Re: [cas-user] Application Not Authorized to Use CAS
FYI --- this post is old and resolved via great assistance from David (fThe New School). The filters are holding back emails sent to the list. On Mon, May 14, 2018 at 10:43 AM, Jann Malenkoff wrote: > Hello: > > I have been tacking with the JSON enabling of 'http://localhost:8080/cas- > management' over the weekend. > > Wondering if I can change approach and tackle this by entering SQL to the > DB tables (screenshot attached). > > Would there be a resource with instruction on which tables to update? > Google has not been my best friend today. > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/092d3dc9-f4f2-4b43-b928- > 75bc4e5e61a4%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/092d3dc9-f4f2-4b43-b928-75bc4e5e61a4%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGeq_2WwU7mCJD3-uDeseE50AX8vd-KRhtCDqyRZoO8CCDsQkA%40mail.gmail.com.
[cas-user] Application Not Authorized to Use CAS
Hello: I have been tacking with the JSON enabling of 'http://localhost:8080/cas-management' over the weekend. Wondering if I can change approach and tackle this by entering SQL to the DB tables (screenshot attached). Would there be a resource with instruction on which tables to update? Google has not been my best friend today. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/092d3dc9-f4f2-4b43-b928-75bc4e5e61a4%40apereo.org.
[cas-user] Could not get type for name org.apereo.cas.authentication.support.password.PasswordPolicyConfiguration
Hi Lists: When starting the cas-management service --- the following WARN message appears in the 'catalina.out' (highlighted yellow). The cas-management service works and we are not sure when the message started appear (we had may rebuilds). Would anyone be able to guide us where to look to resolve? 2018-05-16 15:28:47,513 INFO [org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration] - 2018-05-16 15:28:47,639 INFO [org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration] - 2018-05-16 15:28:55,116 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 2018-05-16 15:28:55,139 DEBUG [org.apereo.cas.ticket.registry.support.JpaLockingStrategy] - <[cas1r7] trying to acquire [cas-ticket-registry-cleaner] lock.> 2018-05-16 15:28:55,142 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 2018-05-16 15:28:55,172 DEBUG [org.apereo.cas.ticket.DefaultTicketCatalog] - 2018-05-16 15:28:55,717 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.> 2018-05-16 15:28:55,717 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 2018-05-16 15:28:55,718 DEBUG [org.apereo.cas.ticket.registry.support.JpaLockingStrategy] - 2018-05-16 15:28:55,718 DEBUG [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 2018-05-16 15:28:56,465 WARN [org.reflections.Reflections] - org.reflections.ReflectionsException: could not get type for name org.apereo.cas.authentication.support.password.PasswordPolicyConfiguration at org.reflections.ReflectionUtils.forName(ReflectionUtils.java:390) [reflections-0.9.11.jar:?] at org.reflections.Reflections.expandSuperTypes(Reflections.java:381) [reflections-0.9.11.jar:?] at org.reflections.Reflections.(Reflections.java:126) [reflections-0.9.11.jar:?] at org.apereo.cas.config.JpaServiceRegistryConfiguration.jpaServicePackagesToScan(JpaServiceRegistryConfiguration.java:59) [cas-server-support-jpa-service-registry-5.2.3.jar:5.2.3] at org.apereo.cas.config.JpaServiceRegistryConfiguration$$EnhancerBySpringCGLIB$$9fd49902.CGLIB$jpaServicePackagesToScan$4() [cas-server-support-jpa-service-registry-5.2.3.jar:5.2.3] at org.apereo.cas.config.JpaServiceRegistryConfiguration$$EnhancerBySpringCGLIB$$9fd49902$$FastClassBySpringCGLIB$$7888d1ee.invoke() [cas-server-support-jpa-service-registry-5.2.3.jar:5.2.3] at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) [spring-core-4.3.14.RELEASE.jar:4.3.14.RELEASE] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b77cfe18-7347-4d7c-9ab3-91e7f2b18aef%40apereo.org.
Re: [cas-user] Service Registry -- Getting the 1st Application Entered
Hi David: You Sir --- are a gentleman and a scholar. Very much appreciated from both of us. Working exactly as you have outlined. Please accept out utmost gratitude. On Tuesday, May 15, 2018 at 5:15:55 AM UTC-7, David Curry wrote: > > Lionel and Jann, > > Did you ever have the JSON service registry working? If not, I recommend > that you take all the JPA stuff out of pom.xml and cas.properties and get > that working correctly first, so that you're only trying to debug one thing > at a time. Once you have the JSON service registry working correctly, for > both the main server and the management webapp, then it's time to move > things to JPA. > > The basic steps for moving to JPA *should* be this: > > 1. REMOVE the "cas-server-support-json-service-registry" dependency from > pom.xml (server and management webapp) > > 2. Add the "cas-server-support-jpa-service-registry" dependency and > whatever other dependencies go with it to pom.xml (server and management > webapp) > > 3. Rebuild the server and management webapp > > 4. In the server's cas.properties file, include BOTH of these lines: > > cas.serviceRegistry.json.location: file:/etc/cas/services > cas.serviceRegistry.initFromJson: true > > > The first line should already be there (since before you start these steps > you're using the JSON service registry), but you must add the second line. > > 5. Add all the lines you need to configure the JPA service registry to the > server's cas.properties file. > > 6. Start the CAS server (do not start the management webapp). You should > see it load the services from the JSON files (again, this should already be > working before you start) and then it will magically save them into the JPA > registry. > > 7. Shut the server down. > > 8. Check the database to see that the services actually got loaded there. > If not, this is where you need to start debugging. And the first step of > that would be setting the log level to "debug" in log4j2.xml, and adding > whatever Logger configuration you need to make the Oracle JDBC library log > for you as well. > > Once you've got the services loaded into the database > > 9. Remove the "cas.serviceRegistry.json.location" and > "cas.serviceRegistry.initFromJson" properties from the server's > cas.properties file. > > 10. Remove the "cas.serviceRegistry.json.location" property from, and add > all the JPA properties to, the management webapp's management.properties > file. > > At least, that's the procedure I followed to get the MongoDB service > registry working (see > https://dacurry-tns.github.io/deploying-apereo-cas/high-avail_service-registry_overview.html). > > I've not used the JPA stuff at all, so no guarantees, but I don't see why > it should be any different. > > --Dave > > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR OF INFORMATION SECURITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 212 229-5300 x4728 • david.cu...@newschool.edu > > [image: The New School] > > On Tue, May 15, 2018 at 12:14 AM, Lionel Samuel > wrote: > >> Changing in "cas.properties" >> 'cas.serviceRegistry.json.location:file:/etc/cas/services' to >> 'cas.serviceRegistry.json.location:foobar:/etc/cas/services' >> >> The above does not generate an error message --- is that a sign it's not >> loaded? >> >> >> On Monday, May 14, 2018 at 8:25:37 PM UTC-7, Lionel Samuel wrote: >>> >>> I'm working with Jann -- attached is our pom file (we call the jar >>> my-cas -- which is reflected in the URLs). >>> >>> It does not look like the JSON file is loaded -- I don't think it's pom >>> related --- but at the moment we are both stumped so anything goes. >>> >>> 2018-05-14 20:23:17,715 WARN >>> [org.apereo.cas.services.web.ServiceThemeResolver] - >> is found to match >>> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@330c1ecf[id= >>> http://localhost:8080/cas-management/manage.html,originalUrl=http://localhost:8080/cas-management/manage.html,artifactId=,principal=,loggedOutAlready=false,format=XML]] >>> >>> or service access is disallowed. Using default theme [cas-theme-default]> >>> >>> On Monday, May 14, 2018 at 5:42:35 PM UTC-7, Jann Malenkoff wrote: >>>> >>>> >>>> Attached is my 'cas.properties' file --- in case I may be missing >>>> something there (
Re: [cas-user] Service Registry -- Getting the 1st Application Entered
Attached is my 'cas.properties' file --- in case I may be missing
something there (very likely)
On Monday, May 14, 2018 at 5:09:12 PM UTC-7, Jann Malenkoff wrote:
>
> I had a minor Eureka moment --- but it came to fraught (partially).
>
> I has a typo in the 'cas.properties' file:
> cas.serviceRegistry.json.location:file:/etc/cas/service
>
> i,e, 'service' instead of 'services' --- corrected now (validated that the
> json files are in '/etc/cas/services').
>
> But still no-go...any ideas will be matched by the maximum Karma I can
> provide.
>
> On Monday, May 14, 2018 at 4:16:39 PM UTC-7, Jann Malenkoff wrote:
>>
>> I'm on 5.2.4 --- I had earlier the 5.1 (i.e.
>> cas.serviceRegistry.config.location)
>> in 'cas.properties'--- now, updated to below (the 5.2.x version)
>>
>> cas.serviceRegistry.json.location:file:/etc/cas/service
>> cas.serviceRegistry.initFromJson=true
>>
>> Still getting error below:
>>
>> 2018-05-14 16:11:41,016 WARN
>> [org.apereo.cas.services.web.ServiceThemeResolver] - > is found to match
>> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@3f670479[id=
>> http://localhost:8080/cas-management/manage.html,originalUrl=http://locahost:8080/cas-management/manage.html,artifactId=,principal=,loggedOutAlready=false,format=XML]]
>>
>> or service access is disallowed. Using default theme [cas-theme-default]>
>>
>> Json file:
>>
>> {
>> "@class" :"org.apereo.cas.services.RegexRegisteredService",
>> "serviceId" : "^(http)://.*",
>> "name" : "HTTP wildcard",
>> "id" :20170905111650,
>> "evaluationOrder" : 9
>> }
>>
>> Have I missed anything else? Could there be something else in the logs
>> that can give a clue (I have been hunting but may be missing it)?
>>
>> On Monday, May 14, 2018 at 3:47:36 PM UTC-7, Manfredo Hopp wrote:
>>>
>>>
>>> where are these pointing to:
>>>
>>> cas.serviceRegistry.json.location for 5.2.x
>>> or
>>> cas.serviceRegistry.config.location for 5.1.x
>>>
>>> 2018-05-14 19:41 GMT-03:00 Jann Malenkoff :
>>>
>>>> FYI --- the following appears in 'catalina.out' when attempting to
>>>> access 'http://localhost:8080/cas-management/manage.html,'.
>>>>
>>>> 2018-05-14 15:39:09,152 WARN
>>>> [org.apereo.cas.services.web.ServiceThemeResolver] - >>> service
>>>> is found to match
>>>> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@13eed7a6[id=
>>>> http://localhost:8080/cas-management/manage.html,originalUrl=http://localhost:8080/cas-management/manage.html,artifactId=,principal=,loggedOutAlready=false,format=XML]]
>>>>
>>>> or service access is disallowed. Using default theme [cas-theme-default]>
>>>>
>>>>
>>>> On Monday, May 14, 2018 at 3:37:31 PM UTC-7, Jann Malenkoff wrote:
>>>>>
>>>>> Hi Richard:
>>>>>
>>>>> I have the following in 'cas.properties':
>>>>>
>>>>> cas.serviceRegistry.initFromJson=true
>>>>>
>>>>> Is that correct to enable the first read from JSON? I have been
>>>>> staring at the screen for so long and begining to doubt myself w.r.t
>>>>> true/false flags.
>>>>>
>>>>> On Monday, May 14, 2018 at 3:30:38 PM UTC-7, richard.frovarp wrote:
>>>>>>
>>>>>> Do you have initialization on from JSON? Not sure if it will use your
>>>>>> file or just the defaults. Either way, it should get you into the
>>>>>> manager.
>>>>>> Then you configure the manager service, and turn that property off.
>>>>>>
>>>>>> # Auto-initialize the registry from default JSON service definitions
>>>>>> # cas.serviceRegistry.initFromJson=false
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 05/14/2018 05:13 PM, Jann Malenkoff wrote:
>>>>>>
>>>>>> Hi All:
>>>>>>
>>>>>> I'm trying to get the '
>>>>>> http://localhost:8080/cas-management/manage.html' loaded up --- but
>>>>>> hit
Re: [cas-user] Service Registry -- Getting the 1st Application Entered
I had a minor Eureka moment --- but it came to fraught (partially).
I has a typo in the 'cas.properties' file:
cas.serviceRegistry.json.location:file:/etc/cas/service
i,e, 'service' instead of 'services' --- corrected now (validated that the
json files are in '/etc/cas/services').
But still no-go...any ideas will be matched by the maximum Karma I can
provide.
On Monday, May 14, 2018 at 4:16:39 PM UTC-7, Jann Malenkoff wrote:
>
> I'm on 5.2.4 --- I had earlier the 5.1 (i.e.
> cas.serviceRegistry.config.location)
> in 'cas.properties'--- now, updated to below (the 5.2.x version)
>
> cas.serviceRegistry.json.location:file:/etc/cas/service
> cas.serviceRegistry.initFromJson=true
>
> Still getting error below:
>
> 2018-05-14 16:11:41,016 WARN
> [org.apereo.cas.services.web.ServiceThemeResolver] - is found to match
> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@3f670479[id=
> http://localhost:8080/cas-management/manage.html,originalUrl=http://locahost:8080/cas-management/manage.html,artifactId=,principal=,loggedOutAlready=false,format=XML]]
>
> or service access is disallowed. Using default theme [cas-theme-default]>
>
> Json file:
>
> {
> "@class" :"org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "^(http)://.*",
> "name" : "HTTP wildcard",
> "id" :20170905111650,
> "evaluationOrder" : 9
> }
>
> Have I missed anything else? Could there be something else in the logs
> that can give a clue (I have been hunting but may be missing it)?
>
> On Monday, May 14, 2018 at 3:47:36 PM UTC-7, Manfredo Hopp wrote:
>>
>>
>> where are these pointing to:
>>
>> cas.serviceRegistry.json.location for 5.2.x
>> or
>> cas.serviceRegistry.config.location for 5.1.x
>>
>> 2018-05-14 19:41 GMT-03:00 Jann Malenkoff :
>>
>>> FYI --- the following appears in 'catalina.out' when attempting to
>>> access 'http://localhost:8080/cas-management/manage.html,'.
>>>
>>> 2018-05-14 15:39:09,152 WARN
>>> [org.apereo.cas.services.web.ServiceThemeResolver] - >> is found to match
>>> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@13eed7a6[id=
>>> http://localhost:8080/cas-management/manage.html,originalUrl=http://localhost:8080/cas-management/manage.html,artifactId=,principal=,loggedOutAlready=false,format=XML]]
>>>
>>> or service access is disallowed. Using default theme [cas-theme-default]>
>>>
>>>
>>> On Monday, May 14, 2018 at 3:37:31 PM UTC-7, Jann Malenkoff wrote:
>>>>
>>>> Hi Richard:
>>>>
>>>> I have the following in 'cas.properties':
>>>>
>>>> cas.serviceRegistry.initFromJson=true
>>>>
>>>> Is that correct to enable the first read from JSON? I have been staring
>>>> at the screen for so long and begining to doubt myself w.r.t true/false
>>>> flags.
>>>>
>>>> On Monday, May 14, 2018 at 3:30:38 PM UTC-7, richard.frovarp wrote:
>>>>>
>>>>> Do you have initialization on from JSON? Not sure if it will use your
>>>>> file or just the defaults. Either way, it should get you into the
>>>>> manager.
>>>>> Then you configure the manager service, and turn that property off.
>>>>>
>>>>> # Auto-initialize the registry from default JSON service definitions
>>>>> # cas.serviceRegistry.initFromJson=false
>>>>>
>>>>>
>>>>>
>>>>> On 05/14/2018 05:13 PM, Jann Malenkoff wrote:
>>>>>
>>>>> Hi All:
>>>>>
>>>>> I'm trying to get the '
>>>>> http://localhost:8080/cas-management/manage.html' loaded up --- but
>>>>> hitting the error message:
>>>>> '
>>>>> Application Not Authorized to Use CAS
>>>>>
>>>>> The services registry of CAS is empty and has no service definitions.
>>>>> Applications that wish to authenticate with CAS must explicitly be
>>>>> defined
>>>>> in the services registry.'
>>>>>
>>>>>
>>>>> I am hoping to have a JPA service registry --- and have configured the
>>>>> dependencies below in the '
Re: [cas-user] Service Registry -- Getting the 1st Application Entered
I'm on 5.2.4 --- I had earlier the 5.1 (i.e.
cas.serviceRegistry.config.location)
in 'cas.properties'--- now, updated to below (the 5.2.x version)
cas.serviceRegistry.json.location:file:/etc/cas/service
cas.serviceRegistry.initFromJson=true
Still getting error below:
2018-05-14 16:11:41,016 WARN
[org.apereo.cas.services.web.ServiceThemeResolver] - http://localhost:8080/cas-management/manage.html,originalUrl=http://locahost:8080/cas-management/manage.html,artifactId=,principal=,loggedOutAlready=false,format=XML]]
or service access is disallowed. Using default theme [cas-theme-default]>
Json file:
{
"@class" :"org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(http)://.*",
"name" : "HTTP wildcard",
"id" :20170905111650,
"evaluationOrder" : 9
}
Have I missed anything else? Could there be something else in the logs that
can give a clue (I have been hunting but may be missing it)?
On Monday, May 14, 2018 at 3:47:36 PM UTC-7, Manfredo Hopp wrote:
>
>
> where are these pointing to:
>
> cas.serviceRegistry.json.location for 5.2.x
> or
> cas.serviceRegistry.config.location for 5.1.x
>
> 2018-05-14 19:41 GMT-03:00 Jann Malenkoff >:
>
>> FYI --- the following appears in 'catalina.out' when attempting to access
>> 'http://localhost:8080/cas-management/manage.html,'.
>>
>> 2018-05-14 15:39:09,152 WARN
>> [org.apereo.cas.services.web.ServiceThemeResolver] - > is found to match
>> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@13eed7a6[id=
>> http://localhost:8080/cas-management/manage.html,originalUrl=http://localhost:8080/cas-management/manage.html,artifactId=,principal=,loggedOutAlready=false,format=XML]]
>>
>> or service access is disallowed. Using default theme [cas-theme-default]>
>>
>>
>> On Monday, May 14, 2018 at 3:37:31 PM UTC-7, Jann Malenkoff wrote:
>>>
>>> Hi Richard:
>>>
>>> I have the following in 'cas.properties':
>>>
>>> cas.serviceRegistry.initFromJson=true
>>>
>>> Is that correct to enable the first read from JSON? I have been staring
>>> at the screen for so long and begining to doubt myself w.r.t true/false
>>> flags.
>>>
>>> On Monday, May 14, 2018 at 3:30:38 PM UTC-7, richard.frovarp wrote:
>>>>
>>>> Do you have initialization on from JSON? Not sure if it will use your
>>>> file or just the defaults. Either way, it should get you into the manager.
>>>> Then you configure the manager service, and turn that property off.
>>>>
>>>> # Auto-initialize the registry from default JSON service definitions
>>>> # cas.serviceRegistry.initFromJson=false
>>>>
>>>>
>>>>
>>>> On 05/14/2018 05:13 PM, Jann Malenkoff wrote:
>>>>
>>>> Hi All:
>>>>
>>>> I'm trying to get the 'http://localhost:8080/cas-management/manage.html'
>>>> loaded up --- but hitting the error message:
>>>> '
>>>> Application Not Authorized to Use CAS
>>>>
>>>> The services registry of CAS is empty and has no service definitions.
>>>> Applications that wish to authenticate with CAS must explicitly be defined
>>>> in the services registry.'
>>>>
>>>>
>>>> I am hoping to have a JPA service registry --- and have configured the
>>>> dependencies below in the 'cas-overlay-template' pom.xml.
>>>>
>>>>
>>>> To enable the access to '
>>>> http://localhost:8080/cas-management/manage.html, I have added the
>>>> JASON entry as below --- but do not see it in the database table
>>>> REGEXREGISTEREDSERVICE (I have cas.serviceRegistry.config.location:
>>>> file:/etc/cas/services in 'cas.properties).
>>>>
>>>>
>>>> What could I have missed (or more likely misunderstood)?
>>>>
>>>>
>>>> *JSON File in /etc/cas/services (copied -- slightly adjusted -- from an
>>>> earlier post):*
>>>>
>>>> {
>>>> /*
>>>>* Wildcard service definition that applies to any https or imaps url.
>>>>* Do not use this definition in a production environment.
>>>>*/
>>>> "@class" :
>>>> "org.apereo.cas.services.RegexRegisteredService",
&
Re: [cas-user] Service Registry -- Getting the 1st Application Entered
FYI --- the following appears in 'catalina.out' when attempting to access
'http://localhost:8080/cas-management/manage.html,'.
2018-05-14 15:39:09,152 WARN
[org.apereo.cas.services.web.ServiceThemeResolver] - http://localhost:8080/cas-management/manage.html,originalUrl=http://localhost:8080/cas-management/manage.html,artifactId=,principal=,loggedOutAlready=false,format=XML]]
or service access is disallowed. Using default theme [cas-theme-default]>
On Monday, May 14, 2018 at 3:37:31 PM UTC-7, Jann Malenkoff wrote:
>
> Hi Richard:
>
> I have the following in 'cas.properties':
>
> cas.serviceRegistry.initFromJson=true
>
> Is that correct to enable the first read from JSON? I have been staring at
> the screen for so long and begining to doubt myself w.r.t true/false flags.
>
> On Monday, May 14, 2018 at 3:30:38 PM UTC-7, richard.frovarp wrote:
>>
>> Do you have initialization on from JSON? Not sure if it will use your
>> file or just the defaults. Either way, it should get you into the manager.
>> Then you configure the manager service, and turn that property off.
>>
>> # Auto-initialize the registry from default JSON service definitions
>> # cas.serviceRegistry.initFromJson=false
>>
>>
>>
>> On 05/14/2018 05:13 PM, Jann Malenkoff wrote:
>>
>> Hi All:
>>
>> I'm trying to get the 'http://localhost:8080/cas-management/manage.html'
>> loaded up --- but hitting the error message:
>> '
>> Application Not Authorized to Use CAS
>>
>> The services registry of CAS is empty and has no service definitions.
>> Applications that wish to authenticate with CAS must explicitly be defined
>> in the services registry.'
>>
>>
>> I am hoping to have a JPA service registry --- and have configured the
>> dependencies below in the 'cas-overlay-template' pom.xml.
>>
>>
>> To enable the access to 'http://localhost:8080/cas-management/manage.html,
>> I have added the JASON entry as below --- but do not see it in the
>> database table REGEXREGISTEREDSERVICE (I have
>> cas.serviceRegistry.config.location:file:/etc/cas/services in
>> 'cas.properties).
>>
>>
>> What could I have missed (or more likely misunderstood)?
>>
>>
>> *JSON File in /etc/cas/services (copied -- slightly adjusted -- from an
>> earlier post):*
>>
>> {
>> /*
>>* Wildcard service definition that applies to any https or imaps url.
>>* Do not use this definition in a production environment.
>>*/
>> "@class" :"org.apereo.cas.services.RegexRegisteredService",
>> "serviceId" : "^(http)://.*",
>> "name" : "HTTP wildcard",
>> "id" :20180514,
>> "evaluationOrder" : 9
>> }
>>
>>
>> *pom.xml -- for cas-overlay-template*
>>
>>
>>
>> org.apereo.cas
>>
>> cas-server-webapp${app.server}
>> ${cas.version}
>> war
>> runtime
>>
>>
>> org.apereo.cas
>>
>> cas-server-support-json-service-registry
>> ${cas.version}
>>
>>
>> org.apereo.cas
>> cas-server-support-ldap
>> ${cas.version}
>>
>>
>> org.apereo.cas
>>
>> cas-server-support-jpa-service-registry
>> ${cas.version}
>>
>>
>> org.apereo.cas
>>
>> cas-server-support-jpa-ticket-registry
>> ${cas.version}
>>
>>
>> org.apereo.cas
>>
>> cas-server-support-jdbc-drivers
>> ${cas.version}
>>
>>
>> com.oracle
>> ojdbc7.jar
>> 12.1.0.1
>>
>>
>> org.apereo.cas
>> cas-server-support-saml
>> ${cas.version}
>>
>>
>>
Re: [cas-user] Service Registry -- Getting the 1st Application Entered
Hi Richard:
I have the following in 'cas.properties':
cas.serviceRegistry.initFromJson=true
Is that correct to enable the first read from JSON? I have been staring at
the screen for so long and begining to doubt myself w.r.t true/false flags.
On Monday, May 14, 2018 at 3:30:38 PM UTC-7, richard.frovarp wrote:
>
> Do you have initialization on from JSON? Not sure if it will use your file
> or just the defaults. Either way, it should get you into the manager. Then
> you configure the manager service, and turn that property off.
>
> # Auto-initialize the registry from default JSON service definitions
> # cas.serviceRegistry.initFromJson=false
>
>
>
> On 05/14/2018 05:13 PM, Jann Malenkoff wrote:
>
> Hi All:
>
> I'm trying to get the 'http://localhost:8080/cas-management/manage.html'
> loaded up --- but hitting the error message:
> '
> Application Not Authorized to Use CAS
>
> The services registry of CAS is empty and has no service definitions.
> Applications that wish to authenticate with CAS must explicitly be defined
> in the services registry.'
>
>
> I am hoping to have a JPA service registry --- and have configured the
> dependencies below in the 'cas-overlay-template' pom.xml.
>
>
> To enable the access to 'http://localhost:8080/cas-management/manage.html,
> I have added the JASON entry as below --- but do not see it in the
> database table REGEXREGISTEREDSERVICE (I have
> cas.serviceRegistry.config.location:file:/etc/cas/services in
> 'cas.properties).
>
>
> What could I have missed (or more likely misunderstood)?
>
>
> *JSON File in /etc/cas/services (copied -- slightly adjusted -- from an
> earlier post):*
>
> {
> /*
>* Wildcard service definition that applies to any https or imaps url.
>* Do not use this definition in a production environment.
>*/
> "@class" :"org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "^(http)://.*",
> "name" : "HTTP wildcard",
> "id" :20180514,
> "evaluationOrder" : 9
> }
>
>
> *pom.xml -- for cas-overlay-template*
>
>
>
> org.apereo.cas
> cas-server-webapp${app.server}
> ${cas.version}
> war
> runtime
>
>
> org.apereo.cas
>
> cas-server-support-json-service-registry
> ${cas.version}
>
>
> org.apereo.cas
> cas-server-support-ldap
> ${cas.version}
>
>
> org.apereo.cas
>
> cas-server-support-jpa-service-registry
> ${cas.version}
>
>
> org.apereo.cas
>
> cas-server-support-jpa-ticket-registry
> ${cas.version}
>
>
> org.apereo.cas
>
> cas-server-support-jdbc-drivers
> ${cas.version}
>
>
> com.oracle
> ojdbc7.jar
> 12.1.0.1
>
>
> org.apereo.cas
> cas-server-support-saml
> ${cas.version}
>
>
> org.apereo.cas
> cas-server-support-duo
> ${cas.version}
>
>
> org.apereo.cas
> cas-server-support-events-jpa
> ${cas.version}
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org .
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/daad2fc6-3a69-4404-9a91-379cfd3ee24e%40apereo.org
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/daad2fc6-3a69-4404-9a91-37
[cas-user] Service Registry -- Getting the 1st Application Entered
Hi All:
I'm trying to get the 'http://localhost:8080/cas-management/manage.html'
loaded up --- but hitting the error message:
'
Application Not Authorized to Use CAS
The services registry of CAS is empty and has no service definitions.
Applications that wish to authenticate with CAS must explicitly be defined
in the services registry.'
I am hoping to have a JPA service registry --- and have configured the
dependencies below in the 'cas-overlay-template' pom.xml.
To enable the access to 'http://localhost:8080/cas-management/manage.html,
I have added the JASON entry as below --- but do not see it in the
database table REGEXREGISTEREDSERVICE (I have
cas.serviceRegistry.config.location:file:/etc/cas/services in
'cas.properties).
What could I have missed (or more likely misunderstood)?
*JSON File in /etc/cas/services (copied -- slightly adjusted -- from an
earlier post):*
{
/*
* Wildcard service definition that applies to any https or imaps url.
* Do not use this definition in a production environment.
*/
"@class" :"org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(http)://.*",
"name" : "HTTP wildcard",
"id" :20180514,
"evaluationOrder" : 9
}
*pom.xml -- for cas-overlay-template*
org.apereo.cas
cas-server-webapp${app.server}
${cas.version}
war
runtime
org.apereo.cas
cas-server-support-json-service-registry
${cas.version}
org.apereo.cas
cas-server-support-ldap
${cas.version}
org.apereo.cas
cas-server-support-jpa-service-registry
${cas.version}
org.apereo.cas
cas-server-support-jpa-ticket-registry
${cas.version}
org.apereo.cas
cas-server-support-jdbc-drivers
${cas.version}
com.oracle
ojdbc7.jar
12.1.0.1
org.apereo.cas
cas-server-support-saml
${cas.version}
org.apereo.cas
cas-server-support-duo
${cas.version}
org.apereo.cas
cas-server-support-events-jpa
${cas.version}
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/daad2fc6-3a69-4404-9a91-379cfd3ee24e%40apereo.org.
[cas-user] Application Not Authorized to Use CAS
Apologies if this is a double post -- my earlier one may not have gone through. I have been battling via the JASON service registry over the weekend -- raising the white flag and planning the JPA route. Attempting to access: http%3A%2F%2Flocalhost%3A8080%2Fcas-management%2Fmanage.html "The services registry of CAS is empty and has no service definitions. Applications that wish to authenticate with CAS must explicitly be defined in the services registry." Google is failing me today (or I am failing Google) -- is there info and what can be populated into the DB tables to allow above service to authenticate? I havent set up for attributes yet -- so these won't be needed for now. The DB tables whivh have appered: REGEXREGISTEREDSERVICE / REGEXREGISTEREDSERVICEPROPERTY / REGISTEREDSERVICE_CONTACTS / REGISTEREDSERVICEIMPL_PROPS Thanks. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/aa8e706a-64d8-48e7-9e13-781bd682c789%40apereo.org.
Re: [cas-user] Deployment Question from the Excellent Docs at: 'dacurry-tns.github.io'
Thanks Andy!
It took me some time to wrap my head around this - your post sparked the
direction --- I think I userstand now :)
./build.sh package --- generates the war (configuration is picked up from
'/etc/cas/config' --- relative to the cas-overlay)
When cas.war is expanded in tomcat: '/opt/tomcat/webapps/cas' -- the
configuration files are in '/opt/tomcat/webapps/cas/etc/config'.
Did I understand above correctly?
On Friday, May 11, 2018 at 6:31:54 AM UTC-7, Andy Ng wrote:
>
> Hi Jann,
>
> build.sh is what you are looking for, as documented in the overlay github
> https://github.com/apereo/cas-overlay-template (which I think is where
> you get the command from anyway).
>
> I am also deploying using WAR in Tomcat for my setup. And based on my
> experience, WAR to Tomcat using build.sh would work without any additional
> configuration.
>
> Of course just like what David said, "./mvnw clean package" is going to
> be fine most likely. However, the build.sh will do a little bit more things
> other than just mvnw clean package, as seen here "
> https://github.com/apereo/cas-overlay-template/blob/5.1/build.sh";.
>
> So... just see which one is working and use that one.
>
> Cheers!
> - Andy
>
> On Thursday, 10 May 2018 10:01:02 UTC+8, David Curry wrote:
>>
>> You can probably use build.sh; I don't use it myself, so I'm not sure of
>> its usage or what else it does for you (I believe it copies the config
>> files into place, etc.). Personally I just use "./mvnw clean package" and
>> then my own scripts, since I'm using the external Tomcat and deploying on
>> multiple servers.
>>
>> The WAR will not have the config files from cas-overlay-template/etc/cas
>> in it; the default setup from GitHub, even with embedded Tomcat, expects
>> them to be outside the WAR in /etc/cas. I suppose you could set things up
>> to put them in the WAR, but you'd need to shuffle some things around in the
>> overlay (move etc/cas into src/main/) and maybe make some
>> changes to the build instructions in pom.xml. I've never done this myself,
>> but maybe someone else on the list has.
>>
>>
>> David A. Curry, CISSP
>> Director of Information Security
>> The New School - Information Technology
>> 71 Fifth Ave., 9th Fl. ~ New York, NY 10003
>> +1 212 229-5300 x4728 ~ david...@newschool.edu
>> Sent from my phone; please excuse typos and inane auto-corrections.
>>
>>
>>
>> On Wed, May 9, 2018, 21:24 Jann Malenkoff wrote:
>>
>>> Thanks David --- for all your work on the documentation and reply below
>>> -- very much appreciated.
>>>
>>> For historical reasons, we plan to go with a WAR and place it in
>>> /opt/tomcat/webapps
>>>
>>> Our sys admin prefers an Apache HTTPD front-end and standalone tomcat as
>>> is (this is the only part we are diverting from your docs).
>>>
>>> To build a WAR.do we run './build.sh package' at
>>> '/opt/workspace/cas-overlay-template'?
>>>
>>> I don't see the WAR having the configurations we added in
>>> '/opt/workspace/cas-overlay-template/etc'
>>>
>>> Spending many hours in fron of the computer --- my apologies if I am
>>> less than coherent.
>>>
>>>
>>> On Wednesday, May 9, 2018 at 5:59:59 PM UTC-7, David Curry wrote:
>>>>
>>>> In my configuration (which is essentially what this guide is
>>>> describing), I use an external Tomcat, not the embedded one. So, my setup
>>>> follows the Tomcat hardening guidelines, which recommend deploying
>>>> exploded
>>>> directories rather than WAR files. See the section on installing Tomcat
>>>> (under Setting up the environment) for more info on this.
>>>>
>>>> The "tar" command bundles up the contents of the "target/cas"
>>>> directory, which is what would end up in the WAR file anyway, and also
>>>> your
>>>> "etc/cas/config" files.The other options just set things up so when the
>>>> files are extracted they're owned by the right user and group and have the
>>>> right permissions.
>>>>
>>>> Read ahead to the next section on the page (the installation shell
>>>> script) and you'll see where the script extracts the application into
>>>> "/var/lib/tomcat" ("/opt/tomcat/latest/webapps") and your config files
>>>> i
Re: [cas-user] Deployment Question from the Excellent Docs at: 'dacurry-tns.github.io'
Thanks David --- for all your work on the documentation and reply below --
very much appreciated.
For historical reasons, we plan to go with a WAR and place it in
/opt/tomcat/webapps
Our sys admin prefers an Apache HTTPD front-end and standalone tomcat as is
(this is the only part we are diverting from your docs).
To build a WAR.do we run './build.sh package' at
'/opt/workspace/cas-overlay-template'?
I don't see the WAR having the configurations we added in
'/opt/workspace/cas-overlay-template/etc'
Spending many hours in fron of the computer --- my apologies if I am less
than coherent.
On Wednesday, May 9, 2018 at 5:59:59 PM UTC-7, David Curry wrote:
>
> In my configuration (which is essentially what this guide is describing),
> I use an external Tomcat, not the embedded one. So, my setup follows the
> Tomcat hardening guidelines, which recommend deploying exploded directories
> rather than WAR files. See the section on installing Tomcat (under Setting
> up the environment) for more info on this.
>
> The "tar" command bundles up the contents of the "target/cas" directory,
> which is what would end up in the WAR file anyway, and also your
> "etc/cas/config" files.The other options just set things up so when the
> files are extracted they're owned by the right user and group and have the
> right permissions.
>
> Read ahead to the next section on the page (the installation shell script)
> and you'll see where the script extracts the application into
> "/var/lib/tomcat" ("/opt/tomcat/latest/webapps") and your config files into
> "/etc/cas/config".
>
> So there's no WAR file to deploy, because it's not needed in the external
> Tomcat setup. If you really want one Maven builds it and leaves it in the
> "target" directory, but it's still going to expect the config files to be
> in "/etc/cas/config", not inside the WAR file.
>
> --Dave
>
>
> David A. Curry, CISSP
> Director of Information Security
> The New School - Information Technology
> 71 Fifth Ave., 9th Fl. ~ New York, NY 10003
> +1 212 229-5300 x4728 ~ david...@newschool.edu
> Sent from my phone; please excuse typos and inane auto-corrections.
>
>
>
> On Wed, May 9, 2018, 20:29 Jann Malenkoff > wrote:
>
>> I've been following the excellent CAS installation examples at
>> https://dacurry-tns.github.io/deploying-apereo-cas/building_server_install-and-test-the-cas-application.html
>>
>> I have added our local setting for 'cas.properties' & 'log4j2.xml' in
>> '/opt/workspace/cas-overlay-template/etc/cas/config'
>>
>> However I didn't quite understand the following:
>>
>> casdev-master# cd /opt/workspace/cas-overlay-templatecasdev-master# tar czf
>> /tmp/cassrv-files.tgz --owner=root --group=tomcat --mode=g-w,o-rwx etc/cas
>> -C target cas --exclude cas/META-INF
>>
>>
>>
>>
>> Via above there is no build of the CAS war -- how will it pick up our
>> locals settings in our local setting for 'cas.properties' & 'log4j2.xml' in
>> '/opt/workspace/cas-overlay-template/etc/cas/config'?
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/333a5108-6045-4249-826f-af1c49e78466%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/333a5108-6045-4249-826f-af1c49e78466%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0970a406-025e-45f8-a846-89af17e29e7d%40apereo.org.
[cas-user] Re: Installing CAS 5
Try the docs at dacurry-tns.github.io We are midway through the docs --- it seems to be the best and most comprehensive. We are very thankful to the author(s). On Wednesday, May 9, 2018 at 3:43:04 PM UTC-7, Y Levine wrote: > > We are making a jump from CAS3 to CAS5, the learning curve is very large. > > Can anyone recommend guides for CAS installations? > > I apologize in advance, the apareo installation documents have confused > the heck out of us. > > Our starting point is from code download, to configure/build/deploy. > > Thanks. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/caf32ef5-40ee-4490-94af-e4d05062d375%40apereo.org.
[cas-user] Deployment Question from the Excellent Docs at: 'dacurry-tns.github.io'
I've been following the excellent CAS installation examples at https://dacurry-tns.github.io/deploying-apereo-cas/building_server_install-and-test-the-cas-application.html I have added our local setting for 'cas.properties' & 'log4j2.xml' in '/opt/workspace/cas-overlay-template/etc/cas/config' However I didn't quite understand the following: casdev-master# cd /opt/workspace/cas-overlay-templatecasdev-master# tar czf /tmp/cassrv-files.tgz --owner=root --group=tomcat --mode=g-w,o-rwx etc/cas -C target cas --exclude cas/META-INF Via above there is no build of the CAS war -- how will it pick up our locals settings in our local setting for 'cas.properties' & 'log4j2.xml' in '/opt/workspace/cas-overlay-template/etc/cas/config'? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/333a5108-6045-4249-826f-af1c49e78466%40apereo.org.
