[cas-user] How to Add OAuth Clients to CAS Server?
Hi, I'm trying to add som clients to my config, the documentation states
this:
Every OAuth client must be defined as a CAS service (notice the new
> *clientId* and *clientSecret* properties, specific to OAuth)
And shows this json
{
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "clientid",
"clientSecret": "clientSecret",
"bypassApprovalPrompt": false,
"serviceId" : "^(https|imaps)://hello.*",
"name" : "HTTPS and IMAPS",
"id" : 1001
}
But where I have to put this??
I'm using a maven overlay
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c8ec3266-1f7a-4782-878b-c133569898a9%40apereo.org.
[cas-user] Adding OAuth 2.0 support to 5.0.2
Hi, I have a working cas server but I want to add OAuth support, so I just
added the dependencies as the manual states, but I'm getting the following
error:
org.apereo.cas
cas-server-support-oauth-webflow
${cas.version}
Exception in thread "main" java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
at org.springframework.boot.loader.WarLauncher.main(WarLauncher.java:59)
Caused by: org.springframework.beans.factory.BeanCreationException: *Error
creating bean with name 'oauthConfiguration': Invocation of init method
failed; nested exception is java.lang.IllegalArgumentException:
'clientIpAddress' cannot be null.*
Check the correctness of @Audit annotation at the following audit point:
execution(public synchronized org.apereo.cas.services.RegisteredService
org.apereo.cas.services.DefaultServicesManagerImpl.save(org.apereo.cas.services.RegisteredService))
at
org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:137)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:408)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1575)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:553)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:754)
at
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:866)
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:542)
at
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
at
org.springframework.boot.SpringApplication.refresh(SpringApplication.java:761)
at
org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:371)
at
org.springframework.boot.SpringApplication.run(SpringApplication.java:315)
at
org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:134)
at org.apereo.cas.web.CasWebApplication.main(CasWebApplication.java:61)
... 8 more
Caused by: java.lang.IllegalArgumentException: 'clientIpAddress' cannot be
null.
Check the correctness of @Audit annotation at the following audit point:
execution(public synchronized org.apereo.cas.services.RegisteredService
org.apereo.cas.services.DefaultServicesManagerImpl.save(org.apereo.cas.services.RegisteredService))
at
org.apereo.inspektr.audit.AuditActionContext.assertNotNull(AuditActionContext.java:80)
at
org.apereo.inspektr.audit.AuditActionContext.(AuditActionContext.java:67)
at
org.apereo.inspektr.audit.AuditTrailManagementAspect.executeAuditCode(AuditTrailManagementAspect.java:159)
at
org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:147)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:629)
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:618)
at
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:168)
at
[cas-user] Re: CAS DB Authentication “encode” password encryption can't match with database password encrypted using Spring Security's MD5
Ok, I'm pretty sure what is the error but I don't know how to solve it. We are using md5 with salt this way md5(password+salt) How can I tell CAS that the salt is before the password? Thanks On Monday, 6 February 2017 12:54:13 UTC+1, Alvaro S. wrote: > > I am currently configuring my CAS Server v5.0.2 to use Database > Authentication, particularly using the Encode method, using the CAS > properties file. Below are the relevant property configurations from the > properties file: > > cas.server.name: https://cas.example.org:8443 > cas.server.prefix: https://cas.example.org:8443/cas > > > cas.adminPagesSecurity.ip=127\.0\.0\.1 > > > logging.config: file:/etc/cas/config/log4j2.xml > # cas.serviceRegistry.config.location: classpath:/services > > > cas.authn.accept.users= > > > cas.authn.jdbc.query[0].sql=SELECT password FROM UserSocial WHERE email=? > cas.authn.jdbc.query[0].healthQuery=SELECT 1 FROM UserSocial > # cas.authn.jdbc.query[0].isolateInternalQueries=false > cas.authn.jdbc.query[0].url=jdbc:mysql://*. > amazonaws.com:3306/feisbuk > # cas.authn.jdbc.query[0].failFast=true > # cas.authn.jdbc.query[0].isolationLevelName=ISOLATION_READ_COMMITTED > cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect > # cas.authn.jdbc.query[0].leakThreshold=10 > # cas.authn.jdbc.query[0].propagationBehaviorName=PROPAGATION_REQUIRED > # cas.authn.jdbc.query[0].batchSize=1 > cas.authn.jdbc.query[0].user=* > # cas.authn.jdbc.query[0].ddlAuto=create-drop > # cas.authn.jdbc.query[0].maxAgeDays=180 > cas.authn.jdbc.query[0].password= > # cas.authn.jdbc.query[0].autocommit=false > cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver > # cas.authn.jdbc.query[0].idleTimeout=5000 > # cas.authn.jdbc.query[0].credentialCriteria= > > > cas.authn.jdbc.query[0].passwordEncoder.type=NONE > cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8 > cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5 > cas.authn.jdbc.query[0].passwordEncoder.secret=lothlorien > #cas.authn.jdbc.query[0].passwordEncoder.strength=16 > > > # cas.authn.jdbc.query[0].principalTransformation.suffix= > cas.authn.jdbc.query[0].principalTransformation.caseConversion=NONE > # cas.authn.jdbc.query[0].principalTransformation.prefix= > > The database I am connecting with is a MySQL. The passwords were > previously encoded using Spring Security's MD5 and a salt-source. I have > tested the CAS DB Authentication configuration by entering valid > credentials in the CAS Server's default login page, but authentication > always fail and return "Invalid credentials." Additionally, It throws me > this error > *Authentication has failed. Credentials may be incorrect or CAS cannot > find authentication handler that supports [alvaro.seg...@evoluciona.com > <alvaro.seg...@evoluciona.com>] of type [UsernamePasswordCredential], which > suggests a configuration problem* > > This is part of spring security config: > > > > > > > > > > > Right now I am looking for any approach on resolving this issue. I am > still relatively new to CAS, and I really appreciate the much needed help. > Thanks! > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9c5aa52f-859d-45b0-8918-8c56fcc1193b%40apereo.org.
[cas-user] CAS DB Authentication “encode” password encryption can't match with database password encrypted using Spring Security's MD5
I am currently configuring my CAS Server v5.0.2 to use Database Authentication, particularly using the Encode method, using the CAS properties file. Below are the relevant property configurations from the properties file: cas.server.name: https://cas.example.org:8443 cas.server.prefix: https://cas.example.org:8443/cas cas.adminPagesSecurity.ip=127\.0\.0\.1 logging.config: file:/etc/cas/config/log4j2.xml # cas.serviceRegistry.config.location: classpath:/services cas.authn.accept.users= cas.authn.jdbc.query[0].sql=SELECT password FROM UserSocial WHERE email=? cas.authn.jdbc.query[0].healthQuery=SELECT 1 FROM UserSocial # cas.authn.jdbc.query[0].isolateInternalQueries=false cas.authn.jdbc.query[0].url=jdbc:mysql://*.amazonaws.com:3306/feisbuk # cas.authn.jdbc.query[0].failFast=true # cas.authn.jdbc.query[0].isolationLevelName=ISOLATION_READ_COMMITTED cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect # cas.authn.jdbc.query[0].leakThreshold=10 # cas.authn.jdbc.query[0].propagationBehaviorName=PROPAGATION_REQUIRED # cas.authn.jdbc.query[0].batchSize=1 cas.authn.jdbc.query[0].user=* # cas.authn.jdbc.query[0].ddlAuto=create-drop # cas.authn.jdbc.query[0].maxAgeDays=180 cas.authn.jdbc.query[0].password= # cas.authn.jdbc.query[0].autocommit=false cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver # cas.authn.jdbc.query[0].idleTimeout=5000 # cas.authn.jdbc.query[0].credentialCriteria= cas.authn.jdbc.query[0].passwordEncoder.type=NONE cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8 cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5 cas.authn.jdbc.query[0].passwordEncoder.secret=lothlorien #cas.authn.jdbc.query[0].passwordEncoder.strength=16 # cas.authn.jdbc.query[0].principalTransformation.suffix= cas.authn.jdbc.query[0].principalTransformation.caseConversion=NONE # cas.authn.jdbc.query[0].principalTransformation.prefix= The database I am connecting with is a MySQL. The passwords were previously encoded using Spring Security's MD5 and a salt-source. I have tested the CAS DB Authentication configuration by entering valid credentials in the CAS Server's default login page, but authentication always fail and return "Invalid credentials." Additionally, It throws me this error *Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [alvaro.seg...@evoluciona.com] of type [UsernamePasswordCredential], which suggests a configuration problem* This is part of spring security config: Right now I am looking for any approach on resolving this issue. I am still relatively new to CAS, and I really appreciate the much needed help. Thanks! -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/56d29c11-7af3-4d39-96d5-bd5ff3e21a84%40apereo.org.
[cas-user] Re: CAS 5.0.2 compilation and deployment
You not are the only one. I'm very new to CAS and I can't even get to work the server any single time. The documentation needs more works. Can't mark any concrete article because it's eveything. Starting for the new users On Thursday, 26 January 2017 11:57:13 UTC+1, Jean-Michel Zigna wrote: > > Hello, > > I was quite familiar with a very old verson of CAS and I'm trying to > update it to the last version. > > I downloaded cas-5.0.2.tar.gz, and compiled sucessfully CAS with the > dev-build-no-tests.sh > script (error during execution of a tets for the dev-build.sh). > > The fact is that are a lot of builds and libs forlder including war and > jar files, and I'm a bit lost to identify clearly what I have to deploy in > the tomcat webapps. > > I started with the cas-server-webapp/build/libs/cas-server-webapp-5.0.2.war, > but it seems to be not sufficient because I can't find the cas.properties > configuration file for instance. > > Could you please tell me how to complete the instalaltion/configuration to > connect to an LDAP? > > Thanks. > > Best regards. > > Jean-Michel > > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d0cd1112-2d1a-428f-81f1-4154546bf6c3%40apereo.org.
[cas-user] Can't connet to mongo database using CAS 5.0.2
Hi, I've tried to connect to a mongodb, but I always get an *INVALID CREDENTIALS* message. But instead of getting me a stack error with what's happening, only shows this: 2017-02-01 17:25:27,809 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: alvaro WHAT: Supplied credentials: [alvaro] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Wed Feb 01 17:25:27 CET 2017 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 = 2017-02-01 17:25:27,830 ERROR [org.apereo.cas.web.flow.AuthenticationExceptionHandler] - <*Unable to translate handler errors of the authentication exception org.apereo.cas.authentication.AuthenticationException*: 0 errors, 0 successes. Returning UNKNOWN by default...> How can I change that message exception to a more useful error instead? I don't know if the problem is with the connection to mongo or something else. Steps to reproduce: - Dowloaded MAVEN Overlay. - Added properties to cas.properties - run ./build.sh Properties set: cas.authn.mongo.mongoHostUri=mongodb://localhost:61954/cas cas.authn.mongo.collectionName=users cas.authn.mongo.attributes=attribute1,attribute2 cas.authn.mongo.username.attribute=username cas.authn.mongo.password.attribute=password I have enabled the debug mode on the log but nothing changes. Same error as before. So I have to questions, how to change the error to be more "helpful" and why is not working ? Any help will be appreciated. Thanks -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0b78702b-fc37-4865-8373-c6bc8b8b6101%40apereo.org.
