[cas-user] No service definitions are found in the service manager
Hi, I have a problem with /etc/cas/services, it used to work before moving it to a shared storage and then back to local disk 2016-11-17 12:59:16,111 WARN [org.jasig.cas.web.flow.ServiceAuthorizationCheck] - No service definitions are found in the service manager. Service [https://nagios2.mydomain.com/] will not be automatically authorized to request authentication. CAS version 4.1.4 Any idea? Cheers! WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/582D9D36.2080101%40bsc.es.
Re: [cas-user] CAS shared storage
I see So then I will do that. Cheers! On 11/11/16 11:54, Yaroslav Panych wrote: We do deploy into both nodes. Sharing CATALINA_BASE is really bad idea(it contains internal tomcat state). Moreover, my cas nodes are both active, behind balancing server. Out cas update(once per month usually) procedure is simple: stop balancing into node, stop node, update .war, start node, start balancing, repeat with other nodes. No session loss so far(yes, we use couchbase cluster as ticket registry storage). 2016-11-11 11:49 GMT+02:00 Josep Manel Andrés : Hi guys, I have set up a glusterFS shared storage on two nodes cluster, pretending to get HA Active-Pasive. So I have shared /etc/cas and /etc/tomcat , but I am not sure about sharing tomcat webapps directory or instead deploying the CAS server on both nodes every time I do a modification. What do you guys would recommend me to share across ? Not caring about sharing the sessions, if a server goes offline, the users will have to log in again. Cheers! WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5825943B.70407%40bsc.es. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-401 25 73 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5825DC5A.8040302%40bsc.es.
[cas-user] CAS shared storage
Hi guys, I have set up a glusterFS shared storage on two nodes cluster, pretending to get HA Active-Pasive. So I have shared /etc/cas and /etc/tomcat , but I am not sure about sharing tomcat webapps directory or instead deploying the CAS server on both nodes every time I do a modification. What do you guys would recommend me to share across ? Not caring about sharing the sessions, if a server goes offline, the users will have to log in again. Cheers! WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5825943B.70407%40bsc.es.
Re: [cas-user] Bug on cas-services app "/" slash ?
done. cheers! On 30/09/16 11:13, Misagh Moayyed wrote: Ah, gotcha. Sorry I missed it. Yes, please do file an issue. -- Misagh From: Josep Manel Andrés <mailto:josep.and...@bsc.es> Reply: josep.and...@bsc.es <mailto:josep.and...@bsc.es> Date: September 30, 2016 at 12:35:51 PM To: cas-user@apereo.org <mailto:cas-user@apereo.org> Subject: Re: [cas-user] Bug on cas-services app "/" slash ? Yep, I know it, but nothing says that "service name" is going to create br/>a file, I mean, it is not ""File Name" I guess it should pop an error stating invalid characters are in use. Cheers. On 30/09/16 11:01, Misagh Moayyed wrote: > Google “invalid characters in file names” and see the list. > > > -- > Misagh > > From: Josep Manel Andrés <mailto:josep.and...@bsc.es> > Reply: josep.and...@bsc.es > <mailto:josep.and...@bsc.es> > Date: September 30, 2016 at 12:07:36 PM > To: CAS Community <mailto:cas-user@apereo.org> > Subject: [cas-user] Bug on cas-services app "/" slash ? > >> Hi , >> I was trying to add a service named "Observium/Nagios" >> >> And it gave me an error, "An error has occurred while attempting to >> save br/>the service. Please try again later."" >> >> When I went to look into the logs, I found it was trying to create >> >> /etc/cas/services/Observium/Nagios-5084896551456820.json >> >> So I guess when you try to create a service name containing "/" it >> br/>should say ""you are not allow to use this symbol. Am I right? >> >> Using CAS 4.1 >> >> >> Cheers! >> >> -- br/>Josep Manel Andrés (josep.andres@@bsc.es) >> Operations - Barcelona Supercomputing Center >> C/ Jordi Girona, 31 http://www.bsc.es >> 08034 Barcelona, Spain Tel: +34-93-405 42 14 >> e-mail: syst...@bsc.es Fax: +34-93-413 77 21 >> --- >> >> WARNING / LEGAL TEXT: This message is intended only for the use of the >> individual or entity to which it is addressed and may contain >> information which is privileged, confidential, proprietary, or exempt >> from disclosure under applicable law. If you are not the intended >> recipient or the person responsible for delivering the message to the >> intended recipient, you are strictly prohibited from disclosing, >> distributing, copying, or in any way using this message. If you have >> received this communication in error, please notify the sender and >> destroy and delete any copies you may have received. >> >> http://www.bsc.es/disclaimer >> >> -- br/>You received this message because you are subscribed tto the >> Google Groups "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send >> an email to cas-user+unsubscr...@apereo.org. >> To post to this group, send email to cas-user@apereo.org. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/57EE2448.7080007%40bsc.es. >> >> For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > -- > You received this message because you are subscribed to the Google > Groups "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to cas-user+unsubscr...@apereo.org > <mailto:cas-user+unsubscr...@apereo.org>. > To post to this group, send email to cas-user@apereo.org > <mailto:cas-user@apereo.org>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57ee29eb.7181aa82.2842%40unicon.net > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57ee29eb.7181aa82.2842%40unicon.net?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- br/>Josep Manel Andrés (josep.andres@@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to
Re: [cas-user] Bug on cas-services app "/" slash ?
Yep, I know it, but nothing says that "service name" is going to create a file, I mean, it is not "File Name" I guess it should pop an error stating invalid characters are in use. Cheers. On 30/09/16 11:01, Misagh Moayyed wrote: Google “invalid characters in file names” and see the list. -- Misagh From: Josep Manel Andrés <mailto:josep.and...@bsc.es> Reply: josep.and...@bsc.es <mailto:josep.and...@bsc.es> Date: September 30, 2016 at 12:07:36 PM To: CAS Community <mailto:cas-user@apereo.org> Subject: [cas-user] Bug on cas-services app "/" slash ? Hi , I was trying to add a service named "Observium/Nagios" And it gave me an error, "An error has occurred while attempting to save br/>the service. Please try again later."" When I went to look into the logs, I found it was trying to create /etc/cas/services/Observium/Nagios-5084896551456820.json So I guess when you try to create a service name containing "/" it br/>should say ""you are not allow to use this symbol. Am I right? Using CAS 4.1 Cheers! -- br/>Josep Manel Andrés (josep.andres@@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- br/>You received this message because you are subscribed tto the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57EE2448.7080007%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org>. To post to this group, send email to cas-user@apereo.org <mailto:cas-user@apereo.org>. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57ee29eb.7181aa82.2842%40unicon.net <https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57ee29eb.7181aa82.2842%40unicon.net?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57EE2AE0.109%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] Bug on cas-services app "/" slash ?
Hi , I was trying to add a service named "Observium/Nagios" And it gave me an error, "An error has occurred while attempting to save the service. Please try again later." When I went to look into the logs, I found it was trying to create /etc/cas/services/Observium/Nagios-5084896551456820.json So I guess when you try to create a service name containing "/" it should say "you are not allow to use this symbol. Am I right? Using CAS 4.1 Cheers! -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57EE2448.7080007%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] service definition with a duplicate id
Hi, I am using CAS 4.2 and cas-services to manage the services, but from time to time, I find that services definitions are created with duplicated ID without doing any manual step, only going through the web interface, is there something wrong with the cas-services that is creating duplicated service definitions? Thanks. http://something.com/.*] with a duplicate id [6152855759166060]. This will overwrite previous service definitions and is likely a configuration problem. Make sure all services have a unique id and try again.> WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57E3AA26.3060403%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Re: [cas-user] CAS with two ldap servers
ldap.url=ldap://opsld01.domain.com ldap://opsld02.domain.com This is what we use and when one goes offline, it goes straight to the active. On 21/09/16 10:28, Philippe MARASSE wrote: Hello, We use this kind of declaration : cas.authn.ldap[0].ldapUrl=ldap://ldap1.example.com ldap2.example.com Ldaptive seems happy with that. Regards Le 16/09/2016 à 16:39, Nikolas Stylianides a écrit : Hi. Does anyone know how to configure a CAS server with two ldap servers (in MirrorMode)? Thank you in advance. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org>. To post to this group, send email to cas-user@apereo.org <mailto:cas-user@apereo.org>. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ffd81de-36ce-4632-b7aa-81a81a821197%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/7ffd81de-36ce-4632-b7aa-81a81a821197%40apereo.org?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org>. To post to this group, send email to cas-user@apereo.org <mailto:cas-user@apereo.org>. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/21ecbb27-f534-eb99-e9c0-35e410f1a20e%40ch-poitiers.fr <https://groups.google.com/a/apereo.org/d/msgid/cas-user/21ecbb27-f534-eb99-e9c0-35e410f1a20e%40ch-poitiers.fr?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57E296FB.9020009%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Re: [cas-user] Step by Step guide
Yes, sure, I have my posts on my blog, but definitely those are not official documentation and therefor will contain a lot of imperfections. Cheers. On 09/09/16 14:52, Dmitriy Kopylenko wrote: There’s always a way… Feel free to contribute ;-) Cheers, D. On Sep 9, 2016, at 8:51 AM, Josep Manel Andrés wrote: Hi guys, After a while of being subscribedto this mailing list, I have noticed that we keep asking the same basic questions because there isn't a step by step guide, manual to follow or something similar. I think we loose time answering always the same questions Is there any way of having something similar to a guide? Cheers. WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57D2B040.3050704%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57D2B41D.6020804%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] Step by Step guide
Hi guys, After a while of being subscribedto this mailing list, I have noticed that we keep asking the same basic questions because there isn't a step by step guide, manual to follow or something similar. I think we loose time answering always the same questions Is there any way of having something similar to a guide? Cheers. WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57D2B040.3050704%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Re: [cas-user] How to combine LDAP and static users from a file
sorry, I've missed "file:" p:fileName="/etc/cas/local-users.properties" /> p:fileName="file:/etc/cas/local-users.properties" /> Thanks a lot, now it works. On 08/09/16 16:47, William G. Thompson, Jr. wrote: 2016-09-08 16:25:21,599 ERROR [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Read permissions on /etc/cas/local-users.properties? On Thu, Sep 8, 2016 at 10:32 AM, Josep Manel Andrés wrote: Hi Willian, Great! It kind of worked :) I have put this in the authenticationManager Bean: And this before ldapAuthenticationHandler: But now I am getting this error: 2016-09-08 16:25:21,599 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - 2016-09-08 16:25:21,599 ERROR [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Any hint? Cheers. On 08/09/16 13:58, William G. Thompson, Jr. wrote: Yes, with CAS all things are possible. :) AuthN handlers can be changed so you can have both. Something like this would work. You'll need to make sure your usernames don't overlap. Also see https://apereo.github.io/cas/4.1.x/installation/Whitelist-Authentication.html Best, Bill On Thu, Sep 8, 2016 at 4:45 AM, Josep Manel Andrés wrote: Hi all, We've got a CAS server for our systems with an LDAP backend, which works great, but we have an special case in which an app needs to be able to login with root account, but this is not on the LDAP. So my question is how it's possible to combine both systems, LDAP login and a username and password for root account only. I would like to keep it simple. Best regards. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57D1250D.1040903%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have receiv
Re: [cas-user] How to combine LDAP and static users from a file
Hi Willian, Great! It kind of worked :) I have put this in the authenticationManager Bean: class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> value-ref="proxyPrincipalResolver" /> value="#{null}" /> And this before ldapAuthenticationHandler: But now I am getting this error: 2016-09-08 16:25:21,599 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - 2016-09-08 16:25:21,599 ERROR [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Could not open ServletContext resource [/etc/cas/local-users.properties])> Any hint? Cheers. On 08/09/16 13:58, William G. Thompson, Jr. wrote: Yes, with CAS all things are possible. :) AuthN handlers can be changed so you can have both. Something like this would work. You'll need to make sure your usernames don't overlap. Also see https://apereo.github.io/cas/4.1.x/installation/Whitelist-Authentication.html Best, Bill On Thu, Sep 8, 2016 at 4:45 AM, Josep Manel Andrés wrote: Hi all, We've got a CAS server for our systems with an LDAP backend, which works great, but we have an special case in which an app needs to be able to login with root account, but this is not on the LDAP. So my question is how it's possible to combine both systems, LDAP login and a username and password for root account only. I would like to keep it simple. Best regards. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57D1250D.1040903%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57D17675.3040701%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Re: [cas-user] How to combine LDAP and static users from a file
By the way, I am running CAS 4.1 Thanks. On 08/09/16 10:45, Josep Manel Andrés wrote: Hi all, We've got a CAS server for our systems with an LDAP backend, which works great, but we have an special case in which an app needs to be able to login with root account, but this is not on the LDAP. So my question is how it's possible to combine both systems, LDAP login and a username and password for root account only. I would like to keep it simple. Best regards. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57D12670.7060709%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] How to combine LDAP and static users from a file
Hi all, We've got a CAS server for our systems with an LDAP backend, which works great, but we have an special case in which an app needs to be able to login with root account, but this is not on the LDAP. So my question is how it's possible to combine both systems, LDAP login and a username and password for root account only. I would like to keep it simple. Best regards. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57D1250D.1040903%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Re: [cas-user] Add static user to some handler
henticationKey=null], trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]], hostnameVerifier=null], providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@483b00ab], result=false, resultCode=INVALID_CREDENTIALS, message=javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials], controls=null] for criteria=[org.ldaptive.auth.AuthenticationCriteria@1986614006::dn=uid=root,ou=people,ou=my-server,dc=es, authenticationRequest=[org.ldaptive.auth.AuthenticationRequest@539576520::user=root, retAttrs=[member, uid, mail, sn, departmentNumber, telephoneNumber, givenName, displayName, groups]]]> 2016-07-11 17:22:31,934 INFO [org.ldaptive.auth.Authenticator] - 2016-07-11 17:22:31,935 DEBUG [org.ldaptive.auth.Authenticator] - response=[org.ldaptive.auth.AuthenticationHandlerResponse@1677061395::connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1777898063::config=[org.ldaptive.ConnectionConfig@163509196::ldapUrl=ldap://opsld02.my-server.es ldap://opsld01.my-server.es, connectTimeout=3000, responseTimeout=-1, sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem, authenticationCertificate=null, authenticationKey=null], trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null], useSSL=false, useStartTLS=true, connectionInitializer=null], providerConnectionFactory=[org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory@1406736210::metadata=[ldapUrl=ldap://opsld02.my-server.es ldap://opsld01.my-server.es, count=1], environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3}, providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@1368011647::operationExceptionResultCodes=[PROTOCOL_ERROR, SERVER_DOWN], properties={}, connectionStrategy=org.ldaptive.provider.ConnectionStrategies$DefaultConnectionStrategy@4017ed7e, controlProcessor=org.ldaptive.provider.ControlProcessor@7a57cb96, environment=null, tracePackets=null, removeDnUrls=true, searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null], sslSocketFactory=[org.ldaptive.ssl.TLSSocketFactory@1093902922::factory=sun.security.ssl.SSLSocketFactoryImpl@24e3c9b7, sslConfig=[org.ldaptive.ssl.SslConfig@1396091685::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-912232821::trustCertificates=file:///etc/tls/ca/ldap.my-server.es.pem, authenticationCertificate=null, authenticationKey=null], trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null]], hostnameVerifier=null], providerConnection=org.ldaptive.provider.jndi.JndiStartTLSConnection@483b00ab], result=false, resultCode=INVALID_CREDENTIALS, message=javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials], controls=null] for dn=uid=root,ou=people,ou=my-server,dc=es with request=[org.ldaptive.auth.AuthenticationRequest@539576520::user=root, retAttrs=[member, uid, mail, sn, departmentNumber, telephoneNumber, givenName, displayName, groups]]> 2016-07-11 17:22:31,935 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - 2016-07-11 17:22:31,936 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - = WHO: root WHAT: supplied credentials: [root] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Mon Jul 11 17:22:31 CEST 2016 On 11/07/16 17:15, Dmitriy Kopylenko wrote: Add it after ldap handler On Jul 11, 2016, at 11:08 AM, Josep Manel Andrés mailto:josep.and...@bsc.es>> wrote: Right , that seems to be what I need, but for 4.0.x, that is the version I am running. But now I have a problem, if I add FileAuthenticationHandler just right before ldapauthenticationhandler it can be deployed to the server but not authenticating with the username defined in the file. (I've added cas-server-support-generic support) On the logs I never see the app going to look for users defined on the file. I have tried both: AcceptUsersAuthenticationHandler too, but it never compiles Thank you. On 11/07/16 16:16, Dmitriy Kopylenko wrote: You haven’t specified the version of CAS that you use, so I’ll assume the latest. This might solve your use case: https://apereo.github.io/cas/4.2.x/installation/Whitelist-Authentication.html Cheers, D. On Jul 11, 2016, at 9:59 AM, Josep Manel Andrés mailto:josep.and...@bsc.es> <mailto:josep.and...@bsc.es>> wrote: Hi, I am using CAS to login to our webapps as a normal users, but when we want to do admin task, we need to login as a root (to our webapps ) and since we only have one authenticationHandler, which is ldapAuthenticationHandler, so I c
Re: [cas-user] Add static user to some handler
Right , that seems to be what I need, but for 4.0.x, that is the version I am running. But now I have a problem, if I add FileAuthenticationHandler just right before ldapauthenticationhandler it can be deployed to the server but not authenticating with the username defined in the file. (I've added cas-server-support-generic support) On the logs I never see the app going to look for users defined on the file. I have tried both: AcceptUsersAuthenticationHandler too, but it never compiles Thank you. On 11/07/16 16:16, Dmitriy Kopylenko wrote: You haven’t specified the version of CAS that you use, so I’ll assume the latest. This might solve your use case: https://apereo.github.io/cas/4.2.x/installation/Whitelist-Authentication.html Cheers, D. On Jul 11, 2016, at 9:59 AM, Josep Manel Andrés mailto:josep.and...@bsc.es>> wrote: Hi, I am using CAS to login to our webapps as a normal users, but when we want to do admin task, we need to login as a root (to our webapps ) and since we only have one authenticationHandler, which is ldapAuthenticationHandler, so I could not find a way to define a static root user with an static password, so the behavour wold be something like. Try to log in using ldapAuthenticationHandler, and if this doesn't work, then try to login with root account defined statically, and if it doesn't, then do nothing. Best regards. -- Josep Manel Andrés (josep.and...@bsc.es <mailto:josep.and...@bsc.es>) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es <mailto:syst...@bsc.es> Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5783A634.50605%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5783B652.8060606%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] Add static user to some handler
Hi, I am using CAS to login to our webapps as a normal users, but when we want to do admin task, we need to login as a root (to our webapps ) and since we only have one authenticationHandler, which is ldapAuthenticationHandler, so I could not find a way to define a static root user with an static password, so the behavour wold be something like. Try to log in using ldapAuthenticationHandler, and if this doesn't work, then try to login with root account defined statically, and if it doesn't, then do nothing. Best regards. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5783A634.50605%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] Active/Passive cluster CAS 4.1.x
Hi, I am trying to set up a tomcat cluster infrastructure to meet HA requirements. I've seen Active/passive is probable the easiest solution, since I wouldn't need shared ticket registry. So my thoughts are that what I need are two tomcats servers running (one on each server) and a floating IP managed by Heartbeat Am I right? I don't mind losing actual tickets when the system fails. But I also have a GlusterFS replicated volume on the servers to share cas.properties, certificates, services... (something else???) Thanks. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57559F3F.8090606%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Re: [cas-user] Re: CAS NEW USER HELP
Nice! Here is a very good link where you will find the documentation. http://apereo.github.io/cas/4.2.x/index.html Cheers. On 02/06/16 09:41, Atul shinde wrote: i need to access to different web service login authentication through cas service using json token. help me ...! On Thursday, June 2, 2016 at 1:01:07 PM UTC+5:30, Atul shinde wrote: Hello, i am new in cas user i need to help for development in central Authentication Service for login control for other rest web services. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org>. To post to this group, send email to cas-user@apereo.org <mailto:cas-user@apereo.org>. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0033d8a2-270c-48e9-a7d6-d06b3f35a1f2%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0033d8a2-270c-48e9-a7d6-d06b3f35a1f2%40apereo.org?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/574FF747.5020005%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Re: [cas-user] cas documentation
is group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/573046DB.2090604%40gmail.com <https://groups.google.com/a/apereo.org/d/msgid/cas-user/573046DB.2090604%40gmail.com?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org>. To post to this group, send email to cas-user@apereo.org <mailto:cas-user@apereo.org>. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1462787383454-4b5343d9-10aa943e-fca9d3b4%40unicon.net <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1462787383454-4b5343d9-10aa943e-fca9d3b4%40unicon.net?utm_medium=email&utm_source=footer>. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/57305FE4.4090607%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] LDAP return attributes
Hi all, I've been trying to understand how attribute mapping works on cas, but I am missing something. So far I found this bean on deployerConfigContext.xml: Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation may go against a database or LDAP server. The id should remain "attributeRepository" though. +--> class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao" p:backingMap-ref="attrRepoBackingMap" /> memberOf faculty staff org And then on cas-services/WEB-INF/managementConfigContext.xml there are some entries which I don't really understand what they do, when I add a attribute , it appears on the web interface, but nothing is being passed to the CAS client: class="org.jasig.services.persondir.support.StubPersonAttributeDao" p:backingMap-ref="backingMap"> I've tried to go over the oficial documentations but still is not clear to me, can anyone give me a hint on this, please? Thank you! This is what the cas client gets always: D, [2016-05-04T12:32:04.730895 #16991] DEBUG -- : CAS server responded with #: jandres -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5729D34C.8030401%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] CAS LDAP failover
Hi, I've got two LDAP servers acting as slave, so far I have set up CAS server to connect to only one of those servers, but before going on production I would like to add another server to the pool, but I am not sure whether it's ok to just add another server to this entry in cas.properties file # # General properties # ldap.url=ldaps://ldap1.domain.com Or on the other hand I should add something to my deployerConfigContext.xml In that case what are the entries that I should add? ldapAuthenticationHandler? Thanks. http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:c="http://www.springframework.org/schema/c"; xmlns:tx="http://www.springframework.org/schema/tx"; xmlns:util="http://www.springframework.org/schema/util"; xmlns:sec="http://www.springframework.org/schema/security"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd";> class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> value-ref="proxyPrincipalResolver" /> value-ref="primaryPrincipalResolver" /> class="org.jasig.cas.authentication.AnyAuthenticationPolicy" /> class="org.ldaptive.auth.PooledBindAuthenticationHandler" p:connectionFactory-ref="pooledLdapConnectionFactory"/> class="org.ldaptive.DefaultConnectionFactory" p:connectionConfig-ref="connectionConfig"/> class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao" p:backingMap-ref="attrRepoBackingMap" /> memberOf faculty staff org class="org.jasig.cas.services.JsonServiceRegistryDao" c:configDirectory="${service.registry.config.location:classpath:services}" /> class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" /> p:freeMemoryWarnThreshold="10" /> -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5707932B.6010100%40bsc.es. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] UI theme customization
Hi all, I am trying to create a new custom theme for CAS, but when it comes to the views, I get lost I found something in the old documentation talking about views. But it is still not clear to me, it says that the file WEB-INF/classes/default_views.properties - This file stores the locations of the default views (JSP pages) that CAS uses. In general, you use should the Maven2 WAR Overlay Method to override the views rather than changing the locations. But I shouldn't use it, rather use CAS Maven overlay. So, what does it mean exactly? Which files should I change instead? Do you guys know any manual to follow about changing look and feel? (I am using CAS 4.1.0) Thanks. WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
[cas-user] CAS authentication issues with phpCAS and modAuthCAS
Hi all, I am done with the cas server deployment, along with the service management app, both working fine. When I log in to service management app it also works fine, but when I set up apache servers to authenticate using either mod_auth_cas or phpCAS I get into a loop that never ends when I press login button, nothing happens, but keeps trying to load the main page. Apache logs shows trying to go to the page it is supposed to redirect to, but nothing happens, I am running phpCAS 1.0.1 mediawiki extension: "name"=> "CASAuth", "version" => "1.1a", "author" => "Ioannis Yessios", "url" => "http://www.mediawiki.org/wiki/Extension:CASAuthentication";, apache 2.4.10 SLES 12 I've tried to set de CAS protocol on CASAuth mediawiki extension to 2, but it didn't help. Not sure if this is related to the fact that I am running CAS 4.1 and it has change the way it performs the validation. I've tried many other servers that used to validate to a CAS 3 server and none of them are able to validate to the new CAS 4 server. Thanks. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
Re: [cas-user] CAS Service Management webapp not loading
Hi, I fixed it, was a path that was not correctly set up in cas-management.properties. Here is how the file looks right now. # CAS cas.host=https://cas02.mydomain.com:8443 cas.prefix=${cas.host}/cas --> I believe /cas was the problem, since it was not there before cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${cas.prefix}/login cas.securityContext.ticketValidator.casServerUrlPrefix=${cas.prefix} # Management cas-management.host=https://cas02.mydomain.com:8443 cas-management.prefix=${cas-management.host}/cas-services cas-management.securityContext.serviceProperties.service=${cas-management.prefix}/login/cas cas-management.securityContext.serviceProperties.adminRoles=hasRole('ROLE_ADMIN') Hope this helps. Just some thoughts about documentation Don't you guys find a lack of documentation/procedures for CAS environment? Specially compared with CAS 3.X version, I think with the version 4 documentation has become more schematic, less explanatory. I think it is a great tool used by a lot of centers but I cannot find manuals/guides/articles on how to intall, deploy, tweak. cas server. Do you guys think it is due the commercial support being behind the product? Doesn't matter!!, a lot of free software projects have commercial support and still they have a lot of documentation. Cheers! On 09/03/16 09:33, Josep Manel Andrés wrote: My cas.properties and cas-management.properties are located in /etc/cas directory and called from the cas app. The problem is that cas-services is not able to log anything to the files, it has only created an empty file, but nothing more. Yes, I did restart the server after changes. and tomcat logs only shows 302 error or 401 errors Cheers. On 08/03/16 15:45, Dmitriy Kopylenko wrote: Hard to say what is going on there… Where’s your cas.properties file - e.g. externalized vs embedded in the cas.war? Have you restarted the Tomcat after adding the user? etc. etc. You will have to do some log files sifting to figure out what is going on. Best, D. On Mar 8, 2016, at 8:36 AM, Josep Manel Andrés <mailto:josep.and...@bsc.es>> wrote: Hi, I've added my user there, but I don't even have the chance to get the login page, when I type cas02.mydomain.com <http://cas02.mydomain.com>:8443/cas-services I get redirected somewhere and tomcat throws a 404 error. The only place I can go is cas02.mydomain.com <http://cas02.mydomain.com>:8443/cas which the main cas server, to which I am able to log in. But the weird thing is when I type https://cas02.mydomain.com:8443/cas-services/login/cas I am able to get the unauthorized access page. On 08/03/16 14:29, Dmitriy Kopylenko wrote: What user are you using to login to the mgmt app? By default only 'casuser' is authorized to use the app: https://github.com/Jasig/cas-services-management-overlay/blob/master/etc/user-details.properties#L29 Cheers, Dmitriy. Sent from my iPhone On Mar 8, 2016, at 08:23, Josep Manel Andrés wrote: No problem at all, Regarding the deployment, I did it for both, server and cas-services: opscas02:/opt/tomcat # l webapps/ total 81740 drwxr-xr-x 8 root root 4096 Feb 17 17:12 ./ drwxr-xr-x 9 root root 4096 Feb 4 12:40 ../ drwxr-xr-x 3 tomcat root 4096 Feb 4 12:40 ROOT/ drwxr-xr-x 8 tomcat tomcat 4096 Feb 17 10:52 cas-services/ -rw-r--r-- 1 root root 36622968 Feb 17 10:52 cas-services.war -rw-r--r-- 1 root root 47040277 Feb 17 17:12 cas.war drwxr-xr-x 14 tomcat root 4096 Feb 4 12:40 docs/ drwxr-xr-x 7 tomcat root 4096 Feb 4 12:40 examples/ drwxr-xr-x 5 tomcat root 4096 Feb 4 12:40 host-manager/ drwxr-xr-x 5 tomcat root 4096 Feb 4 12:40 manager/ opscas02:/opt/tomcat # I even get this screen: and cas server is working and authenticating: So, I assume there might be something wrong with the config files. when I access to https://cas02.mydomain.com:8443/cas-services I get redirected to: https://cas02.mydomain:8443/login?service=https%3A%2F%2Fcas02.bsc.es%2Fcas-services%2Flogin%2Fcas not sure if this is correct. Thanks for yor help. On 08/03/16 14:03, Misagh Moayyed wrote: My default. I was too presumptuous in my last post. Sorry about that. So to clarify, there is a CAS webapp, and there is a CAS management webapp. These are two different applications, that need to be separately deployed. Your brief snippet here below shows that you have only deployed the former and not the latter. (You copied the cas.war over to tomcat's but not the other app) So you get a 404 when you try to access it. You have not deployed the management app. In order to do so, you need a separate overlay that builds that app for you just like you have one now that builds the main CAS application for you. This is a good starting point: https://github.com/Jasig/cas-services-management-overlay Have you done any of those steps? -Original Message- From:cas-user@apereo.org [mailto:cas-user@apereo.org]
Re: [cas-user] CAS Service Management webapp not loading
My cas.properties and cas-management.properties are located in /etc/cas directory and called from the cas app. The problem is that cas-services is not able to log anything to the files, it has only created an empty file, but nothing more. Yes, I did restart the server after changes. and tomcat logs only shows 302 error or 401 errors Cheers. On 08/03/16 15:45, Dmitriy Kopylenko wrote: Hard to say what is going on there… Where’s your cas.properties file - e.g. externalized vs embedded in the cas.war? Have you restarted the Tomcat after adding the user? etc. etc. You will have to do some log files sifting to figure out what is going on. Best, D. On Mar 8, 2016, at 8:36 AM, Josep Manel Andrés <mailto:josep.and...@bsc.es>> wrote: Hi, I've added my user there, but I don't even have the chance to get the login page, when I type cas02.mydomain.com <http://cas02.mydomain.com>:8443/cas-services I get redirected somewhere and tomcat throws a 404 error. The only place I can go is cas02.mydomain.com <http://cas02.mydomain.com>:8443/cas which the main cas server, to which I am able to log in. But the weird thing is when I type https://cas02.mydomain.com:8443/cas-services/login/cas I am able to get the unauthorized access page. On 08/03/16 14:29, Dmitriy Kopylenko wrote: What user are you using to login to the mgmt app? By default only 'casuser' is authorized to use the app: https://github.com/Jasig/cas-services-management-overlay/blob/master/etc/user-details.properties#L29 Cheers, Dmitriy. Sent from my iPhone On Mar 8, 2016, at 08:23, Josep Manel Andrés wrote: No problem at all, Regarding the deployment, I did it for both, server and cas-services: opscas02:/opt/tomcat # l webapps/ total 81740 drwxr-xr-x 8 root root 4096 Feb 17 17:12 ./ drwxr-xr-x 9 root root 4096 Feb 4 12:40 ../ drwxr-xr-x 3 tomcat root 4096 Feb 4 12:40 ROOT/ drwxr-xr-x 8 tomcat tomcat 4096 Feb 17 10:52 cas-services/ -rw-r--r-- 1 root root 36622968 Feb 17 10:52 cas-services.war -rw-r--r-- 1 root root 47040277 Feb 17 17:12 cas.war drwxr-xr-x 14 tomcat root 4096 Feb 4 12:40 docs/ drwxr-xr-x 7 tomcat root 4096 Feb 4 12:40 examples/ drwxr-xr-x 5 tomcat root 4096 Feb 4 12:40 host-manager/ drwxr-xr-x 5 tomcat root 4096 Feb 4 12:40 manager/ opscas02:/opt/tomcat # I even get this screen: and cas server is working and authenticating: So, I assume there might be something wrong with the config files. when I access to https://cas02.mydomain.com:8443/cas-services I get redirected to: https://cas02.mydomain:8443/login?service=https%3A%2F%2Fcas02.bsc.es%2Fcas-services%2Flogin%2Fcas not sure if this is correct. Thanks for yor help. On 08/03/16 14:03, Misagh Moayyed wrote: My default. I was too presumptuous in my last post. Sorry about that. So to clarify, there is a CAS webapp, and there is a CAS management webapp. These are two different applications, that need to be separately deployed. Your brief snippet here below shows that you have only deployed the former and not the latter. (You copied the cas.war over to tomcat's but not the other app) So you get a 404 when you try to access it. You have not deployed the management app. In order to do so, you need a separate overlay that builds that app for you just like you have one now that builds the main CAS application for you. This is a good starting point: https://github.com/Jasig/cas-services-management-overlay Have you done any of those steps? -Original Message- From:cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Josep Manel Andrés Sent: Tuesday, March 8, 2016 5:33 AM To:cas-user@apereo.org Subject: Re: [cas-user] CAS Service Management webapp not loading But I have multiple applications running on the same server under the same port, just in different paths, like /cas /docs /examples /manager On 08/03/16 13:24, Misagh Moayyed wrote: Your configuration for the management app says: 1. My CAS server is running here:https://cas02.mydomain:8443 2. My Mgmt server is running here:https://cas02.mydomain.com:8443 Which is of course wrong. You either need to pick a different server or a different port. These are two different apps, assuming you're on some version of CAS4. -Original Message- From:cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Josep Manel Andrés Sent: Tuesday, March 8, 2016 4:55 AM To:cas-user@apereo.org Subject: Re: [cas-user] CAS Service Management webapp not loading Hi, After some days stuck here, I come back to see if anyone can help me with this. With the following setup I can get to the login page https://cas02.mydomain:8443/cas but I get a 404 error when going to https://cas02.mydomain:8443/cas-services But if I go tohttps://cas02.mydomain:8443/cas-services/login/cas I can see the unauthorized page. Any help would be appreciated. This is my cas-management.properties # CAS cas.host=https://cas02.mydomain:8443 #ca
Re: [cas-user] CAS Service Management webapp not loading
Hi, I've added my user there, but I don't even have the chance to get the login page, when I type cas02.mydomain.com:8443/cas-services I get redirected somewhere and tomcat throws a 404 error. The only place I can go is cas02.mydomain.com:8443/cas which the main cas server, to which I am able to log in. But the weird thing is when I type https://cas02.mydomain.com:8443/cas-services/login/cas I am able to get the unauthorized access page. On 08/03/16 14:29, Dmitriy Kopylenko wrote: What user are you using to login to the mgmt app? By default only 'casuser' is authorized to use the app: https://github.com/Jasig/cas-services-management-overlay/blob/master/etc/user-details.properties#L29 Cheers, Dmitriy. Sent from my iPhone On Mar 8, 2016, at 08:23, Josep Manel Andrés <mailto:josep.and...@bsc.es>> wrote: No problem at all, Regarding the deployment, I did it for both, server and cas-services: opscas02:/opt/tomcat # l webapps/ total 81740 drwxr-xr-x 8 root root 4096 Feb 17 17:12 ./ drwxr-xr-x 9 root root 4096 Feb 4 12:40 ../ drwxr-xr-x 3 tomcat root 4096 Feb 4 12:40 ROOT/ drwxr-xr-x 8 tomcat tomcat 4096 Feb 17 10:52 cas-services/ -rw-r--r-- 1 root root 36622968 Feb 17 10:52 cas-services.war -rw-r--r-- 1 root root 47040277 Feb 17 17:12 cas.war drwxr-xr-x 14 tomcat root 4096 Feb 4 12:40 docs/ drwxr-xr-x 7 tomcat root 4096 Feb 4 12:40 examples/ drwxr-xr-x 5 tomcat root 4096 Feb 4 12:40 host-manager/ drwxr-xr-x 5 tomcat root 4096 Feb 4 12:40 manager/ opscas02:/opt/tomcat # I even get this screen: and cas server is working and authenticating: So, I assume there might be something wrong with the config files. when I access to https://cas02.mydomain.com:8443/cas-services I get redirected to: https://cas02.mydomain:8443/login?service=https%3A%2F%2Fcas02.bsc.es%2Fcas-services%2Flogin%2Fcas not sure if this is correct. Thanks for yor help. On 08/03/16 14:03, Misagh Moayyed wrote: My default. I was too presumptuous in my last post. Sorry about that. So to clarify, there is a CAS webapp, and there is a CAS management webapp. These are two different applications, that need to be separately deployed. Your brief snippet here below shows that you have only deployed the former and not the latter. (You copied the cas.war over to tomcat's but not the other app) So you get a 404 when you try to access it. You have not deployed the management app. In order to do so, you need a separate overlay that builds that app for you just like you have one now that builds the main CAS application for you. This is a good starting point: https://github.com/Jasig/cas-services-management-overlay Have you done any of those steps? -Original Message- From:cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Josep Manel Andrés Sent: Tuesday, March 8, 2016 5:33 AM To:cas-user@apereo.org Subject: Re: [cas-user] CAS Service Management webapp not loading But I have multiple applications running on the same server under the same port, just in different paths, like /cas /docs /examples /manager On 08/03/16 13:24, Misagh Moayyed wrote: Your configuration for the management app says: 1. My CAS server is running here:https://cas02.mydomain:8443 2. My Mgmt server is running here:https://cas02.mydomain.com:8443 Which is of course wrong. You either need to pick a different server or a different port. These are two different apps, assuming you're on some version of CAS4. -Original Message- From:cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Josep Manel Andrés Sent: Tuesday, March 8, 2016 4:55 AM To:cas-user@apereo.org Subject: Re: [cas-user] CAS Service Management webapp not loading Hi, After some days stuck here, I come back to see if anyone can help me with this. With the following setup I can get to the login page https://cas02.mydomain:8443/cas but I get a 404 error when going to https://cas02.mydomain:8443/cas-services But if I go tohttps://cas02.mydomain:8443/cas-services/login/cas I can see the unauthorized page. Any help would be appreciated. This is my cas-management.properties # CAS cas.host=https://cas02.mydomain:8443 #cas.host=https://localhost:8443 cas.prefix=${cas.host} cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${cas.pref ix}/login cas.securityContext.ticketValidator.casServerUrlPrefix=${cas.prefix} # Management cas-management.host=https://cas02.mydomain.com:8443 cas-management.prefix=${cas-management.host}/cas-services cas-management.securityContext.serviceProperties.service=${cas- management.prefix}/login/cas cas- management.securityContext.serviceProperties.adminRoles=hasRole('ROLE _AD MIN') # views cas-management.viewResolver.basename=default_views ## # User details file location that contains list of users # who are allowed access to the management webapp: # user.details.file.location =file:/etc/cas/user-details.properties ## # JSON Service Registry # # Directo
Re: [cas-user] CAS Service Management webapp not loading
No problem at all, Regarding the deployment, I did it for both, server and cas-services: opscas02:/opt/tomcat # l webapps/ total 81740 drwxr-xr-x 8 root root 4096 Feb 17 17:12 ./ drwxr-xr-x 9 root root 4096 Feb 4 12:40 ../ drwxr-xr-x 3 tomcat root 4096 Feb 4 12:40 ROOT/ drwxr-xr-x 8 tomcat tomcat 4096 Feb 17 10:52 cas-services/ -rw-r--r-- 1 root root 36622968 Feb 17 10:52 cas-services.war -rw-r--r-- 1 root root 47040277 Feb 17 17:12 cas.war drwxr-xr-x 14 tomcat root 4096 Feb 4 12:40 docs/ drwxr-xr-x 7 tomcat root 4096 Feb 4 12:40 examples/ drwxr-xr-x 5 tomcat root 4096 Feb 4 12:40 host-manager/ drwxr-xr-x 5 tomcat root 4096 Feb 4 12:40 manager/ opscas02:/opt/tomcat # I even get this screen: and cas server is working and authenticating: So, I assume there might be something wrong with the config files. when I access to https://cas02.mydomain.com:8443/cas-services I get redirected to: https://cas02.mydomain:8443/login?service=https%3A%2F%2Fcas02.bsc.es%2Fcas-services%2Flogin%2Fcas not sure if this is correct. Thanks for yor help. On 08/03/16 14:03, Misagh Moayyed wrote: My default. I was too presumptuous in my last post. Sorry about that. So to clarify, there is a CAS webapp, and there is a CAS management webapp. These are two different applications, that need to be separately deployed. Your brief snippet here below shows that you have only deployed the former and not the latter. (You copied the cas.war over to tomcat's but not the other app) So you get a 404 when you try to access it. You have not deployed the management app. In order to do so, you need a separate overlay that builds that app for you just like you have one now that builds the main CAS application for you. This is a good starting point: https://github.com/Jasig/cas-services-management-overlay Have you done any of those steps? -Original Message- From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Josep Manel Andrés Sent: Tuesday, March 8, 2016 5:33 AM To: cas-user@apereo.org Subject: Re: [cas-user] CAS Service Management webapp not loading But I have multiple applications running on the same server under the same port, just in different paths, like /cas /docs /examples /manager On 08/03/16 13:24, Misagh Moayyed wrote: Your configuration for the management app says: 1. My CAS server is running here: https://cas02.mydomain:8443 2. My Mgmt server is running here: https://cas02.mydomain.com:8443 Which is of course wrong. You either need to pick a different server or a different port. These are two different apps, assuming you're on some version of CAS4. -Original Message- From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Josep Manel Andrés Sent: Tuesday, March 8, 2016 4:55 AM To: cas-user@apereo.org Subject: Re: [cas-user] CAS Service Management webapp not loading Hi, After some days stuck here, I come back to see if anyone can help me with this. With the following setup I can get to the login page https://cas02.mydomain:8443/cas but I get a 404 error when going to https://cas02.mydomain:8443/cas-services But if I go to https://cas02.mydomain:8443/cas-services/login/cas I can see the unauthorized page. Any help would be appreciated. This is my cas-management.properties # CAS cas.host=https://cas02.mydomain:8443 #cas.host=https://localhost:8443 cas.prefix=${cas.host} cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${cas.pref ix}/login cas.securityContext.ticketValidator.casServerUrlPrefix=${cas.prefix} # Management cas-management.host=https://cas02.mydomain.com:8443 cas-management.prefix=${cas-management.host}/cas-services cas-management.securityContext.serviceProperties.service=${cas- management.prefix}/login/cas cas- management.securityContext.serviceProperties.adminRoles=hasRole('ROLE _AD MIN') # views cas-management.viewResolver.basename=default_views ## # User details file location that contains list of users # who are allowed access to the management webapp: # user.details.file.location = file:/etc/cas/user-details.properties ## # JSON Service Registry # # Directory location where JSON service files may be found. service.registry.config.location=file:/etc/cas/services ## # Log4j # Default sourced from WEB-INF/spring-configuration/log4jConfiguration.xml: # # It is often time helpful to externalize log4j.xml to a system path to preserve settings between upgrades. # e.g. log4j.config.location=file:/etc/cas/log4j2.xml log4j.config.location=file:/etc/cas/log4j2.xml And here is my cas.properties #server.name=http://cas02.bsc.es:8080 server.name=https://cas02.bsc.es:8443 server.prefix=${server.name}/cas On 17/02/16 17:11, Josep Manel Andrés wrote: Hi, I am done with the CAS installation along with the LDAP setup (btw, I had to enable SAML under pom.xml for LDAP auth to workdon't know why...) so now I am trying to build and deploy cas-services management webapp, following the maven overlay, I just follow
Re: [cas-user] CAS Service Management webapp not loading
But I have multiple applications running on the same server under the same port, just in different paths, like /cas /docs /examples /manager On 08/03/16 13:24, Misagh Moayyed wrote: Your configuration for the management app says: 1. My CAS server is running here: https://cas02.mydomain:8443 2. My Mgmt server is running here: https://cas02.mydomain.com:8443 Which is of course wrong. You either need to pick a different server or a different port. These are two different apps, assuming you're on some version of CAS4. -Original Message- From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Josep Manel Andrés Sent: Tuesday, March 8, 2016 4:55 AM To: cas-user@apereo.org Subject: Re: [cas-user] CAS Service Management webapp not loading Hi, After some days stuck here, I come back to see if anyone can help me with this. With the following setup I can get to the login page https://cas02.mydomain:8443/cas but I get a 404 error when going to https://cas02.mydomain:8443/cas-services But if I go to https://cas02.mydomain:8443/cas-services/login/cas I can see the unauthorized page. Any help would be appreciated. This is my cas-management.properties # CAS cas.host=https://cas02.mydomain:8443 #cas.host=https://localhost:8443 cas.prefix=${cas.host} cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${cas.prefix}/login cas.securityContext.ticketValidator.casServerUrlPrefix=${cas.prefix} # Management cas-management.host=https://cas02.mydomain.com:8443 cas-management.prefix=${cas-management.host}/cas-services cas-management.securityContext.serviceProperties.service=${cas- management.prefix}/login/cas cas- management.securityContext.serviceProperties.adminRoles=hasRole('ROLE_AD MIN') # views cas-management.viewResolver.basename=default_views ## # User details file location that contains list of users # who are allowed access to the management webapp: # user.details.file.location = file:/etc/cas/user-details.properties ## # JSON Service Registry # # Directory location where JSON service files may be found. service.registry.config.location=file:/etc/cas/services ## # Log4j # Default sourced from WEB-INF/spring-configuration/log4jConfiguration.xml: # # It is often time helpful to externalize log4j.xml to a system path to preserve settings between upgrades. # e.g. log4j.config.location=file:/etc/cas/log4j2.xml log4j.config.location=file:/etc/cas/log4j2.xml And here is my cas.properties #server.name=http://cas02.bsc.es:8080 server.name=https://cas02.bsc.es:8443 server.prefix=${server.name}/cas On 17/02/16 17:11, Josep Manel Andrés wrote: Hi, I am done with the CAS installation along with the LDAP setup (btw, I had to enable SAML under pom.xml for LDAP auth to workdon't know why...) so now I am trying to build and deploy cas-services management webapp, following the maven overlay, I just followed the procedure from the website that is basically coping the files from etc directory and moving them, to my /etc/cas/ directory along with cas.properties and log4j2.xml. I also edited log4j2.xml and added append="true" filePattern="/opt/tomcat/logs/cas-services/cas-management-%d{-MM- dd-HH}-%i.log.gz"> So, app is compiling and deployment is fine, but when I go to : https://cas02.mydomain.com:8443/cas%2Dservices/ nothing is loaded (I noticed there is %2D instead of a dash, doesn't matter if I replace it with a dash) but if I go to : https://cas02.mydomain.com:8443/cas-services/login/cas I get a CAS Services Management webpage stating: Access Denied You are not authorized to access this resource. Contact your CAS administrator for more info. I don't even have the chance to put username and password. do I have to modify pom.xml on cas-overlay or on the cas-service-management overlay? Thanks. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubsc
Re: [cas-user] CAS Service Management webapp not loading
Hi, After some days stuck here, I come back to see if anyone can help me with this. With the following setup I can get to the login page https://cas02.mydomain:8443/cas but I get a 404 error when going to https://cas02.mydomain:8443/cas-services But if I go to https://cas02.mydomain:8443/cas-services/login/cas I can see the unauthorized page. Any help would be appreciated. This is my cas-management.properties # CAS cas.host=https://cas02.mydomain:8443 #cas.host=https://localhost:8443 cas.prefix=${cas.host} cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${cas.prefix}/login cas.securityContext.ticketValidator.casServerUrlPrefix=${cas.prefix} # Management cas-management.host=https://cas02.mydomain.com:8443 cas-management.prefix=${cas-management.host}/cas-services cas-management.securityContext.serviceProperties.service=${cas-management.prefix}/login/cas cas-management.securityContext.serviceProperties.adminRoles=hasRole('ROLE_ADMIN') # views cas-management.viewResolver.basename=default_views ## # User details file location that contains list of users # who are allowed access to the management webapp: # user.details.file.location = file:/etc/cas/user-details.properties ## # JSON Service Registry # # Directory location where JSON service files may be found. service.registry.config.location=file:/etc/cas/services ## # Log4j # Default sourced from WEB-INF/spring-configuration/log4jConfiguration.xml: # # It is often time helpful to externalize log4j.xml to a system path to preserve settings between upgrades. # e.g. log4j.config.location=file:/etc/cas/log4j2.xml log4j.config.location=file:/etc/cas/log4j2.xml And here is my cas.properties #server.name=http://cas02.bsc.es:8080 server.name=https://cas02.bsc.es:8443 server.prefix=${server.name}/cas On 17/02/16 17:11, Josep Manel Andrés wrote: Hi, I am done with the CAS installation along with the LDAP setup (btw, I had to enable SAML under pom.xml for LDAP auth to workdon't know why...) so now I am trying to build and deploy cas-services management webapp, following the maven overlay, I just followed the procedure from the website that is basically coping the files from etc directory and moving them, to my /etc/cas/ directory along with cas.properties and log4j2.xml. I also edited log4j2.xml and added So, app is compiling and deployment is fine, but when I go to : https://cas02.mydomain.com:8443/cas%2Dservices/ nothing is loaded (I noticed there is %2D instead of a dash, doesn't matter if I replace it with a dash) but if I go to : https://cas02.mydomain.com:8443/cas-services/login/cas I get a CAS Services Management webpage stating: Access Denied You are not authorized to access this resource. Contact your CAS administrator for more info. I don't even have the chance to put username and password. do I have to modify pom.xml on cas-overlay or on the cas-service-management overlay? Thanks. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
[cas-user] CAS Service Management webapp not loading
Hi, I am done with the CAS installation along with the LDAP setup (btw, I had to enable SAML under pom.xml for LDAP auth to workdon't know why...) so now I am trying to build and deploy cas-services management webapp, following the maven overlay, I just followed the procedure from the website that is basically coping the files from etc directory and moving them, to my /etc/cas/ directory along with cas.properties and log4j2.xml. I also edited log4j2.xml and added fileName="/opt/tomcat/logs/cas-services/cas-management.log" append="true" filePattern="/opt/tomcat/logs/cas-services/cas-management-%d{-MM-dd-HH}-%i.log.gz"> So, app is compiling and deployment is fine, but when I go to : https://cas02.mydomain.com:8443/cas%2Dservices/ nothing is loaded (I noticed there is %2D instead of a dash, doesn't matter if I replace it with a dash) but if I go to : https://cas02.mydomain.com:8443/cas-services/login/cas I get a CAS Services Management webpage stating: Access Denied You are not authorized to access this resource. Contact your CAS administrator for more info. I don't even have the chance to put username and password. do I have to modify pom.xml on cas-overlay or on the cas-service-management overlay? Thanks. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
[cas-user] CAS and LDAP
Hi, After setting up the Authentication handler, it keeps telling me that cannot find it... 2016-02-16 11:27:21,937 WARN [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - Cannot find authentication handler that supports user, which suggests a configuration problem. 2016-02-16 11:27:21,938 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN Here is the deployer src/main/webapp/WEB-INF/deployerConfigContext.xml and here the whole file: http://pastebin.com/aHbb41xG Any idea on how to keep debugging this? Here is the cas.properties ## # LDAP CAS # # General properties # ldap.url=ldap://ldap.bsc.es # LDAP connection timeout in milliseconds ldap.connectTimeout=3000 # Whether to use StartTLS (probably needed if not SSL connection) ldap.useStartTLS=false # # LDAP connection pool configuration # ldap.pool.minSize=3 ldap.pool.maxSize=10 ldap.pool.validateOnCheckout=false ldap.pool.validatePeriodically=true # Amount of time in milliseconds to block on pool exhausted condition # before giving up. ldap.pool.blockWaitTime=3000 # Frequency of connection validation in seconds # Only applies if validatePeriodically=true ldap.pool.validatePeriod=300 # Attempt to prune connections every N seconds ldap.pool.prunePeriod=300 # Maximum amount of time an idle connection is allowed to be in # pool before it is liable to be removed/destroyed ldap.pool.idleTime=600 # # Authentication # # Base DN of users to be authenticated ldap.authn.baseDn=ou=people,ou=center,dc=es # A path to trusted X.509 certificate for StartTLS ldap.trustedCert=file:///etc/tls/ca/ldap.bsc.es.pem Thanks. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
[cas-user] DefaultTicketRegistry
Hi all, I am trying to set up cas along with LDAP, so far seems that the LDAP part is not complaining anymore but now I have problems with ticket registry, I want to go for the default in memory system, should I specify something in my pom.xml (from maven overlay) ? or in the deployerConfigContext.xml ? should I have this file? l src/main/webapp/WEB-INF/spring-configuration/ticketRegistry.xml the error I get is(therefore the app is not starting): 2016-02-04 15:25:39,807 WARN [org.springframework.web.context.support.XmlWebApplicationContext] - refresh attempt org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ticketRegistryCleaner' defined in ServletContext resource [/WEB-INF/spring-configuration/ticketRegistry.xml]: Cannot resolve reference to bean 'centralAuthenticationService' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'centralAuthenticationService' defined in ServletContext resource [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot resolve reference to bean 'authenticationManager' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean 'proxyPrincipalResolver' while setting constructor argument with key []; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'proxyPrincipalResolver' is defined and my deployerConfigContext is: Thanks a lot! http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:c="http://www.springframework.org/schema/c"; xmlns:tx="http://www.springframework.org/schema/tx"; xmlns:util="http://www.springframework.org/schema/util"; xmlns:sec="http://www.springframework.org/schema/security"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd";> class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> value-ref="proxyPrincipalResolver" /> value-ref="primaryPrincipalResolver" /> class="org.jasig.cas.authentication.AnyAuthenticationPolicy" /> class="org.ldaptive.auth.PooledBindAuthenticationHandler" p:connectionFactory-ref="pooledLdapConnectionFactory"/> class="org.ldaptive.DefaultConnectionFactory" p:connectionConfig-ref="connectionConfig"/> class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao" p:backingMap-ref="attrRepoBackingMap" /> memberOf faculty staff org class="org.jasig.cas.services.JsonServiceRegistryDao" c:configDirectory="${service.registry.config.location:classpath:services}" /> class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" /> p:freeMemoryWarnThreshold="10" /> WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this
Re: [cas-user] CAS documentation
Hi, Ok, so what I have done is to add the LDAP integration to the pom.xml, then I've copied deployerConfigContext.xml to the maven overlay and edited it as stated in the documentation link that you send me. The first sniped I have added is: The second piece of code is the LDAP Handler (commenting out the default one) displayName mail memberOf Then I've edited the ca.properties as follows: ## # LDAP CAS # # General properties # ldap.url=ldap://ldap.mydomain.es # LDAP connection timeout in milliseconds ldap.connectTimeout=3000 # Whether to use StartTLS (probably needed if not SSL connection) ldap.useStartTLS=false # # LDAP connection pool configuration # ldap.pool.minSize=3 ldap.pool.maxSize=10 ldap.pool.validateOnCheckout=false ldap.pool.validatePeriodically=true # Amount of time in milliseconds to block on pool exhausted condition # before giving up. ldap.pool.blockWaitTime=3000 # Frequency of connection validation in seconds # Only applies if validatePeriodically=true ldap.pool.validatePeriod=300 # Attempt to prune connections every N seconds ldap.pool.prunePeriod=300 # Maximum amount of time an idle connection is allowed to be in # pool before it is liable to be removed/destroyed ldap.pool.idleTime=600 # # Authentication # # Base DN of users to be authenticated ldap.authn.baseDn=ou=people,ou=domain,dc=es # Manager DN for authenticated searches ldap.authn.managerDN=uid=people,ou=domain,dc=es # Manager password for authenticated searches ldap.authn.managerPassword=myPassword # Search filter used for configurations that require searching for DNs #ldap.authn.searchFilter=(&(uid={user})(accountState=active)) #ldap.authn.searchFilter=(uid={user}) # Search filter used for configurations that require searching for DNs #ldap.authn.format=uid=%s,ou=Users,dc=example,dc=org #ldap.authn.format=%s...@example.com # A path to trusted X.509 certificate for StartTLS #ldap.trustedCert=/path/to/cert.cer Any idea why it does compile, but when I deploy it to the tomcat server it doesn't even start? Here is a link to the whole deployer http://pastebin.com/4vEg3tc7 Thanks a lot! On 26/01/16 17:13, Dmitriy Kopylenko wrote: OK, once you have your basic maven war overlay structure set up, then find the documentation page for the module you want to integrate with For example, LDAP: http://jasig.github.io/cas/4.1.x/installation/LDAP-Authentication.html The very first sentence states: LDAP integration is enabled by including the following dependency in the Maven WAR overlay: org.jasig.cas cas-server-support-ldap ${cas.version} So that really means that you need to add the dependency declaration for the module(s) of interest to your overlay’s main pom.xml files. Then follow instructions on the rest of the page. Those bean configurations shown for the LDAP authentication handler machinery - you add/modify in your overlay’s WEB-INF/deployerConfigContext.xml (if you don’t have that yet, just build the cas.war once and copy the default file from the war into your overlay as a starting point). Best, D. On Jan 26, 2016, at 11:02 AM, Josep Manel Andrés mailto:josep.and...@bsc.es>> wrote: Hi all, Thanks for the info. I think I am starting to understand whats going on, but still not finding too much info about how to get started with Maven overlay template and introducing the other "moduls" like LDAP for backend auth, or implementing mysql for tickets storage. So what I have now is a setup in which I execute mvn clean package over the maven overlay and I get a war that I can deploy to the tomcat server and I am able to see the login page. So, what is next? I want to be able to authenticate against an ldap server, should I copy this: opscas02:/opt # l cas-4.1.4/cas-server-support-ldap/ total 32 drwxrwxr-x 3 root root 4096 Jan 18 17:42 ./ drwxrwxr-x 33 root root 4096 Jan 25 14:51 ../ -rw-rw-r-- 1 root root 34 Jan 18 17:42 .gitignore -rw-rw-r-- 1 root root 6307 Jan 18 17:42 NOTICE -rw-rw-r-- 1 root root 1965 Jan 18 17:42 ldap.properties.sample -rw-rw-r-- 1 root root 3369 Jan 18 17:42 pom.xml drwxrwxr-x 5 root root 4096 Jan 18 17:42 src/ to my current cas-overlay-template ? would it be the right way of doing it? what about if I want to allow CAS server to store tickets in a mySQL database? Thanks in advance, guys. On 20/01/16 15:16, Dmitriy Kopylenko wrote: Hi there. Try to go over this: http://jasig.github.io/cas/4.1.x/installation/Maven-Overlay-Installation.html Cheers, Dmitriy. On Jan 20, 2016, at 9:14 AM, Josep Manel Andrés mailto:josep.and...@bsc.es> <mailto:josep.and...@bs
Re: [cas-user] CAS documentation
Hi all, Thanks for the info. I think I am starting to understand whats going on, but still not finding too much info about how to get started with Maven overlay template and introducing the other "moduls" like LDAP for backend auth, or implementing mysql for tickets storage. So what I have now is a setup in which I execute mvn clean package over the maven overlay and I get a war that I can deploy to the tomcat server and I am able to see the login page. So, what is next? I want to be able to authenticate against an ldap server, should I copy this: opscas02:/opt # l cas-4.1.4/cas-server-support-ldap/ total 32 drwxrwxr-x 3 root root 4096 Jan 18 17:42 ./ drwxrwxr-x 33 root root 4096 Jan 25 14:51 ../ -rw-rw-r-- 1 root root 34 Jan 18 17:42 .gitignore -rw-rw-r-- 1 root root 6307 Jan 18 17:42 NOTICE -rw-rw-r-- 1 root root 1965 Jan 18 17:42 ldap.properties.sample -rw-rw-r-- 1 root root 3369 Jan 18 17:42 pom.xml drwxrwxr-x 5 root root 4096 Jan 18 17:42 src/ to my current cas-overlay-template ? would it be the right way of doing it? what about if I want to allow CAS server to store tickets in a mySQL database? Thanks in advance, guys. On 20/01/16 15:16, Dmitriy Kopylenko wrote: Hi there. Try to go over this: http://jasig.github.io/cas/4.1.x/installation/Maven-Overlay-Installation.html Cheers, Dmitriy. On Jan 20, 2016, at 9:14 AM, Josep Manel Andrés mailto:josep.and...@bsc.es>> wrote: Hi all, I am trying to set up a CAS server and I am wondering if there is any guide to follow for a basic CAS installation, the docs that I've found are about getting ready the different components. http://jasig.github.io/cas/4.1.x/index.html There is a section on the right side of the page that talks about installing different components, but it doesn't even describe how to install them. Thanks. WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org>. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Center C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
[cas-user] CAS documentation
Hi all, I am trying to set up a CAS server and I am wondering if there is any guide to follow for a basic CAS installation, the docs that I've found are about getting ready the different components. http://jasig.github.io/cas/4.1.x/index.html There is a section on the right side of the page that talks about installing different components, but it doesn't even describe how to install them. Thanks. WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
Re: [cas-user] mod_auth_cas
http://unix.bris.ac.uk/2015/02/13/mod_auth_case-on-centos7-apache-2-4/ here is a link with good documentation On 27/11/15 12:35, Chris Cheltenham wrote: Thank You, Can you tell me how you compiled it? -Original Message- From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of christian.fol...@post.ch Sent: Friday, November 27, 2015 1:17 AM To: cas-user@apereo.org Subject: AW: [cas-user] mod_auth_cas Hi there, My organisation has been using the patched version of mod_auth_cas on a self-compiled apache 2.4.16 for several months now on dozens of services. No problem with the code or stability issues encountered yet (touching wood). Ahoj, Christian Folini -Ursprüngliche Nachricht- Von: cas-user@apereo.org [mailto:cas-user@apereo.org] Im Auftrag von David Hawes Gesendet: Freitag, 27. November 2015 05:20 An: Chris Cheltenham Cc: cas-user@apereo.org Betreff: Re: [cas-user] mod_auth_cas On 26 November 2015 at 13:08, Chris Cheltenham wrote: Has anyone by any chance tried to use mod_auth_cas with apache 2.4? Apache does not seem to like the .so file. You're going to need to patch mod_auth_cas to get it working with 2.4. I'd recommend using my branch that includes 2.4 support: https://github.com/dhawes/mod_auth_cas/tree/v1.1 That branch will hopefully become mod_auth_cas 1.1 in the near future. Verification that it works for you will help move us towards that goal. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at http://groups.google.com/a/apereo.org/group/cas-user/. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at http://groups.google.com/a/apereo.org/group/cas-user/. -- Josep Manel Andrés (josep.and...@bsc.es) Operations - Barcelona Supercomputing Centre C/ Jordi Girona, 31 http://www.bsc.es 08034 Barcelona, Spain Tel: +34-93-405 42 14 e-mail: syst...@bsc.es Fax: +34-93-413 77 21 --- WARNING / LEGAL TEXT: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. http://www.bsc.es/disclaimer -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at http://groups.google.com/a/apereo.org/group/cas-user/.