[cas-user] Re: Update a date database field on successful login
Marc, I'd suggest taking a look at JDBC Audits - https://apereo.github.io/cas/6.2.x/installation/Audits.html#database-audits I won't do exactly what you want, but you'll be able to get a last login date from the table it creates. Good luck! -Mike On Wednesday, September 23, 2020 at 4:06:10 AM UTC-4 Marc Maurice wrote: > Hello, > > I'm using jdbc/mysql to authenticate my users. > > I have a simple need : I want to add a last_login_date field, updated at > each successful login > > I want to be able to know if some accounts have not been used from a > very long time. > > I red carefully the doc and reviewed the list of properties, but I see > nothing about that. > > Do I need to write some custom code ? Do you know what code or class I > should extend ? > > note: just updated my overlay to 6.2 successfully. > > Thanks in advance, > > Marc > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b766f972-ae7d-4c58-a1de-bfdb45a3bbf0n%40apereo.org.
[cas-user] Re: Duo MFA error in 6.2 RC5
Doh, I didn't post the actual error. Here it is: ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas-web].[dispatcherServlet]] - list[mfa-duo]]'] with root cause> java.lang.NullPointerException: null at java.util.Objects.requireNonNull(Objects.java:221) ~[?:?] at org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityPrepareWebLoginFormAction.doExecute(DuoSecurityPrepareWebLoginFormAction.java:31) ~[cas-server-support-duo-core-6.2.0-RC5.jar!/:6.2.0-RC5] at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.1.RELEASE.jar!/:2.5.1.RELEASE] Thanks in advance. On Thursday, June 4, 2020 at 4:18:07 PM UTC-4, mba...@scad.edu wrote: > > I'm testing out 6.2 RC5 and am getting an error with Duo: > > DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - received exception > [org.springframework.webflow.execution.ActionExecutionException: Exception > thrown executing > org.apereo.cas.adaptors.duo.web.flow.action.DuoSecurityPrepareWebLoginFormAction@5afaae7e > > in state 'viewLoginFormDuo' of flow 'mfa-duo' -- action execution > attributes were 'map['resolvedAuthenticationEvents' -> list[mfa-duo]]'] due > to a type mismatch with handler > [[FlowHandlerMapping.DefaultFlowHandler@5f5b9239]]> > > I'm using pretty much the same Duo configuration from 6.0.x (which is > working), but switched from camelCase to dashes as listed in the latest > development documentation. I got the same error with camel case too. > > # DUO > cas.authn.mfa.duo[0].duo-secret-key=${CAS_DUO_SKEY} > cas.authn.mfa.duo[0].rank=0 > cas.authn.mfa.duo[0].duo-application-key=${CAS_DUO_AKEY} > cas.authn.mfa.duo[0].duo-integration-key=${CAS_DUO_IKEY} > cas.authn.mfa.duo[0].duo-api-host=${CAS_DUO_HOST} > cas.authn.mfa.duo[0].trusted-device-enabled=false > cas.authn.mfa.duo[0].id=mfa-duo > cas.authn.mfa.duo[0].name=SCAD DUO > cas.authn.mfa.duo[0].order=1 > # but this one stays camelCase > cas.authn.mfa.groovyScript=file:/etc/cas/ScadMfa.groovy > > And I can actually see a response from Duo early in the log that indicates > it retrieved my account info. > > Also, I am using the default theme with no changes. > > Any help would be appreciated. > > Thank you, > Mike > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/16b57bf1-009a-48f6-9ccb-1af15751c2b6o%40apereo.org.
[cas-user] Duo MFA error in 6.2 RC5
I'm testing out 6.2 RC5 and am getting an error with Duo: DEBUG [org.apereo.cas.web.FlowExecutionExceptionResolver] - list[mfa-duo]]'] due to a type mismatch with handler [[FlowHandlerMapping.DefaultFlowHandler@5f5b9239]]> I'm using pretty much the same Duo configuration from 6.0.x (which is working), but switched from camelCase to dashes as listed in the latest development documentation. I got the same error with camel case too. # DUO cas.authn.mfa.duo[0].duo-secret-key=${CAS_DUO_SKEY} cas.authn.mfa.duo[0].rank=0 cas.authn.mfa.duo[0].duo-application-key=${CAS_DUO_AKEY} cas.authn.mfa.duo[0].duo-integration-key=${CAS_DUO_IKEY} cas.authn.mfa.duo[0].duo-api-host=${CAS_DUO_HOST} cas.authn.mfa.duo[0].trusted-device-enabled=false cas.authn.mfa.duo[0].id=mfa-duo cas.authn.mfa.duo[0].name=SCAD DUO cas.authn.mfa.duo[0].order=1 # but this one stays camelCase cas.authn.mfa.groovyScript=file:/etc/cas/ScadMfa.groovy And I can actually see a response from Duo early in the log that indicates it retrieved my account info. Also, I am using the default theme with no changes. Any help would be appreciated. Thank you, Mike -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/dba1319a-cb46-477a-9d8e-0e8a33d51800o%40apereo.org.
Re: [cas-user] Handling multiple accounts for one person
Thank you again for responding. I wish we didn't split email, but we did a long time ago - during the initial email implementation - and we never tried to consolidate. Fortunately, I don't have the "which account" problems. Students get a pretty clear setup, and anything extra would go to a staff account. I just have a couple of services (email, file sharing) where certain people are going to have a separate student and staff account. I need a clear way for the user (and CAS) to know which account. I think your idea of separate logins will handle that, but we'll just need to communicate with those double-account people. Thanks again, Mike On Monday, May 18, 2020 at 4:25:03 PM UTC-4, richard.frovarp wrote: > > Now I get to say "Same as Dave". Secondary accounts are for administrator > or test access for the most part in our environment. Splitting something > like email is a pain, and that has spawned a great many threads over on the > Educause IAM (née Idm) list. Bigger issue is making sure others know which > account to reference to grant permissions. > > On Mon, 2020-05-18 at 15:26 -0400, David Curry wrote: > > In our case no, because the "staff" account is really just an > "administrator" account -- so it's the one used to be an application (or > system) admin rather than the user's regular account. Most of the people > who have those are IT people, although a few non-IT people are starting to > get them as we roll out new applications and systems. > > So when I log into an application (like the CAS management console, or the > Duo admin pages, or a Linux box where I want to use "sudo" to do root-y > things, or a Windows server where I need admin rights), I log in as > "adm_curryd" instead of "curryd". When I want to do things as a normal > person, I log in as "curryd". > > --Dave > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR • INFORMATION SECURITY & PRIVACY* > THE NEW SCHOOL • INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 646 909-4728 • david...@newschool.edu > > > On Mon, May 18, 2020 at 3:21 PM mba...@scad.edu < > mba...@scad.edu > wrote: > > David, Richard, > > Thank you very much. Did you or do you have issues with students/staff > getting confused on which account to use? Any tips for handling that other > than FAQs? We've got several hundred people with dual accounts. > > Thank you, > Mike > > On Monday, May 18, 2020 at 2:05:05 PM UTC-4, David Curry wrote: > > We do pretty much the same thing Richard is doing. The different accounts > are in different OUs in AD, and IAM handles the provisioning. Way back > when, we configured CAS with multiple "directories" that are the same AD > server with different DNs (one for each OU). We could probably stop doing > that now and just use one "directory" with a less-specific OU, but it's > working fine the way it is. > > We don't have separate Duo setups; we are using the alternate username > feature of Duo that Richard mentioned to allow multiple accounts to use the > same profile. We also use that feature to handle this one stupid app we > have that insists on the username being shaped like an email address. > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR • INFORMATION SECURITY & PRIVACY* > THE NEW SCHOOL • INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 646 909-4728 • david...@newschool.edu > > > On Mon, May 18, 2020 at 1:49 PM Richard Frovarp > wrote: > > We just have separate accounts in AD, which is where we are > authenticating and doing attribute release from. The IAM system is > responsible for correctly populating the directory and end application > if needed in the correct way for each account. This requires multiple > accounts and passwords, and currently multiple Duo setups. Although, > thinking of it now, we could use alternate usernames on Duo to use the > same configuration between different accounts. > > On Mon, 2020-05-18 at 10:19 -0700, mba...@scad.edu wrote: > > At our university, we have some applications where one person will > > only have one account and the application is aware of the different > > "roles" a person might have, i.e., student, staff, faculty and/or > > alumni. We also have some other applications where a person may > > have a student account and also a faculty/staff account. Due to > > historical reasons, our CAS is built around the former, one-person- > > to-one-account model. Up until now, we've a been able to handle > > multiple accounts via separate login URLs to the same service, and > > CAS will respond with the appropriate staff or student attributes. > > > > We're now integrating with some Cloud services and the separate login > > URL does not appear to be a possibility. We'll just have one URL for > > the Cloud service. > > > > How are other organizations handling this? I'd love to hear some > > ideas. > > > > I can think of a couple ways, but I'm not sure I like them. > > > > Thank you very
Re: [cas-user] Handling multiple accounts for one person
David, Richard, Thank you very much. Did you or do you have issues with students/staff getting confused on which account to use? Any tips for handling that other than FAQs? We've got several hundred people with dual accounts. Thank you, Mike On Monday, May 18, 2020 at 2:05:05 PM UTC-4, David Curry wrote: > > We do pretty much the same thing Richard is doing. The different accounts > are in different OUs in AD, and IAM handles the provisioning. Way back > when, we configured CAS with multiple "directories" that are the same AD > server with different DNs (one for each OU). We could probably stop doing > that now and just use one "directory" with a less-specific OU, but it's > working fine the way it is. > > We don't have separate Duo setups; we are using the alternate username > feature of Duo that Richard mentioned to allow multiple accounts to use the > same profile. We also use that feature to handle this one stupid app we > have that insists on the username being shaped like an email address. > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR • INFORMATION SECURITY & PRIVACY* > THE NEW SCHOOL • INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 646 909-4728 • david...@newschool.edu > > > On Mon, May 18, 2020 at 1:49 PM Richard Frovarp > wrote: > >> We just have separate accounts in AD, which is where we are >> authenticating and doing attribute release from. The IAM system is >> responsible for correctly populating the directory and end application >> if needed in the correct way for each account. This requires multiple >> accounts and passwords, and currently multiple Duo setups. Although, >> thinking of it now, we could use alternate usernames on Duo to use the >> same configuration between different accounts. >> >> On Mon, 2020-05-18 at 10:19 -0700, mba...@scad.edu wrote: >> > At our university, we have some applications where one person will >> > only have one account and the application is aware of the different >> > "roles" a person might have, i.e., student, staff, faculty and/or >> > alumni. We also have some other applications where a person may >> > have a student account and also a faculty/staff account. Due to >> > historical reasons, our CAS is built around the former, one-person- >> > to-one-account model. Up until now, we've a been able to handle >> > multiple accounts via separate login URLs to the same service, and >> > CAS will respond with the appropriate staff or student attributes. >> > >> > We're now integrating with some Cloud services and the separate login >> > URL does not appear to be a possibility. We'll just have one URL for >> > the Cloud service. >> > >> > How are other organizations handling this? I'd love to hear some >> > ideas. >> > >> > I can think of a couple ways, but I'm not sure I like them. >> > >> > Thank you very much, >> > Mike >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-...@apereo.org . >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/792d3a4e0fe3167f3ec9f165b8e6ead0744d9a71.camel%40ndsu.edu >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/adbd9e26-f115-4775-9dbf-f120ca764494%40apereo.org.
[cas-user] Handling multiple accounts for one person
At our university, we have some applications where one person will only have one account and the application is aware of the different "roles" a person might have, i.e., student, staff, faculty and/or alumni. We also have some other applications where a person may have a student account and also a faculty/staff account. Due to historical reasons, our CAS is built around the former, one-person-to-one-account model. Up until now, we've a been able to handle multiple accounts via separate login URLs to the same service, and CAS will respond with the appropriate staff or student attributes. We're now integrating with some Cloud services and the separate login URL does not appear to be a possibility. We'll just have one URL for the Cloud service. How are other organizations handling this? I'd love to hear some ideas. I can think of a couple ways, but I'm not sure I like them. Thank you very much, Mike -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4c119901-0658-42d9-8765-a16ac2e597db%40apereo.org.
[cas-user] Re: What's your production version?
We're at 6.0 for now, but just switched to the full open source version last year. We were using a vendor-provided version of CAS that was stuck at 3-something for a long, long time before that. It does look like a rather speedy upgrade schedule. We just started testing 6.1, but might need to jump to 6.2 instead. I am a little nervous about the upgrades. -Mike On Thursday, March 12, 2020 at 8:50:09 AM UTC-4, Jack wrote: > > Hello, > > Over the time, we have burnt our fingers with different versions. We're > still running 5.1. > > What's the stable version or your production version now? > > Thanks! > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7b64de44-2de6-4d4d-843c-a62e7b4eec80%40apereo.org.
Re: [cas-user] Unable to recognize JSON entry for service ticket request from our Ellucian Banner service with CAS 6.1.x
Carl, I have this working with 6.0.x But I'm limiting the release to just UDC_IDENTIFIER like this: "attributeReleasePolicy" : { "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy", authorizedToReleaseCredentialPassword: false authorizedToReleaseProxyGrantingTicket: false excludeDefaultAttributes: true authorizedToReleaseAuthenticationAttributes: false "allowedAttributes": [ "java.util.ArrayList", [ "UDC_IDENTIFIER" ] ] } and I have ticketidSaml2=false in my cas.properties file: cas.samlCore.ticketidSaml2=false -Mike On Friday, January 24, 2020 at 9:42:06 AM UTC-5, crdaudt wrote: > > Adding org.apereo.cas:cas-server-support-saml to the build certainly made > a difference: CAS now recognizes the JSON entry for our Ellucian Banner > related service. > > Unfortunately, I am still not out of the woods. The Banner service is now > reporting "HTTP Status 500 - > org.jasig.cas.client.validation.TicketValidationException: No assertions > found." > From looking at the cas.log, it seems that CAS has the correct information > for me (UDC_IDENTIFIER, sAMAccountName (same as my UDC_IDENTIFIER), > displayName, mail, and memberOf (security groups I belong to)). My > assumption is that the last few lines of my json file should release all of > these to Banner, i.e., the following lines: > ---LAST FEW LINES--- > "usernameAttributeProvider": > { > "@class": > "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider", > "canonicalizationMode": "LOWER" > } > "attributeReleasePolicy": > { > "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy" > } > } > ---END LAST FEW LINES--- > > Thanks for getting me over an important hurdle with getting saml support > into the build. > > I would appreciate some ideas for how to satisfy the Ellucian Banner > service with the required assertions. > > Carl > > On Friday, January 24, 2020 at 8:39:54 AM UTC-5, crdaudt wrote: >> >> Oh, no -- What I have is the following. I have: >> compile "org.apereo.cas:cas-server-support-saml-idp:${casServerVersion}" >> ...but I do not have: >> compile "org.apereo.cas:cas-server-support-saml:${casServerVersion}" >> >> I will let you know what I find after adding, re-building, and testing. >> >> Carl >> >> On Friday, January 24, 2020 at 8:22:41 AM UTC-5, crdaudt wrote: >>> >>> Yes, that line is included in my build.gradle file. >>> >>> On Thursday, January 23, 2020 at 7:10:16 PM UTC-5, rbon wrote: Carl, Do you have saml support enabled: compile "org.apereo.cas:cas-server-support-saml:${casServerVersion}" Ray On Thu, 2020-01-23 at 15:32 -0800, crdaudt wrote: Here is the entire JSON file (using the real server names, but blanking out the "memberOf" security groups): ---BEGIN--- { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId": "^http(s)?://servicespre\\.taylor(u)?\\.edu(/.*)?$", "name": "TOWER -- services", "id": 11000904, "description": "You are authenticating to ___servicespre.taylor.edu___", "evaluationOrder": 104, "accessStrategy" : { "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", "enabled" : true, "unauthorizedRedirectUrl" : " https://sso.taylor.edu/cas_access_denied/bannersso.html;, "requireAllAttributes" : false, "ssoEnabled" : true, "requiredAttributes" : { "@class" : "java.util.HashMap", "memberOf" : [ "java.util.HashSet", [ "CN=xx,OU=xx,OU=xx,DC=xx,DC=xx,DC=xx","CN=xx2,OU=xx,OU=xx,DC=xx,DC=xx,DC=xx",(and so forth...)" ] ] } } "usernameAttributeProvider": { "@class": "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider", "canonicalizationMode": "LOWER" } "attributeReleasePolicy": { "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy" } } ---END--- On Thursday, January 23, 2020 at 6:09:49 PM UTC-5, crdaudt wrote: { "serviceId": "^http(s)?://our_banner_server\\.taylor(u)?\\.edu(/.*)?$", "name": "TOWER -- services", (and so forth) } On Thursday, January 23, 2020 at 5:48:01 PM UTC-5, rbon wrote: Carl, TARGET is used with SAML 1.1 protocol (which Banner uses), service with CAS protocol(s). What is your service Id? It is odd that it works with service= and not TARGET=. Ray On Thu, 2020-01-23 at 14:24 -0800, crdaudt wrote: We have had our Ellucian Banner service authenticating users through our CAS 5.2.2 service for several years, and are now attempting to migrate to our CAS 6.1.3 service. However, CAS does not recognize the JSON entry that we have in
[cas-user] Re: cas-management 6.1 RC4 turn off version control
I would like to know that too. Thanks, Mike Michael Barsic Director of Technical Architecture Savannah College of Art and Design® mbar...@scad.edu - www.scad.edu On Tuesday, September 17, 2019 at 12:43:03 PM UTC-4, rbon wrote: > > How do I turn off version control in cas-management 6.1 RC4. > > In 5.3.x branch there was a config setting: mgmt.enableVersionControl=true, > but this has been replaced by the following code (line 155 in > https://github.com/apereo/cas-management/blob/master/api/cas-mgmt-api-configuration/src/main/java/org/apereo/cas/configuration/CasManagementConfigurationProperties.java > ): > private boolean enabled = ClassUtils.isPresent(" > org.apereo.cas.mgmt.config.CasManagementVersionControlConfiguration", > this.getClass().getClassLoader()); > > It looks like > org.apereo.cas.mgmt.config.CasManagementVersionControlConfiguration > is included by default (the libraries are in the war). All I have/want is > ldap service registry (compile > "org.apereo.cas:cas-server-support-ldap-service-registry:${project.'casmgmt.version'}") > > but it is being ignored. > > Thanks > Ray > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | rb...@uvic.ca > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/243709fa-fad0-42b5-9f37-281ca36b9c8b%40apereo.org.
[cas-user] CAS Management 6 non-JSON issue
I've been trying to get CAS Management v6 to work with a JPA service registry, but it seems to be stuck with JSON. After logging into the management Web app, I never see any of the services that are stored in my database. The only services that display are ones created via the management web app and are stored in JSON at /etc/cas/services-repo/ I've tried committing too, but the new service never makes it to the database. Now, I can see services being pulled from my database in the log file. Here's a snippet below: --- 2019-08-22 13:23:55,847 DEBUG [org.apereo.cas.services.AbstractServicesManager] - 2019-08-22 13:23:55,847 DEBUG [org.apereo.cas.services.AbstractServicesManager] - https://www.apereo.org]> 2019-08-22 13:23:55,847 DEBUG [org.apereo.cas.services.AbstractServicesManager] - http://localhost:8080.*]> 2019-08-22 13:23:55,848 INFO [org.apereo.cas.services.AbstractServicesManager] - I've added the JPA service registry to build.gradle and I do not have the JSON service registry in build.gradle. The management.properties file looks like this: -- cas.server.name=https://poc-sso.scad.edu cas.server.prefix=${cas.server.name}/cas-web server.port=8444 server.ssl.keyStore=file:/etc/cas/newks server.ssl.keyStorePassword=CHANGEME server.ssl.keyPassword=CHANGEME mgmt.serverName=https://ppoc-sso.scad.edu:8444 mgmt.adminRoles[0]=ROLE_ADMIN mgmt.userPropertiesFile=file:/etc/cas/config/users.json logging.config=file:/etc/cas/config/log4j2-management.xml cas.authn.attributeRepository.stub.attributes.UDC_IDENTIFIER: UDC_IDENTIFIER cas.authn.attributeRepository.stub.attributes.cn: cn cas.authn.attributeRepository.stub.attributes.displayName: displayName cas.authn.attributeRepository.stub.attributes.mail: mail cas.authn.attributeRepository.stub.attributes.sn: sn cas.authn.attributeRepository.stub.attributes.uid: uid #cas.serviceRegistry.initFromJson=false cas.serviceRegistry.jpa.user=${CAS_DB_USER} cas.serviceRegistry.jpa.password=${CAS_DB_PW} cas.serviceRegistry.jpa.driverClass=oracle.jdbc.OracleDriver cas.serviceRegistry.jpa.url=${CAS_DB_URL} cas.serviceRegistry.jpa.dialect=org.hibernate.dialect.Oracle12cDialect cas.serviceRegistry.jpa.healthQuery=select 1 from dual cas.serviceRegistry.jpa.ddlAuto=update cas.serviceRegistry.jpa.pool.minSize=3 cas.serviceRegistry.jpa.pool.maxSize=20 cas.serviceRegistry.jpa.pool.maxWait=2000 cas.serviceRegistry.jpa.pool.timeoutMillis=1000 -- Any help would be appreciated. Thanks in advance, Mike -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/02a3d5b8-2df5-47da-abb5-f4dbff2b8188%40apereo.org.
[cas-user] Re: CAS 5.3.9 Invalid property 'log[dir]' startup error
Gary, I've only been working with 6.0.3, but I remember I needed to update the baseDir setting in log4j2.xml. I don't remember if I had the same error message or not, but it seems similar. I hope this helps. -Mike On Monday, April 15, 2019 at 12:35:28 PM UTC-4, maxwell_g wrote: > > We receive “Invalid property 'log[dir]'” error during the initialization > of CAS 5.3.9 even though we are basically using the default cas.properties > configuration. Does anyone know what would be generating this error? We are > using the CAS overlay build process. > > > > -Gary > > > > The full error message is as follows: > > > > 2019-04-12 14:09:54,690 ERROR [org.springframework.boot.SpringApplication] > - > > org.springframework.beans.factory.BeanCreationException: Error creating > bean with name 'casBeanValidationPostProcessor' defined in class path > resource [org/apereo/cas/config/CasCoreUtilConfiguration.class]: > BeanPostProcessor before instantiation of bean failed; nested exception is > org.springframework.beans.factory.UnsatisfiedDependencyException: Error > creating bean with name > 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration': > > Unsatisfied dependency expressed through method 'setConfigurers' parameter > 0; nested exception is > org.springframework.beans.factory.UnsatisfiedDependencyException: Error > creating bean with name 'casCoreTicketsConfiguration': Unsatisfied > dependency expressed through field 'casProperties'; nested exception is > org.springframework.beans.factory.BeanCreationException: Error creating > bean with name > 'cas-org.apereo.cas.configuration.CasConfigurationProperties': Could not > bind properties to CasConfigurationProperties (prefix=cas, > ignoreInvalidFields=false, ignoreUnknownFields=false, > ignoreNestedProperties=false); nested exception is > org.springframework.beans.NotWritablePropertyException: Invalid property > 'log[dir]' of bean class > [org.apereo.cas.configuration.CasConfigurationProperties]: Cannot access > indexed value in property referenced in indexed property path 'log[dir]'; > nested exception is org.springframework.beans.NotReadablePropertyException: > Invalid property 'log[dir]' of bean class > [org.apereo.cas.configuration.CasConfigurationProperties]: Bean property > 'log[dir]' is not readable or has an invalid getter method: Does the return > type of the getter match the parameter type of the setter? > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d01b74f3-f93d-4e09-8e0f-4363803748d7%40apereo.org.
Re: [cas-user] Re: CAS ver >=6.0.0 is not working for 'TARGET' service parameter
Robert, You are welcome, but I'm just learning about this version of CAS myself. I'm glad that helped. We've been using Ellucian's Luminis version of CAS for years. I think that's still at 3x something, and I never had to do much configuration with it. We've been using that version with Banner 9 for over a year now with no issues. But now we're looking at switching to a standalone CAS. Ellucian is switching over to WSO2 and we're not sure we want to use that product. Plus the current version of CAS has several features we could use and being not so tied to Ellucian should give us more control. Thanks, Mike -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6bebfd84-41e3-4303-9f06-5ff32b588d13%40apereo.org.
[cas-user] Re: CAS ver >=6.0.0 is not working for 'TARGET' service parameter
Robert, I am very new at this, but I have that functioning in a test environment using CAS deployed from the 6.0 branch of the cas-overlay-template. It's working to Ellucian's application navigator and admin common web applications. I added the following to the build.gradle compile "org.apereo.cas:cas-server-support-saml:${project.'cas.version'}" and these settings to the cas.properties -- cas.samlCore.ticketidSaml2=false cas.samlCore.skewAllowance=5 cas.samlCore.issueLength=30 cas.samlCore.attributeNamespace=http://www.ja-sig.org/products/cas/ cas.samlCore.issuer=poc-sso.scad.edu cas.samlCore.securityManager=org.apache.xerces.util.SecurityManager -- I hope that helps. -Mike -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/47c08c5a-7dc8-4f73-9316-bb2d280e7822%40apereo.org.