Re: [cas-user] Error CAS Prodiction

[Roger Yerbanga]

Idea : Invalid hostname or DNS issue.

Roger

On Thu, Nov 14, 2019 at 10:43 AM Paulo Cortez  wrote:

> Please, ERROR Prodiction.
>
> Any ideas?
>
> Caused by: org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'centralAuthenticationService' defined in
> ServletContext resource
> [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot resolve
> reference to bean 'authenticationManager' while setting constructor
> argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'authenticationManager' defined in ServletContext resource
> [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean
> 'proxyAuthenticationHandler' while setting constructor argument; nested
> exception is org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'proxyAuthenticationHandler' defined in
> ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot
> resolve reference to bean 'supportsTrustStoreSslSocketFactoryHttpClient'
> while setting bean property 'httpClient'; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'supportsTrustStoreSslSocketFactoryHttpClient': FactoryBean
> threw exception on object creation; nested exception is
> java.lang.RuntimeException: java.net.UnknownHostException:
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0322f2af-9f35-4933-827b-c78dc2fa5bbf%40apereo.org
> .
>


-- 
! roger
-- www.yerbynet.com --
Un ordinateur sans connexion Internet, c'est un peu comme une télévision
sans antenne :)

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHu2YPFLkYc70Cb%2BQzJO9jzAX8Jm3EVZLD%2BqFxDSfmEEz%3DT0tg%40mail.gmail.com.

Re: [cas-user] how to configure cas to load cas.properties from dynamo db

[Ray Bon]

Raheem,

This might help, 
https://apereo.github.io/cas/6.1.x/configuration/Configuration-Server-Management.html#dynamodb

Ray

On Thu, 2019-11-07 at 11:34 -0800, Raheem Shaik wrote:
Any idea how we can configure cas to load cas.properties (hazelcast) from 
dynamodb






Inmar Confidentiality Note:  This e-mail and any attachments are confidential 
and intended to be viewed and used solely by the intended recipient.  If you 
are not the intended recipient, be aware that any disclosure, dissemination, 
distribution, copying or use of this e-mail or any attachment is prohibited.  
If you received this e-mail in error, please notify us immediately by returning 
it to the sender and delete this copy and all attachments from your system and 
destroy any printed copies.  Thank you for your cooperation.



Notice of Protected Rights:  The removal of any copyright, trademark, or 
proprietary legend contained in this e-mail or any attachment is prohibited 
without the express, written permission of Inmar, Inc.  Furthermore, the 
intended recipient must maintain all copyright notices, trademarks, and 
proprietary legends within this e-mail and any attachments in their original 
form and location if the e-mail or any attachments are reproduced, printed or 
distributed.





--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5ecc73e0a971300c6e79fc2f62429d91459fd954.camel%40uvic.ca.

Re: [cas-user] Proper way to detect if a ticket is a service ticket or a proxy ticket?

[Ray Bon]

Pol,

In the java client, 
https://github.com/apereo/java-cas-client/blob/master/cas-client-core/src/main/java/org/jasig/cas/client/proxy/Cas20ProxyRetriever.java,
 XmlUtils is used to get the 'proxyTicket'. Not sure why it is in XML but this 
might help you track down how it was done here.

Ray

On Tue, 2019-11-12 at 23:26 -0800, Pol Dellaiera wrote:
Hi,

I'm writing a CAS library and I'm facing a question and I don't know how to 
address it.

The question is the following:

* What is the proper way to detect the type of a ticket in the URL ?

- By doing some introspection in the request URL and detecting if the ticket 
starts with ST- (for service ticket) or PT- (for proxy ticket) ?
- By checking the configuration of the serviceValidate and see if the parameter 
pgtUrl is set or not.

I don't know what is the best option for the moment, any help/advice is welcome.

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5cb216e926a807bd4abc47e8a68c4c0dcd40b0c2.camel%40uvic.ca.

[cas-user] Re: Service Registry in MongoDB (with replication)

[Shawn Cutting]

I figured out the problem (several factors):
1. I changed the pom.xml file so that the cas version matched what I was 
using (it was 5.3.5, but I made it 5.3.14) -> Can't do that apparently.
2. I was not properly deleting the cas-management folder from the 
tomcat/webapps, and the updated jars created by the pom build were getting 
added to the webapps folder.

Once I set everything back to the original, and deleted the appropriate 
folder, it came up.  Ugh!
Thanks for your help!

Shawn

On Thursday, November 14, 2019 at 10:53:56 AM UTC-5, Shawn Cutting wrote:
>
> Good morning,
>
> I am at a total loss here about how to get CAS services to load from (and 
> to) MongoDB.  Following the instructions on David Curry's site 
>  
> (very well written, by the way), I have the mongodb server running and 
> replicating across 3 servers.  I am also able to successfully 
> auto-initialize the database with the JSON files.  I verify this by opening 
> mongodb and searching the collection "casServiceRegistry."
>
> *CAS version 5.3.14*, by the way.
>
> When I start the tomcat server and watch the debug logs, I see that CAS is 
> loading the entry from the database:
>
> - snippet -
> 2019-11-13 16:24:22,706 DEBUG 
> [org.apereo.cas.services.AbstractServicesManager] -  [org.apereo.cas.services.ChainingServiceRegistry@3971e14f]>
> 2019-11-13 16:24:22,728 DEBUG 
> [org.apereo.cas.services.AbstractServicesManager] -  service [http(|s)://cas(|.*).messiah.edu(|.*)/cas-management(|/.*)]>
> 2019-11-13 16:24:22,729 INFO 
> [org.apereo.cas.services.AbstractServicesManager] -  from [MongoDbServiceRegistry].>
>
>
> Here is where it gets weird: when I load the management app, I see one 
> service entry that does NOT match the one loaded on startup.  I should also 
> note that I have the ticket registry replicated on the same MongoDB server 
> and it works perfectly.
>
> That's the short story, here are the details (these settings match on all 
> 3 servers "*cas-ha01, cas-ha02, cas-ha03*":
>
> -- cas.properties: --
> cas.server.name=https://cas-ha.messiah.edu
> cas.server.prefix=${cas.server.name}/cas
> cas.view.templatePrefixes[0]=file:///etc/cas/templates
> cas.logout.followServiceRedirects=true
> logging.config=file:/etc/cas/config/log4j2.xml
>
> mongo.db=casdb
> mongo.rs=rs0
> mongo.opts==true
> mongo.creds=mongocas:**
> mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,cas-ha03.messiah.edu
> # The connection string, assembled
> mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?replicaSet=${
> mongo.rs}${mongo.opts}
>
> ### Remove default/local users (must be left blank) ###
> cas.authn.accept.users=
>
> ### Service Registry Setup ###
> #cas.serviceRegistry.json.location=file:/etc/cas/services
> #cas.serviceRegistry.initFromJson=true
> cas.serviceRegistry.mongo.databaseName=${mongo.db}
> cas.serviceRegistry.mongo.clientUri=${mongo.uri}
> cas.serviceRegistry.mongo.collection=casServiceRegistry
> cas.serviceRegistry.mongo.replicaSet=${mongo.rs}
> cas.serviceRegistry.mongo.sslEnabled=true
> cas.ticket.registry.mongo.clientUri=${mongo.uri}
>
>
> -- management.properties: --
> cas.server.name=https://cas-ha.messiah.edu
> cas.server.prefix=${cas.server.name}/cas
> mgmt.serverName=${cas.server.name}
> mgmt.userPropertiesFile=file:/etc/cas/config/adminusers.properties
>
> mongo.db=casdb
> mongo.rs=rs0
> mongo.opts==true
> mongo.creds=mongocas:**
> mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,cas-ha03.messiah.edu
> # The connection string, assembled
> mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?replicaSet=${
> mongo.rs}${mongo.opts}
>
> ### Service Registry Setup ###
> #cas.serviceRegistry.json.location=file:/etc/cas/services
> cas.serviceRegistry.mongo.clientUri=${mongo.uri}
> cas.serviceRegistry.mongo.collection=casServiceRegistry
>
> -- pom.xml (cas server, dependencies): --
> ...
> 
> org.apereo.cas
> cas-server-webapp${app.server}
> ${cas.version}
> war
> runtime
> 
> 
> org.apereo.cas
> cas-server-support-ldap
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-ldap-core
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-webapp-config-security
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-interrupt-core
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-interrupt-api
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-interrupt-webflow
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-rest
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-gauth
> ${cas.version}
> 
> 
>org.apereo.cas
>cas-server-support-jdbc-drivers
>${cas.version}
> 
> 
>  org.apereo.cas
>  cas-server-support-gauth-jpa
>  ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-trusted-mfa
> ${cas.version}
> 
> 
>   

Re: [cas-user] Extending Web SSO to External Script based process.

[Ray Bon]

Colin,

That is a proxy auth configuration. Both services need proxying turned on in 
the service registry entry.
https://apereo.github.io/cas/6.1.x/installation/Configuring-Proxy-Authentication.html

Ray

On Fri, 2019-11-08 at 15:32 -0500, Colin Ryan wrote:

Folks,


I'm not certain if the following falls into the Proxy Auth scenario or

not. Here is an outline of what I'm trying to accomplish.


I have some sensitive files that I need to have downloaded by a

Installer/Script style process.



* The Installer/script can support maintaining Session/Cookies but isn't

user interactive.


* The files are on one web resource/service/system


* The User Web interfaces is on another resource/service/system


* Both are protected by the same CAS infrastructure.


* Everything is on the same domain.


* Mod_auth_cas is the mechanism for protecting the sensitive files.



I would like to have the user log into a web interface via traditional

CAS login redirect and return.


I would like then to be able to pass arguments to the installer or

script that would allow it to share the authenticated and permitted

state of the users Web session into the context of the Script so that it

can access the sensitive files without having to interact with the user.

I.e. SSO between a Web interface and an external process.



Even just a hint of direction to look into would be appreciated.


Sincerely



Colin Ryan


--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bd5d33736bd43a9143e0d7266425b5b41147657c.camel%40uvic.ca.

Re: [cas-user] Service Registry in MongoDB (with replication)

[Shawn Cutting]

Sorry.. it's this error:

Caused by: java.lang.IllegalArgumentException: More than one fragment with 
the name [log4j] was found. This is not legal with relative ordering. See 
section 8.2.2 2c of the Servlet specification for details. Consider using 
absolute ordering.



On Thursday, November 14, 2019 at 4:10:46 PM UTC-5, Shawn Cutting wrote:
>
> I watched the catalina log and found this error when the management app 
> was loading:
>
> java.lang.IllegalStateException: ContainerBase.addChild: start: 
> org.apache.catalina.LifecycleException: Failed to start component 
> [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/cas-management]]
>
> Thoughts?
>
> On Thursday, November 14, 2019 at 3:06:26 PM UTC-5, Shawn Cutting wrote:
>>
>> No, I don't.  Every time I try to add it to the management pom, it will 
>> not start with Tomcat.  Is there another dependency that I need or a config 
>> setting that keeps it from loading?  I can't seem to locate the log that 
>> the cas-management app should be creating to see why it is not loading.  
>> All I have is what shows on the Tomcat manager page:
>>
>> FAIL - Application at context path [/cas-management] could not be started
>> FAIL - Encountered exception [org.apache.catalina.LifecycleException: Failed 
>> to start component 
>> [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/cas-management]]]
>>
>>
>>
>> On Thursday, November 14, 2019 at 12:24:21 PM UTC-5, David Curry wrote:
>>>
>>> Do you have the   cas-server-support-mongo-service-registry  
>>>  dependency in the cas-management pom.xml as well as the cas server 
>>> pom.xml? I didn't see it in the excerpt you provided.
>>>
>>> --Dave
>>>
>>> --
>>>
>>> DAVID A. CURRY, CISSP
>>> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
>>> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>>>
>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>>> +1 646 909-4728 • david...@newschool.edu
>>>
>>>
>>> On Thu, Nov 14, 2019 at 10:53 AM Shawn Cutting  
>>> wrote:
>>>
 Good morning,

 I am at a total loss here about how to get CAS services to load from 
 (and to) MongoDB.  Following the instructions on David Curry's site 
 
  
 (very well written, by the way), I have the mongodb server running and 
 replicating across 3 servers.  I am also able to successfully 
 auto-initialize the database with the JSON files.  I verify this by 
 opening 
 mongodb and searching the collection "casServiceRegistry."

 *CAS version 5.3.14*, by the way.

 When I start the tomcat server and watch the debug logs, I see that CAS 
 is loading the entry from the database:

 - snippet -
 2019-11-13 16:24:22,706 DEBUG 
 [org.apereo.cas.services.AbstractServicesManager] - >>> [org.apereo.cas.services.ChainingServiceRegistry@3971e14f]>
 2019-11-13 16:24:22,728 DEBUG 
 [org.apereo.cas.services.AbstractServicesManager] - >>> service [http(|s)://cas(|.*).messiah.edu(|.*)/cas-management(|/.*)]>
 2019-11-13 16:24:22,729 INFO 
 [org.apereo.cas.services.AbstractServicesManager] - >>> from [MongoDbServiceRegistry].>


 Here is where it gets weird: when I load the management app, I see one 
 service entry that does NOT match the one loaded on startup.  I should 
 also 
 note that I have the ticket registry replicated on the same MongoDB server 
 and it works perfectly.

 That's the short story, here are the details (these settings match on 
 all 3 servers "*cas-ha01, cas-ha02, cas-ha03*":

 -- cas.properties: --
 cas.server.name=https://cas-ha.messiah.edu
 cas.server.prefix=${cas.server.name}/cas
 cas.view.templatePrefixes[0]=file:///etc/cas/templates
 cas.logout.followServiceRedirects=true
 logging.config=file:/etc/cas/config/log4j2.xml

 mongo.db=casdb
 mongo.rs=rs0
 mongo.opts==true
 mongo.creds=mongocas:**
 mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,
 cas-ha03.messiah.edu
 # The connection string, assembled

 mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?replicaSet=${
 mongo.rs}${mongo.opts}

 ### Remove default/local users (must be left blank) ###
 cas.authn.accept.users=

 ### Service Registry Setup ###
 #cas.serviceRegistry.json.location=file:/etc/cas/services
 #cas.serviceRegistry.initFromJson=true
 cas.serviceRegistry.mongo.databaseName=${mongo.db}
 cas.serviceRegistry.mongo.clientUri=${mongo.uri}
 cas.serviceRegistry.mongo.collection=casServiceRegistry
 cas.serviceRegistry.mongo.replicaSet=${mongo.rs}
 cas.serviceRegistry.mongo.sslEnabled=true
 cas.ticket.registry.mongo.clientUri=${mongo.uri}


 -- management.properties: --
 cas.server.name=https://cas-ha.messiah.edu
 cas.server.prefix=${cas.server.name}/cas
 mgmt.serverName=${cas.server.name}

Re: [cas-user] Hazelcast-Ticket Registry config

[Ray Bon]

As far as I understand hazelcast, it is distributed but not replicated (though 
their documentation is unclear to me). When a CAS node comes down, the tickets 
are lost. Ticket storage is done by hazelcast to even out the load on each 
hazelcast node.
Does this behaviour happen for every login, or ever other login (i.e., 50% of 
the time)?

It may be possible to set up hazelcast in a replicated state, or you could set 
up a separate hazelcast cluster that would be unaffected by CAS uptime.

Another thing to consider is CAS uptime/downtime. Most applications maintain 
their own session, so once a user has logged in, they will be good until the 
application session ends. How many users will experience the repeated login 
when a CAS node goes down? Annoying, yes, but infrequent.

Ray

On Fri, 2019-11-08 at 01:08 -0800, M.Pedis wrote:
Hi Andy ,

Thanks for your reply .


  *   From your error logs seems like you are using 6.2.0-SNAPSHOT version of 
CAS. -- Yes , u are right.  I have changed my version 6.1.1
 *   With your advice ; i cloned and build cas with version 6.1.1 ---  ( 
git clone -b 6.1 --single-branch 
https://github.com/apereo/cas-overlay-template.git , added dependincies , build 
,etc.)
  *   Another thing is that for your latest properties file, you seems to 
remove the instanceName property  --- I hope i add this properties to right one 
( cas.properties file ) , if not could you please warn / inform me ?
 *   I add to cas.properties file --- 
cas.ticket.registry.hazelcast.cluster.instanceName: casuno.x.edu.tr , ( 
for second one , cas.ticket.registry.hazelcast.cluster.instanceName: 
casdos.xx.edu.tr )

After that changes , i tested but it forced me login again , redirect to home 
page -- ( i mean that , i logon casuno successfully then stop its service from 
netscaler , i hope casdos - the second cas - will handle the request and not 
ask me credentials but it asked again)


  *   I use hazelcast for our production deployment, and I configured 
instanceName property for it to work, so you should try adding back the 
instanceName. Of course, instanceName need to be different for each server, 
that part I think you already know.
 *   I understood that you have a running HA configured CAS SSO enviroment 
for your company/university or where you work for . If it is possible could you 
please share your env details . For ex , what is your LB , which method do you 
use , which version CAS do you have , also Cas-management , how your cas 
hazelcast configured , and similar things?

 I just try to catch my fault/ mistake . I think i have some misconfigurations 
but i couldn be able to point what are theys . And it become as trouble for me .


Many thanks for everyting , for you and Dave  Curry.

I will be waiting for your reply and i believe that at the end , i will solve 
,catch my faults / mistakes.

Thank you.







--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c0267e5dd5fcbb364a78df9f6c76c1247e0c0e2f.camel%40uvic.ca.

Re: [cas-user] Service Registry in MongoDB (with replication)

[Shawn Cutting]

I watched the catalina log and found this error when the management app was 
loading:

java.lang.IllegalStateException: ContainerBase.addChild: start: 
org.apache.catalina.LifecycleException: Failed to start component 
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/cas-management]]

Thoughts?

On Thursday, November 14, 2019 at 3:06:26 PM UTC-5, Shawn Cutting wrote:
>
> No, I don't.  Every time I try to add it to the management pom, it will 
> not start with Tomcat.  Is there another dependency that I need or a config 
> setting that keeps it from loading?  I can't seem to locate the log that 
> the cas-management app should be creating to see why it is not loading.  
> All I have is what shows on the Tomcat manager page:
>
> FAIL - Application at context path [/cas-management] could not be started
> FAIL - Encountered exception [org.apache.catalina.LifecycleException: Failed 
> to start component 
> [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/cas-management]]]
>
>
>
> On Thursday, November 14, 2019 at 12:24:21 PM UTC-5, David Curry wrote:
>>
>> Do you have the   cas-server-support-mongo-service-registry   dependency 
>> in the cas-management pom.xml as well as the cas server pom.xml? I didn't 
>> see it in the excerpt you provided.
>>
>> --Dave
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
>> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> +1 646 909-4728 • david...@newschool.edu
>>
>>
>> On Thu, Nov 14, 2019 at 10:53 AM Shawn Cutting  
>> wrote:
>>
>>> Good morning,
>>>
>>> I am at a total loss here about how to get CAS services to load from 
>>> (and to) MongoDB.  Following the instructions on David Curry's site 
>>> 
>>>  
>>> (very well written, by the way), I have the mongodb server running and 
>>> replicating across 3 servers.  I am also able to successfully 
>>> auto-initialize the database with the JSON files.  I verify this by opening 
>>> mongodb and searching the collection "casServiceRegistry."
>>>
>>> *CAS version 5.3.14*, by the way.
>>>
>>> When I start the tomcat server and watch the debug logs, I see that CAS 
>>> is loading the entry from the database:
>>>
>>> - snippet -
>>> 2019-11-13 16:24:22,706 DEBUG 
>>> [org.apereo.cas.services.AbstractServicesManager] - >> [org.apereo.cas.services.ChainingServiceRegistry@3971e14f]>
>>> 2019-11-13 16:24:22,728 DEBUG 
>>> [org.apereo.cas.services.AbstractServicesManager] - >> service [http(|s)://cas(|.*).messiah.edu(|.*)/cas-management(|/.*)]>
>>> 2019-11-13 16:24:22,729 INFO 
>>> [org.apereo.cas.services.AbstractServicesManager] - >> from [MongoDbServiceRegistry].>
>>>
>>>
>>> Here is where it gets weird: when I load the management app, I see one 
>>> service entry that does NOT match the one loaded on startup.  I should also 
>>> note that I have the ticket registry replicated on the same MongoDB server 
>>> and it works perfectly.
>>>
>>> That's the short story, here are the details (these settings match on 
>>> all 3 servers "*cas-ha01, cas-ha02, cas-ha03*":
>>>
>>> -- cas.properties: --
>>> cas.server.name=https://cas-ha.messiah.edu
>>> cas.server.prefix=${cas.server.name}/cas
>>> cas.view.templatePrefixes[0]=file:///etc/cas/templates
>>> cas.logout.followServiceRedirects=true
>>> logging.config=file:/etc/cas/config/log4j2.xml
>>>
>>> mongo.db=casdb
>>> mongo.rs=rs0
>>> mongo.opts==true
>>> mongo.creds=mongocas:**
>>> mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,
>>> cas-ha03.messiah.edu
>>> # The connection string, assembled
>>>
>>> mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?replicaSet=${
>>> mongo.rs}${mongo.opts}
>>>
>>> ### Remove default/local users (must be left blank) ###
>>> cas.authn.accept.users=
>>>
>>> ### Service Registry Setup ###
>>> #cas.serviceRegistry.json.location=file:/etc/cas/services
>>> #cas.serviceRegistry.initFromJson=true
>>> cas.serviceRegistry.mongo.databaseName=${mongo.db}
>>> cas.serviceRegistry.mongo.clientUri=${mongo.uri}
>>> cas.serviceRegistry.mongo.collection=casServiceRegistry
>>> cas.serviceRegistry.mongo.replicaSet=${mongo.rs}
>>> cas.serviceRegistry.mongo.sslEnabled=true
>>> cas.ticket.registry.mongo.clientUri=${mongo.uri}
>>>
>>>
>>> -- management.properties: --
>>> cas.server.name=https://cas-ha.messiah.edu
>>> cas.server.prefix=${cas.server.name}/cas
>>> mgmt.serverName=${cas.server.name}
>>> mgmt.userPropertiesFile=file:/etc/cas/config/adminusers.properties
>>>
>>> mongo.db=casdb
>>> mongo.rs=rs0
>>> mongo.opts==true
>>> mongo.creds=mongocas:**
>>> mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,
>>> cas-ha03.messiah.edu
>>> # The connection string, assembled
>>>
>>> mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?replicaSet=${
>>> mongo.rs}${mongo.opts}
>>>
>>> ### Service Registry Setup ###
>>> 

Re: [cas-user] Service Registry in MongoDB (with replication)

[Shawn Cutting]

No, I don't.  Every time I try to add it to the management pom, it will not 
start with Tomcat.  Is there another dependency that I need or a config 
setting that keeps it from loading?  I can't seem to locate the log that 
the cas-management app should be creating to see why it is not loading.  
All I have is what shows on the Tomcat manager page:

FAIL - Application at context path [/cas-management] could not be started
FAIL - Encountered exception [org.apache.catalina.LifecycleException: Failed to 
start component 
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/cas-management]]]



On Thursday, November 14, 2019 at 12:24:21 PM UTC-5, David Curry wrote:
>
> Do you have the   cas-server-support-mongo-service-registry   dependency 
> in the cas-management pom.xml as well as the cas server pom.xml? I didn't 
> see it in the excerpt you provided.
>
> --Dave
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 646 909-4728 • david...@newschool.edu 
>
>
> On Thu, Nov 14, 2019 at 10:53 AM Shawn Cutting  > wrote:
>
>> Good morning,
>>
>> I am at a total loss here about how to get CAS services to load from (and 
>> to) MongoDB.  Following the instructions on David Curry's site 
>> 
>>  
>> (very well written, by the way), I have the mongodb server running and 
>> replicating across 3 servers.  I am also able to successfully 
>> auto-initialize the database with the JSON files.  I verify this by opening 
>> mongodb and searching the collection "casServiceRegistry."
>>
>> *CAS version 5.3.14*, by the way.
>>
>> When I start the tomcat server and watch the debug logs, I see that CAS 
>> is loading the entry from the database:
>>
>> - snippet -
>> 2019-11-13 16:24:22,706 DEBUG 
>> [org.apereo.cas.services.AbstractServicesManager] - > [org.apereo.cas.services.ChainingServiceRegistry@3971e14f]>
>> 2019-11-13 16:24:22,728 DEBUG 
>> [org.apereo.cas.services.AbstractServicesManager] - > service [http(|s)://cas(|.*).messiah.edu(|.*)/cas-management(|/.*)]>
>> 2019-11-13 16:24:22,729 INFO 
>> [org.apereo.cas.services.AbstractServicesManager] - > from [MongoDbServiceRegistry].>
>>
>>
>> Here is where it gets weird: when I load the management app, I see one 
>> service entry that does NOT match the one loaded on startup.  I should also 
>> note that I have the ticket registry replicated on the same MongoDB server 
>> and it works perfectly.
>>
>> That's the short story, here are the details (these settings match on all 
>> 3 servers "*cas-ha01, cas-ha02, cas-ha03*":
>>
>> -- cas.properties: --
>> cas.server.name=https://cas-ha.messiah.edu
>> cas.server.prefix=${cas.server.name}/cas
>> cas.view.templatePrefixes[0]=file:///etc/cas/templates
>> cas.logout.followServiceRedirects=true
>> logging.config=file:/etc/cas/config/log4j2.xml
>>
>> mongo.db=casdb
>> mongo.rs=rs0
>> mongo.opts==true
>> mongo.creds=mongocas:**
>> mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,
>> cas-ha03.messiah.edu
>> # The connection string, assembled
>>
>> mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?replicaSet=${
>> mongo.rs}${mongo.opts}
>>
>> ### Remove default/local users (must be left blank) ###
>> cas.authn.accept.users=
>>
>> ### Service Registry Setup ###
>> #cas.serviceRegistry.json.location=file:/etc/cas/services
>> #cas.serviceRegistry.initFromJson=true
>> cas.serviceRegistry.mongo.databaseName=${mongo.db}
>> cas.serviceRegistry.mongo.clientUri=${mongo.uri}
>> cas.serviceRegistry.mongo.collection=casServiceRegistry
>> cas.serviceRegistry.mongo.replicaSet=${mongo.rs}
>> cas.serviceRegistry.mongo.sslEnabled=true
>> cas.ticket.registry.mongo.clientUri=${mongo.uri}
>>
>>
>> -- management.properties: --
>> cas.server.name=https://cas-ha.messiah.edu
>> cas.server.prefix=${cas.server.name}/cas
>> mgmt.serverName=${cas.server.name}
>> mgmt.userPropertiesFile=file:/etc/cas/config/adminusers.properties
>>
>> mongo.db=casdb
>> mongo.rs=rs0
>> mongo.opts==true
>> mongo.creds=mongocas:**
>> mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,
>> cas-ha03.messiah.edu
>> # The connection string, assembled
>>
>> mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?replicaSet=${
>> mongo.rs}${mongo.opts}
>>
>> ### Service Registry Setup ###
>> #cas.serviceRegistry.json.location=file:/etc/cas/services
>> cas.serviceRegistry.mongo.clientUri=${mongo.uri}
>> cas.serviceRegistry.mongo.collection=casServiceRegistry
>>
>> -- pom.xml (cas server, dependencies): --
>> ...
>> 
>> org.apereo.cas
>> cas-server-webapp${app.server}
>> ${cas.version}
>> war
>> runtime
>> 
>> 
>> org.apereo.cas
>> cas-server-support-ldap
>> ${cas.version}
>> 
>> 
>> org.apereo.cas
>> cas-server-support-ldap-core
>> ${cas.version}
>> 
>> 
>> org.apereo.cas
>> 

Re: [cas-user] Service Registry in MongoDB (with replication)

[David Curry]

Do you have the   cas-server-support-mongo-service-registry   dependency in
the cas-management pom.xml as well as the cas server pom.xml? I didn't see
it in the excerpt you provided.

--Dave

--

DAVID A. CURRY, CISSP
*DIRECTOR • INFORMATION SECURITY & PRIVACY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david.cu...@newschool.edu


On Thu, Nov 14, 2019 at 10:53 AM Shawn Cutting  wrote:

> Good morning,
>
> I am at a total loss here about how to get CAS services to load from (and
> to) MongoDB.  Following the instructions on David Curry's site
> 
> (very well written, by the way), I have the mongodb server running and
> replicating across 3 servers.  I am also able to successfully
> auto-initialize the database with the JSON files.  I verify this by opening
> mongodb and searching the collection "casServiceRegistry."
>
> *CAS version 5.3.14*, by the way.
>
> When I start the tomcat server and watch the debug logs, I see that CAS is
> loading the entry from the database:
>
> - snippet -
> 2019-11-13 16:24:22,706 DEBUG
> [org.apereo.cas.services.AbstractServicesManager] -  [org.apereo.cas.services.ChainingServiceRegistry@3971e14f]>
> 2019-11-13 16:24:22,728 DEBUG
> [org.apereo.cas.services.AbstractServicesManager] -  service [http(|s)://cas(|.*).messiah.edu(|.*)/cas-management(|/.*)]>
> 2019-11-13 16:24:22,729 INFO
> [org.apereo.cas.services.AbstractServicesManager] -  from [MongoDbServiceRegistry].>
>
>
> Here is where it gets weird: when I load the management app, I see one
> service entry that does NOT match the one loaded on startup.  I should also
> note that I have the ticket registry replicated on the same MongoDB server
> and it works perfectly.
>
> That's the short story, here are the details (these settings match on all
> 3 servers "*cas-ha01, cas-ha02, cas-ha03*":
>
> -- cas.properties: --
> cas.server.name=https://cas-ha.messiah.edu
> cas.server.prefix=${cas.server.name}/cas
> cas.view.templatePrefixes[0]=file:///etc/cas/templates
> cas.logout.followServiceRedirects=true
> logging.config=file:/etc/cas/config/log4j2.xml
>
> mongo.db=casdb
> mongo.rs=rs0
> mongo.opts==true
> mongo.creds=mongocas:**
> mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,cas-ha03.messiah.edu
> # The connection string, assembled
> mongo.uri=mongodb://${mongo.creds}@
> ${mongo.hosts}/${mongo.db}?replicaSet=${mongo.rs}${mongo.opts}
>
> ### Remove default/local users (must be left blank) ###
> cas.authn.accept.users=
>
> ### Service Registry Setup ###
> #cas.serviceRegistry.json.location=file:/etc/cas/services
> #cas.serviceRegistry.initFromJson=true
> cas.serviceRegistry.mongo.databaseName=${mongo.db}
> cas.serviceRegistry.mongo.clientUri=${mongo.uri}
> cas.serviceRegistry.mongo.collection=casServiceRegistry
> cas.serviceRegistry.mongo.replicaSet=${mongo.rs}
> cas.serviceRegistry.mongo.sslEnabled=true
> cas.ticket.registry.mongo.clientUri=${mongo.uri}
>
>
> -- management.properties: --
> cas.server.name=https://cas-ha.messiah.edu
> cas.server.prefix=${cas.server.name}/cas
> mgmt.serverName=${cas.server.name}
> mgmt.userPropertiesFile=file:/etc/cas/config/adminusers.properties
>
> mongo.db=casdb
> mongo.rs=rs0
> mongo.opts==true
> mongo.creds=mongocas:**
> mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,cas-ha03.messiah.edu
> # The connection string, assembled
> mongo.uri=mongodb://${mongo.creds}@
> ${mongo.hosts}/${mongo.db}?replicaSet=${mongo.rs}${mongo.opts}
>
> ### Service Registry Setup ###
> #cas.serviceRegistry.json.location=file:/etc/cas/services
> cas.serviceRegistry.mongo.clientUri=${mongo.uri}
> cas.serviceRegistry.mongo.collection=casServiceRegistry
>
> -- pom.xml (cas server, dependencies): --
> ...
> 
> org.apereo.cas
> cas-server-webapp${app.server}
> ${cas.version}
> war
> runtime
> 
> 
> org.apereo.cas
> cas-server-support-ldap
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-ldap-core
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-webapp-config-security
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-interrupt-core
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-interrupt-api
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-interrupt-webflow
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-rest
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-gauth
> ${cas.version}
> 
> 
>org.apereo.cas
>cas-server-support-jdbc-drivers
>${cas.version}
> 
> 
>  org.apereo.cas
>  cas-server-support-gauth-jpa
>  ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-trusted-mfa
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-trusted-mfa-jdbc
> ${cas.version}
> 
> 
> org.apereo.cas
> 

[cas-user] Re: Service Registry in MongoDB (with replication)

[Shawn Cutting]

 

Update:

 

I found something else out in trying to get this working.  If I *manually* 
add a service to MongoDB, I am able to access that service via CAS (this 
was verified by deleting the record and subsequently getting the 
"Application not allowed" message, re-adding it and being allowed again).

 

So it seems that the issue is with the management application, not the CAS 
server.  I need to be able to manage the MongoDB records with the service 
application, and that is not possible for some reason.

 

Thanks in advance for any help.

 

Shawn


On Thursday, November 14, 2019 at 10:53:56 AM UTC-5, Shawn Cutting wrote:
>
> Good morning,
>
> I am at a total loss here about how to get CAS services to load from (and 
> to) MongoDB.  Following the instructions on David Curry's site 
>  
> (very well written, by the way), I have the mongodb server running and 
> replicating across 3 servers.  I am also able to successfully 
> auto-initialize the database with the JSON files.  I verify this by opening 
> mongodb and searching the collection "casServiceRegistry."
>
> *CAS version 5.3.14*, by the way.
>
> When I start the tomcat server and watch the debug logs, I see that CAS is 
> loading the entry from the database:
>
> - snippet -
> 2019-11-13 16:24:22,706 DEBUG 
> [org.apereo.cas.services.AbstractServicesManager] -  [org.apereo.cas.services.ChainingServiceRegistry@3971e14f]>
> 2019-11-13 16:24:22,728 DEBUG 
> [org.apereo.cas.services.AbstractServicesManager] -  service [http(|s)://cas(|.*).messiah.edu(|.*)/cas-management(|/.*)]>
> 2019-11-13 16:24:22,729 INFO 
> [org.apereo.cas.services.AbstractServicesManager] -  from [MongoDbServiceRegistry].>
>
>
> Here is where it gets weird: when I load the management app, I see one 
> service entry that does NOT match the one loaded on startup.  I should also 
> note that I have the ticket registry replicated on the same MongoDB server 
> and it works perfectly.
>
> That's the short story, here are the details (these settings match on all 
> 3 servers "*cas-ha01, cas-ha02, cas-ha03*":
>
> -- cas.properties: --
> cas.server.name=https://cas-ha.messiah.edu
> cas.server.prefix=${cas.server.name}/cas
> cas.view.templatePrefixes[0]=file:///etc/cas/templates
> cas.logout.followServiceRedirects=true
> logging.config=file:/etc/cas/config/log4j2.xml
>
> mongo.db=casdb
> mongo.rs=rs0
> mongo.opts==true
> mongo.creds=mongocas:**
> mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,cas-ha03.messiah.edu
> # The connection string, assembled
> mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?replicaSet=${
> mongo.rs}${mongo.opts}
>
> ### Remove default/local users (must be left blank) ###
> cas.authn.accept.users=
>
> ### Service Registry Setup ###
> #cas.serviceRegistry.json.location=file:/etc/cas/services
> #cas.serviceRegistry.initFromJson=true
> cas.serviceRegistry.mongo.databaseName=${mongo.db}
> cas.serviceRegistry.mongo.clientUri=${mongo.uri}
> cas.serviceRegistry.mongo.collection=casServiceRegistry
> cas.serviceRegistry.mongo.replicaSet=${mongo.rs}
> cas.serviceRegistry.mongo.sslEnabled=true
> cas.ticket.registry.mongo.clientUri=${mongo.uri}
>
>
> -- management.properties: --
> cas.server.name=https://cas-ha.messiah.edu
> cas.server.prefix=${cas.server.name}/cas
> mgmt.serverName=${cas.server.name}
> mgmt.userPropertiesFile=file:/etc/cas/config/adminusers.properties
>
> mongo.db=casdb
> mongo.rs=rs0
> mongo.opts==true
> mongo.creds=mongocas:**
> mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,cas-ha03.messiah.edu
> # The connection string, assembled
> mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?replicaSet=${
> mongo.rs}${mongo.opts}
>
> ### Service Registry Setup ###
> #cas.serviceRegistry.json.location=file:/etc/cas/services
> cas.serviceRegistry.mongo.clientUri=${mongo.uri}
> cas.serviceRegistry.mongo.collection=casServiceRegistry
>
> -- pom.xml (cas server, dependencies): --
> ...
> 
> org.apereo.cas
> cas-server-webapp${app.server}
> ${cas.version}
> war
> runtime
> 
> 
> org.apereo.cas
> cas-server-support-ldap
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-ldap-core
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-webapp-config-security
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-interrupt-core
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-interrupt-api
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-interrupt-webflow
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-rest
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-gauth
> ${cas.version}
> 
> 
>org.apereo.cas
>cas-server-support-jdbc-drivers
>${cas.version}
> 
> 
>  org.apereo.cas
>  cas-server-support-gauth-jpa
>  ${cas.version}
> 
> 
> 

[cas-user] Re: Service Registry in MongoDB (with replication)

[Shawn Cutting]

Update:

I found something else out in trying to get this working.  If I *manually* 
add a service to MongoDB, I am able to access that service via CAS (this 
was verified by deleting the record and subsequently getting the 
"Application not allowed" message, re-adding it and being allowed again).

So it seems that the issue is with the management application, not the CAS 
server.  I need to be able to manage the MongoDB records with the service 
application, and that is not possible for some reason.

Thanks in advance for any help.

Shawn


On Thursday, November 14, 2019 at 10:53:56 AM UTC-5, Shawn Cutting wrote:
>
> Good morning,
>
> I am at a total loss here about how to get CAS services to load from (and 
> to) MongoDB.  Following the instructions on David Curry's site 
>  
> (very well written, by the way), I have the mongodb server running and 
> replicating across 3 servers.  I am also able to successfully 
> auto-initialize the database with the JSON files.  I verify this by opening 
> mongodb and searching the collection "casServiceRegistry."
>
> *CAS version 5.3.14*, by the way.
>
> When I start the tomcat server and watch the debug logs, I see that CAS is 
> loading the entry from the database:
>
> - snippet -
> 2019-11-13 16:24:22,706 DEBUG 
> [org.apereo.cas.services.AbstractServicesManager] -  [org.apereo.cas.services.ChainingServiceRegistry@3971e14f]>
> 2019-11-13 16:24:22,728 DEBUG 
> [org.apereo.cas.services.AbstractServicesManager] -  service [http(|s)://cas(|.*).messiah.edu(|.*)/cas-management(|/.*)]>
> 2019-11-13 16:24:22,729 INFO 
> [org.apereo.cas.services.AbstractServicesManager] -  from [MongoDbServiceRegistry].>
>
>
> Here is where it gets weird: when I load the management app, I see one 
> service entry that does NOT match the one loaded on startup.  I should also 
> note that I have the ticket registry replicated on the same MongoDB server 
> and it works perfectly.
>
> That's the short story, here are the details (these settings match on all 
> 3 servers "*cas-ha01, cas-ha02, cas-ha03*":
>
> -- cas.properties: --
> cas.server.name=https://cas-ha.messiah.edu
> cas.server.prefix=${cas.server.name}/cas
> cas.view.templatePrefixes[0]=file:///etc/cas/templates
> cas.logout.followServiceRedirects=true
> logging.config=file:/etc/cas/config/log4j2.xml
>
> mongo.db=casdb
> mongo.rs=rs0
> mongo.opts==true
> mongo.creds=mongocas:**
> mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,cas-ha03.messiah.edu
> # The connection string, assembled
> mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?replicaSet=${
> mongo.rs}${mongo.opts}
>
> ### Remove default/local users (must be left blank) ###
> cas.authn.accept.users=
>
> ### Service Registry Setup ###
> #cas.serviceRegistry.json.location=file:/etc/cas/services
> #cas.serviceRegistry.initFromJson=true
> cas.serviceRegistry.mongo.databaseName=${mongo.db}
> cas.serviceRegistry.mongo.clientUri=${mongo.uri}
> cas.serviceRegistry.mongo.collection=casServiceRegistry
> cas.serviceRegistry.mongo.replicaSet=${mongo.rs}
> cas.serviceRegistry.mongo.sslEnabled=true
> cas.ticket.registry.mongo.clientUri=${mongo.uri}
>
>
> -- management.properties: --
> cas.server.name=https://cas-ha.messiah.edu
> cas.server.prefix=${cas.server.name}/cas
> mgmt.serverName=${cas.server.name}
> mgmt.userPropertiesFile=file:/etc/cas/config/adminusers.properties
>
> mongo.db=casdb
> mongo.rs=rs0
> mongo.opts==true
> mongo.creds=mongocas:**
> mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,cas-ha03.messiah.edu
> # The connection string, assembled
> mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?replicaSet=${
> mongo.rs}${mongo.opts}
>
> ### Service Registry Setup ###
> #cas.serviceRegistry.json.location=file:/etc/cas/services
> cas.serviceRegistry.mongo.clientUri=${mongo.uri}
> cas.serviceRegistry.mongo.collection=casServiceRegistry
>
> -- pom.xml (cas server, dependencies): --
> ...
> 
> org.apereo.cas
> cas-server-webapp${app.server}
> ${cas.version}
> war
> runtime
> 
> 
> org.apereo.cas
> cas-server-support-ldap
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-ldap-core
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-webapp-config-security
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-interrupt-core
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-interrupt-api
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-interrupt-webflow
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-rest
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-gauth
> ${cas.version}
> 
> 
>org.apereo.cas
>cas-server-support-jdbc-drivers
>${cas.version}
> 
> 
>  org.apereo.cas
>  cas-server-support-gauth-jpa
>  ${cas.version}
> 
> 
> org.apereo.cas
> 

[cas-user] Service Registry in MongoDB (with replication)

[Shawn Cutting]

Good morning,

I am at a total loss here about how to get CAS services to load from (and 
to) MongoDB.  Following the instructions on David Curry's site 
 
(very well written, by the way), I have the mongodb server running and 
replicating across 3 servers.  I am also able to successfully 
auto-initialize the database with the JSON files.  I verify this by opening 
mongodb and searching the collection "casServiceRegistry."

*CAS version 5.3.14*, by the way.

When I start the tomcat server and watch the debug logs, I see that CAS is 
loading the entry from the database:

- snippet -
2019-11-13 16:24:22,706 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - 
2019-11-13 16:24:22,728 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - 
2019-11-13 16:24:22,729 INFO 
[org.apereo.cas.services.AbstractServicesManager] - 


Here is where it gets weird: when I load the management app, I see one 
service entry that does NOT match the one loaded on startup.  I should also 
note that I have the ticket registry replicated on the same MongoDB server 
and it works perfectly.

That's the short story, here are the details (these settings match on all 3 
servers "*cas-ha01, cas-ha02, cas-ha03*":

-- cas.properties: --
cas.server.name=https://cas-ha.messiah.edu
cas.server.prefix=${cas.server.name}/cas
cas.view.templatePrefixes[0]=file:///etc/cas/templates
cas.logout.followServiceRedirects=true
logging.config=file:/etc/cas/config/log4j2.xml

mongo.db=casdb
mongo.rs=rs0
mongo.opts==true
mongo.creds=mongocas:**
mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,cas-ha03.messiah.edu
# The connection string, assembled
mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?replicaSet=${mongo.rs}${mongo.opts}

### Remove default/local users (must be left blank) ###
cas.authn.accept.users=

### Service Registry Setup ###
#cas.serviceRegistry.json.location=file:/etc/cas/services
#cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.mongo.databaseName=${mongo.db}
cas.serviceRegistry.mongo.clientUri=${mongo.uri}
cas.serviceRegistry.mongo.collection=casServiceRegistry
cas.serviceRegistry.mongo.replicaSet=${mongo.rs}
cas.serviceRegistry.mongo.sslEnabled=true
cas.ticket.registry.mongo.clientUri=${mongo.uri}


-- management.properties: --
cas.server.name=https://cas-ha.messiah.edu
cas.server.prefix=${cas.server.name}/cas
mgmt.serverName=${cas.server.name}
mgmt.userPropertiesFile=file:/etc/cas/config/adminusers.properties

mongo.db=casdb
mongo.rs=rs0
mongo.opts==true
mongo.creds=mongocas:**
mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,cas-ha03.messiah.edu
# The connection string, assembled
mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?replicaSet=${mongo.rs}${mongo.opts}

### Service Registry Setup ###
#cas.serviceRegistry.json.location=file:/etc/cas/services
cas.serviceRegistry.mongo.clientUri=${mongo.uri}
cas.serviceRegistry.mongo.collection=casServiceRegistry

-- pom.xml (cas server, dependencies): --
...

org.apereo.cas
cas-server-webapp${app.server}
${cas.version}
war
runtime


org.apereo.cas
cas-server-support-ldap
${cas.version}


org.apereo.cas
cas-server-support-ldap-core
${cas.version}


org.apereo.cas
cas-server-webapp-config-security
${cas.version}


org.apereo.cas
cas-server-support-interrupt-core
${cas.version}


org.apereo.cas
cas-server-support-interrupt-api
${cas.version}


org.apereo.cas
cas-server-support-interrupt-webflow
${cas.version}


org.apereo.cas
cas-server-support-rest
${cas.version}


org.apereo.cas
cas-server-support-gauth
${cas.version}


   org.apereo.cas
   cas-server-support-jdbc-drivers
   ${cas.version}


 org.apereo.cas
 cas-server-support-gauth-jpa
 ${cas.version}


org.apereo.cas
cas-server-support-trusted-mfa
${cas.version}


org.apereo.cas
cas-server-support-trusted-mfa-jdbc
${cas.version}


org.apereo.cas
cas-server-support-mongo-ticket-registry
${cas.version}


org.apereo.cas
cas-server-support-mongo-service-registry
${cas.version}

...

-- pom.xml (management app, dependencies): --
...

org.apereo.cas
cas-management-webapp
${cas-mgmt.version}
war

...

When I load the Service Management app, here is the service that appears:
^https://cas-ha.messiah.edu/cas-management/manage.html

But the one that is in the MongoDB table (which I imported from the 
initFromJson) is:
http(|s)://cas(|.*).messiah.edu(|.*)/cas-management(|/.*)

If I try to create a new service entry, it does not appear in the MongoDB, 
and I cannot delete the existing one.  In fact, I do not know how that one 
is even getting into the management app (that's what is really driving me 
nuts, since I have deleted all service json files)!!

If anyone can help me out, I woudl certainly apprecite it.

-- 
- 

[cas-user] Error CAS Prodiction

[Paulo Cortez]

Please, ERROR Prodiction. 

Any ideas? 

Caused by: org.springframework.beans.factory.BeanCreationException: Error 
creating bean with name 'centralAuthenticationService' defined in 
ServletContext resource [/WEB-INF/spring-configuration/applicationContext.xml]: 
Cannot resolve reference to bean 'authenticationManager' while setting 
constructor argument; nested exception is 
org.springframework.beans.factory.BeanCreationException: Error creating bean 
with name 'authenticationManager' defined in ServletContext resource 
[/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean 
'proxyAuthenticationHandler' while setting constructor argument; nested 
exception is org.springframework.beans.factory.BeanCreationException: Error 
creating bean with name 'proxyAuthenticationHandler' defined in ServletContext 
resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean 
'supportsTrustStoreSslSocketFactoryHttpClient' while setting bean property 
'httpClient'; nested exception is 
org.springframework.beans.factory.BeanCreationException: Error creating bean 
with name 'supportsTrustStoreSslSocketFactoryHttpClient': FactoryBean threw 
exception on object creation; nested exception is java.lang.RuntimeException: 
java.net.UnknownHostException: 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0322f2af-9f35-4933-827b-c78dc2fa5bbf%40apereo.org.

[cas-user] Re: [CAS 6.1.0-RC6] [CAS MANAGEMENT 6.1.0-RC4] - Application run failed: java.lang.IllegalArgumentException: java.lang.ClassCastException

[Andy Ng]

Hi Nicola,

I have tried using CAS 6.1.1 and CAS Management 6.1.0-RC4 in my testing 
environment, and there are no problem observed during CAS Management start 
up.

I suspect it is some problem related to configuration for JBoss, which I am 
not familiar with so maybe other can fill it in.

Nevertheless, I have setup a working example here, see if it would help 
you: 
https://github.com/NgSekLong/SelectUrCAS/tree/test_cas_management_fail_6_1_0_rc4_20191114

- Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00633408-2a73-4b49-b885-3ad945a4e2ac%40apereo.org.

[cas-user] Re: How to make CAS 6.1 work with Azure AD?

[Andy Ng]

Hi,

Your method of declaring the property for azure part would not work, see 
this:
*cas.properties (this would not work)*
configurationKey=cas.authn.pac4j.oidc[0].azure

${configurationKey}.id=OUR_ID
${configurationKey}.secret=OUR_SECRET
${configurationKey}.principalAttributeId=
..

You should be instead, doing something like this:

*cas.properties (this should work)*
cas.authn.pac4j.oidc[0].azure.id=OUR_ID
cas.authn.pac4j.oidc[0].azure.secret=OUR_SECRET
cas.authn.pac4j.oidc[0].azure.principalAttributeId=
..


Also, you probably don't want to add all properties for Azure into your 
cas.properties, consider removing some of the properties which probably is 
not necessary

That means, instead of listing all of the cas.properties, you probably can 
make do with the following azure properties *Not tested*:
cas.authn.pac4j.oidc[0].azure.discoveryUri=
cas.authn.pac4j.oidc[0].azure.logoutUrl=
cas.authn.pac4j.oidc[0].azure.scope=openid
cas.authn.pac4j.oidc[0].azure.id=OUR_ID
cas.authn.pac4j.oidc[0].azure.secret=SECRET

See if the above info helps...


Cheers!
- Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8ff4900e-b161-4943-8319-b40859bb8a2f%40apereo.org.

[cas-user] [CAS 6.1.0-RC6] [CAS MANAGEMENT 6.1.0-RC4] - Application run failed: java.lang.IllegalArgumentException: java.lang.ClassCastException

[Nicola Boldrin]

Hi all,
Im' trying to deploy the CAS 6.1.0-RC6 and the CAS MANAGEMENT 6.1.0-RC4 to 
the same Application Server.


=


  JBoss Bootstrap Environment


  JBOSS_HOME: /home/user/Documents/eclipse-workspace/P4CARDS-CAS/wildfly-
15.0.1.Final


  JAVA: /usr/lib/jvm/java-11-openjdk-amd64/bin/java


  JAVA_OPTS:  -server -Xms128m -Xmx1024m -XX:MetaspaceSize=192M -XX:
MaxMetaspaceSize=512m -Djava.net.preferIPv4Stack=true -Djboss.modules.system
.pkgs=org.jboss.byteman -Djava.awt.headless=true  --add-exports=java.base/
sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --
add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED --add-modules=java.se -
XX:TieredStopAtLevel=1 -Xverify:none --add-modules=java.se --add-exports=
java.base/jdk.internal.ref=ALL-UNNAMED 
--add-opens=java.base/java.lang=ALL-UNNAMED 
--add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=
ALL-UNNAMED --add-opens=java.management/sun.management=ALL-UNNAMED --add-
opens=jdk.management/com.sun.management.internal=ALL-UNNAMED --add-modules 
jdk.unsupported  -XX:+UnlockExperimentalVMOptions -XX:+EnableJVMCI -XX:+
UseJVMCICompiler -Djdk.reflect.allowGetCallerClass=true -Detc.cas.dir=/home/
user/eclipse-workspace/dev_resources/etc/cas


=



The CAS MANAGEMENT deploy fails due to the error below

10:02:00,752 INFO  [org.springframework.context.support.
PostProcessorRegistrationDelegate$BeanPostProcessorChecker] (ServerService 
Thread Pool -- 80) Bean 
'org.springframework.cloud.autoconfigure.ConfigurationPropertiesRebinderAutoConfiguration'
 
of type [org.springframework.cloud.autoconfigure.
ConfigurationPropertiesRebinderAutoConfiguration$$EnhancerBySpringCGLIB$$5498811
] is not eligible for getting processed by all BeanPostProcessors (for 
example: not eligible for auto-proxying)
10:02:01,809 ERROR [org.springframework.boot.SpringApplication] (
ServerService Thread Pool -- 80) Application run failed: java.lang.
IllegalArgumentException: java.lang.ClassCastException@42598f0f
 at jdk.internal.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
 at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(
DelegatingMethodAccessorImpl.java:43)
 at java.base/java.lang.reflect.Method.invoke(Method.java:566)
 at deployment.cas-mgmt.war
//org.springframework.core.io.VfsUtils.invokeVfsMethod(VfsUtils.java:101)
 at deployment.cas-mgmt.war
//org.springframework.core.io.VfsUtils.getFile(VfsUtils.java:173)
 at deployment.cas-mgmt.war
//org.springframework.core.io.VfsResource.getFile(VfsResource.java:95)
 at deployment.cas-mgmt.war
//org.apereo.cas.util.CasVersion.getDateTime(CasVersion.java:70)
 at deployment.cas-mgmt.war
//org.apereo.cas.util.SystemUtils.getSystemInfo(SystemUtils.java:46)
 at deployment.cas-mgmt.war
//org.apereo.cas.util.spring.boot.AbstractCasBanner.collectEnvironmentInfo(AbstractCasBanner.java:61)
 at deployment.cas-mgmt.war
//org.apereo.cas.util.spring.boot.AbstractCasBanner.printBanner(AbstractCasBanner.java:35)
 at deployment.cas-mgmt.war
//org.springframework.boot.SpringApplicationBannerPrinter.print(SpringApplicationBannerPrinter.java:71)
 at deployment.cas-mgmt.war
//org.springframework.boot.SpringApplication.printBanner(SpringApplication.java:582)
 at deployment.cas-mgmt.war
//org.springframework.boot.SpringApplication.run(SpringApplication.java:312)
 at deployment.cas-mgmt.war
//org.springframework.boot.web.servlet.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:159)
 at deployment.cas-mgmt.war
//org.springframework.boot.web.servlet.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:139)
 at deployment.cas-mgmt.war
//org.springframework.boot.web.servlet.support.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:92)
 at deployment.cas-mgmt.war
//org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:171)
 at io.undertow.servlet@2.0.15.Final
//io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:203)
 at io.undertow.servlet@2.0.15.Final
//io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:185)
 at io.undertow.servlet@2.0.15.Final
//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
 at io.undertow.servlet@2.0.15.Final
//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
 at org.wildfly.extension.undertow@15.0.1.Final
//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
 at org.wildfly.extension.undertow@15.0.1.Final

Re: [cas-user] Application Not Authorized to Use CAS, After authentication.

[Abdelrahman Halawa]

Hi Mohammed,

below is my JSON file, you are free to use it and try. but you must
configure the SharePoint to use UPN and mail claims as the JSON shows.
Hint: It is a must to use the *realmcas *certificate as the signing
certificate for SharePoint config.

{
  "@class" : "org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
  "serviceId" : "https://.xxx.xxx.*;,
  "realm" : "urn:org:apereo:cas:ws:idp:realm-CAS",
  "name" : "Simple WS fed test application",
  "id" : "101",
  "description" : "SharePoint",
  "evaluationOrder" : 1,
  "tokenType" : "
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1;,
  "attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.ws.idp.services.WSFederationClaimsReleasePolicy",
"allowedAttributes" : {
  "@class" : "java.util.TreeMap",
 "USER_PRINCIPAL_NAME_2005" : "upn",
 "EMAIL_ADDRESS_2005" : "mail"
   }
  }
}




On Wed, 13 Nov 2019 at 16:09, mohamed gamal 
wrote:

> Unfortunatly Mr Abdelrahman,
>>
>> we are still facing the same error
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/82015f25-f74b-46d6-8504-8c85c1f28a2e%40apereo.org
> 
> .
>


-- 
Best regards,


​

*Abdelrahman Halawa*
Teacher Assistant, Computer and Systems Department, Al-Azhar University
+2 01008131693 <+2+01008131693> | abdelrahmanhal...@gmail.com | Skype:
abdelrahmanhalawa  | Maadi, Cairo, Egypt



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHr-WtYcRMjViow_DSnge9CdL9zBr6WGgVxx0%2B71FUT8uuzGBg%40mail.gmail.com.