[cas-user] certificates

[Cheltenham, Chris]

Hello Everyone, 

Are we to create a certificate XX.der configured in cas.properties separate 
from the tomcat or jetty kestore? 




=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1290511545.2780565.1521854222781.JavaMail.zimbra%40philasd.org.

[cas-user] Inspektr

[Cheltenham, Chris]

Does anyone use inspektr ?

 

I simply changed error to info this entry in log4j2

 









 

>From what I read this is supposed to log into cas_audit.log.

 

Is that all that I am to do?

 

 

 

===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/014d01d3b0cf%24014a4600%2403ded200%24%40philasd.org.

[cas-user] Dashboard Issue with Waterfox

[Cheltenham, Chris]

Hello Everyone.

 

Has anyone seen this problem.

 

I was finally able to set up the dashboard with some help.

 

However I found a strange anomaly.

 

Using Waterfox, the 64 bit firefox I get a 500 internal error.

 

ANY OTHER browser I used it works just fine.

 

Yes I dumped the cache and cleared history several times.

 

Also, it gives you a java stack trace in the CAS logs saying 

 

2018-02-28 10:22:12,567 DEBUG
[org.apereo.cas.web.FlowExecutionExceptionResolver] - 

org.pac4j.core.exception.TechnicalException: cannot validate CAS ticket:
ST-8-NW9hG5iesq69gE4h8cNehuDlKh0-devcas5

 

Caused by: org.jasig.cas.client.validation.TicketValidationException:
Ticket 'ST-8-NW9hG5iesq69gE4h8cNehuDlKh0-devcas5' not recognized

 

Always the same ticket # also.

 

 

===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00fa01d3b0b0%246c1674a0%235de0%24%40philasd.org.

RE: [cas-user] /cas/status/dashboard

[Cheltenham, Chris]

David,



Do I need pacj4 for the service registry?











===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Tuesday, February 27, 2018 8:58 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] /cas/status/dashboard



If you use "config" then the property is being ignored because it doesn't do 
anything, and you are likely getting the wildcard service registry entry in 
the classpath.



If you use "json" then you are most likely correctly getting your 
/etc/cas/services directory, and assuming you didn't copy the wildcard 
entry, you're not matching it any more. As to application not authorized, 
that means you don't have a correct entry.



When you have it set to "json", what does the debug log tell you it's 
loading for services?








--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Tue, Feb 27, 2018 at 8:51 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:

Guys,



When I changed config to json , I get Application Not Authorized to use CAS.



I am not sure if that s good thing or not.



If I change json back to config, the portal will open.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of 
Matthew Uribe
Sent: Monday, February 26, 2018 3:35 PM
To: CAS Community mailto:cas-user@apereo.org> >
Subject: Re: [cas-user] /cas/status/dashboard



Chris,



I ran into the same problem. I added json files to /etc/cas/services but CAS 
was only reading those in the classpath/services directory.

I found that my problem was in my cas.properties:



Incorrect:

cas.serviceRegistry.config.location:   file:/etc/cas/services

Correct:

cas.serviceRegistry.json.location: file:/etc/cas/services


On Monday, February 26, 2018 at 12:50:26 PM UTC-7, Chris Cheltenham wrote:

David,



The only thing I can tell is that CAS is not seeing the json file from 
/etc/cas/services.

I created two and they never show up loaded in the logs.



Only the two default ones, I guess they are, show up.





2018-02-26 14:42:49,710 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - https://www.apereo.org]>

2018-02-26 14:42:49,710 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - 

2018-02-26 14:42:49,710 INFO 
[org.apereo.cas.services.AbstractServicesManager] - 



I have two json files.





cas-services5.xml



{

  @class: org.apereo.cas.services.RegexRegisteredService

  serviceId: https://devcas5\.philasd\.org/cas-services/.*

  name: HTTPS

  id: 101

  description: HTTPS protocol wildcard service.

  evaluationOrder: 1000

}







And





cas-dashboard.xml





{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*) 
<https://devcass5.philasd.org/cas/status/dashboard(%5C%5Cz%7C/.*)> ",

  "name" : "CAS Admin Dashboard",

  "id" : 12

  "description" : "CAS dashboard and administrative endpoints",

  "evaluationOrder" : 1001

}





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/082beb1a-0cfc-4066-8c2b-d6e97284709f%40apereo.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/082beb1a-0cfc-4066-8c2b-d6e97284709f%40apereo.org?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiv

RE: [cas-user] /cas/status/dashboard

[Cheltenham, Chris]

utes={}],publicKey=,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@60a66b66,logo=images/logo_cas.png,logoutUrl=,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@3b99bf80[multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=,principalAttributeValueToMatch=,bypassEnabled=false],informationUrl=,privacyUrl=,contacts=[],expirationPolicy=org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy@d9010e3[deleteWhenExpired=false,notifyWhenDeleted=false,expirationDate=],]]>

2018-02-27 09:36:57,741 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - https://www.apereo.org]>

2018-02-27 09:36:57,741 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - 

2018-02-27 09:36:57,742 INFO 
[org.apereo.cas.services.AbstractServicesManager] - 

2018-02-27 09:37:14,507 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - 

2018-02-27 09:37:14,507 INFO 
[org.apereo.cas.services.AbstractServicesManager] - 



===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Tuesday, February 27, 2018 8:58 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] /cas/status/dashboard



If you use "config" then the property is being ignored because it doesn't do 
anything, and you are likely getting the wildcard service registry entry in 
the classpath.



If you use "json" then you are most likely correctly getting your 
/etc/cas/services directory, and assuming you didn't copy the wildcard 
entry, you're not matching it any more. As to application not authorized, 
that means you don't have a correct entry.



When you have it set to "json", what does the debug log tell you it's 
loading for services?








--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Tue, Feb 27, 2018 at 8:51 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:

Guys,



When I changed config to json , I get Application Not Authorized to use CAS.



I am not sure if that s good thing or not.



If I change json back to config, the portal will open.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of 
Matthew Uribe
Sent: Monday, February 26, 2018 3:35 PM
To: CAS Community mailto:cas-user@apereo.org> >
Subject: Re: [cas-user] /cas/status/dashboard



Chris,



I ran into the same problem. I added json files to /etc/cas/services but CAS 
was only reading those in the classpath/services directory.

I found that my problem was in my cas.properties:



Incorrect:

cas.serviceRegistry.config.location:   file:/etc/cas/services

Correct:

cas.serviceRegistry.json.location: file:/etc/cas/services


On Monday, February 26, 2018 at 12:50:26 PM UTC-7, Chris Cheltenham wrote:

David,



The only thing I can tell is that CAS is not seeing the json file from 
/etc/cas/services.

I created two and they never show up loaded in the logs.



Only the two default ones, I guess they are, show up.





2018-02-26 14:42:49,710 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - https://www.apereo.org]>

2018-02-26 14:42:49,710 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - 

2018-02-26 14:42:49,710 INFO 
[org.apereo.cas.services.AbstractServicesManager] - 



I have two json files.





cas-services5.xml



{

  @class: org.apereo.cas.services.RegexRegisteredService

  serviceId: https://devcas5\.philasd\.org/cas-services/.*

  name: HTTPS

  id: 101

  description: HTTPS protocol wildcard service.

  evaluationOrder: 1000

}







And





cas-dashboard.xml





{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*) 
<https://devcass5.philasd.org/cas/status/dashboard(%5C%5Cz%7C/.*)> ",

  "name" : "CAS Admin Dashboard",

  "id" : 12

  "description" : "CAS dashboard and administrative endpoints",

  "evaluationOrder" : 1001

}





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List G

RE: [cas-user] Dashboard

[Cheltenham, Chris]

Ok , I guess I got mixed up with the $(cas.server) variable stuff in 
cas.properties.

So I set everything to the fqdn.



Now I get this url



https://devcas5.philasd.org/cas/status/dashboard?ticket=ST-3-hQduCqZgLwM3Scuh8r4Ry-5ctNo-devcas5



Now I get access denied ..





Here is admuser.properties



ccheltenham-ext=passwordnotused,ROLE_ADMIN





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Monday, February 26, 2018 9:58 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] Dashboard



Chris,



In the URL you posted:




  
https://devcas5.philasd.org/cas/status/$%7Bcas.server.prefix%7D/login?service=https%3A%2F%
 
 
2Fdevcas5.philasd.org%2Fcas%2Fstatus%2Fdashboard



what is this part:



$%7Bcas.server.prefix%7D



supposed to do?



Looks like maybe you have a typo somehwere. The URL should look like this:



 
https://casdev.newschool.edu/cas/login?service=https%3A%2F%2Fcasdev.newschool.edu%2Fcas%2Fstatus%2Fdashboard--Dave--DAVID
 A. CURRY, CISSPDIRECTOR OF INFORMATION SECURITYINFORMATION TECHNOLOGY71 FIFTH 
AVE., 9TH FL., NEW YORK, NY 10003+1 212 229-5300 x4728 •  
david.cu...@newschool.edu  
On Mon, 
Feb 26, 2018 at 9:52 AM, Cheltenham, Chrismailto:ccheltenham-...@philasd.org> > wrote:Actually I did not figure out my 
issueIf anyone know why I am getting page not found /satatus/dashboard please 
seebelow …===Thank You;Chris CheltenhamTechnology 
ServicesThe School District of PhiladelphiaWork # 215-400-5025Cell # 
215-301-6571From:   cas-user@apereo.org 
[mailto: cas-user@apereo.org] On Behalf Of 
Cheltenham,ChrisSent: Monday, February 26, 2018 9:36 AMTo:  
 cas-user@apereo.orgSubject: RE: [cas-user] 
DashboardI think I figured out that yes I do need a service Jason for the 
dashboard.Please disregard.===Thank You;Chris 
CheltenhamTechnology ServicesThe School District of PhiladelphiaWork # 
215-400-5025Cell # 215-301-6571From:   
cas-user@apereo.org [ mailto:cas-user@apereo.org] 
On Behalf OfCheltenham, ChrisSent: Monday, February 26, 2018 9:30 AMTo:  
 cas-user@apereo.orgSubject: [cas-user] 
DashboardUsing David Curry’s dashboard instructions I seem to have either 
missedsomething.I getPAGE Not Foundat this 
urlhttps://devcas5.philasd.org/cas/status/$%7Bcas.server.prefix%7D/login?service=https%3A%2F%2Fdevcas5.philasd.org%2Fcas%2Fstatus%2FdashboardDon’t
 I need a service for the dashboard in /etc/cas/services?Logs says I need a 
json I believe.Am I seeing this correctly?2018-02-26 09:17:32,241 
DEBUG[org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - 
https://devcas5.philasd.org/cas/status/dashboard>2018-02-26 09:17:51,235 
DEBUG[org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - 
https://devcas5.philasd.org/cas/status/dashboard>2018-02-26 09:21:13,277 
DEBUG[org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - 
https://devcas5.philasd.org/cas/status/dashboard>2018-02-26 09:23:10,111 
INFO[org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping] 
-org.apereo.cas.web.report.DashboardController.getEndpoints(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)>2018-02-26
 09:23:10,111 
INFO[org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping] 
-===Thank
 You;Chris CheltenhamTechnology ServicesThe School District of PhiladelphiaWork 
# 215-400-5025Cell # 215-301-6571--- Website: https://apereo.github.io/cas- 
Gitter Chatroom: https://gitter.im/apereo/cas- List Guidelines: 
https://goo.gl/1VRrw7- Contributions: https://goo.gl/mh7qDG---You received this 
message because you are subscribed to the Google Groups"CAS Community" group.To 
unsubscribe from this group and stop receiving emails from it, send anemail to 
cas-user+unsubscr...@apereo.org .To 
view this discussion on the web 
visithttps://groups.google.com/a/apereo.org/d/msgid/cas-user/001001d3af0e%24516b8440%24f4428cc0%24%40philasd.org
 .--- Website: https://apereo.github.io/cas- Gitter Chatroom: 
https://gitter.im/apereo/cas- List Guidelines: https://goo.gl/1VRrw7- 
Contributions: https://goo.gl/mh7qDG---You received this message because you 
are subscribed to the Google Groups"CAS Community" gr

RE: [cas-user] Dashboard

[Cheltenham, Chris]

David,



To answer the URL question.



It was coming from a variable setting in management.properties.

I took out all the variables for FQDN.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Monday, February 26, 2018 9:58 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] Dashboard



Chris,



In the URL you posted:




https://devcas5.philasd.org/cas/status/$%7Bcas.server.prefix%7D/login?service=https%3A%2F%2Fdevcas5.philasd.org
 
<http://2Fdevcas5.philasd.org> %2Fcas%2Fstatus%2Fdashboard



what is this part:



$%7Bcas.server.prefix%7D



supposed to do?



Looks like maybe you have a typo somehwere. The URL should look like this:



https://casdev.newschool.edu/cas/login?service=https%3A%2F%2Fcasdev.newschool.edu%2Fcas%2Fstatus%2Fdashboard



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Mon, Feb 26, 2018 at 9:52 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:



Actually I did not figure out my issue



If anyone know why I am getting page not found /satatus/dashboard please see 
below …



===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of 
Cheltenham, Chris
Sent: Monday, February 26, 2018 9:36 AM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: RE: [cas-user] Dashboard



I think I figured out that yes I do need a service Jason for the dashboard.

Please disregard.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org] On Behalf Of Cheltenham, Chris
Sent: Monday, February 26, 2018 9:30 AM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: [cas-user] Dashboard



Using David Curry’s dashboard instructions I seem to have either missed 
something.



I get



PAGE Not Found



at this url



https://devcas5.philasd.org/cas/status/$%7Bcas.server.prefix%7D/login?service=https%3A%2F%2Fdevcas5.philasd.org%2Fcas%2Fstatus%2Fdashboard



Don’t I need a service for the dashboard in /etc/cas/services?



Logs says I need a json I believe.

Am I seeing this correctly?



2018-02-26 09:17:32,241 DEBUG 
[org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - https://devcas5.philasd.org/cas/status/dashboard>

2018-02-26 09:17:51,235 DEBUG 
[org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - https://devcas5.philasd.org/cas/status/dashboard>

2018-02-26 09:21:13,277 DEBUG 
[org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - https://devcas5.philasd.org/cas/status/dashboard>

2018-02-26 09:23:10,111 INFO 
[org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping] - 
 
org.apereo.cas.web.report.DashboardController.getEndpoints(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)>

2018-02-26 09:23:10,111 INFO 
[org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping] - 






===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/001001d3af0e%24516b8440%24f4428cc0%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/001001d3af0e%24516b8440%24f4428cc0%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto

RE: [cas-user] /cas/status/dashboard

[Cheltenham, Chris]

Guys,



When I changed config to json , I get Application Not Authorized to use CAS.



I am not sure if that s good thing or not.



If I change json back to config, the portal will open.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Matthew 
Uribe
Sent: Monday, February 26, 2018 3:35 PM
To: CAS Community 
Subject: Re: [cas-user] /cas/status/dashboard



Chris,



I ran into the same problem. I added json files to /etc/cas/services but CAS 
was only reading those in the classpath/services directory.

I found that my problem was in my cas.properties:



Incorrect:

cas.serviceRegistry.config.location:   file:/etc/cas/services

Correct:

cas.serviceRegistry.json.location: file:/etc/cas/services


On Monday, February 26, 2018 at 12:50:26 PM UTC-7, Chris Cheltenham wrote:

David,



The only thing I can tell is that CAS is not seeing the json file from 
/etc/cas/services.

I created two and they never show up loaded in the logs.



Only the two default ones, I guess they are, show up.





2018-02-26 14:42:49,710 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - https://www.apereo.org]>

2018-02-26 14:42:49,710 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - 

2018-02-26 14:42:49,710 INFO 
[org.apereo.cas.services.AbstractServicesManager] - 



I have two json files.





cas-services5.xml



{

  @class: org.apereo.cas.services.RegexRegisteredService

  serviceId: https://devcas5\.philasd\.org/cas-services/.*

  name: HTTPS

  id: 101

  description: HTTPS protocol wildcard service.

  evaluationOrder: 1000

}







And





cas-dashboard.xml





{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*) 
 ",

  "name" : "CAS Admin Dashboard",

  "id" : 12

  "description" : "CAS dashboard and administrative endpoints",

  "evaluationOrder" : 1001

}





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
 .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/082beb1a-0cfc-4066-8c2b-d6e97284709f%40apereo.org
 

 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/004701d3afd2%2407b4d1c0%24171e7540%24%40philasd.org.

RE: [cas-user] /cas/status/dashboard

[Cheltenham, Chris]

David,



Re: cas.properties



I tried using the colon on every single line and I got all kinds of errors.

Mainly ssl errors ..



When I put the equals back in , it worked.



I am NOT saying you’re wrong nanny nanny poo poo …

I just saw a bunch of things break without the equals.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Tuesday, February 27, 2018 8:36 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] /cas/status/dashboard



You can use colons or equals signs, it doesn't matter. And whitespace 
between the property name and the property value is ignored (but whitespace 
at the end of the line is not).



https://docs.oracle.com/cd/E23095_01/Platform.93/ATGProgGuide/html/s0204propertiesfileformat01.html



Personally I like colons and columns that line up for readability, but 
that's me. The CAS team seems to like equals signs and no extra whitespace. 
You can use whichever format you're comfortable with, although I might 
suggest standardizing on one or the other just for sanity's sake. :-)



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Tue, Feb 27, 2018 at 8:11 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:

Thanks guys, I have the json service resitry dependency in both cas and 
cas-management pom.xml.



One thing that might be tripping me up here is when to use an “=” or is it a 
“:’



For example I have them mixed.



i.e.



cas.serviceRegistry.json.location:file:/etc/cas/services

or is it

cas.serviceRegistry.json.location = file:/etc/cas/services



and I am assuming those long blank spaces don’t mean anything.



I 95% am sure my problem is in the config files, I just not sure where.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of 
Kevin Liu
Sent: Monday, February 26, 2018 3:56 PM
To: CAS Community mailto:cas-user@apereo.org> >
Subject: Re: [cas-user] /cas/status/dashboard



I concur with Matthew. That was my issue too until I changed it. Then 
services started picking up.

On Monday, February 26, 2018 at 2:37:37 PM UTC-6, David Curry wrote:

But think of all the experience you're getting! :-)



Seriously, I know the feeling. I think we've all been there before.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
+1 212 229-5300 x4728 • david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Mon, Feb 26, 2018 at 3:35 PM, Cheltenham, Chris  
wrote:

I do , I will check everything again in the morning.



Thanks for your help.



It’s frustrating because I know it’s something stupid but I just don’t see 
it yet.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-...@apereo.org [mailto:cas-...@apereo.org] On Behalf Of David 
Curry
Sent: Monday, February 26, 2018 3:22 PM


To: cas-...@apereo.org
Subject: Re: [cas-user] /cas/status/dashboard



Do you have





org.apereo.cas

cas-server-support-json-service-registry

${cas.version}





in pom.xml and



cas.serviceRegistry.json.location:file:/etc/cas/services



in cas.properties?



If not, you need them. If so, then dig through the archives of this group in 
the last month or twol some other folks were having similar issues.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
+1 212 229-5300 x4728 • david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Mon, Feb 26, 2018 at 2:50 PM, Cheltenham, Chris  
wrote:

David,



The only thing I can tell is that CAS is not seeing the json file from 
/etc/cas/services.

I created two and they never show up loaded in the logs.



Only the two default ones, I guess they are, show up.





2018-02-26 14:42:49,710 DEBUG 
[

RE: [cas-user] /cas/status/dashboard

[Cheltenham, Chris]

Thanks guys, I have the json service resitry dependency in both cas and 
cas-management pom.xml.



One thing that might be tripping me up here is when to use an “=” or is it a 
“:’



For example I have them mixed.



i.e.



cas.serviceRegistry.json.location:file:/etc/cas/services

or is it

cas.serviceRegistry.json.location = file:/etc/cas/services



and I am assuming those long blank spaces don’t mean anything.



I 95% am sure my problem is in the config files, I just not sure where.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Kevin 
Liu
Sent: Monday, February 26, 2018 3:56 PM
To: CAS Community 
Subject: Re: [cas-user] /cas/status/dashboard



I concur with Matthew. That was my issue too until I changed it. Then 
services started picking up.

On Monday, February 26, 2018 at 2:37:37 PM UTC-6, David Curry wrote:

But think of all the experience you're getting! :-)



Seriously, I know the feeling. I think we've all been there before.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •   david.cu...@newschool.edu

  
<https://lh4.googleusercontent.com/proxy/kBxyNqPE_dwGnQ5_31vxODZ361V2PjQdxLgStd_Hjq6qhsUZ5Ls9wt8E7q_K2I1IH9Gl9beQOC7lRFhDZ6YS4RBwSzHk1J04dgKAuT9_k0gSpkU-gvRxyA=w5000-h5000>



On Mon, Feb 26, 2018 at 3:35 PM, Cheltenham, Chris  > wrote:

I do , I will check everything again in the morning.



Thanks for your help.



It’s frustrating because I know it’s something stupid but I just don’t see 
it yet.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-...@apereo.org   [mailto:cas-...@apereo.org 
 ] On Behalf Of David Curry
Sent: Monday, February 26, 2018 3:22 PM


To: cas-...@apereo.org 
Subject: Re: [cas-user] /cas/status/dashboard



Do you have





org.apereo.cas

cas-server-support-json-service-registry

${cas.version}





in pom.xml and



cas.serviceRegistry.json.location:file:/etc/cas/services



in cas.properties?



If not, you need them. If so, then dig through the archives of this group in 
the last month or twol some other folks were having similar issues.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
+1 212 229-5300 x4728 •   david.cu...@newschool.edu

  
<https://lh4.googleusercontent.com/proxy/kBxyNqPE_dwGnQ5_31vxODZ361V2PjQdxLgStd_Hjq6qhsUZ5Ls9wt8E7q_K2I1IH9Gl9beQOC7lRFhDZ6YS4RBwSzHk1J04dgKAuT9_k0gSpkU-gvRxyA=w5000-h5000>



On Mon, Feb 26, 2018 at 2:50 PM, Cheltenham, Chris  > wrote:

David,



The only thing I can tell is that CAS is not seeing the json file from 
/etc/cas/services.

I created two and they never show up loaded in the logs.



Only the two default ones, I guess they are, show up.





2018-02-26 14:42:49,710 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - https://www.apereo.org]>

2018-02-26 14:42:49,710 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - 

2018-02-26 14:42:49,710 INFO 
[org.apereo.cas.services.AbstractServicesManager] - 



I have two json files.





cas-services5.xml



{

  @class: org.apereo.cas.services.RegexRegisteredService

  serviceId: https://devcas5\.philasd\.org/cas-services/.*

  name: HTTPS

  id: 101

  description: HTTPS protocol wildcard service.

  evaluationOrder: 1000

}







And





cas-dashboard.xml





{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*) 
<https://devcass5.philasd.org/cas/status/dashboard(%5C%5Cz%7C/.*)> ",

  "name" : "CAS Admin Dashboard",

  "id" : 12

  "description" : "CAS dashboard and administrative endpoints",

  "evaluationOrder" : 1001

}





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-...@apereo.org   [mailto:cas-...@apereo.org 
 ] On Behalf Of David Curry
Sent: Monday, February 26, 2018 2:29 PM
To: cas-...@apereo.org 
Subject: Re: [cas-user] /cas/status/dashboard



I think we've been through most of these at one time or another, but to 
assemble them all in one place...



1. You have all of these:



# The /status endpoint is protected by IP address only.

cas.adminPagesSecurity.ip:  ...a valid regex to 

RE: [cas-user] /cas/status/dashboard

[Cheltenham, Chris]

I do , I will check everything again in the morning.



Thanks for your help.



It’s frustrating because I know it’s something stupid but I just don’t see 
it yet.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Monday, February 26, 2018 3:22 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] /cas/status/dashboard



Do you have





org.apereo.cas

cas-server-support-json-service-registry

${cas.version}





in pom.xml and



cas.serviceRegistry.json.location:file:/etc/cas/services



in cas.properties?



If not, you need them. If so, then dig through the archives of this group in 
the last month or twol some other folks were having similar issues.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Mon, Feb 26, 2018 at 2:50 PM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:

David,



The only thing I can tell is that CAS is not seeing the json file from 
/etc/cas/services.

I created two and they never show up loaded in the logs.



Only the two default ones, I guess they are, show up.





2018-02-26 14:42:49,710 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - https://www.apereo.org]>

2018-02-26 14:42:49,710 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - 

2018-02-26 14:42:49,710 INFO 
[org.apereo.cas.services.AbstractServicesManager] - 



I have two json files.





cas-services5.xml



{

  @class: org.apereo.cas.services.RegexRegisteredService

  serviceId: https://devcas5\.philasd\.org/cas-services/.*

  name: HTTPS

  id: 101

  description: HTTPS protocol wildcard service.

  evaluationOrder: 1000

}







And





cas-dashboard.xml





{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*) 
<https://devcass5.philasd.org/cas/status/dashboard(%5C%5Cz%7C/.*)> ",

  "name" : "CAS Admin Dashboard",

  "id" : 12

  "description" : "CAS dashboard and administrative endpoints",

  "evaluationOrder" : 1001

}





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of 
David Curry
Sent: Monday, February 26, 2018 2:29 PM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] /cas/status/dashboard



I think we've been through most of these at one time or another, but to 
assemble them all in one place...



1. You have all of these:



# The /status endpoint is protected by IP address only.

cas.adminPagesSecurity.ip:  ...a valid regex to match your 
authorized addresses...



# The /status/whatever endpoints are protected by the CAS server, using a

# list of admin users in "users.properties".

cas.adminPagesSecurity.loginUrl:${cas.server.prefix}/login

cas.adminPagesSecurity.service: 
${cas.server.prefix}/status/dashboard

cas.adminPagesSecurity.users: 
file:/etc/cas/config/users.properties



# Define an administrator role. (This is the default; you probably don't 
need to set it explicitly.)

cas.adminPagesSecurity.adminRoles[0]:   ROLE_ADMIN



# Enable the Spring Boot actuators as well as the CAS actuators.

cas.adminPagesSecurity.actuatorEndpointsEnabled:true

cas.monitor.endpoints.enabled:  true

endpoints.enabled:  true



# Marking the endpoints "sensitive" would protect them with Spring Security;

# we want to protect them with the CAS server.

cas.monitor.endpoints.sensitive:false

endpoints.sensitive:false



2. You have a service definition that allows the dashboard to authenticate 
via CAS:



{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : 
"^https://your.cas.server.host.and.port.here/cas/status/dashboard(\\z|/.*) 
<https://your.cas.server.host.and.port.here/cas/status/dashboard(/z%7C/.*)> 
",

  "name" : "CAS Admin Dashboard",

  "id" : 123456789,

  "description" : "CAS dashboard and administrative endpoints",

  "evaluationOrder" : 1234

}



3. You're sure that the "ccheltenham-ext" user can succ

RE: [cas-user] /cas/status/dashboard

[Cheltenham, Chris]

David,



The only thing I can tell is that CAS is not seeing the json file from 
/etc/cas/services.

I created two and they never show up loaded in the logs.



Only the two default ones, I guess they are, show up.





2018-02-26 14:42:49,710 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - https://www.apereo.org]>

2018-02-26 14:42:49,710 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - 

2018-02-26 14:42:49,710 INFO 
[org.apereo.cas.services.AbstractServicesManager] - 



I have two json files.





cas-services5.xml



{

  @class: org.apereo.cas.services.RegexRegisteredService

  serviceId: https://devcas5\.philasd\.org/cas-services/.*

  name: HTTPS

  id: 101

  description: HTTPS protocol wildcard service.

  evaluationOrder: 1000

}







And





cas-dashboard.xml





{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : 
"^https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*)",

  "name" : "CAS Admin Dashboard",

  "id" : 12

  "description" : "CAS dashboard and administrative endpoints",

  "evaluationOrder" : 1001

}





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Monday, February 26, 2018 2:29 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] /cas/status/dashboard



I think we've been through most of these at one time or another, but to 
assemble them all in one place...



1. You have all of these:



# The /status endpoint is protected by IP address only.

cas.adminPagesSecurity.ip:  ...a valid regex to match your 
authorized addresses...



# The /status/whatever endpoints are protected by the CAS server, using a

# list of admin users in "users.properties".

cas.adminPagesSecurity.loginUrl:${cas.server.prefix}/login

cas.adminPagesSecurity.service: 
${cas.server.prefix}/status/dashboard

cas.adminPagesSecurity.users: 
file:/etc/cas/config/users.properties



# Define an administrator role. (This is the default; you probably don't 
need to set it explicitly.)

cas.adminPagesSecurity.adminRoles[0]:   ROLE_ADMIN



# Enable the Spring Boot actuators as well as the CAS actuators.

cas.adminPagesSecurity.actuatorEndpointsEnabled:true

cas.monitor.endpoints.enabled:  true

endpoints.enabled:  true



# Marking the endpoints "sensitive" would protect them with Spring Security;

# we want to protect them with the CAS server.

cas.monitor.endpoints.sensitive:false

endpoints.sensitive:false



2. You have a service definition that allows the dashboard to authenticate 
via CAS:



{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : 
"^https://your.cas.server.host.and.port.here/cas/status/dashboard(\\z|/.*) 
<https://your.cas.server.host.and.port.here/cas/status/dashboard(/z|/.*)> ",

  "name" : "CAS Admin Dashboard",

  "id" : 123456789,

  "description" : "CAS dashboard and administrative endpoints",

  "evaluationOrder" : 1234

}



3. You're sure that the "ccheltenham-ext" user can successfully authenticate 
via CAS. Go to https:/yourserver/cas/login to check. (Even if you're "sure," 
check it anyway, just to remove it from the equation.)



4. You're attempting to access the dashboard from an IP address that matches 
the pattern configured in cas.adminPagesSecurity.ip.



All of that together ought to do it. If it doesn't, change the CAS logging 
level to "debug" and see what you get in cas.log



--Dave








--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Mon, Feb 26, 2018 at 2:04 PM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:



Hello,



I have been stuggling with access denied on the dashboard



-  users.properties only has the following.



ccheltenham-ext=passwordnotused,ROLE_ADMIN



What else could I have misconfigured?







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Group

[cas-user] /cas/status/dashboard

[Cheltenham, Chris]

Hello,

 

I have been stuggling with access denied on the dashboard

 

-  users.properties only has the following.

 

ccheltenham-ext=passwordnotused,ROLE_ADMIN

 

What else could I have misconfigured?

 

 

 

===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00a001d3af34%24a1de58a0%24e59b09e0%24%40philasd.org.

RE: [cas-user] Dashboard

[Cheltenham, Chris]

Actually I did not figure out my issue



If anyone know why I am getting page not found /satatus/dashboard please see 
below …



===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of 
Cheltenham, Chris
Sent: Monday, February 26, 2018 9:36 AM
To: cas-user@apereo.org
Subject: RE: [cas-user] Dashboard



I think I figured out that yes I do need a service Jason for the dashboard.

Please disregard.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org] On Behalf Of Cheltenham, Chris
Sent: Monday, February 26, 2018 9:30 AM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: [cas-user] Dashboard



Using David Curry’s dashboard instructions I seem to have either missed 
something.



I get



PAGE Not Found



at this url



https://devcas5.philasd.org/cas/status/$%7Bcas.server.prefix%7D/login?service=https%3A%2F%2Fdevcas5.philasd.org%2Fcas%2Fstatus%2Fdashboard



Don’t I need a service for the dashboard in /etc/cas/services?



Logs says I need a json I believe.

Am I seeing this correctly?



2018-02-26 09:17:32,241 DEBUG 
[org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - https://devcas5.philasd.org/cas/status/dashboard>

2018-02-26 09:17:51,235 DEBUG 
[org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - https://devcas5.philasd.org/cas/status/dashboard>

2018-02-26 09:21:13,277 DEBUG 
[org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - https://devcas5.philasd.org/cas/status/dashboard>

2018-02-26 09:23:10,111 INFO 
[org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping] - 
 
org.apereo.cas.web.report.DashboardController.getEndpoints(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)>

2018-02-26 09:23:10,111 INFO 
[org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping] - 






===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/001001d3af0e%24516b8440%24f4428cc0%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/001001d3af0e%24516b8440%24f4428cc0%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/001e01d3af0f%2418794f90%24496beeb0%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/001e01d3af0f%2418794f90%24496beeb0%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/002e01d3af11%2469e3adb0%243dab0910%24%40philasd.org.

RE: [cas-user] Dashboard

[Cheltenham, Chris]

I think I figured out that yes I do need a service Jason for the dashboard.

Please disregard.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of 
Cheltenham, Chris
Sent: Monday, February 26, 2018 9:30 AM
To: cas-user@apereo.org
Subject: [cas-user] Dashboard



Using David Curry’s dashboard instructions I seem to have either missed 
something.



I get



PAGE Not Found



at this url



https://devcas5.philasd.org/cas/status/$%7Bcas.server.prefix%7D/login?service=https%3A%2F%2Fdevcas5.philasd.org%2Fcas%2Fstatus%2Fdashboard



Don’t I need a service for the dashboard in /etc/cas/services?



Logs says I need a json I believe.

Am I seeing this correctly?



2018-02-26 09:17:32,241 DEBUG 
[org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - https://devcas5.philasd.org/cas/status/dashboard>

2018-02-26 09:17:51,235 DEBUG 
[org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - https://devcas5.philasd.org/cas/status/dashboard>

2018-02-26 09:21:13,277 DEBUG 
[org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - https://devcas5.philasd.org/cas/status/dashboard>

2018-02-26 09:23:10,111 INFO 
[org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping] - 
 
org.apereo.cas.web.report.DashboardController.getEndpoints(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)>

2018-02-26 09:23:10,111 INFO 
[org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping] - 






===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/001001d3af0e%24516b8440%24f4428cc0%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/001001d3af0e%24516b8440%24f4428cc0%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/001e01d3af0f%2418794f90%24496beeb0%24%40philasd.org.

[cas-user] Dashboard

[Cheltenham, Chris]

Using David Curry's dashboard instructions I seem to have either missed
something.

 

I get 

 

PAGE Not Found 

 

at this url

 

https://devcas5.philasd.org/cas/status/$%7Bcas.server.prefix%7D/login?serv
ice=https%3A%2F%2Fdevcas5.philasd.org%2Fcas%2Fstatus%2Fdashboard

 

Don't I need a service for the dashboard in /etc/cas/services?

 

Logs says I need a json I believe.

Am I seeing this correctly?

 

2018-02-26 09:17:32,241 DEBUG
[org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - https://devcas5.philasd.org/cas/status/dashboard>

2018-02-26 09:17:51,235 DEBUG
[org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - https://devcas5.philasd.org/cas/status/dashboard>

2018-02-26 09:21:13,277 DEBUG
[org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - https://devcas5.philasd.org/cas/status/dashboard>

2018-02-26 09:23:10,111 INFO
[org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping] -

org.apereo.cas.web.report.DashboardController.getEndpoints(javax.servlet.h
ttp.HttpServletRequest,javax.servlet.http.HttpServletResponse)>

2018-02-26 09:23:10,111 INFO
[org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping] -


 

 

===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/001001d3af0e%24516b8440%24f4428cc0%24%40philasd.org.

RE: [cas-user] pay forward?

[Cheltenham, Chris]

Hello Michael,





I work for Philadelphia School District K thru 12.



We may be interested in the hours of part of them perhaps.



What do we need to do ?





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Michael 
O Holstein
Sent: Friday, February 23, 2018 2:39 PM
To: cas-user@apereo.org
Subject: [cas-user] pay forward?



Our annual contract with Unicon is going to renew here in a bit, and we have 
a bunch of unused consulting hours which are for features and whatnot. I'm 
sure if they're not cool with this I'll get told shortly but here's what I'm 
proposing ..



I'll bet there's a couple others in the same boat .. since you can't roll it 
.. might as well donate it.



If there's a feature that everybody thinks would be neat, or some similar 
such thing that we don't need but would collectively benefit (which happens 
regardless, eventually .. if you've read the contract) .. we propose ..



Come up with something, we'll donate our hours remaining (40 something?) to 
it .. we get new block next year anyway. If that covers it, great .. if not, 
perhaps others will agree with the idea and it'll get done collectively. But 
as long as Unicon is cool with this we're game. Yay open source, etc.



Suggestions? Needs to be well-scoped though, so if you've thought it through 
but couldn't get funding, here's your chance.



Michael Holstein CISSP

Mgr. Network & Data Security

Cleveland State University





-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
 .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/DM2PR0801MB0863C082C73ACC125861182783CC0%40DM2PR0801MB0863.namprd08.prod.outlook.com
 

 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/003601d3af03%244bc28bc0%24e347a340%24%40philasd.org.

[cas-user] mahe CAS 5 ory structure in tven question

[Cheltenham, Chris]

Hello eveyone. 

I have a maven question. 

With CAS 4, we git cloned the github repo cas overlay. 

Did the same with CAS 5. 

Why do I not have a /src directory structure in the CAS 5 overlay? 

I get the source and target directory in theory. 




=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/31846232.103617.1519509224143.JavaMail.zimbra%40philasd.org.

RE: [cas-user] CAS5 management

[Cheltenham, Chris]

Oh right , you do have good docs.



Thanks



Someone should pay you for them.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Friday, February 23, 2018 1:48 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS5 management





The /status endpoint (but not the endpoints underneath it) is only protected 
by an IP address pattern. You need to set the cas.adminPagesSecurity.ip 
property to a regular expression that matches the IP address(es) you want to 
allow access from.



See 
https://dacurry-tns.github.io/deploying-apereo-cas/building_server_dashboard_configure-admin-pages-properties.html#configure-endpoint-security
 
for an example.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 12:33 PM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:

David,



Along the same lines,



/cas/status says access denied.



Is a different file?





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of 
David Curry
Sent: Friday, February 23, 2018 10:52 AM


To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] CAS5 management



Admin pages is the /status/dashboard stuff (and all the things underneath). 
The access to that is controlled with a user.properties file as well.



The format is what I gave you in the earlier email. So for casuser, it would 
be



casuser=passwordnotused,ROLE_ADMIN



or equivalently,



casuser=empty,ROLE_ADMIN



I should note that the password field (the first field after the "=") is 
only "not used" if you're using CAS to authenticate access to the management 
webapp (which I assume you are).



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:47 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:

David,



I honestly don’t know what you mean.



What admin pages?



And how should this be formatted?



casuser=ROLE_ADMIN,enabled







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From:  <mailto:cas-user@apereo.org> cas-user@apereo.org [mailto: 
<mailto:cas-user@apereo.org> cas-user@apereo.org] On Behalf Of David Curry
Sent: Friday, February 23, 2018 10:33 AM
To:  <mailto:cas-user@apereo.org> cas-user@apereo.org
Subject: Re: [cas-user] CAS5 management



Your users.properties file is not formatted correctly. It's the same format 
(and in fact can be the same file) as the one for the admin pages:



# The syntax for each line is:

#

# username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]

#

gnarls=passwordnotused,ROLE_ADMIN



The above allows a user named "gnarls" to have access.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

 
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>71
 FIFTH AVE., 9TH FL., NEW YORK, NY 10003+1 212 229-5300 x4728 •  
<mailto:david.cu...@newschool.edu>david.cu...@newschool.edu  
<http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>On Fri, 
Feb 23, 2018 at 10:28 AM, Cheltenham, Chrismailto:ccheltenham-...@philasd.org> > wrote:Hello Everyone,Still having 
problems with access denied on /cas-managementI turned on DEBUG and I see this 
in the logs.22T13:22:12.379-05:00[America/New_York], 
authenticationMethod=Employee-LDAP,successfulAuthenticationHandlers=Employee-LDAP,longTermAuthenticationRequestTokenUsed=false}
 | roles: [] | permissions: []| isRemembered: false | clientName: CasClient 
|linkedId: null |] does not contain the required role [ROLE_ADMIN]My 
users.properties files look thusly – casuser=ROLE_ADMIN,and yes 
ROLE_ADMIN is stated in the management.properties file. 
cas.mgmt.adminRoles[0]=ROLE_ADMINThere is a Json file in /

RE: [cas-user] CAS5 management

[Cheltenham, Chris]

Oh ok , this is CentOs.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Ray Bon
Sent: Friday, February 23, 2018 12:48 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS5 management



Chris,



Check your service registry entry.



Ray



On Fri, 2018-02-23 at 12:33 -0500, Cheltenham, Chris wrote:

David,



Along the same lines,



/cas/status says access denied.



Is a different file?





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org] On Behalf Of David Curry
Sent: Friday, February 23, 2018 10:52 AM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] CAS5 management



Admin pages is the /status/dashboard stuff (and all the things underneath). 
The access to that is controlled with a user.properties file as well.



The format is what I gave you in the earlier email. So for casuser, it would 
be



casuser=passwordnotused,ROLE_ADMIN



or equivalently,



casuser=empty,ROLE_ADMIN



I should note that the password field (the first field after the "=") is 
only "not used" if you're using CAS to authenticate access to the management 
webapp (which I assume you are).



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:47 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:

David,



I honestly don’t know what you mean.



What admin pages?



And how should this be formatted?



casuser=ROLE_ADMIN,enabled







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From:  <mailto:cas-user@apereo.org> cas-user@apereo.org [mailto: 
<mailto:cas-user@apereo.org> cas-user@apereo.org] On Behalf Of David Curry
Sent: Friday, February 23, 2018 10:33 AM
To:  <mailto:cas-user@apereo.org> cas-user@apereo.org
Subject: Re: [cas-user] CAS5 management



Your users.properties file is not formatted correctly. It's the same format 
(and in fact can be the same file) as the one for the admin pages:



# The syntax for each line is:

#

# username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]

#

gnarls=passwordnotused,ROLE_ADMIN



The above allows a user named "gnarls" to have access.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

 
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>71
 FIFTH AVE., 9TH FL., NEW YORK, NY 10003+1 212 229-5300 x4728 •  
<mailto:david.cu...@newschool.edu>david.cu...@newschool.edu  
<http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>On Fri, 
Feb 23, 2018 at 10:28 AM, Cheltenham, Chrismailto:ccheltenham-...@philasd.org> > wrote:Hello Everyone,Still having 
problems with access denied on /cas-managementI turned on DEBUG and I see this 
in the logs.22T13:22:12.379-05:00[America/New_York], 
authenticationMethod=Employee-LDAP,successfulAuthenticationHandlers=Employee-LDAP,longTermAuthenticationRequestTokenUsed=false}
 | roles: [] | permissions: []| isRemembered: false | clientName: CasClient 
|linkedId: null |] does not contain the required role [ROLE_ADMIN]My 
users.properties files look thusly – casuser=ROLE_ADMIN,and yes 
ROLE_ADMIN is stated in the management.properties file. 
cas.mgmt.adminRoles[0]=ROLE_ADMINThere is a Json file in /etc/cas/services or 
the users.properties file.That is stated in cas.properties   
cas.serviceRegistry.config.location=file:/etc/cas/servicesIs there a way to 
format the users. Properties file so anyone can use themanagement 
portal?===Thank You;Chris CheltenhamTechnology 
ServicesThe School District of PhiladelphiaWork # 215-400-5025Cell # 
215-301-6571--- Website: https://apereo.github.io/cas- Gitter Chatroom: 
https://gitter.im/apereo/cas- List Guidelines: https://goo.gl/1VRrw7- 
Contributions: https://goo.gl/mh7qDG---You received this message because you 
are subscribed to the Google Groups"CAS Community" group.To unsubscribe from 
this group and stop receiving emails from it, send anemail to 
cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org> .To 
view this discussion on the web 
visithttps://groups.google.com/a/apereo.org/d/msgid/cas-user/008301d3a

RE: [cas-user] CAS 5.2

[Cheltenham, Chris]

Ray,



I appreciate that but I don’t know what you mean.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Ray Bon
Sent: Friday, February 23, 2018 12:36 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS 5.2



Chris,



cas.view.defaultRedirectUrl=



Ray



On Fri, 2018-02-23 at 08:36 -0500, Cheltenham, Chris wrote:

Hello Everyone,



I am sure most folks change the default landing page AFTER you get login to 
work.



It looks like it lands on a page called casGenericSuccessView.html.



My question is how do you change that page?







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca <mailto:r...@uvic.ca>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1519407337.1765.69.camel%40uvic.ca
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/1519407337.1765.69.camel%40uvic.ca?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/010b01d3accd%24c02af430%244080dc90%24%40philasd.org.

RE: [cas-user] CAS5 management

[Cheltenham, Chris]

David,



Along the same lines,



/cas/status says access denied.



Is a different file?





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Friday, February 23, 2018 10:52 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS5 management



Admin pages is the /status/dashboard stuff (and all the things underneath). 
The access to that is controlled with a user.properties file as well.



The format is what I gave you in the earlier email. So for casuser, it would 
be



casuser=passwordnotused,ROLE_ADMIN



or equivalently,



casuser=empty,ROLE_ADMIN



I should note that the password field (the first field after the "=") is 
only "not used" if you're using CAS to authenticate access to the management 
webapp (which I assume you are).



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:47 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:

David,



I honestly don’t know what you mean.



What admin pages?



And how should this be formatted?



casuser=ROLE_ADMIN,enabled







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From:  <mailto:cas-user@apereo.org> cas-user@apereo.org [mailto: 
<mailto:cas-user@apereo.org> cas-user@apereo.org] On Behalf Of David Curry
Sent: Friday, February 23, 2018 10:33 AM
To:  <mailto:cas-user@apereo.org> cas-user@apereo.org
Subject: Re: [cas-user] CAS5 management



Your users.properties file is not formatted correctly. It's the same format 
(and in fact can be the same file) as the one for the admin pages:



# The syntax for each line is:

#

# username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]

#

gnarls=passwordnotused,ROLE_ADMIN



The above allows a user named "gnarls" to have access.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

 
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>71
 FIFTH AVE., 9TH FL., NEW YORK, NY 10003+1 212 229-5300 x4728 •  
<mailto:david.cu...@newschool.edu>david.cu...@newschool.edu  
<http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>On Fri, 
Feb 23, 2018 at 10:28 AM, Cheltenham, Chrismailto:ccheltenham-...@philasd.org> > wrote:Hello Everyone,Still having 
problems with access denied on /cas-managementI turned on DEBUG and I see this 
in the logs.22T13:22:12.379-05:00[America/New_York], 
authenticationMethod=Employee-LDAP,successfulAuthenticationHandlers=Employee-LDAP,longTermAuthenticationRequestTokenUsed=false}
 | roles: [] | permissions: []| isRemembered: false | clientName: CasClient 
|linkedId: null |] does not contain the required role [ROLE_ADMIN]My 
users.properties files look thusly – casuser=ROLE_ADMIN,and yes 
ROLE_ADMIN is stated in the management.properties file. 
cas.mgmt.adminRoles[0]=ROLE_ADMINThere is a Json file in /etc/cas/services or 
the users.properties file.That is stated in cas.properties   
cas.serviceRegistry.config.location=file:/etc/cas/servicesIs there a way to 
format the users. Properties file so anyone can use themanagement 
portal?===Thank You;Chris CheltenhamTechnology 
ServicesThe School District of PhiladelphiaWork # 215-400-5025Cell # 
215-301-6571--- Website: https://apereo.github.io/cas- Gitter Chatroom: 
https://gitter.im/apereo/cas- List Guidelines: https://goo.gl/1VRrw7- 
Contributions: https://goo.gl/mh7qDG---You received this message because you 
are subscribed to the Google Groups"CAS Community" group.To unsubscribe from 
this group and stop receiving emails from it, send anemail to 
cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org> .To 
view this discussion on the web 
visithttps://groups.google.com/a/apereo.org/d/msgid/cas-user/008301d3acba%24f0e4fe30%24d2aefa90%24%40philasd.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/008301d3acba%24f0e4fe30%24d2aefa90%24%40philasd.org?utm_medium=email&utm_source=footer>
 .--- Website: https://apereo.github.io/cas- Gitter Chatroom: 
https://gitter.im/apereo/cas- List Guidelines: https://goo.gl/1VRrw7- 
Contributions: https://goo.gl/mh7qDG---You received this message because you 
are subscribed to the Google Groups"CAS Community" group.To unsubscribe from 
this group and stop receiving emails from it, send anemail to

RE: [cas-user] CAS5 management

[Cheltenham, Chris]

Perfect David,



I cannot tell you how many different combination of that user.properties 
files I tried to no avail.



Thanks again





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Friday, February 23, 2018 10:58 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS5 management



As for the cheesiness of it, I believe it's inherited from Spring Security 
(which is an alternative way you can protect the management webapp):



https://docs.spring.io/spring-security/site/docs/2.0.x/reference/html/authentication-common-auth-services.html



So blame them, not the CAS project. :-)



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:53 AM, David Curry mailto:david.cu...@newschool.edu> > wrote:

You still need the (unused) password in there, like this:



ccheltenham-ext=notused,ROLE_ADMIN,enabled



(and you don't really need the "enabled"). Note that "ccheltenham-ext" 
should then be a user that can authenticate via CAS, since you're protecting 
the management webapp with CAS.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:51 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:

Ok I see David,



So I tried this and still doesn’t work.



ccheltenham-ext=ROLE_ADMIN,enabled



I gotta say this is a really stupid and cheesy way to do this.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of 
David Curry
Sent: Friday, February 23, 2018 10:48 AM


To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] CAS5 management



Gnarls the Narwhal is The New School's mascot.



https://www.newschool.edu/recreation/where-is-gnarls/



I wanted a "dummy" account to use in my CAS testing and documentation, and 
"casuser" was already taken, so... :-)



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:42 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:

Thanks David,



What is gnarls?







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of 
David Curry
Sent: Friday, February 23, 2018 10:33 AM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] CAS5 management



Your users.properties file is not formatted correctly. It's the same format 
(and in fact can be the same file) as the one for the admin pages:



# The syntax for each line is:

#

# username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]

#

gnarls=passwordnotused,ROLE_ADMIN



The above allows a user named "gnarls" to have access.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:28 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:



Hello Everyone,



Still having problems with access denied on /cas-management



I turned on DEBUG and I see this in the logs.



22T13:22:12.379-05:00[America/New_York], authenticationMethod=Employee-LDAP, 
successfulAuthenticationHandlers=Empl

RE: [cas-user] CAS5 management

[Cheltenham, Chris]

Thanks again  David,



Yeah I am sure its spring.

I wasn’t; beating up anyone in particular.



Mostly out of frustration that switching a few words around makes all the 
difference and I have no clue what the combination is.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Friday, February 23, 2018 10:58 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS5 management



As for the cheesiness of it, I believe it's inherited from Spring Security 
(which is an alternative way you can protect the management webapp):



https://docs.spring.io/spring-security/site/docs/2.0.x/reference/html/authentication-common-auth-services.html



So blame them, not the CAS project. :-)



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:53 AM, David Curry mailto:david.cu...@newschool.edu> > wrote:

You still need the (unused) password in there, like this:



ccheltenham-ext=notused,ROLE_ADMIN,enabled



(and you don't really need the "enabled"). Note that "ccheltenham-ext" 
should then be a user that can authenticate via CAS, since you're protecting 
the management webapp with CAS.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:51 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:

Ok I see David,



So I tried this and still doesn’t work.



ccheltenham-ext=ROLE_ADMIN,enabled



I gotta say this is a really stupid and cheesy way to do this.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of 
David Curry
Sent: Friday, February 23, 2018 10:48 AM


To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] CAS5 management



Gnarls the Narwhal is The New School's mascot.



https://www.newschool.edu/recreation/where-is-gnarls/



I wanted a "dummy" account to use in my CAS testing and documentation, and 
"casuser" was already taken, so... :-)



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:42 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:

Thanks David,



What is gnarls?







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of 
David Curry
Sent: Friday, February 23, 2018 10:33 AM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] CAS5 management



Your users.properties file is not formatted correctly. It's the same format 
(and in fact can be the same file) as the one for the admin pages:



# The syntax for each line is:

#

# username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]

#

gnarls=passwordnotused,ROLE_ADMIN



The above allows a user named "gnarls" to have access.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:28 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:



Hello Everyone,



Still having problems with access denied on /cas-management



I turned on DEBUG and I see this in the logs.



22T13:22:12.379-05:00[Ameri

RE: [cas-user] CAS5 management

[Cheltenham, Chris]

Ok I see David,



So I tried this and still doesn’t work.



ccheltenham-ext=ROLE_ADMIN,enabled



I gotta say this is a really stupid and cheesy way to do this.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Friday, February 23, 2018 10:48 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS5 management



Gnarls the Narwhal is The New School's mascot.



https://www.newschool.edu/recreation/where-is-gnarls/



I wanted a "dummy" account to use in my CAS testing and documentation, and 
"casuser" was already taken, so... :-)



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:42 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:

Thanks David,



What is gnarls?







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of 
David Curry
Sent: Friday, February 23, 2018 10:33 AM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] CAS5 management



Your users.properties file is not formatted correctly. It's the same format 
(and in fact can be the same file) as the one for the admin pages:



# The syntax for each line is:

#

# username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]

#

gnarls=passwordnotused,ROLE_ADMIN



The above allows a user named "gnarls" to have access.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:28 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:



Hello Everyone,



Still having problems with access denied on /cas-management



I turned on DEBUG and I see this in the logs.



22T13:22:12.379-05:00[America/New_York], authenticationMethod=Employee-LDAP, 
successfulAuthenticationHandlers=Employee-LDAP,

longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: [] 
| isRemembered: false | clientName: CasClient |

linkedId: null |] does not contain the required role [ROLE_ADMIN]





My users.properties files look thusly –

 casuser=ROLE_ADMIN,



and yes ROLE_ADMIN is stated in the management.properties file.

 cas.mgmt.adminRoles[0]=ROLE_ADMIN



There is a Json file in /etc/cas/services or the users.properties file.



That is stated in cas.properties

   cas.serviceRegistry.config.location=file:/etc/cas/services



Is there a way to format the users. Properties file so anyone can use the 
management portal?







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/008301d3acba%24f0e4fe30%24d2aefa90%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/008301d3acba%24f0e4fe30%24d2aefa90%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .

To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOZfm-azTX0TzCFs7AYmY2DkvNLF%

RE: [cas-user] CAS5 management

[Cheltenham, Chris]

David,



I honestly don’t know what you mean.



What admin pages?



And how should this be formatted?



casuser=ROLE_ADMIN,enabled







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Friday, February 23, 2018 10:33 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS5 management



Your users.properties file is not formatted correctly. It's the same format 
(and in fact can be the same file) as the one for the admin pages:



# The syntax for each line is:

#

# username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]

#

gnarls=passwordnotused,ROLE_ADMIN



The above allows a user named "gnarls" to have access.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:28 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:



Hello Everyone,



Still having problems with access denied on /cas-management



I turned on DEBUG and I see this in the logs.



22T13:22:12.379-05:00[America/New_York], authenticationMethod=Employee-LDAP, 
successfulAuthenticationHandlers=Employee-LDAP,

longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: [] 
| isRemembered: false | clientName: CasClient |

linkedId: null |] does not contain the required role [ROLE_ADMIN]





My users.properties files look thusly –

 casuser=ROLE_ADMIN,



and yes ROLE_ADMIN is stated in the management.properties file.

 cas.mgmt.adminRoles[0]=ROLE_ADMIN



There is a Json file in /etc/cas/services or the users.properties file.



That is stated in cas.properties

   cas.serviceRegistry.config.location=file:/etc/cas/services



Is there a way to format the users. Properties file so anyone can use the 
management portal?







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/008301d3acba%24f0e4fe30%24d2aefa90%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/008301d3acba%24f0e4fe30%24d2aefa90%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOZfm-azTX0TzCFs7AYmY2DkvNLF%2Bv82mJqicSZntatMA%40mail.gmail.com
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOZfm-azTX0TzCFs7AYmY2DkvNLF%2Bv82mJqicSZntatMA%40mail.gmail.com?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00a301d3acbd%249552e2f0%24bff8a8d0%24%40philasd.org.

RE: [cas-user] CAS5 management

[Cheltenham, Chris]

Thanks David,



What is gnarls?







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Friday, February 23, 2018 10:33 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS5 management



Your users.properties file is not formatted correctly. It's the same format 
(and in fact can be the same file) as the one for the admin pages:



# The syntax for each line is:

#

# username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]

#

gnarls=passwordnotused,ROLE_ADMIN



The above allows a user named "gnarls" to have access.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 23, 2018 at 10:28 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:



Hello Everyone,



Still having problems with access denied on /cas-management



I turned on DEBUG and I see this in the logs.



22T13:22:12.379-05:00[America/New_York], authenticationMethod=Employee-LDAP, 
successfulAuthenticationHandlers=Employee-LDAP,

longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: [] 
| isRemembered: false | clientName: CasClient |

linkedId: null |] does not contain the required role [ROLE_ADMIN]





My users.properties files look thusly –

 casuser=ROLE_ADMIN,



and yes ROLE_ADMIN is stated in the management.properties file.

 cas.mgmt.adminRoles[0]=ROLE_ADMIN



There is a Json file in /etc/cas/services or the users.properties file.



That is stated in cas.properties

   cas.serviceRegistry.config.location=file:/etc/cas/services



Is there a way to format the users. Properties file so anyone can use the 
management portal?







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/008301d3acba%24f0e4fe30%24d2aefa90%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/008301d3acba%24f0e4fe30%24d2aefa90%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOZfm-azTX0TzCFs7AYmY2DkvNLF%2Bv82mJqicSZntatMA%40mail.gmail.com
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOZfm-azTX0TzCFs7AYmY2DkvNLF%2Bv82mJqicSZntatMA%40mail.gmail.com?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/009501d3acbc%24e8d7c400%24ba874c00%24%40philasd.org.

[cas-user] CAS5 management

[Cheltenham, Chris]

Hello Everyone,

 

Still having problems with access denied on /cas-management

 

I turned on DEBUG and I see this in the logs.

 

22T13:22:12.379-05:00[America/New_York],
authenticationMethod=Employee-LDAP,
successfulAuthenticationHandlers=Employee-LDAP, 

longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions:
[] | isRemembered: false | clientName: CasClient | 

linkedId: null |] does not contain the required role [ROLE_ADMIN]

 

 

My users.properties files look thusly -

 casuser=ROLE_ADMIN,

 

and yes ROLE_ADMIN is stated in the management.properties file.

 cas.mgmt.adminRoles[0]=ROLE_ADMIN

 

There is a Json file in /etc/cas/services or the users.properties file.

 

That is stated in cas.properties

   cas.serviceRegistry.config.location=file:/etc/cas/services

 

Is there a way to format the users. Properties file so anyone can use the
management portal?

 

 

 

===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/008301d3acba%24f0e4fe30%24d2aefa90%24%40philasd.org.

[cas-user] CAS 5.2

[Cheltenham, Chris]

Hello Everyone,

 

I am sure most folks change the default landing page AFTER you get login
to work.

 

It looks like it lands on a page called casGenericSuccessView.html.

 

My question is how do you change that page?

 

 

 

===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/002f01d3acab%243f965c00%24bec31400%24%40philasd.org.

RE: [cas-user] [5.2] Dashboard - Application Not Authorized to Use CAS

[Cheltenham, Chris]

Man,



I don’t know what that means.



===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Man H
Sent: Tuesday, February 20, 2018 11:36 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] [5.2] Dashboard - Application Not Authorized to Use 
CAS



This should be another thread since dashboard is not the same as 
cas-management.

Make it a service

El martes, 20 de febrero de 2018, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > 
escribió:

Hello Everyone,



I am getting access denied on the /cas-management

It appears CAS 5 is a bit different from 4



Does anyone know why I am getting access denied to the management stuff?







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of 
David Curry
Sent: Tuesday, February 20, 2018 8:48 AM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] [5.2] Dashboard - Application Not Authorized to Use 
CAS



Assuming "the services directory" means you're trying to use an external 
directory full of JSON service definitions, do you have





org.apereo.cas

cas-server-support-json-service-registry

${cas.version}





in your pom.xml and



cas.serviceRegistry.json.location:file:/etc/cas/services



(whatever directory path you want) in cas.properties?



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Tue, Feb 20, 2018 at 8:41 AM, Kevin Liu mailto:annihil8...@gmail.com> > wrote:

I've added and it looks like CAS is just not picking up on any of the 
services directory. It doesn't show as registering the service.



On Monday, February 19, 2018 at 12:55:18 PM UTC-6, rbon wrote:

Put these into the log config to verify that the services you want are 
correct:





















Ray



On Mon, 2018-02-19 at 09:24 -0800, Kevin Liu wrote:

I'm trying to access https://xxx.xxx.xxx.xxx:/cas1/status/dashboard

On Monday, February 19, 2018 at 11:01:33 AM UTC-6, rbon wrote:

Kevin,



What is the URL that you are trying to access?



Ray



On Mon, 2018-02-19 at 08:34 -0800, Kevin Liu wrote:

This is my current entry in service registry



{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https://xxx.xxx.xxx.xxx:/cas1/status/dashboard(\\z|/.* 
 )",

  "name" : "CAS Admin Dashboard",

  "id" : 1509646291,

  "description" : "CAS dashboard and administrative endpoints",

  "evaluationOrder" : 5000

}




On Monday, February 19, 2018 at 9:06:00 AM UTC-6, David Curry wrote:

Do you have an entry in the service registry that matches the service?



{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https://xxx.xxx.xxx.xxx/cas1/status/dashboard(\\z|/.*) 
<https://xxx.xxx.xxx.xxx/cas1/status/dashboard(%5C%5Cz%7C/.*)> ",

  "name" : "CAS Admin Dashboard",

  "id" : 123456789,

  "description" : "CAS dashboard and administrative endpoints",

  "evaluationOrder" : 12345

}



Or something like that.


--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
+1 212 229-5300 x4728 • david.cu...@newschool.edu 
<mailto:david.cu...@newschool.edu>

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Mon, Feb 19, 2018 at 9:33 AM, Kevin Liu mailto:annih...@gmail.com> > wrote:

Hello,



I'm trying to enable access to the Dashboard with the default casuser:Mellon 
account but I'm running into an Application Not Authorized to Use CAS. This 
is my cas.properties file. I can't figure out what I'm missing? Looking 
online, it seems I need a registry of some sort but I can't find additional 
documentation on it.





cas.server.name <http://cas.server.name> : https://xxx.xxx.xxx.xxx

cas.server.prefix: https://xx

RE: [cas-user] [5.2] Dashboard - Application Not Authorized to Use CAS

[Cheltenham, Chris]

Yes, Cas works properly.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Kevin 
Liu
Sent: Tuesday, February 20, 2018 11:24 AM
To: CAS Community 
Subject: Re: [cas-user] [5.2] Dashboard - Application Not Authorized to Use 
CAS



I'm not familiar with cas 4 but do you have a cas.properties file?

On Tuesday, February 20, 2018 at 10:16:01 AM UTC-6, Chris Cheltenham wrote:

Hello Everyone,



I am getting access denied on the /cas-management

It appears CAS 5 is a bit different from 4



Does anyone know why I am getting access denied to the management stuff?







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-...@apereo.org   [mailto:cas-...@apereo.org 
 ] On Behalf Of David Curry
Sent: Tuesday, February 20, 2018 8:48 AM
To: cas-...@apereo.org 
Subject: Re: [cas-user] [5.2] Dashboard - Application Not Authorized to Use 
CAS



Assuming "the services directory" means you're trying to use an external 
directory full of JSON service definitions, do you have





org.apereo.cas

cas-server-support-json-service-registry

${cas.version}





in your pom.xml and



cas.serviceRegistry.json.location:file:/etc/cas/services



(whatever directory path you want) in cas.properties?



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •   david.cu...@newschool.edu

  




On Tue, Feb 20, 2018 at 8:41 AM, Kevin Liu  
 > wrote:

I've added and it looks like CAS is just not picking up on any of the 
services directory. It doesn't show as registering the service.



On Monday, February 19, 2018 at 12:55:18 PM UTC-6, rbon wrote:

Put these into the log config to verify that the services you want are 
correct:





















Ray



On Mon, 2018-02-19 at 09:24 -0800, Kevin Liu wrote:

I'm trying to access https://xxx.xxx.xxx.xxx:/cas1/status/dashboard

On Monday, February 19, 2018 at 11:01:33 AM UTC-6, rbon wrote:

Kevin,



What is the URL that you are trying to access?



Ray



On Mon, 2018-02-19 at 08:34 -0800, Kevin Liu wrote:

This is my current entry in service registry



{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https://xxx.xxx.xxx.xxx:/cas1/status/dashboard(\\z|/.* 
 )",

  "name" : "CAS Admin Dashboard",

  "id" : 1509646291,

  "description" : "CAS dashboard and administrative endpoints",

  "evaluationOrder" : 5000

}




On Monday, February 19, 2018 at 9:06:00 AM UTC-6, David Curry wrote:

Do you have an entry in the service registry that matches the service?



{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https://xxx.xxx.xxx.xxx/cas1/status/dashboard(\\z|/.*) 
 ",

  "name" : "CAS Admin Dashboard",

  "id" : 123456789,

  "description" : "CAS dashboard and administrative endpoints",

  "evaluationOrder" : 12345

}



Or something like that.


--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 

+1 212 229-5300 x4728 • david...@newschool.edu 

  




On Mon, Feb 19, 2018 at 9:33 AM, Kevin Liu mailto:annih...@gmail.com> > wrote:

Hello,



I'm trying to enable access to the Dashboard with the default casuser:Mellon 
account but I'm running into an Application Not Authorized to Use CAS. This 
is my cas.properties file. I can't figure out what I'm missing? Looking 
online, it seems I need a registry of some sort but I can't find additional 
documentation on it.





cas.server.name  : https://xxx.xxx.xxx.xxx

cas.server.prefix: https://xxx.xxx.xxx.xxx/cas1



logging.config: file:/etc/cas1/config/log4j2.xml



endpoints.enabled=true

endpoints.sensitive=false

cas.adminPagesSecurity.ip=192.168.x.xx

cas.monitor.endpoints.enable=true

cas.monitor.endpoints.sensitive=false

cas.adminPagesSecurity.actuatorEndpointsEnabled=true





cas.adminPagesSecurity.loginUrl=${cas.server.prefix}/login

cas.adminPagesSecurity.service=${cas.server.prefix}/status/dashboard

cas.adminPagesSecurity.users=file:/etc/cas1/config/adminusers.properties

cas.adm

RE: [cas-user] [5.2] Dashboard - Application Not Authorized to Use CAS

[Cheltenham, Chris]

Hello Everyone,



I am getting access denied on the /cas-management

It appears CAS 5 is a bit different from 4



Does anyone know why I am getting access denied to the management stuff?







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Tuesday, February 20, 2018 8:48 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] [5.2] Dashboard - Application Not Authorized to Use 
CAS



Assuming "the services directory" means you're trying to use an external 
directory full of JSON service definitions, do you have





org.apereo.cas

cas-server-support-json-service-registry

${cas.version}





in your pom.xml and



cas.serviceRegistry.json.location:file:/etc/cas/services



(whatever directory path you want) in cas.properties?



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •   
david.cu...@newschool.edu

  



On Tue, Feb 20, 2018 at 8:41 AM, Kevin Liu mailto:annihil8...@gmail.com> > wrote:

I've added and it looks like CAS is just not picking up on any of the 
services directory. It doesn't show as registering the service.



On Monday, February 19, 2018 at 12:55:18 PM UTC-6, rbon wrote:

Put these into the log config to verify that the services you want are 
correct:





















Ray



On Mon, 2018-02-19 at 09:24 -0800, Kevin Liu wrote:

I'm trying to access https://xxx.xxx.xxx.xxx:/cas1/status/dashboard

On Monday, February 19, 2018 at 11:01:33 AM UTC-6, rbon wrote:

Kevin,



What is the URL that you are trying to access?



Ray



On Mon, 2018-02-19 at 08:34 -0800, Kevin Liu wrote:

This is my current entry in service registry



{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https://xxx.xxx.xxx.xxx:/cas1/status/dashboard(\\z|/.* 
 )",

  "name" : "CAS Admin Dashboard",

  "id" : 1509646291,

  "description" : "CAS dashboard and administrative endpoints",

  "evaluationOrder" : 5000

}




On Monday, February 19, 2018 at 9:06:00 AM UTC-6, David Curry wrote:

Do you have an entry in the service registry that matches the service?



{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https://xxx.xxx.xxx.xxx/cas1/status/dashboard(\\z|/.*) 
 ",

  "name" : "CAS Admin Dashboard",

  "id" : 123456789,

  "description" : "CAS dashboard and administrative endpoints",

  "evaluationOrder" : 12345

}



Or something like that.


--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 

+1 212 229-5300 x4728 • david.cu...@newschool.edu 


  



On Mon, Feb 19, 2018 at 9:33 AM, Kevin Liu mailto:annih...@gmail.com> > wrote:



Hello,



I'm trying to enable access to the Dashboard with the default casuser:Mellon 
account but I'm running into an Application Not Authorized to Use CAS. This 
is my cas.properties file. I can't figure out what I'm missing? Looking 
online, it seems I need a registry of some sort but I can't find additional 
documentation on it.





cas.server.name  : https://xxx.xxx.xxx.xxx

cas.server.prefix: https://xxx.xxx.xxx.xxx/cas1



logging.config: file:/etc/cas1/config/log4j2.xml



endpoints.enabled=true

endpoints.sensitive=false

cas.adminPagesSecurity.ip=192.168.x.xx

cas.monitor.endpoints.enable=true

cas.monitor.endpoints.sensitive=false

cas.adminPagesSecurity.actuatorEndpointsEnabled=true





cas.adminPagesSecurity.loginUrl=${cas.server.prefix}/login

cas.adminPagesSecurity.service=${cas.server.prefix}/status/dashboard

cas.adminPagesSecurity.users=file:/etc/cas1/config/adminusers.properties

cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN



Am I missing anything?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+u...@apereo.org  .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f80f5c5d-f27d-4fa4-af85-45a306351383%40apereo.org
 

RE: [cas-user] org.apereo.cas.authentication.PolicyBasedAuthenticationManager thow an error in log when user input Invalid credentials.

[Cheltenham, Chris]

Something it doesn’t like in your cas.properties section I would guess.

I am not familiar with your ldap so its difficult for me to say exactly what 
you need.



Start out very simple and connect to one LDAP.

I don’t use AD so I don’t know what that require either.



Start off with something simple and build on it from there.



# LDAP connector (for single instance)

#  cas.authn.ldap[0].type=Authenticated

#  cas.authn.ldap[0].ldapUrl=ldaps://

#  cas.authn.ldap[0].useSsl=true



I saw ssl false in your configuration



#  cas.authn.ldap[0].baseDn=dc=philasd,dc=org

#  cas.authn.ldap[0].userFilter=uid={user}

#  cas.authn.ldap[0].bindDn=uid=cuth,dc=philasd,dc=org

#  cas.authn.ldap[0].bindCredential=



===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Satnam 
Sarai
Sent: Tuesday, February 13, 2018 10:45 AM
To: CAS Community 
Subject: Re: [cas-user] 
org.apereo.cas.authentication.PolicyBasedAuthenticationManager thow an error 
in log when user input Invalid credentials.



thanks,Chris

we have two handlers, LDAP and jdbc.  I have disabled JDBC to see if error 
goes away. The error still show up when user input Invalid credentials.  It 
works perfectly when user input correct credentials.  We can ignore this 
error but we are afraid that we will get too many notifications about 
invalid credentials.

==
 in pom.xml i have included




 org.apereo.cas
 cas-server-support-ldap
 ${cas.version}


and cas.properties file -->



#
#  LDAP
#
#AD|AUTHENTICATED|DIRECT|ANONYMOUS
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].name = POST_Employee-LDAP
# BaseDn used to start the LDAP search looking for accounts
cas.authn.ldap[0].baseDn=
# The search filter to use while looking for accounts.
cas.authn.ldap[0].userFilter=(|(sAMAccountName={user})(proxyAddresses=smtp:{user}))
#
# Bind credentials used to connect to the LDAP instance
#
cas.authn.ldap[0].bindDn=xxx
cas.authn.ldap[0].bindCredential=xx
cas.authn.ldap[0].principalAttributeId=objectGUID
cas.authn.ldap[0].connectTimeout=5000
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].order=0
cas.authn.ldap[0].enhanceWithEntryResolver=true
cas.authn.ldap[0].searchEntryHandlers[0].type=OBJECT_GUID

#
# Define attributes to be retrieved from LDAP as part of the same 
authentication transaction
# The left-hand size notes the source while the right-hand size indicate an 
optional renaming/remapping
# of the attribute definition. The same attribute name is allowed to be 
mapped multiple times to
# different attribute names.
#
# 
cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName,eduPersonTargettedId:SOME_IDENTIFIER
cas.authn.ldap[0].principalAttributeList=objectGUID

# cas.authn.ldap[0].collectDnAttribute=false
# cas.authn.ldap[0].principalDnAttributeName=principalLdapDn
# cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
# cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
# cas.authn.ldap[0].credentialCriteria=
cas.authn.ldap[0].validatePeriod=  270

On Tuesday, February 13, 2018 at 7:25:49 AM UTC-8, Chris Cheltenham wrote:

Hello,



I had that exact error.



When you build your cas.war file make sure the ldap dependency embedded 
inside pom.xml.

If you don’t



After that, the cas.properties file must be formatted correctly.

This is what stumped me the most.



Thanks to David Curry for helping me out on this.





Mine LDAP inside of cas.properties looks like this.

Pay attention to the numbers in scheme zero and one and so forth if you have 
multiple authentication handlers.





# Employee LDAP

cas.authn.ldap[0].useSsl:   true

cas.authn.ldap[0].order:0

cas.authn.ldap[0].name: Employee-LDAP

cas.authn.ldap[0].type: AUTHENTICATED

cas.authn.ldap[0].ldapUrl:  ldaps://devm.philasd.net 


cas.authn.ldap[0].validatePeriod:   270

cas.authn.ldap[0].userFilter:   uid={user}

cas.authn.ldap[0].baseDn:   dc=philasd,dc=org

cas.authn.ldap[0].bindDn: 
uid=cauth,ou=svc_accts,dc=philasd,dc=org

cas.authn.ldap[0].bindCredential: x

#

#LDAP for SG (Student Guardian)

cas.authn.ldap[1].useSsl:   true

cas.authn.ldap[1].order:1

cas.authn.ldap[1].name: SG-LDAP

cas.authn.ldap[1].type: AUTHENTICATED

cas.authn.ldap[1].ldapUrl:  ldaps://devsgm.philasd.net 


cas.authn.ldap[1].validatePeriod:   270

cas.authn.ldap[1].userFilter:   uid={user}

cas.authn.ldap[1].baseDn:   dc=philasd,dc=org

cas.authn.ldap[1].bindDn: 
uid=casauth,ou

RE: [cas-user] org.apereo.cas.authentication.PolicyBasedAuthenticationManager thow an error in log when user input Invalid credentials.

[Cheltenham, Chris]

Hello,



I had that exact error.



When you build your cas.war file make sure the ldap dependency embedded 
inside pom.xml.

If you don’t



After that, the cas.properties file must be formatted correctly.

This is what stumped me the most.



Thanks to David Curry for helping me out on this.





Mine LDAP inside of cas.properties looks like this.

Pay attention to the numbers in scheme zero and one and so forth if you have 
multiple authentication handlers.





# Employee LDAP

cas.authn.ldap[0].useSsl:   true

cas.authn.ldap[0].order:0

cas.authn.ldap[0].name: Employee-LDAP

cas.authn.ldap[0].type: AUTHENTICATED

cas.authn.ldap[0].ldapUrl:  ldaps://devm.philasd.net

cas.authn.ldap[0].validatePeriod:   270

cas.authn.ldap[0].userFilter:   uid={user}

cas.authn.ldap[0].baseDn:   dc=philasd,dc=org

cas.authn.ldap[0].bindDn: 
uid=cauth,ou=svc_accts,dc=philasd,dc=org

cas.authn.ldap[0].bindCredential: x

#

#LDAP for SG (Student Guardian)

cas.authn.ldap[1].useSsl:   true

cas.authn.ldap[1].order:1

cas.authn.ldap[1].name: SG-LDAP

cas.authn.ldap[1].type: AUTHENTICATED

cas.authn.ldap[1].ldapUrl:  ldaps://devsgm.philasd.net

cas.authn.ldap[1].validatePeriod:   270

cas.authn.ldap[1].userFilter:   uid={user}

cas.authn.ldap[1].baseDn:   dc=philasd,dc=org

cas.authn.ldap[1].bindDn: 
uid=casauth,ou=svc_accts,dc=philasd,dc=org

cas.authn.ldap[1].bindCredential:  x



===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Satnam 
Sarai
Sent: Tuesday, February 13, 2018 10:04 AM
To: CAS Community 
Subject: [cas-user] 
org.apereo.cas.authentication.PolicyBasedAuthenticationManager thow an error 
in log when user input Invalid credentials.



Hello,

we are upgrade cas to 5.2.x, we noticed that cas throw an error in log/email 
when user input Invalid credentials. In this case we don't want to receive 
notification when user inputs Invalid credentials as long cas blocks the 
(log will grow exponentially and email notifications will not be useful).

Is anybody else see these errors in the log as well?  Did we set up 
something incorrectly?


Here is part of CAS log

__     _     __
  / /  / ___|/ \/ ___|  \ \
 | |  | |   / _ \   \___ \   | |
 | |  | |___   / ___ \   ___) |  | |
 | |   \| /_/   \_\ |/   | |
  \_\   /_/

CAS Version: 5.2.2
CAS Commit Id: eefb26e6ea0f3f0505ea7dcfc7e11c4ebcb44b7d
CAS Build Date/Time: 1970-01-01T00:00Z
Spring Boot Version: 1.5.8.RELEASE

Java Home: C:\Program Files\Java\jre8U152
Java Vendor: Oracle Corporation
Java Version: 1.8.0_152
JVM Free Memory: 1 GB
JVM Maximum Memory: 7 GB
JVM Total Memory: 2 GB
JCE Installed: No

OS Architecture: amd64
OS Name: Windows 7
OS Version: 6.1
OS Date/Time: 2018-02-13T06:47:54.498
OS Temp Directory: 
C:\Projects\PASS5.2\trunk\test\apache-tomcat\cat_base\temp


←[0m
2018-02-13 06:48:10,827 WARN 
[org.apereo.cas.web.report.util.ControllerUtils] - 
2018-02-13 06:48:21,362 WARN 
[org.apereo.cas.web.report.util.ControllerUtils] - 
2018-02-13 06:48:25,942 WARN 
[org.apereo.cas.config.CasCoreServicesConfiguration] - 
13-Feb-2018 06:48:27.111 INFO [localhost-startStop-1] 
org.apache.catalina.startup.HostConfig.deployWAR Deployment of web 
application archive 
[C:\Projects\PASS5.2\trunk\test\apache-tomcat\cat_base\weba
pps\ROOT##0014.war] has finished in [46,788] ms
13-Feb-2018 06:48:27.114 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["http-nio-8080"]
13-Feb-2018 06:48:27.127 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["https-openssl-nio-8443"]
13-Feb-2018 06:48:27.132 INFO [main] 
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
["ajp-nio-8009"]
13-Feb-2018 06:48:27.137 INFO [main] 
org.apache.catalina.startup.Catalina.start Server startup in 47459 ms
2018-02-13 06:50:35,302 WARN 
[org.apereo.cas.authentication.LdapAuthenticationHandler] - 
2018-02-13 06:50:35,303 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 



















































































































-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop rec

[cas-user] inspektr

[Cheltenham, Chris]

Does anyone have better documentation for inspektr?

 

 

I just read this 

 

https://github.com/apereo/inspektr/blob/master/README.md

 

and I have NO clue what any of it means.

 

 

 

===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00e101d3a1e4%24d132a910%247397fb30%24%40philasd.org.

RE: [cas-user] cas 5 management

[Cheltenham, Chris]

Thanks David, I really appreciate your help.

Its saved me tons of time.



I almost forgot about your documentation but it has helped me a lot.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Friday, February 9, 2018 12:03 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] cas 5 management



Chris,



In my setup, I did not configure the management webapp to use LDAP directly. 
Rather, I set it up to authenticate against the CAS server, and just use the 
userPropertiesFile to control who can actually log into it. I used the same 
"admusers.properties" file that I used to control access to the admin pages 
(dashboard, etc.) since for us it's the same set of users for both, but you 
can use different files for each if you want.



Since we only have a handful of people who will use the management webapp 
(or the admin pages), and the list doesn't change very often, this seemed 
like a simpler approach than messing around with LDAP groups, etc. Just a 
thought...YMMV of course.



--Dave






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Fri, Feb 9, 2018 at 11:52 AM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:

Thanks Travis,



I am using David Curry’s docs.

I don’t understand the CAS docs from Apereo.

I think they document with the thinking of a developer, which I am not.

Therefore, I have a lot of trouble understanding them.



I appreciate your help.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of 
Travis Schmidt
Sent: Friday, February 9, 2018 11:08 AM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] cas 5 management



Here is a link to getting started with CAS Management with 5.2.x



https://apereo.github.io/cas/5.2.x/installation/Installing-ServicesMgmt-Webapp.html



As far as LDAP is concerned, it is mostly a preference.  The management app 
will contact a CAS Server for authenticating a user in whichever way you 
have it set up.  For the management app you usually only have a few people 
authorized to use it, so users.json or static list is an acceptable way to 
limit who can use it.  The management app can be configured to call back to 
LDAP and query for the ROLE_* attributes on the authenticated user, but in 
my opinion is a lot more work to make something dynamic that is mostly 
static.







On Fri, Feb 9, 2018 at 7:13 AM Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:



Hello ,



I have embarked on building cas-management via the overlay.

I am assuming you build a totally separate war file with the ldapp 
dependency is you use ldap.



Is that correct?







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025 
Cell # 215-301-6571 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/008401d3a1b8%249791de50%24c6b59af0%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/008401d3a1b8%249791de50%24c6b59af0%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAC_RtEZmsgzrQq82Dg4r_QR-27U6v4EbG8O-qq2eXmE_GKeZng%40mail.gmail.com
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAC_RtEZmsgzrQq82Dg4r_QR-27U6v4EbG8O-qq2eXmE_G

RE: [cas-user] cas 5 management

[Cheltenham, Chris]

Thanks Travis,



I am using David Curry’s docs.

I don’t understand the CAS docs from Apereo.

I think they document with the thinking of a developer, which I am not.

Therefore, I have a lot of trouble understanding them.



I appreciate your help.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Travis 
Schmidt
Sent: Friday, February 9, 2018 11:08 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] cas 5 management



Here is a link to getting started with CAS Management with 5.2.x



https://apereo.github.io/cas/5.2.x/installation/Installing-ServicesMgmt-Webapp.html



As far as LDAP is concerned, it is mostly a preference.  The management app 
will contact a CAS Server for authenticating a user in whichever way you 
have it set up.  For the management app you usually only have a few people 
authorized to use it, so users.json or static list is an acceptable way to 
limit who can use it.  The management app can be configured to call back to 
LDAP and query for the ROLE_* attributes on the authenticated user, but in 
my opinion is a lot more work to make something dynamic that is mostly 
static.







On Fri, Feb 9, 2018 at 7:13 AM Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:



Hello ,



I have embarked on building cas-management via the overlay.

I am assuming you build a totally separate war file with the ldapp 
dependency is you use ldap.



Is that correct?







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025 
Cell # 215-301-6571 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/008401d3a1b8%249791de50%24c6b59af0%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/008401d3a1b8%249791de50%24c6b59af0%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAC_RtEZmsgzrQq82Dg4r_QR-27U6v4EbG8O-qq2eXmE_GKeZng%40mail.gmail.com
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAC_RtEZmsgzrQq82Dg4r_QR-27U6v4EbG8O-qq2eXmE_GKeZng%40mail.gmail.com?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00b001d3a1c6%2463677f00%242a367d00%24%40philasd.org.

RE: [cas-user] Re: cas 5 management

[Cheltenham, Chris]

Yes, great thank you.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of William 
E.
Sent: Friday, February 9, 2018 11:02 AM
To: CAS Community 
Subject: [cas-user] Re: cas 5 management



Exactly.  cas-management-overlay/target/cas-management.war





Since we use json registry, and ldap, we add the below.





org.apereo.cas

cas-server-support-json-service-registry

${cas.version}





 org.apereo.cas

 cas-server-support-ldap

 ${cas.version}








On Friday, February 9, 2018 at 9:13:54 AM UTC-6, Chris Cheltenham wrote:

  


Hello ,



I have embarked on building cas-management via the overlay.

I am assuming you build a totally separate war file with the ldapp 
dependency is you use ldap.



Is that correct?







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
 .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/df4774ec-7151-4769-a96d-ee447296bced%40apereo.org
 

 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00a001d3a1bf%24fd4c5520%24f7e4ff60%24%40philasd.org.

[cas-user] cas 5 management

[Cheltenham, Chris]

Hello ,

 

I have embarked on building cas-management via the overlay.

I am assuming you build a totally separate war file with the ldapp
dependency is you use ldap.

 

Is that correct?

 

 

 

===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/008401d3a1b8%249791de50%24c6b59af0%24%40philasd.org.

Re: [cas-user] CAS 5.2.x

[Cheltenham, Chris]

Good for you David, 

We are still using LDAP with almost 200k users and maybe 30 attributes. 
Its complicated. 

Maybe M$ will loosen the cost of AD for a k-12 school district. 
Would be nice. 




=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 12:31:22 PM 
Subject: Re: [cas-user] CAS 5.2.x 

It's a pain in the butt, mostly. :-) 

One of these days we're going to consolidate everything into the One True 
Active Directory and get rid of the second directory, which will make our lives 
easier in all sorts of ways, but that's still somewhere out on the horizon. 

The use of two AD configs just to handle two different OUs is mostly because 
there's another OU besides those two that we don't want to authenticate 
against, and so this was the simplest (although perhaps not the most efficient) 
way to do it. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 12:18 PM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 



Thanks David, 

Thats a bit eye opening, the orders and different authorizing entites. 




=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 12:13:48 PM 

Subject: Re: [cas-user] CAS 5.2.x 

These could probably be shortened up in a couple of ways by: 


* combining the [0] and [2] Active Directory configs, which go against 
different OUs of the same directory (but are otherwise identical), and 
* performing attribute resolution as part of the authentication process, 
which you can do now, but couldn't do in olden days. 

On the other hand, there's something to be said for configuring it in a way 
that makes sense to you, and this makes sense to me. And, of course, there's 
the fact that it works. :-) 

--Dave 

## 
## LDAP AUTHENTICATION CONFIGURATION 
## 
# 
# Active Directory LDAP authentication configuration (regular user accounts) 
# 
cas.authn.ldap[0].order: 0 
cas.authn.ldap[0].name: Active Directory 
cas.authn.ldap[0].type: AD 
cas.authn.ldap[0].ldapUrl: ldaps:// zuul.newschool.edu 
cas.authn.ldap[0].validatePeriod: 270 
cas.authn.ldap[0].poolPassivator: NONE 
cas.authn.ldap[0].userFilter: sAMAccountName={user} 
cas.authn.ldap[0].baseDn: ou=TNSUsers,dc=tns,dc=newschool,dc=edu 
cas.authn.ldap[0].dnFormat: cn=%s,ou=TNSUsers,dc=tns,dc=newschool,dc=edu 

# 
# Luminis 5 LDAP authentication configuration (all user accounts) 
# 
cas.authn.ldap[1].order: 1 
cas.authn.ldap[1].name: Luminis LDAP 
cas.authn.ldap[1].type: AUTHENTICATED 
cas.authn.ldap[1].ldapUrl: ldaps:// janus.newschool.edu 
cas.authn.ldap[1].validatePeriod: 270 
cas.authn.ldap[1].userFilter: uid={user} 
cas.authn.ldap[1].baseDn: ou=People,o=cp 
cas.authn.ldap[1].bindDn: uid=ldap_ssotest,ou=People,o=cp 
cas.authn.ldap[1].bindCredential:  

# 
# Active Directory LDAP authentication configuration (admin user accounts) 
# 
cas.authn.ldap[2].order: 2 
cas.authn.ldap[2].name: Active Directory 
cas.authn.ldap[2].type: AD 
cas.authn.ldap[2].ldapUrl: ldaps:// zuul.newschool.edu 
cas.authn.ldap[2].validatePeriod: 270 
cas.authn.ldap[2].poolPassivator: NONE 
cas.authn.ldap[2].userFilter: sAMAccountName={user} 
cas.authn.ldap[2].baseDn: ou=Network,dc=tns,dc=newschool,dc=edu 
cas.authn.ldap[2].dnFormat: cn=%s,ou=Network,dc=tns,dc=newschool,dc=edu 

## 
## LDAP ATTRIBUTE REPOSITORY CONFIGURATION 
## 
# 
# Collect attributes in the repository on a keep-first-value-found basis; 
# duplicate attributes (even if they have different values) in subsequent 
# sources will be ignored. 
# 
cas.authn.attributeRepository.merger: ADD 

# 
# Active Directory LDAP attribute lookup configuration (regular user accounts) 
# 
cas.authn.attributeRepository.ldap[0].order: 0 
cas.authn.attributeRepository.ldap[0].ldapUrl: ldaps:// zuul.newschool.edu 
cas.authn.attributeRepository.ldap[0].validatePeriod: 270 
cas.authn.attributeRepository.ldap[0].userFilter: sAMAccountName={user} 
cas.authn.attributeRepository.ldap[0].baseDn: 
ou=TNSUsers,dc=tns,dc=newschool,dc=edu 
cas.authn.attributeRepository.ldap[0].bindDn: 
cn=ldap_ssotest,ou=Service,ou=Users,ou=En

Re: [cas-user] CAS 5.2.x

[Cheltenham, Chris]

Yes I hear you. 

I got talked into using gradle by a senior co worker but I am scrapping that. 
I am not a developer and I am trying to understand the developers environment. 

I think NOW after Mr Curry helped me with the pom.xml I am now in 
cas.properties hell. 

There are just so many options and ways to do it. 

But thank you gentlemen , hopefully i can figure out the rest. 





=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "Chris Peck"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 11:38:10 AM 
Subject: Re: [cas-user] CAS 5.2.x 

All we do to build just the cas.war file is run this command in the directory 
with the pom.xml file & our src overlay directory: 
mvn clean package 
then it will poop out the warfile in target/cas.war 

We don't use their scripts. 
We keep the pom.xml file & our src overlay directory in git, when we push a 
change to our gitlab server it will build the warfile in a docker container, 
which then scp's the warfile to our cas servers automagically. This ensures a 
clean build environment every time. We don't do auto-deploy, we then ssh into 
the cas-servers and do the deploy manually. Eventually we plan on running CAS 
in docker, but, since we were under pressure to get it up version 5 we decided 
to do that later. 
Helpful - or - just more confusing? 
Chris 


On Thu, Feb 8, 2018 at 11:27 AM David Curry < david.cu...@newschool.edu > 
wrote: 




I'm afraid Gradle is a complete mystery to me. Hopefully someone else can jump 
in. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 11:13 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 

BQ_BEGIN

David, 

Unfortunately that did not make a difference when I built the cas.war with 
gradle. 
When I used maven I got the same list you have. 

[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 14296 Feb 8 11:02 cas-server-support-ldap-5.2.2.jar 
-rw-r- 1 root root 35536 Feb 8 11:02 cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Feb 8 11:02 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Feb 8 11:02 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Feb 8 11:02 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Feb 8 11:02 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
-rw-r- 1 root root 3574892 Feb 8 11:02 unboundid-ldapsdk-4.0.1.jar 

The bad news is I have to rebuild cas.properties because the maven build wiped 
it out. 
Bummer ... 

Hope this is the issue. 

Thanks David. 





=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 10:49:08 AM 

Subject: Re: [cas-user] CAS 5.2.x 

Try changing what you have: 

 
org.apereo.cas 
cas-server-support-ldap 
 

to this: 

 
org.apereo.cas 
cas-server-support-ldap 
${cas.version} 
 

I'm pretty sure you have to have a version in there, so Maven knows which one 
to give you. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 10:22 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 

BQ_BEGIN

David, 

These are my my pom.xml dependencies. 
Its funny we are all kind of guessing , that's why we are here I suppose. 
I certainly am guessing. 


 
 
org.apereo.cas 
cas-server-support-ldap 
 

 
org.apereo.cas 
cas-server-webapp${app.server} 
${cas.version} 
war 
runtime 
 
 

=== 



Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 10:18:41 AM 

Subject: Re: [cas-user] CAS 5.2.x 

I do not see this one: 


BQ_BEGIN

cas-server-support-ldap-5.2.2.jar 




which, I believe, is the one you need. I don't pretend to be an expert on these 
things. But when I build from the Maven overlay with this dependency included 
in pom.xml : 

 
org.apereo.cas 
cas-server-support-ldap 
${cas.version} 
 

Here's what I get: 


BQ_BEGIN

WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF

Re: [cas-user] CAS 5.2.x

[Cheltenham, Chris]

as.authn.attributeRepository.ldap[1].attributes.mail: mail 
cas.authn.attributeRepository.ldap[1]. attributes.sn : sn 
cas.authn.attributeRepository.ldap[1].attributes.udcid: UDC_IDENTIFIER 
cas.authn.attributeRepository.ldap[1].attributes.uid: uid 

# 
# Active Directory LDAP attribute lookup configuration (admin user accounts) 
# 
cas.authn.attributeRepository.ldap[2].order: 2 
cas.authn.attributeRepository.ldap[2].ldapUrl: ldaps:// zuul.newschool.edu 
cas.authn.attributeRepository.ldap[2].validatePeriod: 270 
cas.authn.attributeRepository.ldap[2].userFilter: sAMAccountName={user} 
cas.authn.attributeRepository.ldap[2].baseDn: 
ou=Network,dc=tns,dc=newschool,dc=edu 
cas.authn.attributeRepository.ldap[2].bindDn: 
cn=ldap_ssotest,ou=Service,ou=Users,ou=Enterprise 
Support,dc=tns,dc=newschool,dc=edu 
cas.authn.attributeRepository.ldap[2].bindCredential:  
cas.authn.attributeRepository.ldap[2]. attributes.cn : uid 
cas.authn.attributeRepository.ldap[2].attributes.displayName: displayName 
cas.authn.attributeRepository.ldap[2].attributes.givenName: givenName 
cas.authn.attributeRepository.ldap[2].attributes.mail: mail 
cas.authn.attributeRepository.ldap[2]. attributes.sn : sn 






-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 11:54 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 



David, 

Would you be able to share your Cas 5 cas.properties section? 
please make sure and blank out like passwords. 




=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 11:27:48 AM 

Subject: Re: [cas-user] CAS 5.2.x 


I'm afraid Gradle is a complete mystery to me. Hopefully someone else can jump 
in. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 11:13 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 

BQ_BEGIN

David, 

Unfortunately that did not make a difference when I built the cas.war with 
gradle. 
When I used maven I got the same list you have. 

[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 14296 Feb 8 11:02 cas-server-support-ldap-5.2.2.jar 
-rw-r- 1 root root 35536 Feb 8 11:02 cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Feb 8 11:02 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Feb 8 11:02 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Feb 8 11:02 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Feb 8 11:02 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
-rw-r- 1 root root 3574892 Feb 8 11:02 unboundid-ldapsdk-4.0.1.jar 

The bad news is I have to rebuild cas.properties because the maven build wiped 
it out. 
Bummer ... 

Hope this is the issue. 

Thanks David. 





=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 10:49:08 AM 

Subject: Re: [cas-user] CAS 5.2.x 

Try changing what you have: 

 
org.apereo.cas 
cas-server-support-ldap 
 

to this: 

 
org.apereo.cas 
cas-server-support-ldap 
${cas.version} 
 

I'm pretty sure you have to have a version in there, so Maven knows which one 
to give you. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 10:22 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 

BQ_BEGIN

David, 

These are my my pom.xml dependencies. 
Its funny we are all kind of guessing , that's why we are here I suppose. 
I certainly am guessing. 


 
 
org.apereo.cas 
cas-server-support-ldap 
 

 
org.apereo.cas 
cas-server-webapp${app.server} 
${cas.version} 
war 
runtime 
 
 

=== 



Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 10:18:41 AM 

Subject: Re: [cas-user] CAS 5.2.x 

I do not see this one: 


BQ_BEGIN

cas-server-support-ldap-5.2.2.jar 




which, I believe, is the one you need. I don&#x

Re: [cas-user] CAS 5.2.x

[Cheltenham, Chris]

ository.ldap[1]. attributes.sn : sn 
cas.authn.attributeRepository.ldap[1].attributes.udcid: UDC_IDENTIFIER 
cas.authn.attributeRepository.ldap[1].attributes.uid: uid 

# 
# Active Directory LDAP attribute lookup configuration (admin user accounts) 
# 
cas.authn.attributeRepository.ldap[2].order: 2 
cas.authn.attributeRepository.ldap[2].ldapUrl: ldaps:// zuul.newschool.edu 
cas.authn.attributeRepository.ldap[2].validatePeriod: 270 
cas.authn.attributeRepository.ldap[2].userFilter: sAMAccountName={user} 
cas.authn.attributeRepository.ldap[2].baseDn: 
ou=Network,dc=tns,dc=newschool,dc=edu 
cas.authn.attributeRepository.ldap[2].bindDn: 
cn=ldap_ssotest,ou=Service,ou=Users,ou=Enterprise 
Support,dc=tns,dc=newschool,dc=edu 
cas.authn.attributeRepository.ldap[2].bindCredential:  
cas.authn.attributeRepository.ldap[2]. attributes.cn : uid 
cas.authn.attributeRepository.ldap[2].attributes.displayName: displayName 
cas.authn.attributeRepository.ldap[2].attributes.givenName: givenName 
cas.authn.attributeRepository.ldap[2].attributes.mail: mail 
cas.authn.attributeRepository.ldap[2]. attributes.sn : sn 






-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 11:54 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 



David, 

Would you be able to share your Cas 5 cas.properties section? 
please make sure and blank out like passwords. 




=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 11:27:48 AM 

Subject: Re: [cas-user] CAS 5.2.x 


I'm afraid Gradle is a complete mystery to me. Hopefully someone else can jump 
in. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 11:13 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 

BQ_BEGIN

David, 

Unfortunately that did not make a difference when I built the cas.war with 
gradle. 
When I used maven I got the same list you have. 

[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 14296 Feb 8 11:02 cas-server-support-ldap-5.2.2.jar 
-rw-r- 1 root root 35536 Feb 8 11:02 cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Feb 8 11:02 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Feb 8 11:02 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Feb 8 11:02 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Feb 8 11:02 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
-rw-r- 1 root root 3574892 Feb 8 11:02 unboundid-ldapsdk-4.0.1.jar 

The bad news is I have to rebuild cas.properties because the maven build wiped 
it out. 
Bummer ... 

Hope this is the issue. 

Thanks David. 





=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 10:49:08 AM 

Subject: Re: [cas-user] CAS 5.2.x 

Try changing what you have: 

 
org.apereo.cas 
cas-server-support-ldap 
 

to this: 

 
org.apereo.cas 
cas-server-support-ldap 
${cas.version} 
 

I'm pretty sure you have to have a version in there, so Maven knows which one 
to give you. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 10:22 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 

BQ_BEGIN

David, 

These are my my pom.xml dependencies. 
Its funny we are all kind of guessing , that's why we are here I suppose. 
I certainly am guessing. 


 
 
org.apereo.cas 
cas-server-support-ldap 
 

 
org.apereo.cas 
cas-server-webapp${app.server} 
${cas.version} 
war 
runtime 
 
 

=== 



Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 10:18:41 AM 

Subject: Re: [cas-user] CAS 5.2.x 

I do not see this one: 


BQ_BEGIN

cas-server-support-ldap-5.2.2.jar 




which, I believe, is the one you need. I don't pretend to be an expert on these 
things. But when I build from the Maven overlay with t

Re: [cas-user] CAS 5.2.x

[Cheltenham, Chris]

David, 

Would you be able to share your Cas 5 cas.properties section? 
please make sure and blank out like passwords. 




=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 11:27:48 AM 
Subject: Re: [cas-user] CAS 5.2.x 


I'm afraid Gradle is a complete mystery to me. Hopefully someone else can jump 
in. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 11:13 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 



David, 

Unfortunately that did not make a difference when I built the cas.war with 
gradle. 
When I used maven I got the same list you have. 

[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 14296 Feb 8 11:02 cas-server-support-ldap-5.2.2.jar 
-rw-r- 1 root root 35536 Feb 8 11:02 cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Feb 8 11:02 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Feb 8 11:02 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Feb 8 11:02 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Feb 8 11:02 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
-rw-r- 1 root root 3574892 Feb 8 11:02 unboundid-ldapsdk-4.0.1.jar 

The bad news is I have to rebuild cas.properties because the maven build wiped 
it out. 
Bummer ... 

Hope this is the issue. 

Thanks David. 





=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 10:49:08 AM 

Subject: Re: [cas-user] CAS 5.2.x 

Try changing what you have: 

 
org.apereo.cas 
cas-server-support-ldap 
 

to this: 

 
org.apereo.cas 
cas-server-support-ldap 
${cas.version} 
 

I'm pretty sure you have to have a version in there, so Maven knows which one 
to give you. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 10:22 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 

BQ_BEGIN

David, 

These are my my pom.xml dependencies. 
Its funny we are all kind of guessing , that's why we are here I suppose. 
I certainly am guessing. 


 
 
org.apereo.cas 
cas-server-support-ldap 
 

 
org.apereo.cas 
cas-server-webapp${app.server} 
${cas.version} 
war 
runtime 
 
 

=== 



Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 10:18:41 AM 

Subject: Re: [cas-user] CAS 5.2.x 

I do not see this one: 


BQ_BEGIN

cas-server-support-ldap-5.2.2.jar 




which, I believe, is the one you need. I don't pretend to be an expert on these 
things. But when I build from the Maven overlay with this dependency included 
in pom.xml : 

 
org.apereo.cas 
cas-server-support-ldap 
${cas.version} 
 

Here's what I get: 


BQ_BEGIN

WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 

BQ_END


and when I build from the same pom.xml but with that dependency removed, here's 
what I get: 


BQ_BEGIN

WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 

BQ_END


So that tells me (or suggests, anyway) that you should be seeing 

WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 

(and maybe WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar ). 

Are you building with the Maven overlay? Have you tried deleting your Maven 
cache directory and re-doing the " mvnw clean package "? 

--Dave 





-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 10:00 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 

BQ_BEGIN

Re: [cas-user] CAS 5.2.x

[Cheltenham, Chris]

David, 

Unfortunately that did not make a difference when I built the cas.war with 
gradle. 
When I used maven I got the same list you have. 

[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 14296 Feb 8 11:02 cas-server-support-ldap-5.2.2.jar 
-rw-r- 1 root root 35536 Feb 8 11:02 cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Feb 8 11:02 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Feb 8 11:02 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Feb 8 11:02 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Feb 8 11:02 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
-rw-r- 1 root root 3574892 Feb 8 11:02 unboundid-ldapsdk-4.0.1.jar 

The bad news is I have to rebuild cas.properties because the maven build wiped 
it out. 
Bummer ... 

Hope this is the issue. 

Thanks David. 





=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 10:49:08 AM 
Subject: Re: [cas-user] CAS 5.2.x 

Try changing what you have: 

 
org.apereo.cas 
cas-server-support-ldap 
 

to this: 

 
org.apereo.cas 
cas-server-support-ldap 
${cas.version} 
 

I'm pretty sure you have to have a version in there, so Maven knows which one 
to give you. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 10:22 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 



David, 

These are my my pom.xml dependencies. 
Its funny we are all kind of guessing , that's why we are here I suppose. 
I certainly am guessing. 


 
 
org.apereo.cas 
cas-server-support-ldap 
 

 
org.apereo.cas 
cas-server-webapp${app.server} 
${cas.version} 
war 
runtime 
 
 

=== 



Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 10:18:41 AM 

Subject: Re: [cas-user] CAS 5.2.x 

I do not see this one: 


BQ_BEGIN

cas-server-support-ldap-5.2.2.jar 




which, I believe, is the one you need. I don't pretend to be an expert on these 
things. But when I build from the Maven overlay with this dependency included 
in pom.xml : 

 
org.apereo.cas 
cas-server-support-ldap 
${cas.version} 
 

Here's what I get: 


BQ_BEGIN

WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 

BQ_END


and when I build from the same pom.xml but with that dependency removed, here's 
what I get: 


BQ_BEGIN

WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 

BQ_END


So that tells me (or suggests, anyway) that you should be seeing 

WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 

(and maybe WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar ). 

Are you building with the Maven overlay? Have you tried deleting your Maven 
cache directory and re-doing the " mvnw clean package "? 

--Dave 





-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 10:00 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 

BQ_BEGIN

David, 

I have the following jars. 
Is this sufficient for ldap support? 

[root@devcas5 lib]# pwd 
/opt/tcat/webapps/cas/WEB-INF/lib 
[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 35536 Jan 26 13:26 
cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Nov 27 11:40 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Nov 27 11:40 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Nov 27 11:40 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Nov 27 11:40 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
[root@devcas5 lib]# 

My error is this - 
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authenticatio

Re: [cas-user] CAS 5.2.x

[Cheltenham, Chris]

Man, 

Here is the debug info and the error. 

[root@devcas5 logs]# tail catalina.out 
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] -  
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] -  
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] -  
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] -  
2018-02-08 10:08:50,014 INFO 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired 
tickets removed.> 
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] -  
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] -  
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] -  
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] -  
2018-02-08 10:08:50,014 DEBUG 
[org.apereo.cas.authentication.PseudoPlatformTransactionManager] -  
[root@devcas5 logs]# cat catalina.out | grep ccheltenham 
2018-02-08 10:08:40,992 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-08 10:08:40,992 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-08 10:08:40,993 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-08 10:08:40,993 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-08 10:08:40,993 DEBUG 
[org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] - 
<[ccheltenham-ext] was not found in the map.> 
2018-02-08 10:08:40,993 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[AcceptUsersAuthenticationHandler] exception details: [ccheltenham-ext not 
found in backing map.].> 
2018-02-08 10:08:40,994 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
 



=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "Man H"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 10:37:01 AM 
Subject: Re: [cas-user] CAS 5.2.x 

With debug you can see if cas gets connected to Ldap 

2018-02-08 12:27 GMT-03:00 Cheltenham, Chris < ccheltenham-...@philasd.org > : 



Man, 

The basedn is correct in cas.properties. 


This search returns data so you can see the base dn. 
ldapsearch -H "ldaps:// testldap.philasd.net " -x -w 'x' -LLL -b 
"dc=philasd,dc=org" -D "uid=shibauth,ou=svc_accts,dc=philasd,dc=org" 
"uid=ccheltenham-ext" 


[root@devcas5 config]# cat cas.properties | grep basedn 
[root@devcas5 config]# cat cas.properties | grep -i basedn 
cas.authn.ldap[0].baseDn=dc=philasd,dc=org 



=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "Man H" < info.ings...@gmail.com > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 10:17:57 AM 

Subject: Re: [cas-user] CAS 5.2.x 

this is an Ldap error check your properties probably baseDn 

2018-02-08 12:00 GMT-03:00 Cheltenham, Chris < ccheltenham-...@philasd.org > : 

BQ_BEGIN

David, 

I have the following jars. 
Is this sufficient for ldap support? 

[root@devcas5 lib]# pwd 
/opt/tcat/webapps/cas/WEB-INF/lib 
[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 35536 Jan 26 13:26 
cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Nov 27 11:40 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Nov 27 11:40 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Nov 27 11:40 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Nov 27 11:40 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
[root@devcas5 lib]# 

My error is this - 
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] - 
<[ccheltenham-ext] was not found in the map.> 
2018-02-07 15:28:16,452 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthent

Re: [cas-user] CAS 5.2.x

[Cheltenham, Chris]

Man, 

The basedn is correct in cas.properties. 


This search returns data so you can see the base dn. 
ldapsearch -H "ldaps://testldap.philasd.net" -x -w 'x' -LLL -b 
"dc=philasd,dc=org" -D "uid=shibauth,ou=svc_accts,dc=philasd,dc=org" 
"uid=ccheltenham-ext" 


[root@devcas5 config]# cat cas.properties | grep basedn 
[root@devcas5 config]# cat cas.properties | grep -i basedn 
cas.authn.ldap[0].baseDn=dc=philasd,dc=org 



=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "Man H"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 10:17:57 AM 
Subject: Re: [cas-user] CAS 5.2.x 

this is an Ldap error check your properties probably baseDn 

2018-02-08 12:00 GMT-03:00 Cheltenham, Chris < ccheltenham-...@philasd.org > : 



David, 

I have the following jars. 
Is this sufficient for ldap support? 

[root@devcas5 lib]# pwd 
/opt/tcat/webapps/cas/WEB-INF/lib 
[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 35536 Jan 26 13:26 
cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Nov 27 11:40 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Nov 27 11:40 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Nov 27 11:40 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Nov 27 11:40 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
[root@devcas5 lib]# 

My error is this - 
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] - 
<[ccheltenham-ext] was not found in the map.> 
2018-02-07 15:28:16,452 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[AcceptUsersAuthenticationHandler] exception details: [ccheltenham-ext not 
found in backing map.].> 
2018-02-07 15:28:16,452 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
 


=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 7:54:21 AM 
Subject: Re: [cas-user] CAS 5.2.x 


$ jar tvf cas.war | grep ldap 
WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 
$ 

The cas-server-support-ldap-5.2.2.jar is the one you're looking for. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 7:27 AM, Cheltenham, Chris < ccheltenham-...@philasd.org 
> wrote: 

BQ_BEGIN

Hello folks, 

I think I have been confusing everyone with too much incongruent information. 

If I may I will ask things in a more logical manner. 

I an still not able to connect with CAS 5 via LDAP. 

My first question is , how do I know the ldap dependency was built into the 
cas.war file? 







=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


-- 
- Website: https://apereo.github.io/cas 
- Gitter Chatroom: https://gitter.im/apereo/cas 
- List Guidelines: https://goo.gl/1VRrw7 
- Contributions: https://goo.gl/mh7qDG 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org . 
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/341032203.44492473.1518092860963.JavaMail.zimbra%40philasd.org
 . 






-- 
- Website: https://apereo.github.io/cas 
- Gitter Chatroom: https://gitter.im/apereo/cas 
- List Guidelines: https://goo.gl/1VRrw7 
- Contributions: https://goo.gl/mh7qDG 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Comm

Re: [cas-user] CAS 5.2.x

[Cheltenham, Chris]

David, 

These are my my pom.xml dependencies. 
Its funny we are all kind of guessing , that's why we are here I suppose. 
I certainly am guessing. 


 
 
org.apereo.cas 
cas-server-support-ldap 
 

 
org.apereo.cas 
cas-server-webapp${app.server} 
${cas.version} 
war 
runtime 
 
 

=== 



Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 10:18:41 AM 
Subject: Re: [cas-user] CAS 5.2.x 

I do not see this one: 




cas-server-support-ldap-5.2.2.jar 




which, I believe, is the one you need. I don't pretend to be an expert on these 
things. But when I build from the Maven overlay with this dependency included 
in pom.xml : 

 
org.apereo.cas 
cas-server-support-ldap 
${cas.version} 
 

Here's what I get: 


BQ_BEGIN

WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 

BQ_END


and when I build from the same pom.xml but with that dependency removed, here's 
what I get: 


BQ_BEGIN

WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 

BQ_END


So that tells me (or suggests, anyway) that you should be seeing 

WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 

(and maybe WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar ). 

Are you building with the Maven overlay? Have you tried deleting your Maven 
cache directory and re-doing the " mvnw clean package "? 

--Dave 





-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 10:00 AM, Cheltenham, Chris < 
ccheltenham-...@philasd.org > wrote: 

BQ_BEGIN

David, 

I have the following jars. 
Is this sufficient for ldap support? 

[root@devcas5 lib]# pwd 
/opt/tcat/webapps/cas/WEB-INF/lib 
[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 35536 Jan 26 13:26 
cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Nov 27 11:40 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Nov 27 11:40 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Nov 27 11:40 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Nov 27 11:40 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
[root@devcas5 lib]# 

My error is this - 
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] - 
<[ccheltenham-ext] was not found in the map.> 
2018-02-07 15:28:16,452 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[AcceptUsersAuthenticationHandler] exception details: [ccheltenham-ext not 
found in backing map.].> 
2018-02-07 15:28:16,452 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
 


=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry" < david.cu...@newschool.edu > 
To: "cas-user" < cas-user@apereo.org > 
Sent: Thursday, February 8, 2018 7:54:21 AM 
Subject: Re: [cas-user] CAS 5.2.x 


$ jar tvf cas.war | grep ldap 
WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 
$ 

The cas-server-support-ldap-5.2.2.jar is the one you're looking for. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 7:27 AM, Cheltenham, Chris < ccheltenham-...@phila

Re: [cas-user] CAS 5.2.x

[Cheltenham, Chris]

David, 

I have the following jars. 
Is this sufficient for ldap support? 

[root@devcas5 lib]# pwd 
/opt/tcat/webapps/cas/WEB-INF/lib 
[root@devcas5 lib]# ll | grep ldap 
-rw-r- 1 root root 35536 Jan 26 13:26 
cas-server-support-ldap-core-5.2.2.jar 
-rw-r- 1 root root 802456 Nov 27 11:40 ldaptive-1.2.3.jar 
-rw-r- 1 root root 37195 Nov 27 11:40 ldaptive-apache-1.2.3.jar 
-rw-r- 1 root root 100050 Nov 27 11:40 ldaptive-beans-1.2.3.jar 
-rw-r- 1 root root 40832 Nov 27 11:40 ldaptive-unboundid-1.2.3.jar 
-rw-r- 1 root root 1991909 Aug 13 01:08 unboundid-ldapsdk-3.2.1.jar 
[root@devcas5 lib]# 

My error is this - 
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,450 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 -  
2018-02-07 15:28:16,451 DEBUG 
[org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] - 
<[ccheltenham-ext] was not found in the map.> 
2018-02-07 15:28:16,452 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[AcceptUsersAuthenticationHandler] exception details: [ccheltenham-ext not 
found in backing map.].> 
2018-02-07 15:28:16,452 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
 


=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 7:54:21 AM 
Subject: Re: [cas-user] CAS 5.2.x 


$ jar tvf cas.war | grep ldap 
WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 
$ 

The cas-server-support-ldap-5.2.2.jar is the one you're looking for. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 7:27 AM, Cheltenham, Chris < ccheltenham-...@philasd.org 
> wrote: 



Hello folks, 

I think I have been confusing everyone with too much incongruent information. 

If I may I will ask things in a more logical manner. 

I an still not able to connect with CAS 5 via LDAP. 

My first question is , how do I know the ldap dependency was built into the 
cas.war file? 







=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


-- 
- Website: https://apereo.github.io/cas 
- Gitter Chatroom: https://gitter.im/apereo/cas 
- List Guidelines: https://goo.gl/1VRrw7 
- Contributions: https://goo.gl/mh7qDG 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org . 
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/341032203.44492473.1518092860963.JavaMail.zimbra%40philasd.org
 . 






-- 
- Website: https://apereo.github.io/cas 
- Gitter Chatroom: https://gitter.im/apereo/cas 
- List Guidelines: https://goo.gl/1VRrw7 
- Contributions: https://goo.gl/mh7qDG 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org . 
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XANEt0K3ugKG7O5%3DT9p5C8%3DsVOnqsz50xuU0wrfmkFg7mg%40mail.gmail.com
 . 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/642964186.44524329.1518102001703.JavaMail.zimbra%40philasd.org.

Re: [cas-user] CAS 5.2.x

[Cheltenham, Chris]

David, 

Thank You !! 


=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


From: "David Curry"  
To: "cas-user"  
Sent: Thursday, February 8, 2018 7:54:21 AM 
Subject: Re: [cas-user] CAS 5.2.x 


$ jar tvf cas.war | grep ldap 
WEB-INF/lib/cas-server-support-ldap-5.2.2.jar 
WEB-INF/lib/cas-server-support-ldap-core-5.2.2.jar 
WEB-INF/lib/ldaptive-1.2.3.jar 
WEB-INF/lib/ldaptive-beans-1.2.3.jar 
WEB-INF/lib/ldaptive-unboundid-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-4.0.1.jar 
WEB-INF/lib/ldaptive-apache-1.2.3.jar 
WEB-INF/lib/unboundid-ldapsdk-3.2.1.jar 
$ 

The cas-server-support-ldap-5.2.2.jar is the one you're looking for. 

--Dave 




-- 


DAVID A. CURRY, CISSP 
DIRECTOR OF INFORMATION SECURITY 
INFORMATION TECHNOLOGY 

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 
+1 212 229-5300 x4728 • david.cu...@newschool.edu 




On Thu, Feb 8, 2018 at 7:27 AM, Cheltenham, Chris < ccheltenham-...@philasd.org 
> wrote: 



Hello folks, 

I think I have been confusing everyone with too much incongruent information. 

If I may I will ask things in a more logical manner. 

I an still not able to connect with CAS 5 via LDAP. 

My first question is , how do I know the ldap dependency was built into the 
cas.war file? 







=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 


-- 
- Website: https://apereo.github.io/cas 
- Gitter Chatroom: https://gitter.im/apereo/cas 
- List Guidelines: https://goo.gl/1VRrw7 
- Contributions: https://goo.gl/mh7qDG 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org . 
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/341032203.44492473.1518092860963.JavaMail.zimbra%40philasd.org
 . 






-- 
- Website: https://apereo.github.io/cas 
- Gitter Chatroom: https://gitter.im/apereo/cas 
- List Guidelines: https://goo.gl/1VRrw7 
- Contributions: https://goo.gl/mh7qDG 
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org . 
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XANEt0K3ugKG7O5%3DT9p5C8%3DsVOnqsz50xuU0wrfmkFg7mg%40mail.gmail.com
 . 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7875795.44497543.1518095082367.JavaMail.zimbra%40philasd.org.

[cas-user] CAS 5.2.x

[Cheltenham, Chris]

Hello folks, 

I think I have been confusing everyone with too much incongruent information. 

If I may I will ask things in a more logical manner. 

I an still not able to connect with CAS 5 via LDAP. 

My first question is , how do I know the ldap dependency was built into the 
cas.war file? 







=== 

Thank You; 

Chris Cheltenham 
Technology Services 
The School District of Philadelphia 

Work # 215-400-5025 
Cell # 215-301-6571 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/341032203.44492473.1518092860963.JavaMail.zimbra%40philasd.org.

RE: [cas-user] ldap error cas 5.2

[Cheltenham, Chris]

y, February 7, 2018 10:49 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] ldap error cas 5.2



# Control log levels via properties
logging.level.org.apereo.cas=debug

In cas startup you can see where properties are fetched from log like this.

  \_\   /_/

CAS Version: 5.2.2
CAS Commit Id: eefb26e6ea0f3f0505ea7dcfc7e11c4ebcb44b7d
CAS Build Date/Time: 2018-01-31T19:13:42Z
Spring Boot Version: 1.5.8.RELEASE

Java Home: /usr/local/jdk1.8.0_152/jre
Java Vendor: Oracle Corporation
Java Version: 1.8.0_152
JVM Free Memory: 560 MB
JVM Maximum Memory: 1 GB
JVM Total Memory: 928 MB
JCE Installed: No

OS Architecture: amd64
OS Name: Linux
OS Version: 4.13.0-32-generic
OS Date/Time: 2018-02-07T12:30:44.726
OS Temp Directory: /usr/local/apache-tomcat-8.5.23-cas5/temp



2018-02-07 12:30:44,791 INFO 
[org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration] 
 - 
2018-02-07 12:30:44,825 INFO 
[org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration] 
 - 
2018-02-07 12:30:44,826 INFO 
[org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration]
 
 - 
2018-02-07 12:30:44,920 INFO 
[org.apereo.cas.web.CasWebApplicationServletInitializer] - 



2018-02-07 12:14 GMT-03:00 Cheltenham, Chris mailto:ccheltenham-...@philasd.org> >:

Man,



Let me be a bit cleaere.



How do I know the ldap dependency was incorporated into the cas.war file 
during after the build?





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From:  <mailto:cas-user@apereo.org> cas-user@apereo.org [mailto: 
<mailto:cas-user@apereo.org> cas-user@apereo.org] On Behalf Of Cheltenham, 
Chris
Sent: Wednesday, February 7, 2018 10:13 AM
To:  <mailto:cas-user@apereo.org> cas-user@apereo.org
Subject: RE: [cas-user] ldap error cas 5.2



Man,



The question you asked is actually no clear to me.

How do I know the ldap support was loaded during the build.



It IS in the pom.xml but how can a verify its in there?





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From:  <mailto:cas-user@apereo.org> cas-user@apereo.org [ 
<mailto:cas-user@apereo.org> mailto:cas-user@apereo.org] On Behalf Of Man H
Sent: Tuesday, February 6, 2018 4:55 PM
To:  <mailto:cas-user@apereo.org> cas-user@apereo.org
Subject: Re: [cas-user] ldap error cas 5.2



Do you have ldap support dependency?



2018-02-06 15:45 GMT-03:00 Cheltenham, Chris mailto:ccheltenham-...@philasd.org> >:



Hello,



I am getting this error in my logs loggin in via LDAP.



2018-02-06 13:40:52,503 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 


2018-02-06 13:40:52,504 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - http://devldapm-mgmt.philasd.net>

cas.authn.ldap[0].dnFormat=

cas.authn.ldap[0].baseDn=dc=philasd,dc=org

cas.authn.ldap[0].connectTimeout=5000

cas.authn.ldap[0].principalAttributeId=casauth

cas.authn.ldap[0].principalAttributePassword=xx

cas.authn.ldap[0].minPoolSize=3

cas.authn.ldap[0].maxPoolSize=10

cas.authn.ldap[0].validateOnCheckout=true

cas.authn.ldap[0].validatePeriodically=true

cas.authn.ldap[0].validatePeriod=600

cas.authn.ldap[0].failFast=true

cas.authn.ldap[0].idleTime=5000

cas.authn.ldap[0].prunePeriod=5000

cas.authn.ldap[0].blockWaitTime=5000







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00c201d39f7a%249aea9e10%24d0bfda30%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/00c201d39f7a%249aea9e10%24d0bfda30%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving

RE: [cas-user] ldap error cas 5.2

[Cheltenham, Chris]

Man,



I may have found the issue.

I cannot connect to LDAP servers via 636 but I can 389.

Therefore, am looking into importing the certs in the proper places.

Hopefully that is my issue.



But thanks for your help

===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Man H
Sent: Wednesday, February 7, 2018 10:49 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] ldap error cas 5.2



# Control log levels via properties
logging.level.org.apereo.cas=debug

In cas startup you can see where properties are fetched from log like this.

  \_\   /_/

CAS Version: 5.2.2
CAS Commit Id: eefb26e6ea0f3f0505ea7dcfc7e11c4ebcb44b7d
CAS Build Date/Time: 2018-01-31T19:13:42Z
Spring Boot Version: 1.5.8.RELEASE

Java Home: /usr/local/jdk1.8.0_152/jre
Java Vendor: Oracle Corporation
Java Version: 1.8.0_152
JVM Free Memory: 560 MB
JVM Maximum Memory: 1 GB
JVM Total Memory: 928 MB
JCE Installed: No

OS Architecture: amd64
OS Name: Linux
OS Version: 4.13.0-32-generic
OS Date/Time: 2018-02-07T12:30:44.726
OS Temp Directory: /usr/local/apache-tomcat-8.5.23-cas5/temp



2018-02-07 12:30:44,791 INFO 
[org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration] 
 - 
2018-02-07 12:30:44,825 INFO 
[org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration] 
 - 
2018-02-07 12:30:44,826 INFO 
[org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration]
 
 - 
2018-02-07 12:30:44,920 INFO 
[org.apereo.cas.web.CasWebApplicationServletInitializer] - 



2018-02-07 12:14 GMT-03:00 Cheltenham, Chris mailto:ccheltenham-...@philasd.org> >:

Man,



Let me be a bit cleaere.



How do I know the ldap dependency was incorporated into the cas.war file 
during after the build?





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of 
Cheltenham, Chris
Sent: Wednesday, February 7, 2018 10:13 AM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: RE: [cas-user] ldap error cas 5.2



Man,



The question you asked is actually no clear to me.

How do I know the ldap support was loaded during the build.



It IS in the pom.xml but how can a verify its in there?





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org] On Behalf Of Man H
Sent: Tuesday, February 6, 2018 4:55 PM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] ldap error cas 5.2



Do you have ldap support dependency?



2018-02-06 15:45 GMT-03:00 Cheltenham, Chris mailto:ccheltenham-...@philasd.org> >:



Hello,



I am getting this error in my logs loggin in via LDAP.



2018-02-06 13:40:52,503 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 


2018-02-06 13:40:52,504 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - http://devldapm-mgmt.philasd.net>

cas.authn.ldap[0].dnFormat=

cas.authn.ldap[0].baseDn=dc=philasd,dc=org

cas.authn.ldap[0].connectTimeout=5000

cas.authn.ldap[0].principalAttributeId=casauth

cas.authn.ldap[0].principalAttributePassword=xx

cas.authn.ldap[0].minPoolSize=3

cas.authn.ldap[0].maxPoolSize=10

cas.authn.ldap[0].validateOnCheckout=true

cas.authn.ldap[0].validatePeriodically=true

cas.authn.ldap[0].validatePeriod=600

cas.authn.ldap[0].failFast=true

cas.authn.ldap[0].idleTime=5000

cas.authn.ldap[0].prunePeriod=5000

cas.authn.ldap[0].blockWaitTime=5000







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00c201d39f7a%249aea9e10%24d0bfda30%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/00c201d39f7a%24

RE: [cas-user] ldap error cas 5.2

[Cheltenham, Chris]

Man,



Let me be a bit cleaere.



How do I know the ldap dependency was incorporated into the cas.war file 
during after the build?





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of 
Cheltenham, Chris
Sent: Wednesday, February 7, 2018 10:13 AM
To: cas-user@apereo.org
Subject: RE: [cas-user] ldap error cas 5.2



Man,



The question you asked is actually no clear to me.

How do I know the ldap support was loaded during the build.



It IS in the pom.xml but how can a verify its in there?





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org] On Behalf Of Man H
Sent: Tuesday, February 6, 2018 4:55 PM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] ldap error cas 5.2



Do you have ldap support dependency?



2018-02-06 15:45 GMT-03:00 Cheltenham, Chris mailto:ccheltenham-...@philasd.org> >:



Hello,



I am getting this error in my logs loggin in via LDAP.



2018-02-06 13:40:52,503 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 


2018-02-06 13:40:52,504 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00c201d39f7a%249aea9e10%24d0bfda30%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/00c201d39f7a%249aea9e10%24d0bfda30%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midn4n%3D%2BV7_2qQPMyK28gFmUGDYq48bj5OCy4BEW-RDH_w%40mail.gmail.com
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midn4n%3D%2BV7_2qQPMyK28gFmUGDYq48bj5OCy4BEW-RDH_w%40mail.gmail.com?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00d901d3a026%242a9b2b50%247fd181f0%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/00d901d3a026%242a9b2b50%247fd181f0%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00e901d3a026%2464ad8090%242e0881b0%24%40philasd.org.

RE: [cas-user] ldap error cas 5.2

[Cheltenham, Chris]

Man,



The question you asked is actually no clear to me.

How do I know the ldap support was loaded during the build.



It IS in the pom.xml but how can a verify its in there?





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Man H
Sent: Tuesday, February 6, 2018 4:55 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] ldap error cas 5.2



Do you have ldap support dependency?



2018-02-06 15:45 GMT-03:00 Cheltenham, Chris mailto:ccheltenham-...@philasd.org> >:



Hello,



I am getting this error in my logs loggin in via LDAP.



2018-02-06 13:40:52,503 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 


2018-02-06 13:40:52,504 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - http://devldapm-mgmt.philasd.net>

cas.authn.ldap[0].dnFormat=

cas.authn.ldap[0].baseDn=dc=philasd,dc=org

cas.authn.ldap[0].connectTimeout=5000

cas.authn.ldap[0].principalAttributeId=casauth

cas.authn.ldap[0].principalAttributePassword=xx

cas.authn.ldap[0].minPoolSize=3

cas.authn.ldap[0].maxPoolSize=10

cas.authn.ldap[0].validateOnCheckout=true

cas.authn.ldap[0].validatePeriodically=true

cas.authn.ldap[0].validatePeriod=600

cas.authn.ldap[0].failFast=true

cas.authn.ldap[0].idleTime=5000

cas.authn.ldap[0].prunePeriod=5000

cas.authn.ldap[0].blockWaitTime=5000







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00c201d39f7a%249aea9e10%24d0bfda30%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/00c201d39f7a%249aea9e10%24d0bfda30%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midn4n%3D%2BV7_2qQPMyK28gFmUGDYq48bj5OCy4BEW-RDH_w%40mail.gmail.com
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midn4n%3D%2BV7_2qQPMyK28gFmUGDYq48bj5OCy4BEW-RDH_w%40mail.gmail.com?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00d901d3a026%242a9b2b50%247fd181f0%24%40philasd.org.

RE: [cas-user] ldap error cas 5.2

[Cheltenham, Chris]

Does this help?



[root@devcas5 logs]# cat catalina.out | grep -i debug | grep -i ccheltenham

2018-02-07 09:50:32,421 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
 - 

2018-02-07 09:50:32,422 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
 - 

2018-02-07 09:50:32,423 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
 - 

2018-02-07 09:50:32,423 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
 - 

2018-02-07 09:50:32,424 DEBUG 
[org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] - 
<[ccheltenham-ext] was not found in the map.>

2018-02-07 09:50:32,424 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[AcceptUsersAuthenticationHandler] exception details: [ccheltenham-ext not 
found in backing map.].>

2018-02-07 09:50:35,202 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
 - 

2018-02-07 09:50:35,202 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
 - 

2018-02-07 09:50:35,203 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
 - 

2018-02-07 09:50:35,203 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
 - 

2018-02-07 09:50:35,203 DEBUG 
[org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] - 
<[ccheltenham-ext] was not found in the map.>

2018-02-07 09:50:35,212 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[AcceptUsersAuthenticationHandler] exception details: [ccheltenham-ext not 
found in backing map.].>

2018-02-07 09:50:36,391 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
 - 

2018-02-07 09:50:36,391 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
 - 

2018-02-07 09:50:36,392 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
 - 

2018-02-07 09:50:36,392 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
 - 

2018-02-07 09:50:36,392 DEBUG 
[org.apereo.cas.authentication.AcceptUsersAuthenticationHandler] - 
<[ccheltenham-ext] was not found in the map.>

2018-02-07 09:50:36,393 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[AcceptUsersAuthenticationHandler] exception details: [ccheltenham-ext not 
found in backing map.].>

[root@devcas5 logs]#





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Man H
Sent: Wednesday, February 7, 2018 8:32 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] ldap error cas 5.2



Could you attach start up log with debug set

El miércoles, 7 de febrero de 2018, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > 
escribió:

Yes I do.



===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of Man 
H
Sent: Tuesday, February 6, 2018 4:55 PM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] ldap error cas 5.2



Do you have ldap support dependency?



2018-02-06 15:45 GMT-03:00 Cheltenham, Chris mailto:ccheltenham-...@philasd.org> >:



Hello,



I am getting this error in my logs loggin in via LDAP.



2018-02-06 13:40:52,503 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 


2018-02-06 13:40:52,504 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - http://devldapm-mgmt.philasd.net>

cas.authn.ldap[0].dnFormat=

cas.authn.ldap[0].baseDn=dc=philasd,dc=org

cas.authn.ldap[0].connectTimeout=5000

cas.authn.ldap[0].principalAttributeId=casauth

cas.authn.ldap[0].principalAttributePassword=xx

cas.authn.ldap[0].minPoolSize=3

cas.authn.ldap[0].maxPoolSize=10

cas.authn.ldap[0].validateOnCheckout=true

cas.authn.ldap[0].validatePeriodically=true

cas.authn.ldap[0].validatePeriod=600

cas.authn.ldap[0].failFast=true

cas.authn.ldap[0].idleTime=5000

cas.authn.ldap[0].prunePeriod=5000

cas.authn.ldap[0].blockWaitTime=5000







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- L

RE: [cas-user] ldap error cas 5.2

[Cheltenham, Chris]

Man,



First I would like to thank you for taking the time to help.



How do I set the logs in debug mode?

Do I globally change info to debug in the log4j2.xml?





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Man H
Sent: Wednesday, February 7, 2018 8:32 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] ldap error cas 5.2



Could you attach start up log with debug set

El miércoles, 7 de febrero de 2018, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > 
escribió:

Yes I do.



===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of Man 
H
Sent: Tuesday, February 6, 2018 4:55 PM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] ldap error cas 5.2



Do you have ldap support dependency?



2018-02-06 15:45 GMT-03:00 Cheltenham, Chris mailto:ccheltenham-...@philasd.org> >:



Hello,



I am getting this error in my logs loggin in via LDAP.



2018-02-06 13:40:52,503 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 


2018-02-06 13:40:52,504 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - http://devldapm-mgmt.philasd.net>

cas.authn.ldap[0].dnFormat=

cas.authn.ldap[0].baseDn=dc=philasd,dc=org

cas.authn.ldap[0].connectTimeout=5000

cas.authn.ldap[0].principalAttributeId=casauth

cas.authn.ldap[0].principalAttributePassword=xx

cas.authn.ldap[0].minPoolSize=3

cas.authn.ldap[0].maxPoolSize=10

cas.authn.ldap[0].validateOnCheckout=true

cas.authn.ldap[0].validatePeriodically=true

cas.authn.ldap[0].validatePeriod=600

cas.authn.ldap[0].failFast=true

cas.authn.ldap[0].idleTime=5000

cas.authn.ldap[0].prunePeriod=5000

cas.authn.ldap[0].blockWaitTime=5000







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00c201d39f7a%249aea9e10%24d0bfda30%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/00c201d39f7a%249aea9e10%24d0bfda30%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midn4n%3D%2BV7_2qQPMyK28gFmUGDYq48bj5OCy4BEW-RDH_w%40mail.gmail.com
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midn4n%3D%2BV7_2qQPMyK28gFmUGDYq48bj5OCy4BEW-RDH_w%40mail.gmail.com?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/004701d3a014%245a1fa610%240e5ef230%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/004701d3a014%245a1fa610%240e5ef230%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to ca

RE: [cas-user] ldap error cas 5.2

[Cheltenham, Chris]

Yes I do.



===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Man H
Sent: Tuesday, February 6, 2018 4:55 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] ldap error cas 5.2



Do you have ldap support dependency?



2018-02-06 15:45 GMT-03:00 Cheltenham, Chris mailto:ccheltenham-...@philasd.org> >:



Hello,



I am getting this error in my logs loggin in via LDAP.



2018-02-06 13:40:52,503 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 


2018-02-06 13:40:52,504 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - http://devldapm-mgmt.philasd.net>

cas.authn.ldap[0].dnFormat=

cas.authn.ldap[0].baseDn=dc=philasd,dc=org

cas.authn.ldap[0].connectTimeout=5000

cas.authn.ldap[0].principalAttributeId=casauth

cas.authn.ldap[0].principalAttributePassword=xx

cas.authn.ldap[0].minPoolSize=3

cas.authn.ldap[0].maxPoolSize=10

cas.authn.ldap[0].validateOnCheckout=true

cas.authn.ldap[0].validatePeriodically=true

cas.authn.ldap[0].validatePeriod=600

cas.authn.ldap[0].failFast=true

cas.authn.ldap[0].idleTime=5000

cas.authn.ldap[0].prunePeriod=5000

cas.authn.ldap[0].blockWaitTime=5000







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00c201d39f7a%249aea9e10%24d0bfda30%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/00c201d39f7a%249aea9e10%24d0bfda30%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midn4n%3D%2BV7_2qQPMyK28gFmUGDYq48bj5OCy4BEW-RDH_w%40mail.gmail.com
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5midn4n%3D%2BV7_2qQPMyK28gFmUGDYq48bj5OCy4BEW-RDH_w%40mail.gmail.com?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/004701d3a014%245a1fa610%240e5ef230%24%40philasd.org.

[cas-user] ldap error cas 5.2

[Cheltenham, Chris]

Hello,

 

I am getting this error in my logs loggin in via LDAP.

 

2018-02-06 13:40:52,503 ERROR
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -


2018-02-06 13:40:52,504 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00c201d39f7a%249aea9e10%24d0bfda30%24%40philasd.org.

RE: [cas-user] CAS 5.2.x

[Cheltenham, Chris]

David,



I am using gradle because Unicon told me it is the preferred build tool.

Our management wants me to use what Unicon suggests because we pay for their 
support.

However I realize they support both.

In actuality I want to know how to build with either in case one is 
problematic.



I appreciate your help and I will read your overlay tomorrow.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
Curry
Sent: Monday, February 5, 2018 1:57 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS 5.2.x



Chris,



Are you using the Gradle overlay because you need to, or because you don't 
know which one to use. IMHO, unless you're going to be building CAS from 
source, the Maven overlay is easier to work with if you're not familiar with 
either tool.



If you use the Maven overlay 
(https://github.com/apereo/cas-overlay-template), then you'd add the 
 lines Man provided to the  section of pom.xml 
(around line 69) so that you end up with something like this:



org.apereo.cas
cas-server-webapp${app.server}
${cas.version}
war
runtime


org.apereo.cas
cas-server-support-json-service-registry
${cas.version}


org.apereo.cas
cas-server-support-ldap
${cas.version}



Then re-build the WAR file with



./mvnw clean package



If you're not a developer (I'm not a Java developer either), you might find 
the documentation I've been assembling helpful. It's not official, and it's 
certainly not the only way to do things, but it's one step at a time and 
full of examples...



https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html



--Dave








--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 •  <mailto:david.cu...@newschool.edu> 
david.cu...@newschool.edu

  <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>



On Mon, Feb 5, 2018 at 1:40 PM, Cheltenham, Chris 
mailto:ccheltenham-...@philasd.org> > wrote:

Man,



Are you saying the dependency goes into build.gradle?



See the problem with CAS documentation, if you are not a developer, you don’t 
know what anyone is talking about.

So I apologize if I am asking rudimentary questions.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of Man 
H
Sent: Monday, February 5, 2018 1:38 PM


To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] CAS 5.2.x



dee https://github.com/apereo/cas-gradle-overlay-template



CAS modules may be specified under the dependencies block of the CAS 
subproject 
<https://github.com/apereo/cas-gradle-overlay-template/blob/master/cas/build.gradle>
 
:

dependencies {
compile 
"org.apereo.cas:cas-server-webapp-tomcat:${project.'cas.version'}@war"
compile "org.apereo.cas:cas-server-some-module:${project.'cas.version'}"
...
}





2018-02-05 15:31 GMT-03:00 Cheltenham, Chris mailto:ccheltenham-...@philasd.org> >:

Thanks I get that.



But to what and where.



I in the cas-gradle-overlay-template-master

There’s not pom.xml in the git repo I cloned.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of Man 
H
Sent: Monday, February 5, 2018 1:21 PM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] CAS 5.2.x



just add

org.apereo.cas
cas-server-support-ldap




2018-02-05 15:14 GMT-03:00 Chris Cheltenham mailto:ccheltenham-...@philasd.org> >:

Hello,

I am not understanding how to bundle the LDAP authentication handler into 
the cas.war file.

Any suggestions?


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.o

RE: [cas-user] CAS 5.2.x

[Cheltenham, Chris]

Man,



Are you saying the dependency goes into build.gradle?



See the problem with CAS documentation, if you are not a developer, you don’t 
know what anyone is talking about.

So I apologize if I am asking rudimentary questions.





===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Man H
Sent: Monday, February 5, 2018 1:38 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS 5.2.x



dee https://github.com/apereo/cas-gradle-overlay-template



CAS modules may be specified under the dependencies block of the CAS 
subproject 
<https://github.com/apereo/cas-gradle-overlay-template/blob/master/cas/build.gradle>
 
:

dependencies {
compile 
"org.apereo.cas:cas-server-webapp-tomcat:${project.'cas.version'}@war"
compile "org.apereo.cas:cas-server-some-module:${project.'cas.version'}"
...
}





2018-02-05 15:31 GMT-03:00 Cheltenham, Chris mailto:ccheltenham-...@philasd.org> >:

Thanks I get that.



But to what and where.



I in the cas-gradle-overlay-template-master

There’s not pom.xml in the git repo I cloned.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org <mailto:cas-user@apereo.org> 
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of Man 
H
Sent: Monday, February 5, 2018 1:21 PM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] CAS 5.2.x



just add

org.apereo.cas
cas-server-support-ldap




2018-02-05 15:14 GMT-03:00 Chris Cheltenham mailto:ccheltenham-...@philasd.org> >:

Hello,

I am not understanding how to bundle the LDAP authentication handler into 
the cas.war file.

Any suggestions?


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/78216792-820e-4d47-a969-ea7162e43678%40apereo.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/78216792-820e-4d47-a969-ea7162e43678%40apereo.org?utm_medium=email&utm_source=footer>
 
.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .

To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mic8zJkXRJchfqJ0q0orUy%2Bv0_nQtf7y-q9JaK8uOhuPuQ%40mail.gmail.com
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mic8zJkXRJchfqJ0q0orUy%2Bv0_nQtf7y-q9JaK8uOhuPuQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/009b01d39eaf%24965d7910%24c3186b30%24%40philasd.org
 
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/009b01d39eaf%24965d7910%24c3186b30%24%40philasd.org?utm_medium=email&utm_source=footer>
 
.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mierN2xc_dVMM1h8%3D5GwK-6%2Bb3gydqMHNe84hOCABEBCUg%40mail.gmail.com
 
<https://groups.go

RE: [cas-user] CAS 5.2.x

[Cheltenham, Chris]

Thanks I get that.



But to what and where.



I in the cas-gradle-overlay-template-master

There’s not pom.xml in the git repo I cloned.







===

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Man H
Sent: Monday, February 5, 2018 1:21 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] CAS 5.2.x



just add

org.apereo.cas
cas-server-support-ldap




2018-02-05 15:14 GMT-03:00 Chris Cheltenham mailto:ccheltenham-...@philasd.org> >:

Hello,

I am not understanding how to bundle the LDAP authentication handler into 
the cas.war file.

Any suggestions?


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
 .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/78216792-820e-4d47-a969-ea7162e43678%40apereo.org
 

 
.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups 
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to cas-user+unsubscr...@apereo.org 
 .
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mic8zJkXRJchfqJ0q0orUy%2Bv0_nQtf7y-q9JaK8uOhuPuQ%40mail.gmail.com
 

 
.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/009b01d39eaf%24965d7910%24c3186b30%24%40philasd.org.