[cas-user] Dynamic Themes per Service
Hi, I'm trying to implement dynamic themes in CAS deployments and found a nice documentation on this. All I want to do is change style/logo and I do not want to copy the cas.js and cas.css files to theme folder. Also I want to get styles and logo from db instead of properties file. Is this possible? Regards, Rao. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0944d24d-dc29-4b15-8ea0-570184b95537%40apereo.org.
Re: [cas-user] Service Registry - Store in MySQL database
Thank you Michele,
If I can disable it just once to get some data in my MySQL database that
would be enough for me.
I'll try it out.
By the way, I'm currently testing with CAS 6.1.4 and don't see your code
snippet so it probably changed already. Will do some digging to get the
same result.
Your reply is much appreciated!
Thanks,
Bob
On Saturday, March 14, 2020 at 12:20:46 AM UTC+1, Michele Melluso wrote:
>
> Hi Bob,
>
> I had a similar regression from 6.0 to 6.1. The problem is that
> EmbeddedResourceBasedServiceRegistry is registered in the registries chain.
>
> So, when the ServiceRegistryInitializer.java checks at row 66 if the json
> service exists already, it is found from
> EmbeddedResourceBasedServiceRegistry and then it is not added to
> JpaTicketRegistry.
>
> I solved somehow by avoiding the
> "embeddedJsonServiceRegistryExecutionPlanConfigurer" bean, just commenting
> it away in CasServiceRegistryInitializationConfiguration.java
>
> // @Bean
> // @ConditionalOnMissingBean(name =
> "embeddedJsonServiceRegistryExecutionPlanConfigurer")
> // public ServiceRegistryExecutionPlanConfigurer
> embeddedJsonServiceRegistryExecutionPlanConfigurer() {
> // return plan ->
> plan.registerServiceRegistry(embeddedJsonServiceRegistry());
> // }
>
> I don't know if there will be any collateral problems, by the way now json
> services are correctly copied on JpaTicketRegistry.
> Wouldn't know how to fix it in a clean way as to make a pr.
>
> Hope it helps
> Regards
> Michele
>
>
> On Thursday, January 30, 2020 at 1:00:47 PM UTC+1, Bob wrote:
>>
>> Thanks Misagh and Ray,
>>
>> I cloned the cas-overlay-template in a new location and used the settings
>> Misagh suggested but I still have the same problem that my casdb still has
>> an empty regex_registered_service table.
>> Here's what I'm using:
>>
>> Here's what I'm using:
>>
>> CAS Version: 6.1.0
>> CAS Branch: 6.1.x
>> CAS Commit Id: c92590730249df0cf26fd1b4bebd8aea8447b256
>> CAS Build Date/Time: 2019-10-28T02:43:18Z
>> Spring Boot Version: 2.2.0.RELEASE
>> Spring Version: 5.2.0.RELEASE
>> Java Home: C:\Programs\Java\amazon-corretto\jdk11.0.3_7
>> Java Vendor: Amazon.com Inc.
>> Java Version: 11.0.3
>>
>>
>> My dependencies in build.gradle:
>>
>> dependencies {
>> // Other CAS dependencies/modules may be listed here...
>> compile
>> "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
>> compile
>> "org.apereo.cas:cas-server-support-jdbc-drivers:${project.'cas.version'}"
>> compile
>> "org.apereo.cas:cas-server-support-jpa-service-registry:${project.'cas.version'}"
>> }
>>
>>
>> My minimum cas.propertie (I omitted the LDAP part since that's working
>> fine):
>>
>> cas.server.name: https://localhost:8443
>> cas.server.prefix: ${cas.server.name}/cas
>>
>> logging.config: file:/etc/cas/config/log4j2.xml
>>
>> server.ssl.key-store=file:/etc/cas/keystore.jks
>> server.ssl.key-store-password=
>> server.ssl.key-password=xxx
>>
>> cas.serviceRegistry.initFromJson=true
>> cas.serviceRegistry.json.location=file:/etc/cas/config/services
>>
>> cas.serviceRegistry.jpa.user=xx
>> cas.serviceRegistry.jpa.password=xxx
>> cas.serviceRegistry.jpa.driverClass=com.mysql.cj.jdbc.Driver
>>
>> cas.serviceRegistry.jpa.url=jdbc:mysql://localhost:3306/casdb?allowPublicKeyRetrieval=true=UTF-8=FALSE
>> cas.serviceRegistry.jpa.dialect=org.hibernate.dialect.MySQL57InnoDBDialect
>> cas.serviceRegistry.jpa.ddlAuto=update
>>
>>
>> When I run CAS 6.1.0 I see:
>>
>> [org.apereo.cas.services.AbstractServicesManager] - > service(s) from [EmbeddedResourceBasedServiceRegistry,JpaServiceRegistry].>
>>
>>
>> I can then use CAS to login to my application, but it does not insert any
>> Service Registry into the MySQL casdb.
>> Do you see anything wrong in my setup?
>> Thanks,
>>
>> Bob
>>
>> On Wednesday, January 29, 2020 at 11:21:24 AM UTC+1, Misagh Moayyed wrote:
>>>
>>>
>>> Something along the following lines should work:
>>>
>>> cas.serviceRegistry.initFromJson=true
>>> cas.serviceRegistry.json.location=file:/etc/cas/config/services
>>>
>>> - Then, make sure your JSON files are in the above noted directory.
>>> - Then, make sure your overlay contains a reference to the JPA service
>>> registry
>>>
>>> (You do not need to include the JSON service registry, IIRC, in the
>>> overlay)
>>>
>>> Then, on startup, CAS will import your JSON files from that directory
>>> over to the real (JPA) service registry.
>>>
>>> YMMV.
>>>
>>>
>>> On Wednesday, January 29, 2020 at 12:56:11 AM UTC+4, rbon wrote:
Bob,
We are using the 5.1.5 version of cas management. You only need to
upgrade it if you want newer features, etc.
I also have grumblings about the 6.x version. I put off upgrading cas
management until it settles.
Ray
On Tue, 2020-01-28 at 12:34 -0800, Bob wrote:
Hi Ray,
No, I'm currently just using the cas overlay (6.1.x).
I did try to get cas
Re: [cas-user] Re: Keycloak Backchannel Logout and CAS
I excluded nginx from my local env so I have only executable CAS.war and keycloak. I configured CAS to use SSL in this way: server.ssl.enabled=true server.ssl.key-store-type=JKS server.ssl.key-store=C:/Environment/jdk-11.0.5/bin/caskeystore.jks server.ssl.key-store-password=changeit server.ssl.key-alias=my.cas.com Backchannel logout doesn't work. Looks like SSL causes this issue, doesn't matter it's nginx or embedded tomcat. On Tuesday, March 17, 2020 at 11:49:34 PM UTC+2, Maksim Kopeyka wrote: > > Ray, > > I have had some issues related to self-signed certificate on my local env. > CAS and Keycloak produced exception related to certificate and flow didn't > work at all. > I regenerated certificate for domain instead of 127.0.0.1 and all > exceptions were gone. So it's not an issue with certificate. > Also I have the same problem on real environment with real certificate. It > also works fine without SSL but with SSL CAS session stay alive after > logout in keycloak. > > On Tuesday, March 17, 2020 at 5:44:35 PM UTC+2, rbon wrote: >> >> Maksim, >> >> Could this be a certificate issue? >> >> If this is self signed certificate, you will need to add it to the java >> keystore (trust store). >> https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores >> >> Ray >> >> On Mon, 2020-03-16 at 16:46 -0700, 'Maksim Kopeyka' via CAS Community >> wrote: >> >> That's interesting. Backchannel logout works in case load balancer of CAS >> (nginx) doesn't use SSL however backchannel doesn't work in case nginx uses >> SSL. >> I see the same output in console of CAS server in both cases (with SSL >> and without SSL) >> >> -- >> >> Ray Bon >> Programmer Analyst >> Development Services, University Systems >> 2507218831 | CLE 019 | rb...@uvic.ca >> >> I respectfully acknowledge that my place of work is located within the >> ancestral, traditional and unceded territory of the Songhees, Esquimalt and >> WSÁNEĆ Nations. >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3f634118-8170-4df8-b715-d451874c0704%40apereo.org.
[cas-user] [CAS 6.1.5 support service registry to MongoDB]
Hi, I have success config service registry to MongoDB in CAS version 6.0.x
It's mean, when I build CAS 6.0.x, it will auto-load and store my service
from directory "/etc/cas/services-repo" to MongoDB.
Now when I upgrade my CAS server from 6.0.x to 6.1.5, I can't load my
service to MongoDB like i used to do on cas 6.0.x.
I dont't know, what wrong in my config. Please help me.
Hear is my config
1/ File build.gradle
dependencies {
// Other CAS dependencies/modules may be listed here...
// compile
"org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}"
if (project.hasProperty("external")) {
compile "org.apereo.cas:cas-server-webapp:6.1.5"
} else {
compile "org.apereo.cas:cas-server-webapp-tomcat:6.1.5"
}
// Other CAS dependencies/modules may be listed here...
// For load config from mongoDB
compile
"org.apereo.cas:cas-server-support-configuration-cloud-mongo:6.1.5"
// For authen user from mongoDB
compile "org.apereo.cas:cas-server-support-mongo:6.1.5"
// SERVICE REGISTER JSON
//compile
"org.apereo.cas:cas-server-support-json-service-registry:6.1.5"
// REST API
compile "org.apereo.cas:cas-server-support-rest:6.1.5"
compile "org.apereo.cas:cas-server-support-rest-services:6.1.5"
//OAUTH2
compile "org.apereo.cas:cas-server-support-oauth-webflow:6.1.5"
//JWT TOKEN
compile "org.apereo.cas:cas-server-support-token-tickets:6.1.5"
compile "org.apereo.cas:cas-server-support-rest-tokens:6.1.5"
compile "org.apereo.cas:cas-server-support-token-webflow:6.1.5"
compile "org.apereo.cas:cas-server-support-rest-authentication:6.1.5"
//MONGODB TICKET REGISTRY
compile "org.apereo.cas:cas-server-support-mongo-ticket-registry:6.1.5"
// SERVICE REGISTER MONGODB
compile "org.apereo.cas:cas-server-support-mongo-service-registry:6.1.5"
}Enter code here...
2. My global config in MongoDB
{"_id":{"$oid":"5e71cbbc5f50ba44ec026957"},"name":
"cas.serviceRegistry.watcherEnabled","value":"true"}
{"_id":{"$oid":"5e71d5bf963c0140b0b90958"},"name":
"cas.serviceRegistry.mongo.host","value":"localhost"}
{"_id":{"$oid":"5e71d5e1963c0140b0b90959"},"name":
"cas.serviceRegistry.mongo.clientUri","value":"mongodb://casuser:Mellon @
cascore.vdc2.com.vn:27017,casoverlay.vdc2.com.vn:27017/cas?replicaSet=rs0=false"
}
{"_id":{"$oid":"5e71d5f9963c0140b0b9095a"},"name":
"cas.serviceRegistry.mongo.idleTimeout","value":"3"}
{"_id":{"$oid":"5e71d610963c0140b0b9095b"},"name":
"cas.serviceRegistry.mongo.port","value":"27017"}
{"_id":{"$oid":"5e71d625963c0140b0b9095c"},"name":
"cas.serviceRegistry.mongo.dropCollection","value":"false"}
{"_id":{"$oid":"5e71d669963c0140b0b9095d"},"name":
"cas.serviceRegistry.mongo.socketKeepAlive","value":"false"}
{"_id":{"$oid":"5e71d67c963c0140b0b9095e"},"name":
"cas.serviceRegistry.mongo.password","value":"Mellon"}
{"_id":{"$oid":"5e71d69c963c0140b0b9095f"},"name":
"cas.serviceRegistry.mongo.collection","value":"cas-service-registry"}
{"_id":{"$oid":"5e71d6b2963c0140b0b90960"},"name":
"cas.serviceRegistry.mongo.databaseName","value":"cas"}
{"_id":{"$oid":"5e71d6c8963c0140b0b90961"},"name":
"cas.serviceRegistry.mongo.timeout","value":"5000"}
{"_id":{"$oid":"5e71d6dc963c0140b0b90962"},"name":
"cas.serviceRegistry.mongo.userId","value":"casuser"}
{"_id":{"$oid":"5e71d6fa963c0140b0b90963"},"name":
"cas.serviceRegistry.mongo.writeConcern","value":"NORMAL"}
{"_id":{"$oid":"5e71d723963c0140b0b90964"},"name":
"cas.serviceRegistry.mongo.replicaSet","value":"rs0"}
{"_id":{"$oid":"5e71d733963c0140b0b90965"},"name":
"cas.serviceRegistry.mongo.sslEnabled","value":"false"}
{"_id":{"$oid":"5e71d82549895246a48504bb"},"name":
"cas.serviceRegistry.initFromJson","value":"true"}
{"_id":{"$oid":"5e71d84149895246a48504bc"},"name":
"cas.serviceRegistry.json.location","value":"file:/etc/cas/services-repo"}
And here is my log when I build CAS core 6.1.5
2020-03-18 01:15:36,493 INFO [org.apereo.cas.web.CasWebApplication] - <
Started CasWebApplication in 51.271 seconds (JVM running for 56.44)>
2020-03-18 01:15:36,505 INFO [org.apereo.cas.web.CasWebApplication] - <>
2020-03-18 01:15:36,506 INFO [org.apereo.cas.web.CasWebApplication] - <
____ __
| _ \| | / \ | _ \ \ / /
| |_) | _| / _ \ | | | \ V /
| _ <| |___ / ___ \| |_| || |
|_| \_\_/_/ \_\/ |_|
>
2020-03-18 01:15:36,506 INFO [org.apereo.cas.web.CasWebApplication] - <>
2020-03-18 01:15:36,506 INFO [org.apereo.cas.web.CasWebApplication] -
2020-03-18 01:15:36,531 INFO [org.apereo.cas.services.
AbstractServicesManager] -
Enter code here...
Thank you
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and
[cas-user] Re: CAS + Google authentication - after server restart again ask to scan the bar code
Hi Michele, Thank you, On Tuesday, March 17, 2020 at 6:04:44 PM UTC+8, Michele Melluso wrote: > > Hi Sk, > > i think I had your same problem and I solved this way: > > > https://groups.google.com/a/apereo.org/forum/?utm_medium=email_source=footer#!topic/cas-user/i_ImAVPB6jE > > regards > Michele > > On Tuesday, March 17, 2020 at 11:00:45 AM UTC+1, SK wrote: >> >> Using CAS + Google Authenticator + Mysql (JPA) >> >> Able to register and verify users successfully. But once restart the cas >> server, again ask to scan the bar code ? >> How can I avoid this. >> >> CAS properties >> # Activate MFA globally for all, regardless of other settings >> cas.authn.mfa.globalProviderId=mfa-gauth >> >> cas.authn.mfa.gauth.issuer=CAS >> cas.authn.mfa.gauth.label=CAS >> cas.authn.mfa.gauth.windowSize=3 >> cas.authn.mfa.gauth.codeDigits=6 >> cas.authn.mfa.gauth.timeStepSize=30 >> cas.authn.mfa.gauth.rank=0 >> cas.authn.mfa.gauth.trustedDeviceEnabled=false >> cas.authn.mfa.gauth.name= >> >> #cas.authn.mfa.gauth.cleaner.enabled=true >> #cas.authn.mfa.gauth.cleaner.schedule.startDelay=2 >> #cas.authn.mfa.gauth.cleaner.schedule.repeatInterval=6 >> >> cas.authn.mfa.gauth.bypass.type=DEFAULT >> cas.authn.mfa.gauth.bypass.principalAttributeName=data_ >> cas.authn.mfa.gauth.bypass.principalAttributeValue=false >> >> >> cas.authn.mfa.gauth.jpa.user=root >> cas.authn.mfa.gauth.jpa.password=root >> cas.authn.mfa.gauth.jpa.driverClass=com.mysql.jdbc.Driver >> >> cas.authn.mfa.gauth.jpa.url=jdbc:mysql://localhost:3306/lportal?useSSL=false >> cas.authn.mfa.gauth.jpa.dialect=org.hibernate.dialect.MySQLDialect >> cas.authn.mfa.gauth.jpa.failFastTimeout=1 >> cas.authn.mfa.gauth.jpa.healthQuery= >> cas.authn.mfa.gauth.jpa.isolateInternalQueries=false >> cas.authn.mfa.gauth.jpa.leakThreshold=10 >> cas.authn.mfa.gauth.jpa.batchSize=1 >> cas.authn.mfa.gauth.jpa.ddl-auto=none >> >> cas.authn.mfa.gauth.jpa.autocommit=false >> cas.authn.mfa.gauth.jpa.idleTimeout=5000 >> cas.authn.mfa.gauth.jpa.pool.suspension=false >> cas.authn.mfa.gauth.jpa.pool.minSize=6 >> cas.authn.mfa.gauth.jpa.pool.maxSize=18 >> cas.authn.mfa.gauth.jpa.pool.maxWait=2000 >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6b633413-e6b8-463d-a9ef-21f911fb74ba%40apereo.org.
Re: [cas-user] [Cas 6.0 6.1] Trusted devices and gauth account are forgotten on cas reboot
Hi Michele , I tried using cas.ticket.registry.jpa but still I have the same issue. Can you please help on this ? Config # JPA Ticket Registry cas.ticket.registry.jpa.ticketLockType=NONE cas.ticket.registry.jpa.jpaLockingTimeout=3600 cas.ticket.registry.jpa.user=root cas.ticket.registry.jpa.password=root cas.ticket.registry.jpa.driverClass=com.mysql.jdbc.Driver cas.ticket.registry.jpa.url=jdbc:mysql://localhost:3306/lportal?useSSL=false cas.ticket.registry.jpa.dialect=org.hibernate.dialect.MySQLDialect cas.ticket.registry.jpa.failFastTimeout=1 cas.ticket.registry.jpa.healthQuery= cas.ticket.registry.jpa.isolateInternalQueries=false cas.ticket.registry.jpa.leakThreshold=10 cas.ticket.registry.jpa.batchSize=1 cas.ticket.registry.jpa.defaultCatalog= cas.ticket.registry.jpa.defaultSchema= cas.ticket.registry.jpa.ddlAuto=none cas.ticket.registry.jpa.autocommit=false cas.ticket.registry.jpa.idleTimeout=5000 cas.ticket.registry.jpa.dataSourceProxy=false cas.ticket.registry.jpa.pool.suspension=false On Friday, March 13, 2020 at 2:19:39 AM UTC+8, Michele Melluso wrote: > > I found it out. > > Cas was generating encription keys every boot asking for me to set it in > cas.conf. > At the next reboot the key was different so Cas was unable to decript the > previously stored infos. > > Thanks a lot > Michele > > On Thursday, March 12, 2020 at 5:54:55 PM UTC+1, Michele Melluso wrote: >> >> Hi, >> thank you for the reply. >> >> I'm storing session on MariaDB >> https://apereo.github.io/cas/6.1.x/ticketing/JPA-Ticket-Registry.html >> >> So far it seemed to be working fine, since if i reboot Cas, sso session >> are mantained and no new login is required. >> I also checked the TICKETGRANTINGTICKET table, and TGT are still there. >> >> meanwhile i keep debugging :) >> thank you again for your time >> Michele >> >> On Thursday, March 12, 2020 at 5:43:41 PM UTC+1, rbon wrote: >>> >>> Michele, >>> >>> Rebooting may remove cas sessions (Ticket Granting Ticket). >>> How are you storing login sessions, ( >>> https://apereo.github.io/cas/6.1.x/ticketing/Configuring-Ticketing-Components.html >>> )? >>> >>> Ray >>> >>> On Thu, 2020-03-12 at 05:40 -0700, Michele Melluso wrote: >>> >>> Notice: This message was sent from outside the University of Victoria >>> email system. Please be cautious with links and sensitive information. >>> >>> Hi all, >>> I'm having a problem with mfa persistence both in cas 6.0 and 6.1. >>> I configured jpa persistence (and also tried json persistence) for >>> trusted devices and gauth accounts. I can see that the informations are >>> stored correctly on my dbms (also on json files). >>> >>> The problem is when i reboot CAS, the informations are ignored and mfa >>> is triggered again. Even worst Cas will ask again a user to register gauth. >>> Any idea about this ? >>> >>> thanks >>> Michele >>> >>> -- >>> >>> Ray Bon >>> Programmer Analyst >>> Development Services, University Systems >>> 2507218831 | CLE 019 | rb...@uvic.ca >>> >>> I respectfully acknowledge that my place of work is located within the >>> ancestral, traditional and unceded territory of the Songhees, Esquimalt and >>> WSÁNEĆ Nations. >>> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/88cf3d96-8ee9-41a2-9545-f4f62c986758%40apereo.org.
