subject:"RE\: \[cas\-user\] Re\: How do I enable \/status \(admin monitoring\) page with CAS 5.1.0\?"

RE: [cas-user] Re: How do I enable /status (admin monitoring) page with CAS 5.1.0?

2018-08-23 Thread Daudt, Carl

I will defer to others, since we are still at v5.2.2

From: SBUser [mailto:sbuser.c...@gmail.com]
Sent: Wednesday, August 22, 2018 3:28 PM
To: CAS Community 
Cc: jasig-cas-u...@googlegroups.com; Daudt, Carl ; 
whizz6...@gmail.com
Subject: Re: [cas-user] Re: How do I enable /status (admin monitoring) page 
with CAS 5.1.0?

Have any of you guys able to set this up using CAS v 5.3.2?

I have tried everything document in this post and elsewhere for couple day to 
no avail.

Specifically, I'm getting "Access Denied" while trying to access 
https://:8443/cas/status/dashboard<https://%3cmy-server-name%3e:8443/cas/status/dashboard>
 after successfully signing in with ROLE_ADMIN user id from one single IP 
address of my second machine (IP: xxx.xxx.x.xxx)

-- application.properties ---
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false

cas.adminPagesSecurity.ip=127\.0\.0\.1|xxx\.xxx\.x\.xxx

endpoints.restart.enabled=false
endpoints.shutdown.enabled=false

management.security.enabled=true
management.security.roles=ACTUATOR,ROLE_ADMIN
management.security.sessions=if_required
management.context-path=/status
management.add-application-context-header=false
.
.
.
cas.authn.accept.users=casadmin::

- adminusers.properties ---
casadmin=notused,ROLE_ADMIN

--- cas.properties 
cas.adminPagesSecurity.loginUrl=https://:8443/cas/login
cas.adminPagesSecurity.service=https://:8443/cas/status/dashboard
cas.adminPagesSecurity.users=file:/adminusers.properties
cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
cas.adminPagesSecurity.actuatorEndpointsEnabled=true
cas.serviceRegistry.watcherEnabled=true
cas.serviceRegistry.initFromJson=true

Note: I'm using STS (Spring Tool Suite) IDE, deploying to local Tomcat 
8.5.32-x64.
application.properties, cas.properties, and adminusers.properties are housed in 
src\main\resources project folder, and published to tomcat WEB-INF\classes 
folder when run from STS.

It works if on same machine accessing via:
http://localhost:8080/cas/status/dashboard
https://localhost:8443/cas/status/dashboard

and it doesn't even care if I signed in with my admin user id or not 
(casadmin). Which is not a good thing either, but I can live with it for now.

Thanks for your help,
GTM

On Thursday, June 29, 2017 at 2:12:03 PM UTC-4, Julien Whizz wrote:
Here : 
https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#spring-boot-endpoints
When i try to install Endpoint :)
#casuser: This is the authenticated user id received from CAS
#notused: This is the password field that isn’t used by CAS. You could 
literally put any value you want in its place.
#ROLE_ADMIN: Role assigned to the authorized user, which is then cross 
checked against CAS configuration.

# exemple : casuser=notused,ROLE_ADMIN
myuser=notused,ROLE_ADMIN

Le mercredi 28 juin 2017 23:16:35 UTC+2, crdaudt a écrit :
Thanks Julien.  With your suggested change, /staus/dashboard is now working for 
me.

I changed my entry for adminusers.properties to 'crdaudt=pwdnotuse,ROLE_ADMIN' 
(i.e., as you suggested).

I changed the value of cas.adminPagesSecurity.ip to allow the ip address ranges 
of 10.11.12.0/24<http://10.11.12.0/24> and 14.15.16.0/24<http://14.15.16.0/24> 
as follows:
cas.adminPagesSecurity.ip=^10\.11\.12\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$|^14\.15\.16\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$

My other parameters are as listed above.

One further question:  What does '=pwdnotuse' mean?  Is this documented 
somewhere?

Other than that, my issue is resolved.  Thanks all!
p.s. -- looking forward to more complete, updated documentation some day, and 
perhaps some more examples.  Thanks for everyone's good hard work.

On Wednesday, June 28, 2017 at 3:36:16 PM UTC-4, Julien Whizz wrote:
Hi,

I think IS : crdaudt=pwdnotuse,ROLE_ADMIN

No ?

Le 28 juin 2017 5:49 PM, "crdaudt" 
mailto:crd...@taylor.edu>> a écrit :
Thanks Iain.  I have this working now for only filtering with IP addresses.  
For those interested, I have the following in my cas.properties file:
BEGIN snippet from cas.properties
...
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false
cas.adminPagesSecurity.ip=10\.11\.12\.13\|14\.15\.16\.17
END

However, to pick up on Julien's issue, I am not able to get this working if I 
further restrict this to users logged in who are specified as authorized users 
in my adminusers.properties file.
Here is what I have:
BEGIN snippet from cas.properties
...
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false
cas.adminPagesSecurity.ip=10\.11\.12\.13\|14\.15\.

Re: [cas-user] Re: How do I enable /status (admin monitoring) page with CAS 5.1.0?

2018-08-22 Thread SBUser

Have any of you guys able to set this up using CAS v 5.3.2?

I have tried everything document in this post and elsewhere for couple day 
to no avail.

Specifically, I'm getting "Access Denied" while trying to access 
https://:8443/cas/status/dashboard after successfully 
signing in with ROLE_ADMIN user id from one single IP address of my second 
machine (IP: xxx.xxx.x.xxx)


-- application.properties ---
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false

cas.adminPagesSecurity.ip=127\.0\.0\.1|xxx\.xxx\.x\.xxx

endpoints.restart.enabled=false
endpoints.shutdown.enabled=false

management.security.enabled=true
management.security.roles=ACTUATOR,ROLE_ADMIN
management.security.sessions=if_required
management.context-path=/status
management.add-application-context-header=false
.
.
.
cas.authn.accept.users=casadmin::




- adminusers.properties ---
casadmin=notused,ROLE_ADMIN




--- cas.properties 
cas.adminPagesSecurity.loginUrl=https://:8443/cas/login
cas.adminPagesSecurity.service=https://
:8443/cas/status/dashboard
cas.adminPagesSecurity.users=file:/adminusers.properties
cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
cas.adminPagesSecurity.actuatorEndpointsEnabled=true
cas.serviceRegistry.watcherEnabled=true
cas.serviceRegistry.initFromJson=true




Note: I'm using STS (Spring Tool Suite) IDE, deploying to local Tomcat 
8.5.32-x64.
application.properties, cas.properties, and adminusers.properties are 
housed in src\main\resources project folder, and published to 
tomcat WEB-INF\classes folder when run from STS.

It works if on same machine accessing via:
http://localhost:8080/cas/status/dashboard
https://localhost:8443/cas/status/dashboard

and it doesn't even care if I signed in with my admin user id or not (
casadmin). Which is not a good thing either, but I can live with it for now.

Thanks for your help,
GTM



On Thursday, June 29, 2017 at 2:12:03 PM UTC-4, Julien Whizz wrote:
>
> Here : 
> https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#spring-boot-endpoints
> When i try to install Endpoint :)
>
> # casuser: This is the authenticated user id received from CAS # notused: 
> This is the password field that isn’t used by CAS. You could literally put 
> any value you want in its place. # ROLE_ADMIN: Role assigned to the 
> authorized user, which is then cross checked against CAS configuration. # 
> exemple : casuser=notused,ROLE_ADMIN myuser=notused,ROLE_ADMIN
>
>
>
>
>
>
>
>
> Le mercredi 28 juin 2017 23:16:35 UTC+2, crdaudt a écrit :
>>
>> Thanks Julien.  With your suggested change, /staus/dashboard is now 
>> working for me.
>>
>> I changed my entry for adminusers.properties to 
>> 'crdaudt=pwdnotuse,ROLE_ADMIN' 
>> (i.e., as you suggested).
>>
>> I changed the value of cas.adminPagesSecurity.ip to allow the ip address 
>> ranges of 10.11.12.0/24 and 14.15.16.0/24 as follows:
>>
>> cas.adminPagesSecurity.ip=^10\.11\.12\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$|
>> ^14\.15\.16\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$
>>
>> My other parameters are as listed above.
>>
>> One further question:  What does '=pwdnotuse' mean?  Is this documented 
>> somewhere?
>>
>> Other than that, my issue is resolved.  Thanks all!
>> p.s. -- looking forward to more complete, updated documentation some day, 
>> and perhaps some more examples.  Thanks for everyone's good hard work.
>>
>> On Wednesday, June 28, 2017 at 3:36:16 PM UTC-4, Julien Whizz wrote:
>>>
>>> Hi, 
>>>
>>> I think IS : crdaudt=pwdnotuse,ROLE_ADMIN
>>>
>>> No ?
>>>
>>> Le 28 juin 2017 5:49 PM, "crdaudt"  a écrit :
>>>
>>> Thanks Iain.  I have this working now for only filtering with IP 
>>> addresses.  For those interested, I have the following in my cas.properties 
>>> file:
>>> BEGIN snippet from cas.properties
>>> ...
>>> cas.monitor.endpoints.enabled=true
>>> cas.monitor.endpoints.sensitive=false
>>> cas.adminPagesSecurity.ip=10\.11\.12\.13\|14\.15\.16\.17
>>> END
>>>
>>> However, to pick up on Julien's issue, I am not able to get this working 
>>> if I further restrict this to users logged in who are specified as 
>>> authorized users in my adminusers.properties file.
>>> Here is what I have:
>>> BEGIN snippet from cas.properties
>>> ...
>>> cas.monitor.endpoints.enabled=true
>>> cas.monitor.endpoints.sensitive=false
>>> cas.adminPagesSecurity.ip=10\.11\.12\.13\|14\.15\.16\.17
>>> cas.adminPagesSecurity.loginUrl=https://my.test.cas.server/cas/login
>>> cas.adminPagesSecurity.service=
>>> https://my.test.cas.server/cas/status/dashboard
>>> cas.adminPagesSecurity.users=file:/etc/cas/config/adminusers.properties
>>> cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
>>>

Re: [cas-user] Re: How do I enable /status (admin monitoring) page with CAS 5.1.0?

2017-06-29 Thread Julien Whizz

Here : 
https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#spring-boot-endpoints
When i try to install Endpoint :)

# casuser: This is the authenticated user id received from CAS # notused: 
This is the password field that isn’t used by CAS. You could literally put 
any value you want in its place. # ROLE_ADMIN: Role assigned to the 
authorized user, which is then cross checked against CAS configuration. # 
exemple : casuser=notused,ROLE_ADMIN myuser=notused,ROLE_ADMIN








Le mercredi 28 juin 2017 23:16:35 UTC+2, crdaudt a écrit :
>
> Thanks Julien.  With your suggested change, /staus/dashboard is now 
> working for me.
>
> I changed my entry for adminusers.properties to 
> 'crdaudt=pwdnotuse,ROLE_ADMIN' 
> (i.e., as you suggested).
>
> I changed the value of cas.adminPagesSecurity.ip to allow the ip address 
> ranges of 10.11.12.0/24 and 14.15.16.0/24 as follows:
>
> cas.adminPagesSecurity.ip=^10\.11\.12\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$|
> ^14\.15\.16\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$
>
> My other parameters are as listed above.
>
> One further question:  What does '=pwdnotuse' mean?  Is this documented 
> somewhere?
>
> Other than that, my issue is resolved.  Thanks all!
> p.s. -- looking forward to more complete, updated documentation some day, 
> and perhaps some more examples.  Thanks for everyone's good hard work.
>
> On Wednesday, June 28, 2017 at 3:36:16 PM UTC-4, Julien Whizz wrote:
>>
>> Hi, 
>>
>> I think IS : crdaudt=pwdnotuse,ROLE_ADMIN
>>
>> No ?
>>
>> Le 28 juin 2017 5:49 PM, "crdaudt"  a écrit :
>>
>> Thanks Iain.  I have this working now for only filtering with IP 
>> addresses.  For those interested, I have the following in my cas.properties 
>> file:
>> BEGIN snippet from cas.properties
>> ...
>> cas.monitor.endpoints.enabled=true
>> cas.monitor.endpoints.sensitive=false
>> cas.adminPagesSecurity.ip=10\.11\.12\.13\|14\.15\.16\.17
>> END
>>
>> However, to pick up on Julien's issue, I am not able to get this working 
>> if I further restrict this to users logged in who are specified as 
>> authorized users in my adminusers.properties file.
>> Here is what I have:
>> BEGIN snippet from cas.properties
>> ...
>> cas.monitor.endpoints.enabled=true
>> cas.monitor.endpoints.sensitive=false
>> cas.adminPagesSecurity.ip=10\.11\.12\.13\|14\.15\.16\.17
>> cas.adminPagesSecurity.loginUrl=https://my.test.cas.server/cas/login
>> cas.adminPagesSecurity.service=
>> https://my.test.cas.server/cas/status/dashboard
>> cas.adminPagesSecurity.users=file:/etc/cas/config/adminusers.properties
>> cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
>> cas.adminPagesSecurity.actuatorEndpointsEnabled=true
>> cas.serviceRegistry.watcherEnabled=true
>> cas.serviceRegistry.initFromJson=true
>> END
>>
>> And here are the contents of my adminusers.properties file (for now, I 
>> only have my username listed):
>> BEGIN adminusers.properties
>> user=crdaudt,ROLE_ADMIN
>> END
>>
>> My results are as follows:
>> --When I visit https://my.test.cas.server/cas/status/dashboard, I am 
>> redirected to login.
>> --When I log in, my logs show the following:
>>
>> BEGIN log snippet
>> >
>> 2017-06-28 11:42:01,961 INFO 
>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - > trail record BEGIN
>> =
>> WHO: crdaudt
>> WHAT: 
>> TGT-**kloPuBba1M-my.test.cas.server
>> ACTION: TICKET_GRANTING_TICKET_CREATED
>> APPLICATION: CAS
>> WHEN: Wed Jun 28 11:42:01 EDT 2017
>> CLIENT IP ADDRESS: 10.11.12.13
>> SERVER IP ADDRESS: 10.10.10.100
>> =
>>
>> >
>> 2017-06-28 11:42:02,001 INFO 
>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - > trail record BEGIN
>> =
>> WHO: crdaudt
>> WHAT: ST-1-Fe5a6Ieo3IMaPI2FScWC-my.test.cas.server for 
>> https://my.test.cas.server/cas/status/dashboard
>> ACTION: SERVICE_TICKET_CREATED
>> APPLICATION: CAS
>> WHEN: Wed Jun 28 11:42:02 EDT 2017
>> CLIENT IP ADDRESS: 10.11.12.13
>> SERVER IP ADDRESS: 10.10.10.100
>> =
>>
>> >
>> 2017-06-28 11:42:02,206 INFO 
>> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - > trail record BEGIN
>> =
>> WHO: crdaudt
>> WHAT: ST-1-Fe5a6Ieo3IMaPI2FScWC-my.test.cas.server
>> ACTION: SERVICE_TICKET_VALIDATED
>> APPLICATION: CAS
>> WHEN: Wed Jun 28 11:42:02 EDT 2017
>> CLIENT IP ADDRESS: 10.11.12.13
>> SERVER IP ADDRESS: 10.10.10.100
>> =
>> END
>>
>> I am then redirected to 
>> https://my.test.cas.server/cas/status/dashboard?ticket=ST-1-Fe5a6Ieo3IMaPI2FScWC-my.test.cas.server,
>>

Re: [cas-user] Re: How do I enable /status (admin monitoring) page with CAS 5.1.0?

2017-06-28 Thread crdaudt

Thanks Julien.  With your suggested change, /staus/dashboard is now working 
for me.

I changed my entry for adminusers.properties to 'crdaudt=pwdnotuse,ROLE_ADMIN' 
(i.e., as you suggested).

I changed the value of cas.adminPagesSecurity.ip to allow the ip address 
ranges of 10.11.12.0/24 and 14.15.16.0/24 as follows:
cas.adminPagesSecurity.ip=^10\.11\.12\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$|
^14\.15\.16\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$

My other parameters are as listed above.

One further question:  What does '=pwdnotuse' mean?  Is this documented 
somewhere?

Other than that, my issue is resolved.  Thanks all!
p.s. -- looking forward to more complete, updated documentation some day, 
and perhaps some more examples.  Thanks for everyone's good hard work.

On Wednesday, June 28, 2017 at 3:36:16 PM UTC-4, Julien Whizz wrote:
>
> Hi, 
>
> I think IS : crdaudt=pwdnotuse,ROLE_ADMIN
>
> No ?
>
> Le 28 juin 2017 5:49 PM, "crdaudt"  a 
> écrit :
>
> Thanks Iain.  I have this working now for only filtering with IP 
> addresses.  For those interested, I have the following in my cas.properties 
> file:
> BEGIN snippet from cas.properties
> ...
> cas.monitor.endpoints.enabled=true
> cas.monitor.endpoints.sensitive=false
> cas.adminPagesSecurity.ip=10\.11\.12\.13\|14\.15\.16\.17
> END
>
> However, to pick up on Julien's issue, I am not able to get this working 
> if I further restrict this to users logged in who are specified as 
> authorized users in my adminusers.properties file.
> Here is what I have:
> BEGIN snippet from cas.properties
> ...
> cas.monitor.endpoints.enabled=true
> cas.monitor.endpoints.sensitive=false
> cas.adminPagesSecurity.ip=10\.11\.12\.13\|14\.15\.16\.17
> cas.adminPagesSecurity.loginUrl=https://my.test.cas.server/cas/login
> cas.adminPagesSecurity.service=
> https://my.test.cas.server/cas/status/dashboard
> cas.adminPagesSecurity.users=file:/etc/cas/config/adminusers.properties
> cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
> cas.adminPagesSecurity.actuatorEndpointsEnabled=true
> cas.serviceRegistry.watcherEnabled=true
> cas.serviceRegistry.initFromJson=true
> END
>
> And here are the contents of my adminusers.properties file (for now, I 
> only have my username listed):
> BEGIN adminusers.properties
> user=crdaudt,ROLE_ADMIN
> END
>
> My results are as follows:
> --When I visit https://my.test.cas.server/cas/status/dashboard, I am 
> redirected to login.
> --When I log in, my logs show the following:
>
> BEGIN log snippet
> >
> 2017-06-28 11:42:01,961 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: crdaudt
> WHAT: 
> TGT-**kloPuBba1M-my.test.cas.server
> ACTION: TICKET_GRANTING_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Wed Jun 28 11:42:01 EDT 2017
> CLIENT IP ADDRESS: 10.11.12.13
> SERVER IP ADDRESS: 10.10.10.100
> =
>
> >
> 2017-06-28 11:42:02,001 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: crdaudt
> WHAT: ST-1-Fe5a6Ieo3IMaPI2FScWC-my.test.cas.server for 
> https://my.test.cas.server/cas/status/dashboard
> ACTION: SERVICE_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Wed Jun 28 11:42:02 EDT 2017
> CLIENT IP ADDRESS: 10.11.12.13
> SERVER IP ADDRESS: 10.10.10.100
> =
>
> >
> 2017-06-28 11:42:02,206 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: crdaudt
> WHAT: ST-1-Fe5a6Ieo3IMaPI2FScWC-my.test.cas.server
> ACTION: SERVICE_TICKET_VALIDATED
> APPLICATION: CAS
> WHEN: Wed Jun 28 11:42:02 EDT 2017
> CLIENT IP ADDRESS: 10.11.12.13
> SERVER IP ADDRESS: 10.10.10.100
> =
> END
>
> I am then redirected to 
> https://my.test.cas.server/cas/status/dashboard?ticket=ST-1-Fe5a6Ieo3IMaPI2FScWC-my.test.cas.server,
>  
> and informed that:  "YOU ARE NOT AUTHORIZED TO BE AUTHORIZED!".
>
> Any suggestions?
>
>
>
> On Tuesday, June 27, 2017 at 2:19:58 PM UTC-4, Iain Workman wrote:
>>
>> The cas.adminPagesSecurity.ip setting is interpreted as a regex which the 
>> sending ip of the request is matched against. If you can form a regex which 
>> will match only the required ips that will work.
>>
>> -- 
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: 
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> --- 
> You received this message because you are subscribed to

Re: [cas-user] Re: How do I enable /status (admin monitoring) page with CAS 5.1.0?

2017-06-28 Thread Julien Whizz

Hi,

I think IS : crdaudt=pwdnotuse,ROLE_ADMIN

No ?

Le 28 juin 2017 5:49 PM, "crdaudt"  a écrit :

Thanks Iain.  I have this working now for only filtering with IP
addresses.  For those interested, I have the following in my cas.properties
file:
BEGIN snippet from cas.properties
...
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false
cas.adminPagesSecurity.ip=10\.11\.12\.13\|14\.15\.16\.17
END

However, to pick up on Julien's issue, I am not able to get this working if
I further restrict this to users logged in who are specified as authorized
users in my adminusers.properties file.
Here is what I have:
BEGIN snippet from cas.properties
...
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false
cas.adminPagesSecurity.ip=10\.11\.12\.13\|14\.15\.16\.17
cas.adminPagesSecurity.loginUrl=https://my.test.cas.server/cas/login
cas.adminPagesSecurity.service=https://my.test.cas.
server/cas/status/dashboard
cas.adminPagesSecurity.users=file:/etc/cas/config/adminusers.properties
cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
cas.adminPagesSecurity.actuatorEndpointsEnabled=true
cas.serviceRegistry.watcherEnabled=true
cas.serviceRegistry.initFromJson=true
END

And here are the contents of my adminusers.properties file (for now, I only
have my username listed):
BEGIN adminusers.properties
user=crdaudt,ROLE_ADMIN
END

My results are as follows:
--When I visit https://my.test.cas.server/cas/status/dashboard, I am
redirected to login.
--When I log in, my logs show the following:

BEGIN log snippet
>
2017-06-28 11:42:01,961 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
- 
2017-06-28 11:42:02,001 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
- https://my.test.cas.server/cas/status/dashboard
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Jun 28 11:42:02 EDT 2017
CLIENT IP ADDRESS: 10.11.12.13
SERVER IP ADDRESS: 10.10.10.100
=

>
2017-06-28 11:42:02,206 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
- https://my.test.cas.server/
cas/status/dashboard?ticket=ST-1-Fe5a6Ieo3IMaPI2FScWC-my.test.cas.server,
and informed that:  "YOU ARE NOT AUTHORIZED TO BE AUTHORIZED!".

Any suggestions?



On Tuesday, June 27, 2017 at 2:19:58 PM UTC-4, Iain Workman wrote:
>
> The cas.adminPagesSecurity.ip setting is interpreted as a regex which the
> sending ip of the request is matched against. If you can form a regex which
> will match only the required ips that will work.
>
> --
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/
Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/
apereo.org/d/msgid/cas-user/e315e2f4-4290-46d9-8680-
29b7f5f62e10%40apereo.org

.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABkwnn_Ch_T0rEbDO-Rqn7%2B52ojabUX45g-Rvjj-P75rGQUM%3Dg%40mail.gmail.com.

Re: [cas-user] Re: How do I enable /status (admin monitoring) page with CAS 5.1.0?

2017-06-28 Thread Julien Whizz

I have the same problem, and I encounter a similar error to access
/cas-management
No error in the logs (DEBUG)

For ranges Security.ip think is like this :
cas.adminPagesSecurity.ip=(10)(\.(1|2|3|4|5|6|7))(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2}

2017-06-27 9:23 GMT+02:00 Michael Kotowski :

> Same issue here. In 5.0.5 it was sufficient to set
> cas.adminPagesSecurity.ip, but with 5.1.0 I have the same issue.
>
> But, with 5.1.0 there is also a big bunch of new properties ... will play
> with them.
>
> 5.0.x: https://apereo.github.io/cas/5.0.x/installation/
> Configuration-Properties.html#admin-status-endpoints
>
> 5.1.x: https://apereo.github.io/cas/5.1.x/installation/
> Configuration-Properties.html#spring-boot-endpoints
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/
> Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/873b7de0-f4ca-405d-8915-
> 83a7d1dcc775%40apereo.org
> 
> .
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABkwnn8%3D2%3Do%3D_64qDPPKt7FYmyGAphTvGE6WYbGcJQYhD3zUuQ%40mail.gmail.com.

RE: [cas-user] Re: How do I enable /status (admin monitoring) page with CAS 5.1.0?

Re: [cas-user] Re: How do I enable /status (admin monitoring) page with CAS 5.1.0?

Re: [cas-user] Re: How do I enable /status (admin monitoring) page with CAS 5.1.0?

Re: [cas-user] Re: How do I enable /status (admin monitoring) page with CAS 5.1.0?

Re: [cas-user] Re: How do I enable /status (admin monitoring) page with CAS 5.1.0?

Re: [cas-user] Re: How do I enable /status (admin monitoring) page with CAS 5.1.0?

6 matches

Site Navigation

Mail list logo

Footer information