[cas-user] Re: CAS Management App 5.0.0.RC2-SNAPSHOT
Hi,
Which solution did you find?
I have the users in user-details.properties but apparently do not load them
correctly from the */opt/applications/cas-management/conf/* path, it is not
the standard */etc/cas/config*.
Thanks in advance
El martes, 20 de septiembre de 2016, 17:58:16 (UTC+2), Jeffrey Ramsay
escribió:
>
> Is the following entry correct for the user-details.properties file when
> authenticating against LDAP? This matches my cas userid.
>
> jramsay=notused,ROLE_ADMIN
>
> Here's a snippet of my log:
>
> 2016-09-20 11:31:07,014 TRACE
> [org.ldaptive.provider.jndi.JndiConnectionFactory] - <[[ldapUrl=ldap://
> adpods.binghamton.edu:389, count=0]] Attempting connection to ldap://
> adpods.binghamton.edu:389 for strategy
> org.ldaptive.DefaultConnectionStrategy@50a0091f>
> 2016-09-20 11:31:07,016 DEBUG [org.ldaptive.BindOperation] - request=[org.ldaptive.BindRequest@1433613577::bindDn=cn=ampodchg,cn=users,dc=pods,dc=bu,dc=int,
>
> saslConfig=null, controls=null, referralHandler=null,
> intermediateResponseHandlers=null] with
> connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1890505163::config=[org.ldaptive.ConnectionConfig@1651677049::ldapUrl=ldap://
> adpods.binghamton.edu:389, connectTimeout=PT1H23M20S,
> responseTimeout=null,
> sslConfig=[org.ldaptive.ssl.SslConfig@1293761849::credentialConfig=null,
> trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
> handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
> connectionInitializer=[org.ldaptive.BindConnectionInitializer@592758222::bindDn=cn=ampodchg,cn=users,dc=pods,dc=bu,dc=int,
>
> bindSaslConfig=null, bindControls=null],
> connectionStrategy=org.ldaptive.DefaultConnectionStrategy@50a0091f],
> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@1705614669::metadata=[ldapUrl=ldap://
> adpods.binghamton.edu:389, count=1],
> environment={com.sun.jndi.ldap.connect.timeout=500,
> java.naming.ldap.version=3,
> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory},
> classLoader=null,
> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@436912864::operationExceptionResultCodes=[PROTOCOL_ERROR,
>
> SERVER_DOWN], properties={},
> controlProcessor=org.ldaptive.provider.ControlProcessor@200818f5,
> environment=null, tracePackets=null, removeDnUrls=true,
> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
> PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null,
> hostnameVerifier=null]],
> providerConnection=org.ldaptive.provider.jndi.JndiConnection@b219e63]>
> 2016-09-20 11:31:07,021 DEBUG [org.ldaptive.BindOperation] - response=[org.ldaptive.Response@1194735987::result=null,
> resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null,
> referralURLs=null, messageId=-1] for
> request=[org.ldaptive.BindRequest@1433613577::bindDn=cn=ampodchg,cn=users,dc=pods,dc=bu,dc=int,
>
> saslConfig=null, controls=null, referralHandler=null,
> intermediateResponseHandlers=null] with
> connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1890505163::config=[org.ldaptive.ConnectionConfig@1651677049::ldapUrl=ldap://
> adpods.binghamton.edu:389, connectTimeout=PT1H23M20S,
> responseTimeout=null,
> sslConfig=[org.ldaptive.ssl.SslConfig@1293761849::credentialConfig=null,
> trustManagers=null, enabledCipherSuites=null, enabledProtocols=null,
> handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
> connectionInitializer=[org.ldaptive.BindConnectionInitializer@592758222::bindDn=cn=ampodchg,cn=users,dc=pods,dc=bu,dc=int,
>
> bindSaslConfig=null, bindControls=null],
> connectionStrategy=org.ldaptive.DefaultConnectionStrategy@50a0091f],
> providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@1705614669::metadata=[ldapUrl=ldap://
> adpods.binghamton.edu:389, count=1],
> environment={com.sun.jndi.ldap.connect.timeout=500,
> java.naming.ldap.version=3,
> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory},
> classLoader=null,
> providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@436912864::operationExceptionResultCodes=[PROTOCOL_ERROR,
>
> SERVER_DOWN], properties={},
> controlProcessor=org.ldaptive.provider.ControlProcessor@200818f5,
> environment=null, tracePackets=null, removeDnUrls=true,
> searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
> PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null,
> hostnameVerifier=null]],
> providerConnection=org.ldaptive.provider.jndi.JndiConnection@b219e63]>
> 2016-09-20 11:31:07,021 INFO [org.ldaptive.pool.BlockingConnectionPool] -
> org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@70afafd2>
> 2016-09-20 11:31:07,021 DEBUG [org.ldaptive.pool.BlockingConnectionPool] -
> [org.ldaptive.pool.Queue@101255::queueType=LIFO,
> queue=[org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@70afafd2,
>
>
Re: [cas-user] Re: CAS Management App 5.0.0.RC2-SNAPSHOT
It's hard to tell what will or will not work. The definition I shared before was directly from the cas-management.properties file. Those lines should probably be removed to avoid confusion. # User details file location that contains list of users # who are allowed access to the management webapp: # # user.details.file.location = classpath:user-details.properties ## # JSON Service Registry # # Directory location where JSON service files may be found. # service.registry.config.location=classpath:services Thanks, -Jeff On Wed, Sep 21, 2016 at 1:36 PM, Misagh Moayyed <mmoay...@unicon.net> wrote: > It most definitely won’t work, given that’s an invalid property. See: > > https://apereo.github.io/cas/development/installation/ > Configuration-Properties.html#management-webapp > > > > *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of > *Jeffrey > Ramsay > *Sent:* Tuesday, September 20, 2016 11:28 PM > *To:* CAS Community <cas-user@apereo.org> > *Subject:* [cas-user] Re: CAS Management App 5.0.0.RC2-SNAPSHOT > > > > I found the problem and I'm able to access the console. > > > I tried to override the user-details.properties location by setting the > following but it's clearly not working. > > # user.details.file.location = classpath:user-details.properties > user.details.file.location=file:/etc/cas/5/dev/user-details.properties > > -Jeff > > On Sunday, September 18, 2016 at 7:51:13 PM UTC-4, Jeffrey Ramsay wrote: > > I'm receiving this message "You are not authorized to access this > resource. Contact your CAS administrator for more info." while trying to > access the CAS management interface. I have tried using the "casuser" > account along with my LDAP credentials but both accounts have failed. I > tried adding my LDAP userid to the user-details.properties file but that > too has been unsuccessful. > > Has anyone been able to authenticate using LDAP as user store and the > user-default.properties file to limit admin access? I tried the "cas.mgmt" > options but that too has not been successful. > > > -Jeff > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To post to this group, send email to cas-user@apereo.org. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/bb241356-f071-492e-a274- > 281f149c3629%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/bb241356-f071-492e-a274-281f149c3629%40apereo.org?utm_medium=email_source=footer> > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To post to this group, send email to cas-user@apereo.org. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/00b501d2142e%24a4741d90% > 24ed5c58b0%24%40unicon.net > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/00b501d2142e%24a4741d90%24ed5c58b0%24%40unicon.net?utm_medium=email_source=footer> > . > > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYORnHKeQ%3Dd54_jcDR%2B8hgre4TbV%3D8iztdzHYeRELDU9E2g%40mail.gmail.com. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
RE: [cas-user] Re: CAS Management App 5.0.0.RC2-SNAPSHOT
It most definitely won’t work, given that’s an invalid property. See: https://apereo.github.io/cas/development/installation/Configuration-Properties.html#management-webapp From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Jeffrey Ramsay Sent: Tuesday, September 20, 2016 11:28 PM To: CAS Community <cas-user@apereo.org> Subject: [cas-user] Re: CAS Management App 5.0.0.RC2-SNAPSHOT I found the problem and I'm able to access the console. I tried to override the user-details.properties location by setting the following but it's clearly not working. # user.details.file.location = classpath:user-details.properties user.details.file.location=file:/etc/cas/5/dev/user-details.properties -Jeff On Sunday, September 18, 2016 at 7:51:13 PM UTC-4, Jeffrey Ramsay wrote: I'm receiving this message "You are not authorized to access this resource. Contact your CAS administrator for more info." while trying to access the CAS management interface. I have tried using the "casuser" account along with my LDAP credentials but both accounts have failed. I tried adding my LDAP userid to the user-details.properties file but that too has been unsuccessful. Has anyone been able to authenticate using LDAP as user store and the user-default.properties file to limit admin access? I tried the "cas.mgmt" options but that too has not been successful. -Jeff -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org> . To post to this group, send email to cas-user@apereo.org <mailto:cas-user@apereo.org> . Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bb241356-f071-492e-a274-281f149c3629%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/bb241356-f071-492e-a274-281f149c3629%40apereo.org?utm_medium=email_source=footer> . For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00b501d2142e%24a4741d90%24ed5c58b0%24%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] Re: CAS Management App 5.0.0.RC2-SNAPSHOT
I found the problem and I'm able to access the console. I tried to override the user-details.properties location by setting the following but it's clearly not working. # user.details.file.location = classpath:user-details.properties user.details.file.location=file:/etc/cas/5/dev/user-details.properties -Jeff On Sunday, September 18, 2016 at 7:51:13 PM UTC-4, Jeffrey Ramsay wrote: > > I'm receiving this message "You are not authorized to access this > resource. Contact your CAS administrator for more info." while trying to > access the CAS management interface. I have tried using the "casuser" > account along with my LDAP credentials but both accounts have failed. I > tried adding my LDAP userid to the user-details.properties file but that > too has been unsuccessful. > > Has anyone been able to authenticate using LDAP as user store and the > user-default.properties file to limit admin access? I tried the "cas.mgmt" > options but that too has not been successful. > > -Jeff > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bb241356-f071-492e-a274-281f149c3629%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] Re: CAS Management App 5.0.0.RC2-SNAPSHOT
Do you have any idea why I still get Access Denied? On Sunday, September 18, 2016 at 7:51:13 PM UTC-4, Jeffrey Ramsay wrote: > > I'm receiving this message "You are not authorized to access this > resource. Contact your CAS administrator for more info." while trying to > access the CAS management interface. I have tried using the "casuser" > account along with my LDAP credentials but both accounts have failed. I > tried adding my LDAP userid to the user-details.properties file but that > too has been unsuccessful. > > Has anyone been able to authenticate using LDAP as user store and the > user-default.properties file to limit admin access? I tried the "cas.mgmt" > options but that too has not been successful. > > -Jeff > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d5711a28-b867-4e0b-8ae0-3add8dafea3a%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Re: [cas-user] Re: CAS Management App 5.0.0.RC2-SNAPSHOT
Ok, how do I accomplish this? I have tried adding my userid to user-details.properties but do not want to have my password in clear text. So, what's the recipe to make this work? jramsay=notused,ROLE_ADMIN -Jeff On Tuesday, September 20, 2016 at 11:04:30 AM UTC-4, Misagh Moayyed wrote: > > Yes, and yes. > > -- > *From: *"Jeffrey Ramsay" <jeffrey...@gmail.com > > *To: *"CAS Community" <cas-...@apereo.org > > *Sent: *Tuesday, September 20, 2016 7:30:42 PM > *Subject: *[cas-user] Re: CAS Management App 5.0.0.RC2-SNAPSHOT > > Is it possible to access the CAS 5 management console using an account > other than "casuser"? Is so, can the admin users be placed in a static file > and have their primary authentication source be LDAP? In CAS 3.4.x we only > had to add the matching userid to deployerConfigContext.xml -> > userDetailService block. > > -Jeff > > On Sunday, September 18, 2016 at 7:51:13 PM UTC-4, Jeffrey Ramsay wrote: >> >> I'm receiving this message "You are not authorized to access this >> resource. Contact your CAS administrator for more info." while trying to >> access the CAS management interface. I have tried using the "casuser" >> account along with my LDAP credentials but both accounts have failed. I >> tried adding my LDAP userid to the user-details.properties file but that >> too has been unsuccessful. >> >> Has anyone been able to authenticate using LDAP as user store and the >> user-default.properties file to limit admin access? I tried the "cas.mgmt" >> options but that too has not been successful. >> >> >> -Jeff >> > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org . > To post to this group, send email to cas-...@apereo.org . > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/00a20f52-eb8a-4dc3-a689-6f0ff15e44f5%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/00a20f52-eb8a-4dc3-a689-6f0ff15e44f5%40apereo.org?utm_medium=email_source=footer> > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2881588b-511c-4e5a-96da-472907ddcf9c%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
[cas-user] Re: CAS Management App 5.0.0.RC2-SNAPSHOT
Is it possible to access the CAS 5 management console using an account other than "casuser"? Is so, can the admin users be placed in a static file and have their primary authentication source be LDAP? In CAS 3.4.x we only had to add the matching userid to deployerConfigContext.xml -> userDetailService block. -Jeff On Sunday, September 18, 2016 at 7:51:13 PM UTC-4, Jeffrey Ramsay wrote: > > I'm receiving this message "You are not authorized to access this > resource. Contact your CAS administrator for more info." while trying to > access the CAS management interface. I have tried using the "casuser" > account along with my LDAP credentials but both accounts have failed. I > tried adding my LDAP userid to the user-details.properties file but that > too has been unsuccessful. > > Has anyone been able to authenticate using LDAP as user store and the > user-default.properties file to limit admin access? I tried the "cas.mgmt" > options but that too has not been successful. > > -Jeff > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00a20f52-eb8a-4dc3-a689-6f0ff15e44f5%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
