[cas-user] Re: SessionMonitor: WARN

[Andy Ng]

Hi Jeff,

I just searched the above keyword "is above threshold " in the CAS 5.2.x 
source code, and found that the parameter that control this is:
# cas.monitor.tgt.warn.threshold=10 

FYI:
https://github.com/apereo/cas/blob/v5.2.0/core/cas-server-core-monitor/src/main/java/org/apereo/cas/monitor/SessionMonitor.java
 
(line: 53 -> 24)
https://github.com/apereo/cas/blob/v5.2.0/core/cas-server-core-monitor/src/main/java/org/apereo/cas/monitor/config/CasCoreMonitorConfiguration.java
 
(line: 66 -> 62)
-Andy

On Tuesday, 2 January 2018 23:12:41 UTC+8, Jeffrey Ramsay wrote:
>
> What parameter controls this? cas.monitor..warn.threshold=10
>
> SessionMonitor: WARN - Session count (1771) is above threshold 10
>
> Thanks.
>
> -Jeff
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2ad76214-8039-4e59-9861-fabd3149563d%40apereo.org.

Re: [cas-user] Re: CAS 5.x - regular expressions

[Jeffrey Ramsay]

Good point.

Thanks,
-Jeff

On Tue, Jan 2, 2018 at 12:44 PM, Ray Bon  wrote:

> Jeff,
>
> I would suggest you include the trailing slash as optional to avoid
> someone poking at your system with a service like
> https://my.service.education 
>
> ^https?://my.service.edu(/?|/.*)$
>
> Ray
>
> On Tue, 2018-01-02 at 07:15 -0500, Jeffrey Ramsay wrote:
>
> Andy,
>
>
>
> Thanks for the update and after using the validation link you provided, I
> believe the following will work for both service links.
>
>
>
> ^https?://my.service.edu.*$
>
>
>
> Thanks,
>
> -Jeff
>
>
>
> Sent from Mail  for
> Windows 10
>
>
>
> *From: *Andy Ng 
> *Sent: *Tuesday, January 2, 2018 2:09 AM
> *To: *CAS Community 
> *Subject: *[cas-user] Re: CAS 5.x - regular expressions
>
>
>
> Hi Jeff,
>
>
>
> Would like to know what exactly you want to catch using regex for the two
> links?  (Maybe give some example?)
>
>
>
> The first link you provided, when translate to regex only matches
> something like these:
> https://my.service.edu, http://my.service.edu///
> 
>
>
>
> Which, I think maybe is not what you wanted.
>
>
>
>
>
> In any case, If your two links are valid, see if the below fit your needs:
>
> (https?://my.service.edu/.*)|(https?://my.service.edu/*
> )
>
>
>
> Or maybe even this:
> https?://my.service.edu((/.*)|(/*))
>
>
>
>
>
> If you want to test Regex (the links pattern you using) without worrying
> it will broke your production setup, you can always go to site like
> http://jsregex.com/, then fine tune your link pattern until it is correct
> before deploying them to production.
>
>
>
> cheers
>
> - Andy
>
> On Wednesday, 27 December 2017 21:45:41 UTC+8, Jeffrey Ramsay wrote:
>
> All -
>
> I went live with CAS 5.1.7 in production and ran into a problem that was
> not reported in test. I have a site which requires me to use both star and
> dot star allowances so, I defined two service entries however, I think I
> should be able to combine these but have not been successful.
>
>
>
> How can I combine these links? (.|.*) did not work and I'm not sure what
> effect escaping the dots will have. Since this is production, I can
> experiment as much as I would like.
>
>
>
> https?://my.service.edu/*
>
> https?://my.service.edu/.*
>
> Thanks,
>
> -Jeff
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/78814056-a9fa-4537-8ec5-
> 9d59f5f74b62%40apereo.org
> 
> .
>
>
>
> --
> Ray Bon
> Programmer analyst
> Development Services, University Systems2507218831 <(250)%20721-8831> | CLE 
> 019 | r...@uvic.ca
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/1514915084.4183.14.camel%40uvic.ca
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYOR_QiR9tzLvS1RqJa3tPHWYrQmsbnjatbUHQcSY%2BWR-4g%40mail.gmail.com.

Re: [cas-user] Cas Service Management

[David Curry]

If that's a cut-n-paste from the properties file, "location" is
misspelled...

Do you have the cas-server-support-json-service-registry dependency in the
management webapp's pom.xml?

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]

On Tue, Jan 2, 2018 at 5:18 PM, Aaron East  wrote:

> CAS service Managment webapp is not reading my services in
> /etc/cas/config/services
>
> Using CAS 5.2.1 which seems to see the services fine but the managmenet
> webapp whenever I login to it seems to only have 1 entry and it is it's own.
>
> In cas.properties I have this setup
>
> cas.serviceRegistry.json.locaion=file:///etc/cas/config/services
>
> This works great for the CAS server but the management server doesn't seem
> to read it at all.
>
> Any Ideas?
>
> Thanks In advance.
>
> ---Aaron
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/21e4f4c9-3b6e-409b-a0e0-
> 32949a660b3a%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XANj_RitLD5C4tnZzvqaeDPsUcazvcLTJ85a31gSSHjHQQ%40mail.gmail.com.

[cas-user] Cas Service Management

[Aaron East]

CAS service Managment webapp is not reading my services in 
/etc/cas/config/services

Using CAS 5.2.1 which seems to see the services fine but the managmenet 
webapp whenever I login to it seems to only have 1 entry and it is it's own.

In cas.properties I have this setup

cas.serviceRegistry.json.locaion=file:///etc/cas/config/services

This works great for the CAS server but the management server doesn't seem 
to read it at all.  

Any Ideas?

Thanks In advance.

---Aaron

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/21e4f4c9-3b6e-409b-a0e0-32949a660b3a%40apereo.org.

Re: [cas-user] Re: CAS 5.x - regular expressions

[Ray Bon]

Jeff,

I would suggest you include the trailing slash as optional to avoid someone 
poking at your system with a service like 
https://my.service.education

^https?://my.service.edu(/?|/.*)$

Ray

On Tue, 2018-01-02 at 07:15 -0500, Jeffrey Ramsay wrote:
Andy,

Thanks for the update and after using the validation link you provided, I 
believe the following will work for both service links.

^https?://my.service.edu.*$

Thanks,
-Jeff

Sent from Mail for Windows 10

From: Andy Ng
Sent: Tuesday, January 2, 2018 2:09 AM
To: CAS Community
Subject: [cas-user] Re: CAS 5.x - regular expressions

Hi Jeff,

Would like to know what exactly you want to catch using regex for the two 
links?  (Maybe give some example?)

The first link you provided, when translate to regex only matches something 
like these:
https://my.service.edu, http://my.service.edu///

Which, I think maybe is not what you wanted.


In any case, If your two links are valid, see if the below fit your needs:
(https?://my.service.edu/.*)|(https?://my.service.edu/*)

Or maybe even this:
https?://my.service.edu((/.*)|(/*))


If you want to test Regex (the links pattern you using) without worrying it 
will broke your production setup, you can always go to site like 
http://jsregex.com/, then fine tune your link pattern until it is correct 
before deploying them to production.

cheers
- Andy

On Wednesday, 27 December 2017 21:45:41 UTC+8, Jeffrey Ramsay wrote:
All -
I went live with CAS 5.1.7 in production and ran into a problem that was not 
reported in test. I have a site which requires me to use both star and dot star 
allowances so, I defined two service entries however, I think I should be able 
to combine these but have not been successful.

How can I combine these links? (.|.*) did not work and I'm not sure what effect 
escaping the dots will have. Since this is production, I can experiment as much 
as I would like.

https?://my.service.edu/*
https?://my.service.edu/.*
Thanks,
-Jeff
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/78814056-a9fa-4537-8ec5-9d59f5f74b62%40apereo.org.


--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1514915084.4183.14.camel%40uvic.ca.

Re: [cas-user] Question about configure attribute release policy

[Ray Bon]

Elena,

Is that the actual service.json? There is a typo in 'allowedAttribytes'.

Ray

On Tue, 2017-12-26 at 04:14 -0800, Elena wrote:
Hello.

I want to set attributeReleasePolicy in service (json).

I have two attribute - role, firstname - and then I want to return attribute 
only "role".

So I registry service like this.

--- cas service.json 

{
"@class": "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "test1234",
"name" : "test"
"id" : 8
"attributeReleasePolicy":{
"@class": "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttribytes":["java.util.ArrayList",["role"]]
}
}

-

Then, I call service ticket validation api (/p3/serviceValidate), It return all 
attribute - role, firstname- still..
Even if I set attributeReleasePolicy "deny" but it return all attribute...

I suppose to attributeReleasePolicy is not working in my environment...
Would I set more config about it?

Please give me a guide.

Thanks.


--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1514914203.4183.9.camel%40uvic.ca.

[cas-user] SessionMonitor: WARN

[Jeffrey Ramsay]

What parameter controls this? cas.monitor..warn.threshold=10

SessionMonitor: WARN - Session count (1771) is above threshold 10

Thanks.

-Jeff

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYOSoLBpYFkZHGWLnmsmCLu_8kZB0XC8o-ggoYfM5xaHh_g%40mail.gmail.com.

[cas-user] cas 5.2.1 Problem with trusted authentication

[pascal m]

Hi,

I'm trying to configure CAS Server (5.2.1) with trusted authentication, 
username extract from request header.
The username is found in request 
( PrincipalFromRequestHeaderNonInteractiveCredentialsAction 
getRemotePrincipalId) 
but looks this method return remoteUser instead of header value for 
remotePrincipalHeader.
I've just configure dependency cas-server-support-trusted-webflow and 
add cas.authn.trusted.remotePrincipalHeader=x-app-auth-userid
May be i do miss configuration?

Thanks

Pascal

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/42e1178a-4bac-4aca-95fb-c806db37be15%40apereo.org.

RE: [cas-user] Re: CAS 5.x - regular expressions

[Jeffrey Ramsay]

Andy,

Thanks for the update and after using the validation link you provided, I 
believe the following will work for both service links.

^https?://my.service.edu.*$

Thanks,
-Jeff

Sent from Mail for Windows 10

From: Andy Ng
Sent: Tuesday, January 2, 2018 2:09 AM
To: CAS Community
Subject: [cas-user] Re: CAS 5.x - regular expressions

Hi Jeff,

Would like to know what exactly you want to catch using regex for the two 
links?  (Maybe give some example?) 

The first link you provided, when translate to regex only matches something 
like these:
https://my.service.edu, http://my.service.edu///

Which, I think maybe is not what you wanted.


In any case, If your two links are valid, see if the below fit your needs:
(https?://my.service.edu/.*)|(https?://my.service.edu/*)

Or maybe even this:
https?://my.service.edu((/.*)|(/*))


If you want to test Regex (the links pattern you using) without worrying it 
will broke your production setup, you can always go to site like 
http://jsregex.com/, then fine tune your link pattern until it is correct 
before deploying them to production.

cheers
- Andy

On Wednesday, 27 December 2017 21:45:41 UTC+8, Jeffrey Ramsay wrote:
All -
I went live with CAS 5.1.7 in production and ran into a problem that was not 
reported in test. I have a site which requires me to use both star and dot star 
allowances so, I defined two service entries however, I think I should be able 
to combine these but have not been successful.

How can I combine these links? (.|.*) did not work and I'm not sure what effect 
escaping the dots will have. Since this is production, I can experiment as much 
as I would like.

https?://my.service.edu/*
https?://my.service.edu/.*
Thanks,
-Jeff
-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/78814056-a9fa-4537-8ec5-9d59f5f74b62%40apereo.org.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5a4b77dd.062b370a.5cba8.4f4d%40mx.google.com.