from another directory >> e.g. "/etc/applicantCas/config" and the main directory of "/etc/cas/config" >> is not accessible (not writtable). >> >> The issue looks that either the configuration is not be read or or >> something as I am getting the following error >> >> Caused by: java.io.FileNotFoundException: /etc/cas/config/keystore.jwks >> (Permission denied) >> >> Even though I have the following set >> >> >> cas.authn.oidc.jwks.fileSystem.jwks-file=file:/etc/applicantCas/config/defaultKeystore.jwks >> >> I have overlay configured with >> implementation >> "org.apereo.cas:cas-server-core-api-configuration-model" >> implementation "org.apereo.cas:cas-server-webapp-init" >> implementation >> "org.apereo.cas:cas-server-support-json-service-registry" >> implementation "org.apereo.cas:cas-server-support-oauth-webflow" >> implementation "org.apereo.cas:cas-server-support-oidc" >> implementation "org.apereo.cas:cas-server-support-ldap" >> >> Tomcat is set to >> with -Dcas.standalone.configuration-directory=/etc/applicantCas/config >> Tomcat is set to run from user/group tomcat1012 (tomcat 10 instance 2) >> >> The main CAS configuration "/etc/cas/config/" is set to user/group >> tomcat101 (tomcat 10 instance 1) and hence the main configuration is >> writtable from tomcat1012. >> >> I think part of the issue that >> in FileSystemOidcJsonWebKeystoreProperties.java the variable jwksFile is >> hardcoded to "file:/etc/cas/config/keystore.jwks" >> >> Should not the above variable honor the >> cas.standalone.configuration-directory setting. >> >> I apologies if this is not clear. >> >> Regards, >> Colin >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/323e8885-c261-4cbf-a333-2ca702d15072n%40apereo.org.
