Re: [cas-user] SAML Authentication. Application can't authorize to use cas
Hi, This is the trace after authentication process 2017-07-06 09:52:35,951 DEBUG [org.apereo.cas.web.support.DefaultCasCookieValueManager] - 2017-07-06 09:52:35,951 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 2017-07-06 09:52:35,951 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 2017-07-06 09:52:35,956 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 2017-07-06 09:52:35,956 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 2017-07-06 09:52:35,956 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 2017-07-06 09:52:35,975 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 2017-07-06 09:52:35,976 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 2017-07-06 09:52:35,979 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 2017-07-06 09:52:35,980 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 2017-07-06 09:52:35,980 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - *2017-07-06 09:52:35,982 DEBUG [org.apereo.cas.support.saml.authentication.principal.SamlServiceFactory] - * 2017-07-06 09:52:35,982 DEBUG [org.apereo.cas.authentication.principal.WebApplicationServiceFactory] - 2017-07-06 09:52:35,982 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - 2017-07-06 09:52:35,983 DEBUG [org.apereo.cas.web.support.AbstractArgumentExtractor] - 2017-07-06 09:53:02,655 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - 2017-07-06 09:53:02,655 DEBUG [org.apereo.cas.authentication.PseudoPlatformTransactionManager] - I do not know if something is missing to configure. Thanks a lot!! El miércoles, 5 de julio de 2017, 20:36:34 (UTC+2), Song, Doe-Hyun escribió: > > Look at Servie Registry. I used json to set up service for SAML. See the > following links. > > > > > https://apereo.github.io/cas/5.0.x/installation/Configuring-SAML2-Authentication.html#saml-services > > > > > https://apereo.github.io/cas/5.0.x/installation/JSON-Service-Management.html > > https://apereo.github.io/cas/5.0.x/installation/Service-Management.html > > > > > > > https://apereo.github.io/cas/5.0.x/installation/Configuration-Properties.html#service-registry > > > https://apereo.github.io/cas/5.0.x/installation/Configuration-Properties.html#resource-based-service-registry > > > > > > > > > > *From:* cas-...@apereo.org [mailto:cas-...@apereo.org > ] *On Behalf Of *Marco Osorio > *Sent:* Thursday, June 29, 2017 5:32 AM > *To:* CAS Community > *Subject:* [cas-user] SAML Authentication. Application can't authorize to > use cas > > > > Hello everyone, > > I have managed to configure SAML2 and load the Idp-metadata, which > generates it automatically and the sp-metadata generated by the SP plugin. > > I have entered the CAS manager and added the SP, but when I try to > authenticate, CAS tells me that the application is not authorized to use > cas. > > I loaded the idp-metadata into the plugin to render the parameters and ok. > > > > My question is what do I need to be able to authenticate correctly? > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/9798020d-443f-4f30-8ba1-4dce12864a05%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/9798020d-443f-4f30-8ba1-4dce12864a05%40apereo.org?utm_medium=email_source=footer> > . > > The information contained in this e-mail and any attachments is confidential > and > intended only for the recipient. If you are not the intended recipient, the > information contained in this message may not be used, copied, or forwarded to > third parties or otherwise distributed for any other purpose. Please notify > the > sender if you received this e-mail in error and delete the e-mail and its > attachments promptly. Nothing in this e-mail may be used or deemed to form > the > basis of a contractual or any other legally binding obligation unless > separately > confirmed in writing by an authorized representative of ARMADA. > > -- - CAS gitter cha
Re: [cas-user] SAML Authentication. Application can't authorize to use cas
Hi Richard, Thanks for you answer. This is my JSON Service { *@class: org.apereo.cas.support.saml.services.SamlRegisteredService* serviceId: ^https://jira.myDomain.com/plugins/servlet/* name: JIRA-SAMLTest id: 3032504042888199 description: JIRA SAML Testing proxyPolicy: { @class: org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy } evaluationOrder: 1 usernameAttributeProvider: { @class: org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider canonicalizationMode: NONE encryptUsername: false } attributeReleasePolicy: { @class: org.apereo.cas.services.ReturnAllAttributeReleasePolicy principalAttributesRepository: { @class: org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository expiration: 2 timeUnit: HOURS } authorizedToReleaseCredentialPassword: false authorizedToReleaseProxyGrantingTicket: false excludeDefaultAttributes: false } multifactorPolicy: { @class: org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy failureMode: CLOSED bypassEnabled: false } logoutUrl: https://jira.myDomain.com/logout accessStrategy: { @class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy enabled: true ssoEnabled: true requireAllAttributes: true caseInsensitive: false } *metadataLocation: /etc/cas/saml/sp/jira-test-metadata.xml* metadataMaxValidity: 0 metadataSignatureLocation: signAssertions: false signResponses: true encryptAssertions: true metadataCriteriaRoles: SPSSODescriptor metadataCriteriaRemoveEmptyEntitiesDescriptors: false metadataCriteriaRemoveRolelessEntityDescriptors: false } I don't know if is correct El jueves, 29 de junio de 2017, 14:53:14 (UTC+2), richard.frovarp escribió: > > On 06/29/2017 04:31 AM, Marco Osorio wrote: > > Hello everyone, > > I have managed to configure SAML2 and load the Idp-metadata, which > > generates it automatically and the sp-metadata generated by the SP > plugin. > > I have entered the CAS manager and added the SP, but when I try to > > authenticate, CAS tells me that the application is not authorized to > > use cas. > > I loaded the idp-metadata into the plugin to render the parameters and > ok. > > > > My question is what do I need to be able to authenticate correctly? > > Last line of your log file: > >[https://jira.myDomain.com/plugins/servlet/samlsso] in registry but the > match is not defined as a SAML service> > > You need to define the service as a SAML 2 service. If you are using the > manager, change the service type. If you are doing it via direct JSON, > follow the instructions in the documentation. > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b61d0532-ccae-451d-a387-e349c2760218%40apereo.org.
Re: [cas-user] Configure CAS 5.1 as SP
Thank you Misagh Moayyed for your short and prompt response. I would like to know then what I am doing wrong? I have configured the dependencies of https://apereo.github.io/cas/5.0.x/integration/Shibboleth.html#displaying-saml-mdui and this part is the one that still does not work for me https://apereo.github.io/cas/5.0.x/installation/Configuration-Properties.html#saml-metadata-ui . I do not know how to create the SP metadata for my JIRA Test application, it gives me errors when trying to load the jira-sp-metatada.xml. Could you be so kind as to tell me what is the minimum you should have configured? Thank you in advance El lunes, 26 de junio de 2017, 18:07:40 (UTC+2), Misagh Moayyed escribió: > > > > Hello everyone, > > Sorry for my ignorance, I am new to these issues and the configuration of > CAS brings me head, so I ask if it is possible to configure CAS 5.1 as IdP > and SP at the same time? > > > > Yes. It is. > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2f1a334f-e986-48e4-814b-792cdd497459%40apereo.org.
[cas-user] Configure CAS 5.1 as SP
Hello everyone, Sorry for my ignorance, I am new to these issues and the configuration of CAS brings me head, so I ask if it is possible to configure CAS 5.1 as IdP and SP at the same time or the SP must be external, there is some documentation to clarify. What are the properties and dependencies to be used ?. Thanks again. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0ac1220e-2b63-441f-97a4-f9b6abc82729%40apereo.org.
[cas-user] [CAS 5.1] Help with SAML2 Configuration in manager.
Hello, First of all, thanks for the good work on the new release. I have managed to configure cas-server and manager with LDAP AD and SAML2. I need somebody please help me to configure a service with SAML2 in the manager, there is no documentation on how to do it. What I want is that CAS acts as IdP, I have configured the properties, the metadata is accessible and I see the certificate data, etc. But how or what values to enter in the form. It is my first time in this type of configuration and I would be grateful if they would indicate the minimum values for it to work. I would greatly appreciate the help. Thank you all. By the way, in a previous post that I sent, on the premises of SAML of Shibboleth that did not solve the maven, it was a problem of our Nexus that does not solve the url of release of Shibboleth, I commented it to be able to download the bookstores and to be able to ahcer The test. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6090e153-2284-4977-bf70-b303e8206e98%40apereo.org.
[cas-user] Help!!! CAS and Manager :(
Hello everyone, I have been battling with the manager for many days and I have not been able to succeed with the configuration, it always generates the message "Access Denied". I have to configure CAS to authenticate with LDAP AD, this part I have succeeded in, not the correct way of assigning properties in the cas.propeties file located in "/etc/cas/config" because it does not recognize it in windows, even if I put the Values to cas.standalone.config as "file:/etc/cas/config" or "/etc/cas/config" or "/etc/cas/config/cas.properties" does not load them. If someone knows the answer, I would be grateful if you could tell me how to solve it. I follow. I compile the manager-overlay, I modify the user as follows: userid = userid, ROLE_ADMIN as in version 4.2.7 to have the admin users in file, but I do not think that this file is loaded as well because the propety is in the external management.properties War in "/etc/cas/config". I clarify that all this is in windows 7, in case there is any doubt, the routes I have also put the value "file:///c:/etc/cas/config" and gives the same. What am I doing wrong?. I have read the documentation and it is quite complex to understand to apply a few simple configuration parameters, it is very generic, you have to guess anyone who is new to CAS configuration, it will take more than two or four days doing wonders to achieve something stable. Should the manager be configured with the LDAP settings just like the CAS so that it does not generate that message? Are there any additional settings? I have tested with versions 5.0.5 and now with the 5.1 I think is more stable. The other problem that has arisen when I activate SAML and SAML2 is an error of a class that does not find, this was not happening with version 5.0.5, it can be a problem since it does not solve the repository of shibboleth and I had to download Manually the dependencies and place them in my local Maven repository, but even so when it starts the CAS-Server 5.1 generates that error. I appreciate the help that I can offer to configure them correctly. Reconosco that I am not skilled in this of configurations as I dedicate myself to the development of front-ent and backend. Thank you *Error trace SAML* 2017-06-08 13:19:04,527 DEBUG [org.opensaml.core.config.InitializationService] - 2017-06-08 13:19:04,528 DEBUG [org.opensaml.xmlsec.config.ApacheXMLSecurityInitializer] - 2017-06-08 13:19:04,529 DEBUG [org.opensaml.core.config.InitializationService] - 2017-06-08 13:19:04,581 DEBUG [org.apereo.cas.support.saml.OpenSamlConfigBean] - 2017-06-08 13:19:06,408 INFO [org.apereo.cas.support.saml.web.idp.metadata.TemplatedMetadataAndCertificatesGenerationService] - https://cas.pso.com:8443/cas/idp]> 2017-06-08 13:19:06,408 DEBUG [org.apereo.cas.support.saml.web.idp.metadata.TemplatedMetadataAndCertificatesGenerationService] - https://cas.pso.com:8443/cas/idp]> 2017-06-08 13:19:06,408 INFO [org.apereo.cas.support.saml.web.idp.metadata.TemplatedMetadataAndCertificatesGenerationService] - 2017-06-08 13:19:06,440 WARN [org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext] - 2017-06-08 13:19:06,461 WARN [org.apereo.cas.services.ServiceRegistryConfigWatcher] - 2017-06-08 13:19:06,473 ERROR [org.springframework.boot.SpringApplication] - org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlIdPObjectSignatureValidator' defined in class path resource [org/apereo/cas/config/SamlIdPConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlObjectSignatureValidator]: Factory method 'samlIdPObjectSignatureValidator' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'casSamlIdPMetadataResolver' defined in class path resource [org/apereo/cas/config/SamlIdPConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.opensaml.saml.metadata.resolver.MetadataResolver]: Factory method 'casSamlIdPMetadataResolver' threw exception; nested exception is java.lang.NoClassDefFoundError: net/shibboleth/ext/spring/resource/ResourceHelper at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599) ~[spring-beans-4.3.8.RELEASE.jar:4.3.8.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1173) ~[spring-beans-4.3.8.RELEASE.jar:4.3.8.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1067)
Re: [cas-user] CAS 5.0.5 Login in CAS Manager
Hi Sesharaju, Could you explain where the authorizations to the manager page are indicated? I was unable to access the manager. I have LDAP + SAML2 configured, I've got the admin users in the users-details.properties but still the access error denied. It was with other issues, and had the configuration parked. Thanks for your help or anyone who can participate. El lunes, 29 de mayo de 2017, 7:37:14 (UTC+2), sesharaju sv escribió: > > Hello Marco Osorio, > > you have to configure the services in CAS 5.0.5 to authorize the URL > of management application and also you need to configure the user > authorization to allow access the admin pages of the CAS Management > application. > > Please check if you have done those 2 task and still you see the same > message do let me know i will help you. > > Thanks > Seshu > > On 26 May 2017 at 16:07, Marco Osorio <osorio...@gmail.com > > wrote: > > > > Hello everyone, > > > > I have been able to configure CAS 5.0.5 standalone mode with LDAP AD and > > authenticates correctly. There are some CSS and JS errors that do not > find > > the correct path, but it is somewhat minor to do the tests. > > Now I'm deploying CAS-MANAGEMENT and booting without any errors, the > problem > > is that when I access cas-management, it tells me that the application > is > > not authorized to use CAS. > > I wonder, How do I have to authorize the manager to access it. With > version > > 4.2.7, I think there is a property, but in the overlay there are none. > > > > Thanks in advance > > > > -- > > - CAS gitter chatroom: https://gitter.im/apereo/cas > > - CAS mailing list guidelines: > > https://apereo.github.io/cas/Mailing-Lists.html > > - CAS documentation website: https://apereo.github.io/cas > > - CAS project website: https://github.com/apereo/cas > > --- > > You received this message because you are subscribed to the Google > Groups > > "CAS Community" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to cas-user+u...@apereo.org . > > To view this discussion on the web visit > > > https://groups.google.com/a/apereo.org/d/msgid/cas-user/ee73489d-c657-4d00-8e35-9b1275216442%40apereo.org. > > > > > > -- > Venkata S Sadhu (Seshu) > India (Mobile) : +91 7032638062 (WhatsApp) > INDIA > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2928f49f-223b-4cc1-9c61-01dece21b282%40apereo.org.
[cas-user] Re: CAS 5.1 Overlay template doesn't work
Hi, I answer me. I removed the tag and ${app.server} from the pom.xml. Pero qué dependencia hay que excluir para no usar spring-boot? Thanks El miércoles, 7 de junio de 2017, 12:34:22 (UTC+2), Marco Osorio escribió: > > Hi, > Firts of all, excuse my English. > I try to compile cas-server-5.1 to deploy it to an external server, but > the empty ** tag does not work, it generates > compilation error. > Exactly what is the value to allocate? Or should you remove the tag > altogether? > > Thank you and apologize for my ignorance! > > Spring Boot App Server Selection > > There is an app.server property in the pom.xml that can be used to select > a spring boot application server. It defaults to "-tomcat" but "-jetty" > and "-undertow" are supported.* It can also be set to an empty value > (nothing) if you want to deploy CAS to an external application server of > your choice and you don't want the spring boot libraries included.* > > -tomcat > > > > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e6e6ff59-f82f-4cb9-8732-5886855c5b12%40apereo.org.
[cas-user] CAS 5.1 Overlay template doesn't work
Hi, Firts of all, excuse my English. I try to compile cas-server-5.1 to deploy it to an external server, but the empty ** tag does not work, it generates compilation error. Exactly what is the value to allocate? Or should you remove the tag altogether? Thank you and apologize for my ignorance! Spring Boot App Server Selection There is an app.server property in the pom.xml that can be used to select a spring boot application server. It defaults to "-tomcat" but "-jetty" and "-undertow" are supported.* It can also be set to an empty value (nothing) if you want to deploy CAS to an external application server of your choice and you don't want the spring boot libraries included.* -tomcat -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ab48e753-1757-4491-aef5-0f9d51a426f8%40apereo.org.
[cas-user] Re: CAS Management App 5.0.0.RC2-SNAPSHOT
Hi, Which solution did you find? I have the users in user-details.properties but apparently do not load them correctly from the */opt/applications/cas-management/conf/* path, it is not the standard */etc/cas/config*. Thanks in advance El martes, 20 de septiembre de 2016, 17:58:16 (UTC+2), Jeffrey Ramsay escribió: > > Is the following entry correct for the user-details.properties file when > authenticating against LDAP? This matches my cas userid. > > jramsay=notused,ROLE_ADMIN > > Here's a snippet of my log: > > 2016-09-20 11:31:07,014 TRACE > [org.ldaptive.provider.jndi.JndiConnectionFactory] - <[[ldapUrl=ldap:// > adpods.binghamton.edu:389, count=0]] Attempting connection to ldap:// > adpods.binghamton.edu:389 for strategy > org.ldaptive.DefaultConnectionStrategy@50a0091f> > 2016-09-20 11:31:07,016 DEBUG [org.ldaptive.BindOperation] - request=[org.ldaptive.BindRequest@1433613577::bindDn=cn=ampodchg,cn=users,dc=pods,dc=bu,dc=int, > > saslConfig=null, controls=null, referralHandler=null, > intermediateResponseHandlers=null] with > connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1890505163::config=[org.ldaptive.ConnectionConfig@1651677049::ldapUrl=ldap:// > adpods.binghamton.edu:389, connectTimeout=PT1H23M20S, > responseTimeout=null, > sslConfig=[org.ldaptive.ssl.SslConfig@1293761849::credentialConfig=null, > trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, > handshakeCompletedListeners=null], useSSL=false, useStartTLS=false, > connectionInitializer=[org.ldaptive.BindConnectionInitializer@592758222::bindDn=cn=ampodchg,cn=users,dc=pods,dc=bu,dc=int, > > bindSaslConfig=null, bindControls=null], > connectionStrategy=org.ldaptive.DefaultConnectionStrategy@50a0091f], > providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@1705614669::metadata=[ldapUrl=ldap:// > adpods.binghamton.edu:389, count=1], > environment={com.sun.jndi.ldap.connect.timeout=500, > java.naming.ldap.version=3, > java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}, > classLoader=null, > providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@436912864::operationExceptionResultCodes=[PROTOCOL_ERROR, > > SERVER_DOWN], properties={}, > controlProcessor=org.ldaptive.provider.ControlProcessor@200818f5, > environment=null, tracePackets=null, removeDnUrls=true, > searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, > PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null, > hostnameVerifier=null]], > providerConnection=org.ldaptive.provider.jndi.JndiConnection@b219e63]> > 2016-09-20 11:31:07,021 DEBUG [org.ldaptive.BindOperation] - response=[org.ldaptive.Response@1194735987::result=null, > resultCode=SUCCESS, message=null, matchedDn=null, responseControls=null, > referralURLs=null, messageId=-1] for > request=[org.ldaptive.BindRequest@1433613577::bindDn=cn=ampodchg,cn=users,dc=pods,dc=bu,dc=int, > > saslConfig=null, controls=null, referralHandler=null, > intermediateResponseHandlers=null] with > connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@1890505163::config=[org.ldaptive.ConnectionConfig@1651677049::ldapUrl=ldap:// > adpods.binghamton.edu:389, connectTimeout=PT1H23M20S, > responseTimeout=null, > sslConfig=[org.ldaptive.ssl.SslConfig@1293761849::credentialConfig=null, > trustManagers=null, enabledCipherSuites=null, enabledProtocols=null, > handshakeCompletedListeners=null], useSSL=false, useStartTLS=false, > connectionInitializer=[org.ldaptive.BindConnectionInitializer@592758222::bindDn=cn=ampodchg,cn=users,dc=pods,dc=bu,dc=int, > > bindSaslConfig=null, bindControls=null], > connectionStrategy=org.ldaptive.DefaultConnectionStrategy@50a0091f], > providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@1705614669::metadata=[ldapUrl=ldap:// > adpods.binghamton.edu:389, count=1], > environment={com.sun.jndi.ldap.connect.timeout=500, > java.naming.ldap.version=3, > java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}, > classLoader=null, > providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@436912864::operationExceptionResultCodes=[PROTOCOL_ERROR, > > SERVER_DOWN], properties={}, > controlProcessor=org.ldaptive.provider.ControlProcessor@200818f5, > environment=null, tracePackets=null, removeDnUrls=true, > searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED, > PARTIAL_RESULTS], classLoader=null, sslSocketFactory=null, > hostnameVerifier=null]], > providerConnection=org.ldaptive.provider.jndi.JndiConnection@b219e63]> > 2016-09-20 11:31:07,021 INFO [org.ldaptive.pool.BlockingConnectionPool] - > org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@70afafd2> > 2016-09-20 11:31:07,021 DEBUG [org.ldaptive.pool.BlockingConnectionPool] - > [org.ldaptive.pool.Queue@101255::queueType=LIFO, > queue=[org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@70afafd2, > >
Re: [cas-user] CAS 5.0.5 Login in CAS Manager
Hello Sesharaju, thanks again for the help. I have deployed CAS and Management on the same Tomcat 8.5 server, as version 4.2.7 is in production. I think there may be a problem with the properties that according to the Overlay documentation, they can be written. There is a configuration that I think is common and I have it in the / opt / applications / cas / conf path, the services are in the path / opt / applications / cas / data and load smoothly when the two applications start. These routes are in windows since I am simulating the definitive linux server. The cas-management configuration is in the path / opt / applications / cas-management / conf. Here I have the management.properties and the users.properties. Now, depending on what you say in your answer, I have manually created the service in JSON to activate the management url. For example *https://localhost:8443/cas-management*. When debug cas-management, I appreciate that there are many properties that probably do not find by being on the same server. What do you recommend or what should I do if it is the problem? Thanks again El lunes, 29 de mayo de 2017, 7:37:14 (UTC+2), sesharaju sv escribió: > > Hello Marco Osorio, > > you have to configure the services in CAS 5.0.5 to authorize the URL > of management application and also you need to configure the user > authorization to allow access the admin pages of the CAS Management > application. > > Please check if you have done those 2 task and still you see the same > message do let me know i will help you. > > Thanks > Seshu > > On 26 May 2017 at 16:07, Marco Osorio <osorio...@gmail.com > > wrote: > > > > Hello everyone, > > > > I have been able to configure CAS 5.0.5 standalone mode with LDAP AD and > > authenticates correctly. There are some CSS and JS errors that do not > find > > the correct path, but it is somewhat minor to do the tests. > > Now I'm deploying CAS-MANAGEMENT and booting without any errors, the > problem > > is that when I access cas-management, it tells me that the application > is > > not authorized to use CAS. > > I wonder, How do I have to authorize the manager to access it. With > version > > 4.2.7, I think there is a property, but in the overlay there are none. > > > > Thanks in advance > > > > -- > > - CAS gitter chatroom: https://gitter.im/apereo/cas > > - CAS mailing list guidelines: > > https://apereo.github.io/cas/Mailing-Lists.html > > - CAS documentation website: https://apereo.github.io/cas > > - CAS project website: https://github.com/apereo/cas > > --- > > You received this message because you are subscribed to the Google > Groups > > "CAS Community" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to cas-user+u...@apereo.org . > > To view this discussion on the web visit > > > https://groups.google.com/a/apereo.org/d/msgid/cas-user/ee73489d-c657-4d00-8e35-9b1275216442%40apereo.org. > > > > > > -- > Venkata S Sadhu (Seshu) > India (Mobile) : +91 7032638062 (WhatsApp) > INDIA > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/93f10e42-ca87-4fc1-87e6-debebcefe613%40apereo.org.
[cas-user] CAS 5.0.5 Error SAML Dependency Maven overlay
Hi everyone, I try to follow the steps to activate SAML2 and when compiling with Maven, it generates misunderstanding. Can someone tell me what happens? The Shibboleth repository exists in the Maven overlay. Thanks in advance! [INFO] Scanning for projects... [INFO] [INFO] [INFO] Building cas-overlay 1.0 [INFO] [WARNING] The POM for net.shibboleth.idp:idp-attribute-filter-api:jar:3.2.1 is missing, no dependency information available [WARNING] The POM for net.shibboleth.liberty:idwsfconsumer:jar:1.0.0 is missing, no dependency information available [WARNING] The POM for net.shibboleth.idp:idp-attribute-api:jar:3.2.1 is missing, no dependency information available [WARNING] The POM for net.shibboleth.idp:idp-attribute-resolver-api:jar:3.2.1 is missing, no dependency information available [WARNING] The POM for net.shibboleth.idp:idp-core:jar:3.2.1 is missing, no dependency information available [WARNING] The POM for net.shibboleth.idp:idp-installer:jar:3.2.1 is missing, no dependency information available [WARNING] The POM for net.shibboleth.idp:idp-profile-impl:jar:3.2.1 is missing, no dependency information available [WARNING] The POM for net.shibboleth.idp:idp-profile-spring:jar:3.2.1 is missing, no dependency information available [WARNING] The POM for net.shibboleth.idp:idp-saml-api:jar:3.2.1 is missing, no dependency information available [WARNING] The POM for net.shibboleth.idp:idp-saml-impl:jar:3.2.1 is missing, no dependency information available [INFO] [INFO] BUILD FAILURE [INFO] [INFO] Total time: 3.211 s [INFO] Finished at: 2017-05-25T11:02:41+02:00 [INFO] Final Memory: 20M/227M [INFO] [ERROR] Failed to execute goal on project cas-overlay: Could not resolve dependencies for project org.apereo.cas:cas-overlay:war:1.0: The following artifacts could not be resolved: net.shibboleth.idp:idp-attribute-filter-api:jar:3.2.1, net.shibboleth.liberty:idwsfconsumer:jar:1.0.0, net.shibboleth.idp:idp-attribute-api:jar:3.2.1, net.shibboleth.idp:idp-attribute-resolver-api:jar:3.2.1, net.shibboleth.idp:idp-core:jar:3.2.1, net.shibboleth.idp:idp-installer:jar:3.2.1, net.shibboleth.idp:idp-profile-impl:jar:3.2.1, net.shibboleth.idp:idp-profile-spring:jar:3.2.1, net.shibboleth.idp:idp-saml-api:jar:3.2.1, net.shibboleth.idp:idp-saml-impl:jar:3.2.1: Failure to find net.shibboleth.idp:idp-attribute-filter-api:jar:3.2.1 in http://10.108.10.126:8081/repository/maven-public/ was cached in the local repository, resolution will not be reattempted until the update interval of nexus has elapsed or updates are forced -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException Thanks! -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/971dc5f8-0180-474d-a9e9-efb6b5596fea%40apereo.org.
[cas-user] Re: CAS 5.0.5 Maven Overlay. Help with authentication with LDAP Active Directory
Hello everyone, I answer the solution in case someone needs it. The problem of not validating in login is that the dependency of ldap on the pom.xml was missing. It is very complicated and I have not seen it indicated in any configuration document, I know it is still unofficial, but it is one of the essential to inform. Thanks again! org.apereo.cas cas-server-support-ldap ${cas.version} El miércoles, 24 de mayo de 2017, 13:26:50 (UTC+2), Marco Osorio escribió: > > Hello everyone, > First of all, excuse my English. > > After a long test battle of different configurations with version 5.0.5 > and the problems of external properties loads (that do not work!), I > proceeded to put the properties inside bootstrap.properties. I know that is > not normal, but in view of the fact that the documentation does not work, I > was forced to do so in order to continue the tests and be able to reach the > goal of integrating CAS + LDAP AD + SAML2 and JIRA. And the battle is still > beginning! :). > Ok, to the consultation. Based on one of the posts that indicated a > problem with the LDAP (https://github.com/apereo/cas/issues/2058) > configuration, I tried with those values and the connection against LDAP > is correct, it connects and in debug mode, you see the connection traces. > > The problem is when I try to validate my user against that LDAP, it > generates an invalid credential error. > I have compared my CAS 4.2.7 configuration and they are the correct data, > but as the properties have changed and there are no documents that indicate > the correct configuration for LDAP AD, I do not give the solution and so I > go back to you, Give me a hand. > > I use the Wireshark software to capture the requests to the LDAP server > and only the initial connection appears, the request for validation / > authentication, not the capture. > > Thanks again! > > org.apereo.cas.util.CasVersion > info.cas.version "5.0.5" > info.cas.date 1495623382.528 > info.cas.java.home "C:\Program Files\Java\jre1.8.0_131" > info.cas.java.version "1.8.0_131" > info.cas.java.vendor "Oracle Corporation" > > > # > # LDAP Authentication > # > cas.authn.ldap[0].ldapUrl=ldap://localhost:389 > cas.authn.ldap[0].useSsl=false > cas.authn.ldap[0].useStartTls=false > cas.authn.ldap[0].connectTimeout=5000 > cas.authn.ldap[0].baseDn=OU=GRUPOXXX,DC=company,DC=com > cas.authn.ldap[0].userFilter={user}@company.com > #sAMAccountName={user} > #(uid={user}) > cas.authn.ldap[0].subtreeSearch=true > cas.authn.ldap[0].bindDn=managerDn > cas.authn.ldap[0].bindCredential=password > cas.authn.ldap[0].dnFormat=%s...@company.com > cas.authn.ldap[0].type=AD > > cas.authn.ldap[0].principalAttributeId=sAMAccountName > #cas.authn.ldap[0].principalAttributeId=uid > > #cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName,displayName > cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true > > cas.authn.ldap[0].minPoolSize=3 > cas.authn.ldap[0].maxPoolSize=10 > cas.authn.ldap[0].validateOnCheckout=true > cas.authn.ldap[0].validatePeriodically=true > cas.authn.ldap[0].validatePeriod=600 > cas.authn.ldap[0].failFast=false > cas.authn.ldap[0].idleTime=5000 > cas.authn.ldap[0].prunePeriod=5000 > cas.authn.ldap[0].blockWaitTime=5000 > > cas.authn.ldap[0].passwordPolicy.type=AD > cas.authn.ldap[0].passwordPolicy.enabled=true > > > cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException > # cas.authn.ldap[0].passwordPolicy.loginFailures=5 > # cas.authn.ldap[0].passwordPolicy.warningAttributeValue= > # cas.authn.ldap[0].passwordPolicy.warningAttributeName= > # cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true > # cas.authn.ldap[0].passwordPolicy.warnAll=true > # cas.authn.ldap[0].passwordPolicy.warningDays=30 > > > # LDAP Attributes > # > cas.authn.attributeRepository.ldap.ldapUrl=ldap://localhost:389 > cas.authn.attributeRepository.ldap.useSsl=false > cas.authn.attributeRepository.ldap.useStartTls=false > cas.authn.attributeRepository.ldap.connectTimeout=5000 > cas.authn.attributeRepository.ldap.baseDn=OU=GRUPOXXX,DC=company,DC=com > cas.authn.attributeRepository.ldap.userFilter={user}@company.com > #sAMAccountName={user} > #(uid={user}) > cas.authn.attributeRepository.ldap.subtreeSearch=false > cas.authn.attributeRepository.ldap.bindDn=managerDn > cas.authn.attributeRepository.ldap.bindCredential=password > cas.authn.attributeRepository.ldap.minPoolSize=3 > cas.authn.attributeRepository.ldap.maxPoolSize=10
[cas-user] CAS 5.0.5 Maven Overlay. Help with authentication with LDAP Active Directory
Hello everyone, First of all, excuse my English. After a long test battle of different configurations with version 5.0.5 and the problems of external properties loads (that do not work!), I proceeded to put the properties inside bootstrap.properties. I know that is not normal, but in view of the fact that the documentation does not work, I was forced to do so in order to continue the tests and be able to reach the goal of integrating CAS + LDAP AD + SAML2 and JIRA. And the battle is still beginning! :). Ok, to the consultation. Based on one of the posts that indicated a problem with the LDAP (https://github.com/apereo/cas/issues/2058) configuration, I tried with those values and the connection against LDAP is correct, it connects and in debug mode, you see the connection traces. The problem is when I try to validate my user against that LDAP, it generates an invalid credential error. I have compared my CAS 4.2.7 configuration and they are the correct data, but as the properties have changed and there are no documents that indicate the correct configuration for LDAP AD, I do not give the solution and so I go back to you, Give me a hand. I use the Wireshark software to capture the requests to the LDAP server and only the initial connection appears, the request for validation / authentication, not the capture. Thanks again! org.apereo.cas.util.CasVersion info.cas.version "5.0.5" info.cas.date 1495623382.528 info.cas.java.home "C:\Program Files\Java\jre1.8.0_131" info.cas.java.version "1.8.0_131" info.cas.java.vendor "Oracle Corporation" # # LDAP Authentication # cas.authn.ldap[0].ldapUrl=ldap://localhost:389 cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].connectTimeout=5000 cas.authn.ldap[0].baseDn=OU=GRUPOXXX,DC=company,DC=com cas.authn.ldap[0].userFilter={user}@company.com #sAMAccountName={user} #(uid={user}) cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].bindDn=managerDn cas.authn.ldap[0].bindCredential=password cas.authn.ldap[0].dnFormat=%s...@company.com cas.authn.ldap[0].type=AD cas.authn.ldap[0].principalAttributeId=sAMAccountName #cas.authn.ldap[0].principalAttributeId=uid #cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName,displayName cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true cas.authn.ldap[0].minPoolSize=3 cas.authn.ldap[0].maxPoolSize=10 cas.authn.ldap[0].validateOnCheckout=true cas.authn.ldap[0].validatePeriodically=true cas.authn.ldap[0].validatePeriod=600 cas.authn.ldap[0].failFast=false cas.authn.ldap[0].idleTime=5000 cas.authn.ldap[0].prunePeriod=5000 cas.authn.ldap[0].blockWaitTime=5000 cas.authn.ldap[0].passwordPolicy.type=AD cas.authn.ldap[0].passwordPolicy.enabled=true cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException # cas.authn.ldap[0].passwordPolicy.loginFailures=5 # cas.authn.ldap[0].passwordPolicy.warningAttributeValue= # cas.authn.ldap[0].passwordPolicy.warningAttributeName= # cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true # cas.authn.ldap[0].passwordPolicy.warnAll=true # cas.authn.ldap[0].passwordPolicy.warningDays=30 # LDAP Attributes # cas.authn.attributeRepository.ldap.ldapUrl=ldap://localhost:389 cas.authn.attributeRepository.ldap.useSsl=false cas.authn.attributeRepository.ldap.useStartTls=false cas.authn.attributeRepository.ldap.connectTimeout=5000 cas.authn.attributeRepository.ldap.baseDn=OU=GRUPOXXX,DC=company,DC=com cas.authn.attributeRepository.ldap.userFilter={user}@company.com #sAMAccountName={user} #(uid={user}) cas.authn.attributeRepository.ldap.subtreeSearch=false cas.authn.attributeRepository.ldap.bindDn=managerDn cas.authn.attributeRepository.ldap.bindCredential=password cas.authn.attributeRepository.ldap.minPoolSize=3 cas.authn.attributeRepository.ldap.maxPoolSize=10 cas.authn.attributeRepository.ldap.validateOnCheckout=true cas.authn.attributeRepository.ldap.validatePeriodically=true cas.authn.attributeRepository.ldap.validatePeriod=600 cas.authn.attributeRepository.ldap.failFast=true cas.authn.attributeRepository.ldap.idleTime=500 cas.authn.attributeRepository.ldap.prunePeriod=600 cas.authn.attributeRepository.ldap.blockWaitTime=5000 ## # Person Directory / Attributes # cas.personDirectory.principalAttribute=sAMAccountName cas.personDirectory.returnNull=false 2017-05-24 12:59:16,527 DEBUG [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver] - 2017-05-24 12:59:16,531 WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 2017-05-24 12:59:16,532 DEBUG [org.apereo.cas.audit.spi.ThreadLocalPrincipalResolver] - 2017-05-24 12:59:16,534 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 2017-05-24 12:59:16,553 DEBUG
[cas-user] CAS 5. Which version cas I use in production?
Hello everyone. First of all excuse my English. Can someone tell me what version I can use in production? I have currently deployed version 4.2.7 and it goes perfectly, but now there is a new requirement to integrate JIRA with CAS + LDAP AD and SAML2, so my interest in testing overlay and so far I have not been very successful. I have tried with the settings that Sesharaju has kindly passed me https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/yBEp-OgqYkk but I notice that custom properties are not overwritten. The tests I'm doing with version 5.0.5 in standalone mode since the configuration of the Spring-cloud-config-server is another additional requirement that we have not planned and for the moment would be deployed in standalone mode. The Undertow 5.1.0.RC4 version https://maven2repo.com/org.apereo.cas/cas-server-webapp-undertow/5.1.0-RC4/war does not work either, it generates some errors when deploying it in Wildfly 9.0.2 . Apparently the "standalone" configuration option is not official or only some standard configuration has been checked. With the overlay, I have tried several things, but still does not load the properties correctly, boot, but always takes the internal and not the external, the property to load the external services that are already configured in version 4.2.7 also does not load, I know you have to do some package changes, but at least you should load and generate any type of error. Thank you all again -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3844ef31-e7e1-4b60-8d07-19b22b915ce8%40apereo.org.
Re: [cas-user] Help starting CAS 5.0.5 Maven Overlay
Hello, I found the problem. The property to indicate the configuration is not correct, it should be *spring.cloud.config.server.git.uri = file://C:/opt/applications/cas/conf* and no *cas.standalone.config = file:///C:/opt/applications/cas/conf*. Now the error is another, but this is already my account, is the certificate. Thank you El viernes, 19 de mayo de 2017, 10:58:23 (UTC+2), Marco Osorio escribió: > > Hello Seshu, > I do not understand why this error. I have looked at the tutorials > regarding spring-boot applications and according to this tutorial > https://spring.io/guides/gs/centralized-configuration/ you should create > a directory and initialize it with "git init", etc. And indicate this same > path in the property cas.standalone.config but the initialization goes from > those values. > Any idea how to fix it? > Thanks again > > El jueves, 18 de mayo de 2017, 16:08:43 (UTC+2), Marco Osorio escribió: >> >> Hi Seshu, >> Thanks for the help. >> I have modified the bootstrap.properties with the file that you have >> passed me, I just changed the property >> *cas.standalone.config=file:///C:/opt/applications/cas/conf* with this >> value. I have copied the other files in this same route and still I still >> generate the same error. >> Having the same configuration that you have passed me should throw other >> errors such as in this property >> cas.authn.file.filename=file:c:/sravani/tomcat/config/people.txt but it is >> not. >> >> The value of this property *cas.standalone.config* should have *GitHub* >> or some other repository? >> >> Thanks again >> >> >> 2017-05-18 15:58:30,039 WARN >> [org.apereo.cas.config.CasSecurityContextConfiguration] - < >> >> _ ___ _ >> / ___| |_ _| / _ \ | _ \ | | >> \___ \ | | | | | || |_) || | >> ___) | | | | |_| || __/ |_| >> |/ |_| \___/ |_|(_) >> >> >> CAS is configured to accept a static list of credentials for >> authentication. >> While this is generally useful for demo purposes, it is STRONGLY >> recommended >> that you DISABLE this authentication method (by SETTING >> 'cas.authn.accept.users' >> to a blank value) and switch to a mode that is more suitable for >> production. >> > >> 2017-05-18 15:58:30,040 WARN >> [org.apereo.cas.config.CasSecurityContextConfiguration] - <> >> 2017-05-18 15:58:30,507 DEBUG >> [org.apereo.cas.services.ServiceRegistryInitializer] - > database will be auto-initialized from default JSON services> >> 2017-05-18 15:58:30,725 DEBUG >> [org.apereo.cas.services.ServiceRegistryInitializer] - > service registry database with the id=1001,name=HTTPS and >> IMAPS,description=This service >> definition authorizes all application urls that support HTTPS and IMAPS >> protocols.,serviceId=^(https|imaps)://.*,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsern >> >> ameProvider@d,theme=,evaluationOrder=1,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy@4b885323[attributeFilter=,prin >> >> cipalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@4fb7ce8a[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTi >> >> cket=false,allowedAttributes=[]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@ab55918[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes >> >> ={},unauthorizedRedirectUrl=,caseInsensitive=false,rejectedAttributes={}],publicKey=,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@32ed6482,logo=,log >> >> outUrl=,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@4ac74b8e[multifactorAuthenticationProviders=[],failureMode=C >> LOSED,principalAttributeNameTrigger=,principalAttributeValueToMatch=], >> >> JSON service definition...> >> 2017-05-18 15:58:30,730 DEBUG >> [org.apereo.cas.services.ServiceRegistryInitializer] - > service registry database with the >> id=1002,name=Apereo,description=Apereo foundation samp >> le service,serviceId=^https://www.apereo.org >> ,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d,theme=apereo,evaluationOrder=1,logoutType=BACK_CHANNEL >> >> ,attributeReleasePolicy=org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy@6a9aa657[attributeFilter=,principalAttributesRepository=o
Re: [cas-user] Help starting CAS 5.0.5 Maven Overlay
Hello Seshu, I do not understand why this error. I have looked at the tutorials regarding spring-boot applications and according to this tutorial https://spring.io/guides/gs/centralized-configuration/ you should create a directory and initialize it with "git init", etc. And indicate this same path in the property cas.standalone.config but the initialization goes from those values. Any idea how to fix it? Thanks again El jueves, 18 de mayo de 2017, 16:08:43 (UTC+2), Marco Osorio escribió: > > Hi Seshu, > Thanks for the help. > I have modified the bootstrap.properties with the file that you have > passed me, I just changed the property > *cas.standalone.config=file:///C:/opt/applications/cas/conf* with this > value. I have copied the other files in this same route and still I still > generate the same error. > Having the same configuration that you have passed me should throw other > errors such as in this property > cas.authn.file.filename=file:c:/sravani/tomcat/config/people.txt but it is > not. > > The value of this property *cas.standalone.config* should have *GitHub* > or some other repository? > > Thanks again > > > 2017-05-18 15:58:30,039 WARN > [org.apereo.cas.config.CasSecurityContextConfiguration] - < > > _ ___ _ > / ___| |_ _| / _ \ | _ \ | | > \___ \ | | | | | || |_) || | > ___) | | | | |_| || __/ |_| > |/ |_| \___/ |_|(_) > > > CAS is configured to accept a static list of credentials for > authentication. > While this is generally useful for demo purposes, it is STRONGLY > recommended > that you DISABLE this authentication method (by SETTING > 'cas.authn.accept.users' > to a blank value) and switch to a mode that is more suitable for > production. > > > 2017-05-18 15:58:30,040 WARN > [org.apereo.cas.config.CasSecurityContextConfiguration] - <> > 2017-05-18 15:58:30,507 DEBUG > [org.apereo.cas.services.ServiceRegistryInitializer] - database will be auto-initialized from default JSON services> > 2017-05-18 15:58:30,725 DEBUG > [org.apereo.cas.services.ServiceRegistryInitializer] - service registry database with the id=1001,name=HTTPS and > IMAPS,description=This service > definition authorizes all application urls that support HTTPS and IMAPS > protocols.,serviceId=^(https|imaps)://.*,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsern > > ameProvider@d,theme=,evaluationOrder=1,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy@4b885323[attributeFilter=,prin > > cipalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@4fb7ce8a[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTi > > cket=false,allowedAttributes=[]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@ab55918[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes > > ={},unauthorizedRedirectUrl=,caseInsensitive=false,rejectedAttributes={}],publicKey=,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@32ed6482,logo=,log > > outUrl=,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@4ac74b8e[multifactorAuthenticationProviders=[],failureMode=C > LOSED,principalAttributeNameTrigger=,principalAttributeValueToMatch=], > > JSON service definition...> > 2017-05-18 15:58:30,730 DEBUG > [org.apereo.cas.services.ServiceRegistryInitializer] - service registry database with the > id=1002,name=Apereo,description=Apereo foundation samp > le service,serviceId=^https://www.apereo.org > ,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d,theme=apereo,evaluationOrder=1,logoutType=BACK_CHANNEL > > ,attributeReleasePolicy=org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy@6a9aa657[attributeFilter=,principalAttributesRepository=org.apereo.cas.authentication.principal.Defaul > > tPrincipalAttributesRepository@3241fd90[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false,allowedAttributes=[]],accessStrategy=org.apereo.cas.services. > > DefaultRegisteredServiceAccessStrategy@2128a09d[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=,caseInsensitive=false,rejectedAttrib > > utes={}],publicKey=,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@51c30ace,logo=,logoutUrl=,requiredHandlers=[],properties={},multifactorPolicy=org.a > > pereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6ed4b87c[multifactorAuthenticationProviders=[],failureM
Re: [cas-user] Help starting CAS 5.0.5 Maven Overlay
Error creating bean with name 'org.springframework.boot.actuate.autoconfigure.EndpointAutoConfiguration': Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.actuate.autoconfigure.EndpointAutoConfigurati on$$EnhancerBySpringCGLIB$$6cc89e6b]: Constructor threw exception; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'configSe rverHealthIndicator' defined in class path resource [org/springframework/cloud/config/server/config/EnvironmentRepositoryConfiguration.class]: Unsatisfied dependency expressed through method ' configServerHealthIndicator' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'environmentRepository' defined in class pa th resource [org/springframework/cloud/config/server/config/EnvironmentRepositoryConfiguration$GitRepositoryConfiguration.class]: Invocation of init method failed; nested exception is java.lan g.IllegalStateException: You need to configure a uri for the git repository at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:279) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1148) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1050) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:512) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:754) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:866) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:542) at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122) at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:761) at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:371) at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:134) at org.apereo.cas.web.CasWebApplication.main(CasWebApplication.java:61) ... 8 more El jueves, 18 de mayo de 2017, 15:20:12 (UTC+2), sesharaju sv escribió: > > Hello Marco, > > I see your requirement i m sharing you the my development > configurations with you please go through and change it according to > your requriements & Environments. > > In bootstrap.properties you should have to configure > > > spring.profiles.active=standalone > cas.standalone.config=file:///C:/Users/IBM_ADMIN/Documents/GitHub/cas-config/cas-config > > > > > Under the folder which is above mentioned properties you should be > having the below files. > > cas.properties > cas.yml > > In cas.properties you have to configure the LDAP informations > according to your AD information. > > Thanks > Seshu > > On 18 May 2017 at 16:35, Marco Osorio <osorio...@gmail.com > > wrote: > > Hi, > > First of all, excuse me, this is a traslation by Google, my English is > poor. > > > > I'm new with CAS. I have read the CAS Overlay documentation with Maven > to > > deploy local version 5.0.5 and configure it with LDAP Active Directory. > > Version 4.2.7 I configured it by making changes directly in the war, I > know > > that is not the best way to do it, but it worked. > > > > Now I have problems with version 5 and I do not know the operation with > > spring boot. > > According to the tutorials > > https://apereo.github.io/2017/03/28/cas5-gettingstarted-overlay/ should > run > >
[cas-user] Re: CAS 5.0.5 Overlay deploy error
-context-4.3.4.RELEASE.jar!/:4.3.4 .RELEASE] at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:121) ~[spring-context-4.3.4.RELEASE.jar!/:4.3.4 .RELEASE] at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:68) ~[spring-boot-1.4.2.RELEASE.jar!/:1.4.2.RELEASE ] at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:54) ~[spring-boot-1.4.2.RELEASE.jar!/:1.4.2.RELEASE] at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:337) ~[spring-boot-1.4.2.RELEASE.jar!/: El miércoles, 17 de mayo de 2017, 12:53:46 (UTC+2), Marco Osorio escribió: > > Hello, > There is an error in deploying CAS 5.0.5 from the overlay. > I follow the instructions and running build.com run generates a > dependency error. > > c:\PSODesarrolloJava\Proyectos\CAS\WS\cas-overlay-template-master>build.cmd > run > [INFO] Scanning for projects... > [INFO] > [INFO] Using the MultiThreadedBuilder implementation with a thread count > of 5 > [INFO] > [INFO] > > [INFO] Building cas-overlay 1.0 > [INFO] > > [INFO] > [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ cas-overlay --- > [INFO] Deleting > c:\PSODesarrolloJava\Proyectos\CAS\WS\cas-overlay-template-master\target > [INFO] > [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ > cas-overlay --- > [INFO] Using 'UTF-8' encoding to copy filtered resources. > [INFO] skip non existing resourceDirectory > c:\PSODesarrolloJava\Proyectos\CAS\WS\cas-overlay-template-master\src\main\resources > [INFO] > [INFO] --- maven-compiler-plugin:3.3:compile (default-compile) @ > cas-overlay --- > [INFO] No sources to compile > [INFO] > [INFO] --- maven-resources-plugin:2.6:testResources > (default-testResources) @ cas-overlay --- > [INFO] Using 'UTF-8' encoding to copy filtered resources. > [INFO] skip non existing resourceDirectory > c:\PSODesarrolloJava\Proyectos\CAS\WS\cas-overlay-template-master\src\test\resources > [INFO] > [INFO] --- maven-compiler-plugin:3.3:testCompile (default-testCompile) @ > cas-overlay --- > [INFO] No sources to compile > [INFO] > [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ cas-overlay > --- > [INFO] No tests to run. > [INFO] > [INFO] --- maven-war-plugin:2.6:war (default-war) @ cas-overlay --- > [INFO] Packaging webapp > [INFO] Assembling webapp [cas-overlay] in > [c:\PSODesarrolloJava\Proyectos\CAS\WS\cas-overlay-template-master\target\cas] > [info] Copying manifest... > [INFO] Processing war project > [INFO] Copying webapp resources > [c:\PSODesarrolloJava\Proyectos\CAS\WS\cas-overlay-template-master\src\main\webapp] > [INFO] Processing overlay [ id org.apereo.cas:cas-server-webapp] > [INFO] Webapp assembled in [1646 msecs] > [INFO] Building war: > c:\PSODesarrolloJava\Proyectos\CAS\WS\cas-overlay-template-master\target\cas.war > [INFO] > > [INFO] BUILD SUCCESS > [INFO] > > [INFO] Total time: 4.126 s (Wall Clock) > [INFO] Finished at: 2017-05-17T12:47:57+02:00 > [INFO] Final Memory: 17M/356M > [INFO] > > 2017-05-17 12:48:02,972 ERROR [org.springframework.boot.SpringApplication] > - > org.springframework.beans.factory.UnsatisfiedDependencyException: Error > creating bean with name 'propertySourceBootstrapConfiguration': Unsatisfied > dependency expressed through fie > ld 'propertySourceLocators'; nested exception is > org.springframework.beans.factory.UnsatisfiedDependencyException: Error > creating bean with name 'org.springframework.cloud.config.s > erver.bootstrap.ConfigServerBootstrapConfiguration$LocalPropertySourceLocatorConfiguration': > > Unsatisfied dependency expressed through field 'repository' > c:\Proyectos\CAS\WS\cas-overlay-template-master> > > > Thanks > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d99359a7-5f83-46bd-90ad-9dc81817f47a%40apereo.org.
Re: [cas-user] CAS for Jira 7
Hello, I have a problem with jira + cas authentication. I've followed the setup instructions that come up with two things. 1. In the web.xml configuration, if I comment the CasValidationFilter filter, JIRA v7.3.1 starts correctly if errors. When authentic with CAS takes me to the DashBoard but the login widget keeps appearing without content and does not allow me to visualize anything else, as if I was waiting to validate the login. 2. If I activate the CasValidationFilter filter, when authenticating with CAS, it generates a double ticket validation error with this trace: Org.jasig.cas.client.validation.TicketValidationException: Ticket 'ST-380-eMVDywffQFkJ0W6DYY5f-DVMAPL207' not recognized The versions of cas-client-core-3.2.1.jar and cas-client-integration-atlassian-3.4.2.jar libraries Is there any missing configuration changes to avoid this double ticket validation? Thank you El viernes, 9 de diciembre de 2016, 23:04:05 (UTC+1), Jason Hitt escribió: > > I've created a pull request for a new Jira7CasAuthenticator at > https://github.com/apereo/java-cas-client/pull/197 > > There is example seraph-config.xml code in the comment. Using this > authenticator, you do not need any servlet filter updates in web.xml to get > SSO. > > If you want single sign-out support you should still include those filters > and handlers. > If you want transparent SSO at your default URL (instead of seeing the > login page and having to click 'Login'), use the CasAuthenticationFilter i > listed previously, but change the filter mapping from /* to /default.jsp. > > This configuration is working 100% with JIRA 7 for us on our test server. > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e971739d-860a-48c6-92ca-35fd4bf380d4%40apereo.org.