Re: [cas-user] CAS 5 Connect to JDBC for Authentication
Appreciate the followup. Some comments: 1. Typo in the docs. Dumb copy/paste error. Should be fixed by now. Make sure your properties are grouped together by the authn type. (They all should be search[x]) 2. Sort of a bug. Removing that property, as you said, falls back onto default values for static authn. I have corrected the warning to note the correct way of disabling this, which is to actually set that key to a blank value. 3. Your properties show you have not defines key for web flow encryption and signing, which the thing WebflowConversationStateCipherExecutor is checking for. Check the docs for the defns. -- Misagh From: Loren Klingman <loren.kling...@gmail.com> Reply: Loren Klingman <loren.kling...@gmail.com> Date: August 4, 2016 at 11:23:24 AM To: CAS Community <cas-user@apereo.org> Cc: mmoay...@unicon.net <mmoay...@unicon.net> Subject: Re: [cas-user] CAS 5 Connect to JDBC for Authentication Sorry for failing to reply on the mailinglist. (I just hit reply in my email client to the mailinglist email forgetting that doesn't go here.) FYI The mixed bind and search came straight out of the docs for search: https://apereo.github.io/cas/development/installation/Configuration-Properties.html#database-authentication---search As for the authn static. The instructions are very straight forward, but I do not have anything with cas.authn.accept.users in my config file to remove. (The default CAS overlay also contains no "cas.authn.accept.users" and yet boots up with the default casuser/Mellon configuration so I'm assuming that somewhere in CAS casuser/Mellon is set as a default for authentication methods.) My overlay is here updated basically in full (I removed passwords, I'll change the signing keys later for production): https://github.com/loren138/cas-overlay-test I can try removing parts of my config file to see if that helps, but I've done my best to only define configuration for things we are actually going to use. Also, build run is still generating signing keys for some reason... I've done my best to define all the signing keys I can find in congifuration-properties for it so I'm not sure which key it is missing: 2016-08-04 14:16:35,750 WARN [org.apereo.cas.WebflowConversationStateCipherExecutor] - 2016-08-04 14:16:35,810 WARN [org.apereo.cas.WebflowConversationStateCipherExecutor] - 2016-08-04 14:16:35,811 WARN [org.apereo.cas.WebflowConversationStateCipherExecutor] - 2016-08-04 14:16:35,813 WARN [org.apereo.cas.WebflowConversationStateCipherExecutor] - Replies that missed the mailinglist: To clarify, your other issue with the error showing up is because CAS is having trouble reading and consuming the logging configuration file. It’s picking the wrong file, or it’s not allowed to read the file, etc. That’s why logs don’t show up. It doesn’t know how. You need to make sure everything is properly in /etc/cas/config by default, and readable by the running process. Fact that you can bring up CAS in embedded mode correctly shows that THAT process can read the file, but not the sudo-tomcat process. I leave the rest up to you. Also, pick your properties correctly. Last time I checked, you had some settings for bind, some for search, etc. None of that makes sense. If you don’t set the settings correctly, CAS won’t auto-configure them for you. It needs to know whether you are doing a search, a bind, or both. Nothing is partial. As for static authn, when you bring up CAS it should tell you something like this: CAS is configured to accept a static list of credentials for authentication. While this is generally useful for demo purposes, it is STRONGLY recommended that you DISABLE this authentication method (by REMOVING 'cas.authn.accept.users' from your configuration) and switch to a mode that is more suitable for production. I believe that’s pretty self explanatory. If you do what that line tells you to do, then static authn will switch off. If you have them configured settings correctly for JDBC authn, then those will kick into action. If you have done all of that and still something fails, LMK. I’ll need you overlay, plus full set of properties you have turned on and details on where you have defined them, etc. HTH. -- Misagh From: Misagh Moayyed Reply: Misagh Moayyed Date: August 4, 2016 at 10:05:18 AM To: Loren Subject: Re: [cas-user] CAS 5 Connect to JDBC for Authentication Remember to post to the mailing lists please. What do you mean by switching off static authn? What makes you think static authn is active? I don’t know what might cause your other error with your tomcat install. All I can tell you is that the log file is not read. If you are using a tomcat based on OS distros, don’t do that. -- Misagh From: Loren.Klingman Reply: Loren.Klingman Date: August 4, 2016 at 9:52:40 AM To: Misagh Moayyed Subject: Re: [cas-user] CAS 5 Connect to JDBC for Authentication Thanks, I adde
Re: [cas-user] CAS 5 Connect to JDBC for Authentication
Well, your other error about logs went away. So something’s up with permissions and/or tomcat that reads them perhaps. If you want to get db authn working, it’s not enough to simply include the properties. You’ll also need to declare the relevant module to express your intention. Your overlay didnt show it. https://apereo.github.io/cas/development/installation/Database-Authentication.html -- Misagh From: Loren Klingman <loren.kling...@gmail.com> Reply: Loren Klingman <loren.kling...@gmail.com> Date: August 3, 2016 at 2:36:22 PM To: CAS Community <cas-user@apereo.org> Cc: mmoay...@unicon.net <mmoay...@unicon.net> Subject: Re: [cas-user] CAS 5 Connect to JDBC for Authentication I still get the static login from ./bulid.sh run. It seems to generate a bunch of keys which should have already been set in my cas.properties file which leads me to think at least part of the problem is with that. The file is in /etc/cas/config/cas.properties (seems to be a new location from the former /etc/cas/cas.properties). The file (and folders) are owned by root:root, but the are all world readable. If nothing rings a bell in any of that, could you put the exact overlay template you are using with database authentication online somewhere, and I'll try pulling that in? (Of course, I'll have to change the database, but even if I didn't if I can get to an error with the database connection that would be progress.) Also, thanks so much for your help! I try to keep detailed notes so I'll post my full install guide for Ubuntu 16.04 when I get it running and hopefully that will help others. Here is my output: __ _ __ / / / ___| / \ / ___| \ \ | | | | / _ \ \___ \ | | | | | |___ / ___ \ ___) | | | | | \|/_/ \_\|/ | | \_\ /_/ CAS Version: 5.0.0.RC1-SNAPSHOT Build Date/Time: 2016-08-03T21:18:38Z Java Home: /usr/lib/jvm/java-8-openjdk-amd64/jre Java Vendor: Oracle Corporation Java Version: 1.8.0_91 OS Architecture: amd64 OS Name: Linux OS Version: 4.4.0-21-generic 2016-08-03 17:19:09,728 INFO [org.apereo.cas.web.CasWebApplication] - 2016-08-03 17:20:17,567 INFO [org.apereo.cas.services.DefaultServicesManagerImpl] - 2016-08-03 17:21:09,669 WARN [org.apereo.cas.WebflowConversationStateCipherExecutor] - 2016-08-03 17:21:09,738 WARN [org.apereo.cas.WebflowConversationStateCipherExecutor] - 2016-08-03 17:21:09,739 WARN [org.apereo.cas.WebflowConversationStateCipherExecutor] - 2016-08-03 17:21:09,740 WARN [org.apereo.cas.WebflowConversationStateCipherExecutor] - 2016-08-03 17:21:10,808 WARN [org.apereo.cas.config.CasSecurityContextConfiguration] - <> 2016-08-03 17:21:10,825 WARN [org.apereo.cas.config.CasSecurityContextConfiguration] - < _ ___ _ / ___| |_ _| / _ \ | _ \ | | \___ \ | | | | | || |_) || | ___) | | | | |_| || __/ |_| |/ |_| \___/ |_| (_) CAS is configured to accept a static list of credentials for authentication. While this is generally useful for demo purposes, it is STRONGLY recommended that you DISABLE this authentication method (by REMOVING 'cas.authn.accept.users' from your configuration) and switch to a mode that is more suitable for production. > 2016-08-03 17:21:10,831 WARN [org.apereo.cas.config.CasSecurityContextConfiguration] - <> 2016-08-03 17:21:22,793 WARN [org.apereo.cas.services.InMemoryServiceRegistryDaoImpl] - 2016-08-03 17:21:22,811 WARN [org.apereo.cas.services.InMemoryServiceRegistryDaoImpl] - 2016-08-03 17:21:22,827 INFO [org.apereo.cas.services.DefaultServicesManagerImpl] - 2016-08-03 17:22:04,182 INFO [org.apereo.cas.configuration.CasConfigurationRebinder] - 2016-08-03 17:22:04,653 INFO [org.apereo.cas.configuration.CasConfigurationRebinder] - 2016-08-03 17:22:11,319 INFO [org.apereo.cas.web.CasWebApplication] - 2016-08-03 17:22:12,953 INFO [org.apereo.cas.web.CasWebApplication] - 2016-08-03 17:22:13,694 WARN [org.apereo.cas.util.TicketGrantingCookieCipherExecutor] - 2016-08-03 17:22:13,695 WARN [org.apereo.cas.util.TicketGrantingCookieCipherExecutor] - 2016-08-03 17:22:13,696 WARN [org.apereo.cas.util.TicketGrantingCookieCipherExecutor] - 2016-08-03 17:22:13,696 WARN [org.apereo.cas.util.TicketGrantingCookieCipherExecutor] - 2016-08-03 17:22:14,152 INFO [org.apereo.cas.configuration.support.Beans] - 2016-08-03 17:22:18,770 INFO [org.apereo.cas.web.CasWebApplication] - 2016-08-03 17:22:27,505 INFO [org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter] - 2016-08-03 17:22:37,505 INFO [org.apereo.cas.services.DefaultServicesManagerImpl] - 2016-08-03 17:22:37,539 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - 2016-08-03 17:22:37,546 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <0 expired t
Re: [cas-user] CAS 5 Connect to JDBC for Authentication
Cant duplicate. I’ll blame permissions, or tomcat. What happens when you run
"./build.sh run”?
--
Misagh
From: Loren Klingman <loren.kling...@gmail.com>
Reply: Loren Klingman <loren.kling...@gmail.com>
Date: August 3, 2016 at 1:13:05 PM
To: CAS Community <cas-user@apereo.org>
Cc: mmoay...@unicon.net <mmoay...@unicon.net>
Subject: Re: [cas-user] CAS 5 Connect to JDBC for Authentication
Reposting because I failed to post the last reply publically.
Thanks, I've changed the cas.properties file as you requested. That line is
actually exactly out of the overlay template on github
(https://github.com/apereo/cas-overlay-template/blob/5.0/etc/cas/config/cas.properties)
so if it's wrong it probably needs to be updated there also.
My log4j2.xml should be an exact copy from the 5.0 branch of the overlay
template, but I'm attaching it here just in case I changed something by mistake.
Since I don't want to push database passwords up, I did not push up any changes
to cas.properties to the overlay (which means it's actually exactly the same as
the master one) but for good measure and in case I need it for future testing,
I did push up what I'm using (the 5.0 branch):
https://github.com/loren138/cas-overlay-test
For deployment, I'm using the following commands to build and then send the war
file over to tomcat8:
sudo ./build.sh package
sudo service tomcat8 stop && sudo rm -rf /var/lib/tomcat8/webapps/ROOT && sudo
cp ./target/cas.war /var/lib/tomcat8/webapps/ROOT.war && sudo service tomcat8
start
Loren Klingman
On Wednesday, August 3, 2016 at 3:40:49 PM UTC-4, Misagh Moayyed wrote:
And, this:
logging.config: file:/etc/cas/config/log4j2.xml
Probably should be:
logging.config=file:/etc/cas/config/log4j2.xml
And you want to make sure that file exists. If it does, please share that too.
--
Misagh
From: Misagh Moayyed <mmo...@unicon.net>
Reply: Misagh Moayyed <mmo...@unicon.net>
Date: August 3, 2016 at 12:36:10 PM
To: CAS Community <cas...@apereo.org>
Subject: Re: [cas-user] CAS 5 Connect to JDBC for Authentication
Got an overlay you can share?
--
Misagh
From: Loren Klingman <loren@gmail.com>
Reply: Loren Klingman <loren@gmail.com>
Date: August 3, 2016 at 12:27:18 PM
To: CAS Community <cas...@apereo.org>
Subject: [cas-user] CAS 5 Connect to JDBC for Authentication
I'm excited to start working with CAS 5 and setup all in the config file, but
I'm having issues getting switched over to auth in the database. (IE
casuser/Mellon is still the only login that works to login.)
I've been trying to work slowly changing only what I need to at the time so I
don't think I've changed any other files other than cas.properties (copied in
below), but please let me know if some other file would be useful to include.
I'm seeing this error in catalina.out which may be related:
2016-08-03 15:18:40,206 Log4j2-AsyncLoggerConfig-14 ERROR An exception occurred
processing Appender casAudit java.lang.NullPointerException
at org.apereo.cas.logging.CasAppender.append(CasAppender.java:85)
at
org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:155)
at
org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:128)
at
org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:119)
at
org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
at
org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:390)
at
org.apache.logging.log4j.core.async.AsyncLoggerConfig.asyncCallAppenders(AsyncLoggerConfig.java:113)
at
org.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor$Log4jEventWrapperHandler.onEvent(AsyncLoggerConfigDisruptor.java:111)
at
org.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor$Log4jEventWrapperHandler.onEvent(AsyncLoggerConfigDisruptor.java:97)
at
com.lmax.disruptor.BatchEventProcessor.run(BatchEventProcessor.java:129)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
I haven't found any CAS log files yet (looking in /var/log/cas where they used
to be) so let me know if I should be looking somewhere new for those).
Here is my cas.properties file:
cas.server.name: https://webdev-g.sbts.edu
cas.server.prefix: https://webdev-g.sbts.edu/cas
cas.adminPagesSecurity.ip=(10)(\.(241|244|245|247|99))(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2}
# 8 hours - negative value = never expires
cas.ticket.tgt.maxTimeToLiveInSeconds=28800
# 40 minutes (Set to a negative value to never expire tickets)
cas.ticket.tgt.timeToKillInSeconds=2400
##
# C
Re: [cas-user] CAS 5 Connect to JDBC for Authentication
Reposting because I failed to post the last reply publically.
Thanks, I've changed the cas.properties file as you requested. That line
is actually exactly out of the overlay template on github (
https://github.com/apereo/cas-overlay-template/blob/5.0/etc/cas/config/cas.properties)
so if it's wrong it probably needs to be updated there also.
My log4j2.xml should be an exact copy from the 5.0 branch of the overlay
template, but I'm attaching it here just in case I changed something by
mistake.
Since I don't want to push database passwords up, I did not push up any
changes to cas.properties to the overlay (which means it's actually exactly
the same as the master one) but for good measure and in case I need it for
future testing, I did push up what I'm using (the 5.0 branch):
https://github.com/loren138/cas-overlay-test
For deployment, I'm using the following commands to build and then send the
war file over to tomcat8:
sudo ./build.sh package
sudo service tomcat8 stop && sudo rm -rf /var/lib/tomcat8/webapps/ROOT && sudo
cp ./target/cas.war /var/lib/tomcat8/webapps/ROOT.war && sudo service tomcat8
start
Loren Klingman
On Wednesday, August 3, 2016 at 3:40:49 PM UTC-4, Misagh Moayyed wrote:
>
> And, this:
>
> logging.config: file:/etc/cas/config/log4j2.xml
>
>
> Probably should be:
>
> logging.config=file:/etc/cas/config/log4j2.xml
>
>
> And you want to make sure that file exists. If it does, please share that
> too.
>
> --
> Misagh
>
> From: Misagh Moayyed <mmo...@unicon.net>
> Reply: Misagh Moayyed <mmo...@unicon.net>
> Date: August 3, 2016 at 12:36:10 PM
> To: CAS Community <cas...@apereo.org>
> Subject: Re: [cas-user] CAS 5 Connect to JDBC for Authentication
>
> Got an overlay you can share?
>
> --
> Misagh
>
> From: Loren Klingman <loren@gmail.com>
> Reply: Loren Klingman <loren@gmail.com>
> Date: August 3, 2016 at 12:27:18 PM
> To: CAS Community <cas...@apereo.org>
> Subject: [cas-user] CAS 5 Connect to JDBC for Authentication
>
> I'm excited to start working with CAS 5 and setup all in the config file,
> but I'm having issues getting switched over to auth in the database. (IE
> casuser/Mellon is still the only login that works to login.)
>
> I've been trying to work slowly changing only what I need to at the time
> so I don't think I've changed any other files other than cas.properties
> (copied in below), but please let me know if some other file would be
> useful to include.
>
> I'm seeing this error in catalina.out which may be related:
> 2016-08-03 15:18:40,206 Log4j2-AsyncLoggerConfig-14 ERROR An exception
> occurred processing Appender casAudit java.lang.NullPointerException
> at org.apereo.cas.logging.CasAppender.append(CasAppender.java:85)
> at
> org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:155)
> at
> org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:128)
> at
> org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:119)
> at
> org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
> at
> org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:390)
> at
> org.apache.logging.log4j.core.async.AsyncLoggerConfig.asyncCallAppenders(AsyncLoggerConfig.java:113)
> at
> org.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor$Log4jEventWrapperHandler.onEvent(AsyncLoggerConfigDisruptor.java:111)
> at
> org.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor$Log4jEventWrapperHandler.onEvent(AsyncLoggerConfigDisruptor.java:97)
> at
> com.lmax.disruptor.BatchEventProcessor.run(BatchEventProcessor.java:129)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
>
> I haven't found any CAS log files yet (looking in /var/log/cas where they
> used to be) so let me know if I should be looking somewhere new for those).
>
> Here is my cas.properties file:
>
> cas.server.name: https://webdev-g.sbts.edu
> cas.server.prefix: https://webdev-g.sbts.edu/cas
>
>
> cas.adminPagesSecurity.ip=(10)(\.(241|244|245|247|99))(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2}
>
> # 8 hours - negative value = never expires
> cas.ticket.tgt.maxTimeToLiveInSeconds=28800
> # 40 minutes (Set to a negative value to never expire tickets)
> cas.ticket.tgt.timeToKillInSeconds=2400
&g
Re: [cas-user] CAS 5 Connect to JDBC for Authentication
Got an overlay you can share?
--
Misagh
From: Loren Klingman <loren.kling...@gmail.com>
Reply: Loren Klingman <loren.kling...@gmail.com>
Date: August 3, 2016 at 12:27:18 PM
To: CAS Community <cas-user@apereo.org>
Subject: [cas-user] CAS 5 Connect to JDBC for Authentication
I'm excited to start working with CAS 5 and setup all in the config file, but
I'm having issues getting switched over to auth in the database. (IE
casuser/Mellon is still the only login that works to login.)
I've been trying to work slowly changing only what I need to at the time so I
don't think I've changed any other files other than cas.properties (copied in
below), but please let me know if some other file would be useful to include.
I'm seeing this error in catalina.out which may be related:
2016-08-03 15:18:40,206 Log4j2-AsyncLoggerConfig-14 ERROR An exception occurred
processing Appender casAudit java.lang.NullPointerException
at org.apereo.cas.logging.CasAppender.append(CasAppender.java:85)
at
org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:155)
at
org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:128)
at
org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:119)
at
org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
at
org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:390)
at
org.apache.logging.log4j.core.async.AsyncLoggerConfig.asyncCallAppenders(AsyncLoggerConfig.java:113)
at
org.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor$Log4jEventWrapperHandler.onEvent(AsyncLoggerConfigDisruptor.java:111)
at
org.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor$Log4jEventWrapperHandler.onEvent(AsyncLoggerConfigDisruptor.java:97)
at
com.lmax.disruptor.BatchEventProcessor.run(BatchEventProcessor.java:129)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
I haven't found any CAS log files yet (looking in /var/log/cas where they used
to be) so let me know if I should be looking somewhere new for those).
Here is my cas.properties file:
cas.server.name: https://webdev-g.sbts.edu
cas.server.prefix: https://webdev-g.sbts.edu/cas
cas.adminPagesSecurity.ip=(10)(\.(241|244|245|247|99))(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2}
# 8 hours - negative value = never expires
cas.ticket.tgt.maxTimeToLiveInSeconds=28800
# 40 minutes (Set to a negative value to never expire tickets)
cas.ticket.tgt.timeToKillInSeconds=2400
##
# CAS SSO Cookie Generation & Security
# See https://github.com/mitreid-connect/json-web-key-generator
#
# Do note that the following settings MUST be generated per deployment.
#
# Defaults at spring-configuration/ticketGrantingTicketCookieGenerator.xml
# The encryption secret key. By default, must be a octet string of size 256.
tgc.encryption.key=stuff...
# The signing secret key. By default, must be a octet string of size 512.
tgc.signing.key=stuf...
##
# Service Ticket Timeout
# Default sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml
#
# Service Ticket timeout - typically kept short as a control against replay
attacks, default is 10s. You'll want to
# increase this timeout if you are manually testing service ticket
creation/validation via tamperdata or similar tools
cas.ticket.st.timeToKillInSeconds=45
cas.ticket.st.numberOfUses=1
cas.googleAnalytics.googleAnalyticsTrackingId=UA-801923423-2
cas.slo.disabled=true
# cas.slo.asynchronous=true
logging.config: file:/etc/cas/config/log4j2.xml
##
# CAS Logout Behavior
# WEB-INF/cas-servlet.xml
#
# Specify whether CAS should redirect to the specified service parameter on
/logout requests
cas.logout.followServiceRedirects=true
# cas.serviceRegistry.config.location: classpath:/services
# Authentication
# Throttle - I honestly have no idea what units these things are in... May the
docs are better by now...
#
https://apereo.github.io/cas/development/installation/Configuration-Properties.html#authentication-throttling
cas.authn.throttle.usernameParameter=username
cas.authn.throttle.startDelay=1
cas.authn.throttle.repeatInterval=2
cas.authn.throttle.appcode=CAS
cas.authn.throttle.failure.threshold=100
cas.authn.throttle.failure.code=AUTHENTICATION_FAILED
cas.authn.throttle.failure.rangeSeconds=60
cas.authn.jdbc.search[0].fieldUser=username
cas.authn.jdbc.search[0].tableUsers=users
cas.authn.jdbc.search[0].fieldPassword=passwordsha1
cas.authn.jdbc.search[0].healthQuery=SELECT 1
cas.authn.jdbc.search[0].isolateInternalQueries=false
cas.authn.jdbc.search[0].url=jdbc:sqlserver://oeuoue;databaseName=qjkrcg
c
[cas-user] CAS 5 Connect to JDBC for Authentication
I'm excited to start working with CAS 5 and setup all in the config file,
but I'm having issues getting switched over to auth in the database. (IE
casuser/Mellon is still the only login that works to login.)
I've been trying to work slowly changing only what I need to at the time so
I don't think I've changed any other files other than cas.properties
(copied in below), but please let me know if some other file would be
useful to include.
I'm seeing this error in catalina.out which may be related:
2016-08-03 15:18:40,206 Log4j2-AsyncLoggerConfig-14 ERROR An exception
occurred processing Appender casAudit java.lang.NullPointerException
at org.apereo.cas.logging.CasAppender.append(CasAppender.java:85)
at
org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:155)
at
org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:128)
at
org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:119)
at
org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
at
org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:390)
at
org.apache.logging.log4j.core.async.AsyncLoggerConfig.asyncCallAppenders(AsyncLoggerConfig.java:113)
at
org.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor$Log4jEventWrapperHandler.onEvent(AsyncLoggerConfigDisruptor.java:111)
at
org.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor$Log4jEventWrapperHandler.onEvent(AsyncLoggerConfigDisruptor.java:97)
at
com.lmax.disruptor.BatchEventProcessor.run(BatchEventProcessor.java:129)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
I haven't found any CAS log files yet (looking in /var/log/cas where they
used to be) so let me know if I should be looking somewhere new for those).
Here is my cas.properties file:
cas.server.name: https://webdev-g.sbts.edu
cas.server.prefix: https://webdev-g.sbts.edu/cas
cas.adminPagesSecurity.ip=(10)(\.(241|244|245|247|99))(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2}
# 8 hours - negative value = never expires
cas.ticket.tgt.maxTimeToLiveInSeconds=28800
# 40 minutes (Set to a negative value to never expire tickets)
cas.ticket.tgt.timeToKillInSeconds=2400
##
# CAS SSO Cookie Generation & Security
# See https://github.com/mitreid-connect/json-web-key-generator
#
# Do note that the following settings MUST be generated per deployment.
#
# Defaults at spring-configuration/ticketGrantingTicketCookieGenerator.xml
# The encryption secret key. By default, must be a octet string of size 256.
tgc.encryption.key=stuff...
# The signing secret key. By default, must be a octet string of size 512.
tgc.signing.key=stuf...
##
# Service Ticket Timeout
# Default sourced from
WEB-INF/spring-configuration/ticketExpirationPolices.xml
#
# Service Ticket timeout - typically kept short as a control against replay
attacks, default is 10s. You'll want to
# increase this timeout if you are manually testing service ticket
creation/validation via tamperdata or similar tools
cas.ticket.st.timeToKillInSeconds=45
cas.ticket.st.numberOfUses=1
cas.googleAnalytics.googleAnalyticsTrackingId=UA-801923423-2
cas.slo.disabled=true
# cas.slo.asynchronous=true
logging.config: file:/etc/cas/config/log4j2.xml
##
# CAS Logout Behavior
# WEB-INF/cas-servlet.xml
#
# Specify whether CAS should redirect to the specified service parameter on
/logout requests
cas.logout.followServiceRedirects=true
# cas.serviceRegistry.config.location: classpath:/services
# Authentication
# Throttle - I honestly have no idea what units these things are in... May
the docs are better by now...
#
https://apereo.github.io/cas/development/installation/Configuration-Properties.html#authentication-throttling
cas.authn.throttle.usernameParameter=username
cas.authn.throttle.startDelay=1
cas.authn.throttle.repeatInterval=2
cas.authn.throttle.appcode=CAS
cas.authn.throttle.failure.threshold=100
cas.authn.throttle.failure.code=AUTHENTICATION_FAILED
cas.authn.throttle.failure.rangeSeconds=60
cas.authn.jdbc.search[0].fieldUser=username
cas.authn.jdbc.search[0].tableUsers=users
cas.authn.jdbc.search[0].fieldPassword=passwordsha1
cas.authn.jdbc.search[0].healthQuery=SELECT 1
cas.authn.jdbc.search[0].isolateInternalQueries=false
cas.authn.jdbc.search[0].url=jdbc:sqlserver://oeuoue;databaseName=qjkrcg
cas.authn.jdbc.search[0].failFast=true
cas.authn.jdbc.search[0].isolationLevelName=ISOLATION_READ_COMMITTED
cas.authn.jdbc.search[0].dialect=org.hibernate.dialect.SQLServer2008Dialect
cas.authn.jdbc.search[0].leakThreshold=10
cas.authn.jdbc.search[0].propagationBehaviorName=PROPAGATION_REQUIRED
