Re: [cas-user] [cas 5.1.8] Issue encountered with the customization of the theme

[Uxío Prego]

... http://localhost:8443/cas/login is a poorly idiomatic configuration,
hinting... that, or something else might be wrong?

Nowadays it is rare to listen HTTP on port 8443.

On port 8443 you would better want to listen HTTPS, and often the mean Java
application server only serves HTTP on 8080 to a trusted proxy where HTTPS
is handled.

Uxío Prego



Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com
www.bbva.com

The activity of email inboxes can be systematically tracked by colleagues,
business partners and third parties. Turn off automatic loading of images
to hamper it.

2018-03-29 10:23 GMT+00:00 Olivier Guilloux :

> Hello,
>
> I encountered an issue with the customization of the theme. I have build
> the war following https://apereo.github.io/cas/5
> .1.x/installation/User-Interface-Customization-Themes.html but the theme
> is not display after each war startup, here is the case :
>
> 1/ Build the war with the customize theme
> 2/ Start the application (java -jar target/cas.war)
> 3/ Display the default login page (http://localhost:8443/cas/login)
>   ==> the page is a broken default login page (I want the default login
> page without customization) *it doesn't work*
> 4/ Display the login page through a service which uses the customize theme
>   => the page is a broken default login page (I want the customize login
> page)  *it doesn't work*
>
> 5/ Restart the application
> 6/ Display the login page through a service which uses the customize theme
> (set the theme property in the service declaration)
>   => the page is the custom one (the one I want) here* it works *
> 7/ Display the default login page (http://localhost:8443/cas/login)
>   => the page is the custom one without css (I want the default login
> page) *it doesn't work*
>
> 8/ Stop the application
> 9/ Add properties in order to set the default theme
> cas.theme.defaultThemeName=mytheme
> 10/ Start the application
> 11/ Display the default login page, but it's the same broken login page
> (as step 3) )
>
> *it doesn't work*12/ Restart the application
> 13/ Display the login page through a service which uses the customize
> theme
>   => Sale as step 6 the page is the custom one,* it works*
> 14/ 7/ Display the default login page directly
>   => The page is the custom one* it works*
>
> In order to build the custom login page I have done the following :
>
> src/main/resources/
> .
> ├── mytheme.properties
> ├── static
> │   └── themes
> │   └── mytheme
> │   ├── css
> │   │   └── cas.css
> │   ├── fonts
> │   │   └── iconic
> │   │   ├── css
> │   │   │   ├── material-design-iconic-font.css
> │   │   │   └── material-design-iconic-font.min.css
> │   │   └── fonts
> │   │   ├── Material-Design-Iconic-Font.eot
> │   │   ├── Material-Design-Iconic-Font.svg
> │   │   ├── Material-Design-Iconic-Font.ttf
> │   │   ├── Material-Design-Iconic-Font.woff
> │   │   └── Material-Design-Iconic-Font.woff2
> │   ├── images
> │   │   ├── bg-01.jpg
> │   │   └── logo.gif
> │   └── js
> │   └── cas.js
> └── templates
> └── mytheme
> └── casLoginView.html
>
>
>
> with mytheme.properties :
>
> standard.custom.css.file=/themes/mytheme/css/cas.css
> standard.custom.js.file=/themes/mytheme/js/cas.js
>
> What's wrong ?
> Thanks in advance
> Olivier Guilloux
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/2b21006e-4ac7-40d0-ab84-
> 1e2ed56d9dbd%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKZYbMa63%3DX3ddpKFbLSaT7EvtQWNXV%2BVKZXWKcDQR%3D5hQ%40mail.gmail.com.

Re: [cas-user] How to get SLO to work in CAS 5?

[Man H]

Try

(Cas-server)/cas/logout



https://apereo.github.io/cas/5.2.x/installation/Logout-Single-Signout.html

El domingo, 1 de abril de 2018, paul li  escribió:

> Hi
>
>
>
> My team is working with CAS (5.2.3) and delegated SAML authentication via
> pac4j libraries. What we have so far:
>
> 1.  3 separate services, each is configured through spring to
> authenticate with CAS.
>
> 2.  CAS is configured to delegate authentication to SAML IDP via
> *cas.properties* config
>
> 3.  We extended the ClientAuthenticationHandler with small changes
> and registered it through a @Configuration class.
>
>
>
> With this basic setup, we are able to get the SSO to work correctly across
> the services, against okta sample IDP, with a flow similar to this:
>
> *SP -> CAS -> Delegate Authentication -> Redirect to IDP -> Input
> credentials -> IDP returns SAML response -> CasAuthenticationFilter
> finishes the authentication and ST issuing -> System redirects the original
> ‘service’ url.*
>
>
>
> However, we are trying to get *single logout (SLO)* to work with the
> existing framework, we got no luck.
>
> It appears the system only logging out the local service, but not other
> services.
>
>
>
> *What we have at the moment:*
>
> For each of the service module, we have the following configured:
>
> 1. LogoutFilter via spring bean
>
> 2. SingleSignOutFilter via web.xml or spring bean
>
> 3. SingleSignOutHttpSessionListener in web.xml
>
>
> Also we have ServiceRegistry json with logoutType: BACK_CHANNEL
>
>
> spring config
>
>*"casAuthenticationEntryPoint"*>
>
>*"permitAll"* />
>
>   method=*"GET"* />
>
>   />
>
>  
>
>  
>
>   *"LOGOUT_FILTER"* />
>
>   *"CAS_FILTER"* />
>
>   *"CAS_FILTER"* />
>
>   
>
>
>
>*"org.jasig.cas.client.session.SingleSignOutFilter"*
>
>  p:ignoreInitConfiguration=*"true"* ß-not sure if we need
> this
>
>  p:casServerUrlPrefix=*"${cas.server.app}/"* />
>
>
>
> *"org.springframework.security.web.authentication.logout.LogoutFilter"*
>
>  p:filterProcessesUrl=*"/logout/cas/"* >
>
>   *"${cas.server.app}/logout?service=${calendar.client.app}/"* />
>
>  
>
>  *"org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"*
> >
>
>  
>
>   
>
>
> In web.xml of each module, we have:
>
>  
>
> org.jasig.cas.client.session.SingleSignOutHt
> tpSessionListener
>  
>
>   CAS Single Sign Out Filter
>
> org.jasig.cas.client.session.SingleSignOutFilter filter-class>
>
>   
>
>   
>
>CAS Single Sign Out Filter
>
> /*
>
>   
>
>
> *service registry:*
>
> {
>
>   "@class": *"org.apereo.cas.services.RegexRegisteredService"*,
>
>   "serviceId": *"^(http|https|imaps)://.*"*,
>
>   "name": *"HTTPS and IMAPS"*,
>
>   "id": 1001,
>
>   "description": *"This service definition authorizes all application
> urls that support HTTPS and IMAPS protocols."*,
>
>   "evaluationOrder": 1,
>
>   "logoutType" : *"BACK_CHANNEL"*,
>
> ….
>
>
>
> *Problem:*
>
> When we issue a logout via: https://localhost:8443/pl
> atformadmin/logout/cas/ , we see the *LogoutFilter* is triggered and in
> *doFilter() *session is invalidated.
>
> *SingleSignOutHttpSessionListen**er#sessionDestroy() *is immediately
> triggered after.
>
>
> Then *SingleLogoutFilter* is triggered, in which *SingleSignoutHandler#*
> *process*(..) method, BACK_CHANNEL logout is triggered.
>
> In the console log however, I only see the ST of the current service
> (platformadmin) is destroyed.
>
>
> If we access any modules *other than* *platformadmin*, we are directed to
> the app automatically.
>
> It seems we are only logged out of the current service modules (local
> logout), but didn’t logout from the other service modules.
>
>
> What configuration are we missing? I see posts in this group where they
> have SLO working,
>
> We'd much appreciate if someone could provide a summary of their
> configuration.
>
>
> Please let us know if you have any advices
>
>
> Thanks!
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/43525944-da4f-4891-ae95-
> 3f81eb7f07c0%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: 

Re: [cas-user] Unable to build and/or run either cas, cas-overlay-template or cas-gradle-overlay-template

[Rovanion Luckey]

Surely running the development server as root isn't recommended, much less 
required?

Den lördag 31 mars 2018 kl. 23:15:49 UTC+2 skrev Manfredo Hopp:
>
> Did you try sudo...
>
> El sábado, 31 de marzo de 2018, Rovanion Luckey  > escribió:
>
>> All this is on a 64-bit Ubuntu 16.04 with OpenJDK 9, cas-overlay-template 
>> was also tested with JDK 8. 
>>
>> Starting with cas-gradle-overlay-template on 
>> 7435f376831e2760e3fa91c52e9094bcc4da413e, that is master, and the full 
>> procedures as follows:
>>
>> $ git clone g...@github.com:apereo/cas-gradle-overlay-template.git
>> $ cd cas-gradle-overlay-template/
>> $ ./build.sh run
>>
>> This, as far as I understand it, is what's needed to get the project up 
>> and running. The README isn't very clear on the subject though. The full 
>> output of the last command is rather long and can be found here: 
>> http://paste.ubuntu.com/p/hxCNnNvrX4/
>>
>> The first of the many reported issues being that the program is unable to 
>> create a folder `/etc/cas/logs` which is quite right assuming that the 
>> error message is correct. A user program should not touch anything under 
>> `/etc` and `/etc` is not the right place for logs, see the Linux Standard 
>> Base Filesystem Hiarchy Standard [0]. Logs in a development environment 
>> should be located in a folder relative to the project itself and in a 
>> production environment under `/var/log`.
>>
>> I made an attempt at changing where the logs were being written to by 
>> modifying `/etc/cas/config/log4j2.xml` so that the property 
>> `baseDir` read `./hat/cat`, yet the error continues to read `Could not 
>> create directory /etc/cas/logs`. 
>>
>> Running out of ideas available to me as a normal user I reached for the 
>> second template in the stack, cas-overlay-template:
>>
>> $ git clone g...@github.com:apereo/cas-overlay-template.git
>> $ ./build.sh run
>> Exception in thread "main" javax.net.ssl.SSLException: java.lang.
>> RuntimeException: Could not generate DH keypair
>> at sun.security.ssl.Alerts.getSSLException(java.base@9-internal/
>> Alerts.java:214)
>> at sun.security.ssl.SSLSocketImpl.fatal(java.base@9-internal/
>> SSLSocketImpl.java:1949)
>> at sun.security.ssl.SSLSocketImpl.fatal(java.base@9-internal/
>> SSLSocketImpl.java:1901)
>> at sun.security.ssl.SSLSocketImpl.handleException(java.base@9-
>> internal/SSLSocketImpl.java:1884)
>> at sun.security.ssl.SSLSocketImpl.startHandshake(java.base@9-internal
>> /SSLSocketImpl.java:1416)
>> at sun.security.ssl.SSLSocketImpl.startHandshake(java.base@9-internal
>> /SSLSocketImpl.java:1393)
>> at sun.net.www.protocol.https.HttpsClient.afterConnect(java.base@9-
>> internal/HttpsClient.java:559)
>> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.
>> connect(java.base@9-internal/AbstractDelegateHttpsURLConnection.java:185)
>> at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(java.
>> base@9-internal/HttpURLConnection.java:1511)
>> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(java.
>> base@9-internal/HttpURLConnection.java:1439)
>> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(
>> java.base@9-internal/HttpsURLConnectionImpl.java:235)
>> at org.apache.maven.wrapper.DefaultDownloader.downloadInternal(
>> DefaultDownloader.java:84)
>> at org.apache.maven.wrapper.DefaultDownloader.download(
>> DefaultDownloader.java:68)
>> at org.apache.maven.wrapper.Installer.createDist(Installer.java:69)
>> at org.apache.maven.wrapper.WrapperExecutor.execute(WrapperExecutor.
>> java:149)
>> at org.apache.maven.wrapper.MavenWrapperMain.main(MavenWrapperMain.
>> java:48)
>> Caused by: java.lang.RuntimeException: Could not generate DH keypair
>> at sun.security.ssl.DHCrypt.(java.base@9-internal/DHCrypt.java:
>> 142)
>> at sun.security.ssl.DHCrypt.(java.base@9-internal/DHCrypt.java:
>> 114)
>> at sun.security.ssl.ClientHandshaker.serverKeyExchange(java.base@9-
>> internal/ClientHandshaker.java:830)
>> at sun.security.ssl.ClientHandshaker.processMessage(java.base@9-
>> internal/ClientHandshaker.java:335)
>> at sun.security.ssl.Handshaker.processLoop(java.base@9-internal/
>> Handshaker.java:1003)
>> at sun.security.ssl.Handshaker.processRecord(java.base@9-internal/
>> Handshaker.java:937)
>> at sun.security.ssl.SSLSocketImpl.processInputRecord(java.base@9-
>> internal/SSLSocketImpl.java:1119)
>> at sun.security.ssl.SSLSocketImpl.readRecord(java.base@9-internal/
>> SSLSocketImpl.java:1056)
>> at sun.security.ssl.SSLSocketImpl.readRecord(java.base@9-internal/
>> SSLSocketImpl.java:955)
>> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(java.base@9
>> -internal/SSLSocketImpl.java:1382)
>> at sun.security.ssl.SSLSocketImpl.startHandshake(java.base@9-internal
>> /SSLSocketImpl.java:1409)
>> ... 11 more
>> Caused by: java.security.InvalidAlgorithmParameterException: Prime size 
>> must