ngst isn't all bad; It's just a little bad.
>
> Thanks for the prompt reply and for originally uncovering this.
>
>
> On Wednesday, September 5, 2018 at 10:24:22 AM UTC-5, David Curry wrote:
>>
>> I did not submit our patch to the CAS code base because, frankly, it&
Do you have this in pom.xml:
org.apereo.cas
cas-server-support-json-service-registry
${cas.version}
(you should)?
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x472
The encryption key for Spring Webflow (cas.webflow.crypto.encryption.key)
is not a JSON Web Key. It's a randomly-generated string of 16 octets,
Base64-encoded. You can generate it with OpenSSL:
openssl rand -base64 16 > webflow-enc.txt
Also, I believe you need a '-s' in front of the size argumen
I think the problem is this line:
cas.authn.mfa.globalProviderId=mfa-gauth
According to the documentation, that enables MFA for all services,
regardless of any other settings. Since you don't want that, you should
probably turn it off.
We have basically the same settings that Matt just posted h
That's usually a certificate problem. Are you using a self-signed
certificate on the CAS server? If so, you need to have
CASCertificatePath/etc/pki/tls/certs/casserver.crt
in the mod_auth_cas configuration.
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
Using casuer/Mellon shouldn't make any difference.
Try turning mod_auth_cas debug logging on (CASDebug on) and see what it
tells you. Note that you also need to set the Apache logging level on the
virtual host to Debug to see the logs.
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
I think Andy's right here... when I try this on my CAS server, which does
*not* have the wildcard service registry entry, I get (correctly)
redirected to the "Application not authorized to use SSO" page.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
7
The static/themes/skeleton and templates/skeleton subdirectories do not
belong in etc/cas/config; they belong in src/main/resources in your overlay
so that they get bundled into cas.war.
Like this:
/opt/workspace/cas-overlay-template/
├── LICENSE.txt
├── README.md
├── build.cmd
├── build.sh*
├──
You should be using the samlValidate endpoint, not the serviceValidate
endpoint in the CASValidateUrl. See the mod_auth_cas documentation.
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • davi
Ganesh,
Our CAS 5.2.7 WAR file is 121MB with the following dependencies:
cas-server-support-mongo-service-registry
cas-server-support-ldap
cas-server-support-saml
cas-server-support-saml-idp
cas-server-support-saml-googleapps
cas-server-support-duo
cas-server-support-mongo-ticket-registry
We de
For those of you who have been waiting (and waiting, and waiting, ...) for
me to update my *Deploying Apereo CAS* documentation, I have finally gotten
enough time to do that. Aside from dozens of minor updates and corrections
accumulated over the last 8 or 9 months, the following major sections hav
Can I force a service to authenticate every time from the CAS server side,
e.g., by setting something in the service registry? Basically, I want to
mimic the behavior of "&renew=true" but not have to change anything on the
client side.
I thought setting "accessStrategy.ssoEnabled: false" in the se
wing the initial login to the app? Sounds like it's an
> issue of controlling the user's application session rather than the user's
> CAS SSO session.
>
> Dan
>
> Dan Ellentuck
> Columbia University I.T.
>
> On Fri, Nov 2, 2018 at 10:41 AM David Curry
&
ant CAS as you mention, you lose the essential use of a SSO. If you're
> renew for the follwoing tab, you will lose the authentication of the first
> tab.
>
> Christian Poirier
> Université TÉLUQ
> Québec, QC CANADA
>
>
> Le ven. 2 nov. 2018, à 10 h 41, David Curry a
exist in a browser instance, not a
> tab instance; in some cases a new window is still not enough.
> It sounds like your client does not understand how web browser technology
> works.
>
> You could always offer to build a custom browser ;)
>
> Ray
>
> On Fri, 2018-11-02 at 1
l make a difference either, since the timeout just calls the
> cas/logout endpoint resulting in the destruction of the TGTs. You may at
> least want to revisit the timeout values for AppNav, etc...
>
> Matt
>
> On Friday, November 2, 2018 at 12:13:39 PM UTC-6, David Curry wrote:
e case?
>
> Ray
>
> On Fri, 2018-11-02 at 15:05 -0400, David Curry wrote:
>
> We already had to turn off SLO because of that issue between tabs (people
> would log into Luminis in one tab and Canvas in another, and get kicked out
> of Canvas when Luminis timed out). My posi
o do a multi value attribute on json.
> I need the SAML response to be like this
>
> 1 <
> AttributeValue>2 3 Attribute>
>
> Can you help me on this man?
>
> Regards
>
> Em quarta-feira, 16 de maio de 2018 11:49:10 UTC-3, David Curry escreveu:
oundIDProvider
> cas.authn.attributeRepository.ldap[0].useSsl=false
> cas.authn.attributeRepository.ldap[0].useStartTls=false
> cas.authn.attributeRepository.ldap[0].name=AD
> cas.authn.attributeRepository.expirationTime=30
> cas.authn.attributeRepository.expirationTimeUnit=MINUTES
>
cZNeK0yg>
> ">
> ACCOUNT1_AWS_SSO_ROLE,ACCOUNT1_AWS_SSO_IAM >
>
> I need to send multiple values so i can choose what account i want to log
> in. You said that there's a way to return a multi-value attribute, can you
> show me how to return multi-value attribute?
What version of CAS are you using?
What "login error" are you getting (include the actual text of the error)?
Do you see any errors in your log file(s) about it? If so, what are they
(copy and paste relevant lines)?
Have you tried turning on debug-level logging? Did it tell you anything? If
so, wha
rds,
>
> [image: photo]
> S.Sudhanraj
> Network Engineer
>
> A: 309 Kent Street, Sydney, NSW 2000
> <https://maps.google.com/?q=309+Kent+Street,+Sydney,+NSW&entry=gmail&source=g>
>
>
>
> Email: helpd...@eluminaelearning.com.au
>
>
> On Tue, Nov
You do need to create a metadata file; Workday won't do it for you. We use
this site:
https://www.samltool.com/sp_metadata.php
Once you've created it for one Workday tenant, you can just copy it and
edit the XML directly for the other tenants; you don't have to use this
site for each tenant.
Th
Directory works fine with mod_auth_cas. For example, I usually use some
variation on this for /etc/httpd/conf.d/cas.conf:
LoadModule auth_cas_module modules/mod_auth_cas.so
AuthTypeCAS
CASAuthNHeader On
Require valid-user
CASLoginUrl http
This doesn't really answer your question (I don't know the answer), but
can't you just start CAS and let it generate the keys (they end up in
/etc/cas/saml), then stop CAS and copy the keys somewhere for
safekeeping/redistribution?
For our installation with multiple CAS servers behind a load balan
can't wait for a CAS release at the moment.
>
> On Tuesday, December 4, 2018 at 12:12:29 PM UTC-5, David Curry wrote:
>>
>> This doesn't really answer your question (I don't know the answer), but
>> can't you just start CAS and let it generate the keys
So while I'm eating lunch I did a bit of fiddling around...
It looks like you can do:
openssl genrsa -des3 -out tmp.key 2048
When it prompts for a password, enter "" (or whatever, just remember
it). This gives you an encrypted key file. Then run:
openssl rsa -in tmp.key -out server-signing
Check your Tomcat logs (especially catalina.out) -- did the CAS server
successfully start?
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
On Wed, De
By default, the CAS server keeps the service registry in memory. So if you
make changes to it, and then shut down or restart the server, all your
changes will be lost.
You should look into setting up a JSON (file-based) service registry at a
minimum, or a more flexible one based on some sort of da
Thanks, Andres! That was exactly the problem.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
On Thu, Dec 13, 2018 at 10:43 AM Andres Rattur
"Ellucian" - from the Latin for "software crap-fest" :-)
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
On Wed, Dec 19, 2018 at 12:13 PM Jennifer La
I've never played with it myself, but isn't this:
https://apereo.github.io/cas/5.1.x/installation/Surrogate-Authentication.html
what you're talking about?
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 1
Hi Daniel, thanks for your response. I spent a lot of time looking at
those. And although it's likely that we will ultimately need to write our
own policy or authentication handler, I was wanting to play with the
existing ones to see if we could do anything interesting with them.
But I was having
Ray is right, the best answer is upgrade. But, assuming that's not an
immediate option...
I don't believe CAS 3.x had any of its own support for SSL/TLS; I think it
just relied on what the underlying Java JVM gave it. So... what version of
Java are you using?
TLSv1.2 was not supported in Java 6 u
For SAML2 to work, you need a single entry like this in your service
registry:
{
"@class" :"org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "
https://cas.example.org/cas/idp/profile/SAML2/Callback.+";,
"name" : "SAML Authentication Request",
It quit working for us (or at least we first received complaints) as well
around 3:30pm EST yesterday (2/21). We have a ticket open with Duo,
although I'm not aware that we've heard anything back from them yet. I'll
share anything we learn as well.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF IN
Just passing along that we heard back from Duo support late this afternoon
that the issue had been escalated to engineering and that a fix has now
been rolled out.
But given that it's late on Friday afternoon we're waiting until Monday to
try it, so I can't say for sure whether it's really been fi
Thanks to everyone who responded to this thread. I switched our dev servers
over to a Hazelcast ticket registry (keeping MongoDb for the service
registry) this afternoon, and assuming no problems, we'll gradually move it
from dev to test to production.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR
1. If you're only using a single server, then you don't need a ticket
registry at all beyond the in-memory one that CAS uses by default. If
you're using multiple servers, then the ticket registry lets the servers
cross-validate each others' issued tickets. But there is no need for this
registry to
Just a quick off the cuff thought, but could there be a syntax error in the
properties file somewhere before the dn setting that's causing that line to
be misread?
David A. Curry, CISSP
Director of Information Security
The New School - Information Technology
71 Fifth Ave., 9th Fl. ~ New York, N
For CAS 5.2.x, you configure the "stub" attribute repository with all the
attribute names you want the management app to be able to work with (add
these to the management.properties file, not cas.properties):
cas.authn.attributeRepository.stub.attributes.UDC_IDENTIFIER:
UDC_IDENTIFIER
cas.authn.a
When we were using mongodb as our ticket repository (CAS 5.2.x), we just
took the default ticket registry cleaner that came out of the box, and it
worked pretty well.
However, mongodb itself as a ticket registry gave us some problems under
heavier load (like when a few thousand students were all l
> Can it be like that?
> Thank you David
>
> Sent from my iPhone
>
> On 5 Apr 2019, at 18.45, David Curry wrote:
>
> For CAS 5.2.x, you configure the "stub" attribute repository with all the
> attribute names you want the management app to be able to work wit
Well, for what it's worth, Misagh ran a survey in this group back in March,
and shared the results at Open Apereo. From one of those slides, of 156
respondents:
Healthcare: 4 (2.8%)
Insurance: 5 (3.5%)
Government: 11 (7.5%)
Higher Ed: 109 (75.7%)
Finance: 1 (0.7%)
Travel: 1 (0.7%)
Other: 25 (17.
That's what I needed to know. Thanks!
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
[image: The New School]
On Sun, May 14, 2017 at 8:00 PM, Richard Frovar
er.
For example, on my current devel setup, which authenticates against Active
Directory first and LDAP second, and merges attributes from both, I get:
REMOTE_USER = curryd
AuthenticationMethod = Active Directory
displayName = David Curry
successfulAuthenticationHandlers = Active Directory
cn = x
Tomcat 7 does not support Servlet Spec 3.1, which is required by CAS 5.
You need to upgrade to Tomcat 8.5.x (supersedes the 8.0.x line).
Note the special considerations documented for external Tomcat
configurations here:
https://apereo.github.io/cas/5.1.x/installation/Configuring-Servlet-Contain
You also have to add
org.apereo.cas
cas-server-support-json-service-registry
${cas.version}
to your pom.xml.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-530
Hi everyone,
A couple of weeks ago there was a thread here asking for CAS 5.1.x
step-by-step documentation.
As I've been working on building our CAS 5.1.x development environment I've
been documenting everything I've been doing, both to help maintain my own
sanity and also so that we'll be able t
To use a separate JSON registry (e.g., /etc/cas/services/), you have to add
the
cas-server-support-json-service-registry
dependency to pom.xml and rebuild the server. Then you can set
cas.serviceRegistry.config.location:file:/etc/cas/services
and put your service declarations in there.
S
e/#minors.
>
> "Service registry initialization from JSON is now able to honor service
> definitions found at the path specified via settings, rather than only
> loading those found on the classpath’s services directory."
>
>
>
> On Tuesday, September 5, 2017 at 8:11:5
nce?
>
> Thank you!
>
> On Friday, September 1, 2017 at 4:24:25 PM UTC-4, David Curry wrote:
>>
>> Hi everyone,
>>
>> A couple of weeks ago there was a thread here asking for CAS 5.1.x
>> step-by-step documentation.
>>
>> As I've been working
Personally I would use the second option, as it gives you more flexibility.
If you'd like a step-by-step example of setting up attribute release, see
here:
https://dacurry-tns.github.io/deploying-apereo-cas/building_server_ldap_resolution-release_overview.html
(The above is not official documenta
Did you configure the server to support releasing attributes with SAML 1.1?
The CAS protocol didn't support attribute release until v3.0 of the
protocol, which came out in v4.0 of the server.
To support SAML 1.1 attribute release, you need this in pom.xml:
org.apereo.cas
cas-
Didier,
Is /etc/cas/json a file, or a directory? CAS is expecting it to be a
directory, with individual JSON files for each service underneath, like
this:
/ <-- file system root
etc/
json/
Apereo-1002.json
HTTPSandIMAPS-1001.json
Assuming you have added the cas-se
You might find this helpful; it's the step-by-step documentation I've been
building to record our development environment for posterity. It's not the
only way to do it, but if you're completely new to everything, it will at
least get you off the ground with something you can then start to
experimen
Short answer:
cas.authn.attributeRepository.ldap[0].attributes.employeeNumber:
UDC_IDENTIFIER
The last element of the property name is the name of the attribute in the
directory, the value of the property is the name you want to give it when
it's released to applications. The above assumes you'v
Most of the functionality for what you want is here, I think:
https://apereo.github.io/cas/development/installation/Webflow-Customization-AUP.html
It seems to be available in 5.1.x as well, although with fewer options for
storing state that what 5.2.x is going to offer.
I should mention that whi
ep 29, 2017 at 8:15 AM, Tom O'Neill wrote:
> Looks like I need to catch up on my 5.x – another good reference, thanks
> Dave!
>
>
>
> Thanks,
>
>
>
> *Tom O’Neill*
>
>
>
>
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *O
Normally you disable the static authentication handler altogether once you
have a "real" authentication handler (e.g., LDAP or Active Directory)
configured. To do that, put this in cas.properties:
cas.authn.accept.users:
Just leave the value empty.
If you really and truly want to keep the buil
CAS 5.2.0-SNAPSHOT built this morning with the Maven WAR overlay.
Okay, so I have my JSON service registry set up to load JSON files from
/etc/cas/services/. This has been working just fine for weeks. One of the
files I have in there is called "HTTPSandIMAPSwildcard-20170828090137.json",
which con
Tomcat's default value for maxPostSize is 2097152, so that's "normal." (
https://tomcat.apache.org/tomcat-8.5-doc/config/http.html)
Tomcat's default value for maxHttpHeaderSize is 8192 (see same link,
above), but the CAS documentation for configuring the server as a SAML2 IdP
recommends setting it
code well enough to do the last two
bullets, but would be happy to help test if someone else is able to do
them...
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.e
oal of authentication with SSO Banner. The project installation
> guide
> <https://dacurry-tns.github.io/deploying-apereo-cas/building_server_ldap_authentication_overview.html>
> kindly provided by David Curry has been a great help as I am new to CAS.
> Many thanks to David for maki
This is the way I did it with the Shib SP (Apache mod_shib) as well. Not
sure it's the "right" way, but it works.
In our experience, just about every SAML SP we work with (mostly
third-party SaaS platforms) requires their own custom attribute list
anyway, so doing this seems like it will be a good
Change the value of cas.log.dir in etc/cas/config/log4j2.xml (around line
9):
/var/log/cas
or add a "-Dcas.log.dir=/var/log/cas" parameter to your command line.
(Replace /var/log/cas with whatever you want, of course.)
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORM
Embedded Tomcat or external Tomcat? If the latter, this might help:
https://dacurry-tns.github.io/deploying-apereo-cas/setup_tomcat_configure-systemd-to-start-tomcat.html
But I'm not sure how helpful that is for the embedded option.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SEC
I'm looking at the cas.adminPagesSecurity.ip property setting in the Maven
overlay, which comes set as follows:
cas.adminPagesSecurity.ip=127\.0\.0\.1
But since the backslash is a special character in Java properties files,
shouldn't that be:
cas.adminPagesSecurity.ip=127\\.0\\.0\\.1
so that th
I agree that in the particular case of IP addresses, it probably doesn't
matter, because the '.' is going to match either a '.' or a single
character of any value but that will almost always be a '.' anyway, since
IP addresses have a more or less fixed format.
I guess my question is a bit more gen
I'm not completely sure I understand what you want to do, but could you use
the Acceptable Use Policy piece of the workflow, and just replace the text
of the AUP (which you have to put into it anyway) with whatever license you
need?
https://apereo.github.io/cas/5.1.x/installation/Webflow-Customiza
Those are probably referring to missing signing/encryption keys for Spring
Webflow encryption, since you say you have the tgc properties configured.
(Although you should also check the properties you have set for tgc
encryption; all the sigining/encryption key properties were "rationalized"
in one
I don't have a specific MySQL-ish answer, but if you've configured the
dashboard ("admin pages"), the "Registered Services" button will give you a
JSON document that contains the entire registry.
It's just a REST endpoint (https://your.server.name/cas/status/services),
so depending on how you've
Two dumb questions (but I've gotten caught by both):
1. Did you pull down a new copy (or do a git pull) from the Github repo
for cas-maven-overlay? It is not (or at least not always) sufficient to
just update the ${cas.version}, because other information in pom.xml
changes sometimes.
ec 4, 2017 at 4:01 PM, Jeffrey Ramsay
> wrote:
>
>> Well, I had that turned on but didn't notice that option so, I'll
>> redeploy.
>>
>> Thank you,
>> -Jeff
>>
>> On Mon, Dec 4, 2017 at 2:51 PM, David Curry
>> wrote:
>>
>>
covery.
>
> Thanks,
> -Jeff
>
> On Wed, Dec 6, 2017 at 7:49 AM, David Curry
> wrote:
>
>> Looks like you're right; it was added in 5.2RC1:
>>
>> https://apereo.github.io/2017/06/30/520rc1-release/#016-regi
>> stered-services-endpoint
>>
>&
Just a thought...
When you went from 5.1.4 to 5.2.0, did you update the Maven overlay
template from GitHub and then re-apply your local changes, or did you just
update ${cas.version}?
In my (limited) experience, just updating the version doesn't always work,
and it's better to update from the rep
repo. My guess is that I missed something in doing so,
> but I have not been able to figure out what I missed. Thanks Dave.
>
> On Tuesday, December 12, 2017 at 11:29:24 AM UTC-5, David Curry wrote:
>>
>> Just a thought...
>>
>> When you went from 5.1.4 to 5.2.0
You might find this link helpful. It's a work in progress and not
"official" documentation, but it does include, among other things, an
example and step-by-step instructions for how to configure for AD, both
authentication and attributes.
https://dacurry-tns.github.io/deploying-apereo-cas/
David
This is PURE speculation, but I see this dependency in your 5.2 pom.xml:
org.ldaptive
ldaptive-unboundid
1.0
What is that?
I cannot find any mention of it in the CAS documentation searching for
"ldaptive-unboundid", which makes me think it mi
t you might try removing or updating
> the version of the ldaptive-unboundid artifact to the latest version or
> even try removing it as a test to see if the error message goes away or
> changes.
>
>
> -Adam
>
>
> On Thu, Dec 14, 2017 at 12:13 PM, David Curry
&
This is a servlet container configuration issue, not a code issue -- no pr
needed. The embedded servlet container comes pre-configured with async
support enabled, but if you're using an external servlet container, you
have to enable it yourself. This is documented here:
https://apereo.github.io/ca
You have the wrong property name (I forget when it changed).
cas.serviceRegistry.json.location: file:/etc/cas/services
Also, since you have your own non-empty service registry, you should have
cas.serviceRegistry.initFromJson: false
That property tells the CAS server to load an otherwise empt
Here is one way to do it. It's not the only way, since CAS gives you so
many options, but it should be enough to get you started.
1. Set these to enable the dashboard (these settings enable all of the
endpoints; you can also pick and choose):
cas.adminPagesSecurity.actuatorEndpointsEnabled: true
s be avoided?
>
> Just to reiterate: My primary issue has been resolved.
>
>
>
> On Monday, December 18, 2017 at 3:50:22 PM UTC-5, David Curry wrote:
>>
>> You have the wrong property name (I forget when it changed).
>>
>> cas.serviceRegistry.json.locatio
reo.cas.services.RegexRegisteredService",
>
> "serviceId" : "^https://cas.beloit.edu:8443/
> cas/status/dashboard(\\z|/.*)",
>
> "name" : "CAS Admin Dashboard",
>
> "id" : 123456789,
>
> "description" :
Once you're satisfied that it's working correctly, could you share your
options/settings in this thread? I know I (and probably others) will be
coming to this point Real Soon Now and the additional knowledge would be
helpful.
Thanks,
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECU
So this week I've been experimenting with the MongoDB service registry
instead of the JSON service registry. Everything seems to be working
correctly, including using cas.serviceRegistry.initFromJson to copy the
JSON service registry entries into the MongoDB service registry. So that's
all good.
T
It's not "official" documentation, but I've been sharing my documentation
as I get it written up... that includes installing into an external
(non-embedded) Tomcat.
https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html
Hope you find it useful.
--Dave
--
DAVID A. CURRY,
If that's a cut-n-paste from the properties file, "location" is
misspelled...
Do you have the cas-server-support-json-service-registry dependency in the
management webapp's pom.xml?
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL
NOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
[image: The New School]
On Wed, Jan 3, 2018 at 4:08 AM, Alberto Cabello Sánchez
wrote:
> On Sat, 30 Dec 2017 20:57:43 -0500
> David Curry wrote:
>
> > It's not "official&qu
Is anyone able to successfully build and run CAS 5.3.0-RC1 or
5.3.0-RC2-SNAPSHOT with the Maven overlay?
My overlay is up-to-date with the GitHub repo as of this morning. Building
and running CAS 5.2.1 seems to work just fine. Building CAS 5.3.0-RC1 or
5.3.0-RC2-SNAPSHOT seem to work fine, but I g
Thanks, Alberto. Of course, when I go try to rebuild things this morning to
try that suggestion, it errors out with a completely different
error.(before I even apply that correction) having nothing to do with the
original error.
I think 5.3.0-RC2-SNAPSHOIT building with Maven is just broken right
NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
[image: The New School]
On Fri, Jan 19, 2018 at 4:53 AM, Alberto Cabello Sánchez
wrote:
> On Thu, 18 Jan 2018 12:05:50 -0500
> David Curry wrote:
>
> > Thanks, Alberto. Of course, when I go try to rebuild things
I am building the management webapp with the current Maven WAR overlay, and
set to either 5.3.0-RC1 or 5.3.0-RC2-SNAPSHOT. In both cases,
all of a sudden the webapp is unhappy with my *management.properties* file
that has been working just fine with 5.1.x and 5.2.x. Specifically, I get:
org.sprin
ent
> ./gradlew build -x check -x javadoc
>
> This will build a war under cas-management/webapp-mgmt/
> cas-management-webapp/build/libs/ that can be deployed.
>
> Needless to say some time needs to be put into the documentation for the
> management app.
>
> Than
For those of you who are new to CAS and looking for some help, in addition
to Carl's task list (for lack of a better word), I have been making this
available for anyone who wants it:
https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html
It's NOT official, and it's not the
H AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
[image: The New School]
On Mon, Jan 29, 2018 at 2:52 PM, David Curry
wrote:
> For those of you who are new to CAS and looking for some help, in addition
> to Carl's task list (for lack of a b
I believe this behavior started around the time the change was made to let
you set
cas.serviceRegistry.json.location
without enabling the JSON service registry in pom.xml.
Personally, I had started using the JSON service registry before they made
that change, so I always had the dependency in t
Carlos,
The only mistake I see here is that on the second line, cas.server.prefix
should be getting set to ${cas.server.name}/cas, not ${server.name}/cas.
As for the adminPages configuration, based on what you've provided, you
should be able to access
http[s]://your.cas.server/cas/status
from
as/status/dashboard (\\
> z | /.*)",
>"name": "CAS Admin Dashboard",
>"id": 1517507674,
> "description": "CAS dashboard and administrative endpoints",
>"evaluationOrder": 5000
>
>
>
> Em se
201 - 300 of 321 matches
Mail list logo