Re: [cas-user] Connection Refused issue in clustered environment

[Nguyen Tran Thanh Lam]

Hi,
With my experience, you have two way to deploy CAS as cluster:
1. Use dockerfile of CAS > build docker > deploy docker on rancher. You can
increase rancher pod to create cluster.
2. If you don't use dockerfile, you could config CAS behind HA Proxy
https://apereo.github.io/2018/01/05/cas-deployment-with-proxy/
BRs

Vào Th 2, 1 thg 3, 2021 vào lúc 01:54 Morning Star 
đã viết:

> Hi Team,
>
> I am working on *CAS upgrade from 3.+ version to 6.2.2*.
> In clustered environment, I am facing an issue.
> I am able to login successfully. On click of document link inside my
> homepage, we are connecting to another domain to fetch document.
> We are getting some port number appended in URL like below:
> *https://domain2.com:11611/ex/cp?Context=D=ST-4-kHJ36-iShtjErmRRJqz029tV0rY-server1
> *
>  and
> getting domain2.com refused to connect in browser.
>
> In previous implementation, I suspect, this may be configured as a part of
> cluster environment. We are using tomcat server for CAS and for document we
> are using websphere.
>
> We could see configuration something like below:
> Proxy Pass /documents  https://server2.int.com:11611/ex/cps
> Proxy PassReverse /documents https://server2.int.com:11611/ex/cps
>
> Proxy Pass /ex/cps  https://server2.int.com:11611/ex/cps
> Proxy PassReverse /ex/cps https://server2.int.com:11611/ex/cps
>
> Proxy Pass /cas https://server1.int.com:10511/cas
> Proxy PassReverse /cas https://server1.int.com:10511/cas
> Can someone please explain why it is configured like this with port
> number?
> How to make this work?
> Whether change needs to be done from developer side or
> DevOps/Configuration Management team?
> Do we have any other way to handle this?
>
> Thanks in advance!
>
> Regards,
> Anusuya.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a30311c2-e29c-4980-a901-b186e37daa07n%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAg%2B9mNSCRWqch3RLV1hr9qGsUFVrd%2BzQMedUG8vXObMWw%40mail.gmail.com.

Re: [cas-user] Potential Feature: QR Code as a Login "Badge"

[Nguyen Tran Thanh Lam]

Hi Ben,
QR code is good way to replace typing password by keyboard.
If you can, please share how to integrated CAS and QR code.
In future, I think Facial recognition integrated with CAS should be
considered.
Thank you.
Lam

Vào Th 4, 9 thg 12, 2020 vào lúc 03:55 Benjamin Winston <
bwins...@philasd.org> đã viết:

> Hi all!
>
> My name is Ben Winston, and I'm a developer at the School District of
> Philadelphia. We've been happy CAS users for a few years now, and we're
> always looking for new ways to improve the login process for our students.
>
> We've been experimenting with a new login methodology targeted towards
> students who do not have the ability to type in their credentials on a
> typical login form. Instead of using a keyboard, these students will be
> able to present a QR Code (containing their encrypted credentials), which
> is scanned by their device's webcam and automatically logs them in. The
> process is similar in concept to gaining access to a locked room with an
> RFID badge. We have implemented a Proof of Concept for this methodology as
> a separate service that exists alongside our CAS deployment, and we are
> exploring the possibility of writing a module for CAS to bring this
> functionality to the community at large.
>
> What I'm wondering is: is this a feature that would be of interest to the
> community? I would love to hear any feedback you have on this idea, and
> whether you would make use of this feature if it were available. As I
> mentioned, our target user base for this feature would be primarily users
> who have particular difficulty logging in with a typical login form (such
> as young students or students with an IEP), so this may be more interesting
> for K12 school districts than higher ed. I'm also happy to give a demo of
> what we have working if anyone is interested.
>
> Hope you're all staying safe!
>
> Ben
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/66efabe7-967a-4d64-9465-b8e360da414fn%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAjAn4Pd0sj7AJhS4g2VXTipVsTkbw5uZo7wa3ps1XO4xw%40mail.gmail.com.

Re: [cas-user] [CAS As Authorization Server Problem]

[Nguyen Tran Thanh Lam]

Hi Sven Specker,
Could you give me your service registry file?
Thank you. Regards

Vào Th 4, 16 thg 9, 2020 vào lúc 15:00 Sven Specker <
spec...@rz.uni-frankfurt.de> đã viết:

> On 2020-09-16 09:39, Nguyen Tran Thanh Lam wrote:
> > Hi Sven Specke,
> > I have try
> > curl --get --insecure
> > "https://casoverlay.vdc2.com.vn:8443/cas/oauth2.0/authorize;
> > --data-urlencode "response_type=code" --data-urlencode
> > "clientid=clientid" --data-urlencode 'redirect_uri=https://hello.*' | jq
> > image.png
> > And it replies nothing 
> >
>
>
> Hm. That's odd indeed. Works with my setups. Then I fear, I cannot help
> you from memory. Sorry.
>
> Best regards,
>
> Sven Specker
> --
> __
> *** Sven Specker -- University of Frankfurt Computing Center   ***
> *** UNIX System Administration (Auth/IDM) 
> * spec...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *
> **
> __
>
> Johann Wolfgang Goethe Universitaet
>- Hochschulrechenzentrum -
>  Theodor W. Adorno-Platz 1 (PA-1P16)
>
>D-60323 Frankfurt/Main
> __
> __ TeX-users do it in {groups}
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/96bbc1c9-ebff-6ec9-d17d-72be376e508f%40rz.uni-frankfurt.de
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAjnQiGcdOKJP0Rv2mig334LSY_BCW5Xn8jtZkh-y_UOig%40mail.gmail.com.

Re: [cas-user] [CAS As Authorization Server Problem]

[Nguyen Tran Thanh Lam]

Hi Ray,
I have tried
root@ssostandalone:~# curl "
https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https%3A%2F%2Fhello.*;
| jq
But it still request nothing.
If I use
root@ssostandalone:~# curl "
https://ssostandalone.vdc2.com.vn:8443/cas/login/oauth2.0/authorize?response_type=code_id=clientid_uri=https%3A%2F%2Fhello.*;
| jq
It response
{
  "@class": "java.util.LinkedHashMap",
  "timestamp": [
"java.util.Date",
1600099585824
  ],
  "status": 404,
  "error": "Not Found",
  "message": "No message available",
  "path": "/cas/login/oauth2.0/authorize"
}
I thinks URL is https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/ is
correct.
Here is my service registry again ( I hope it correct)
{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "clientid",
  "clientSecret": "clientSecret",
  "serviceId" : "^https://hello.*;,
  "name" : "OAuthService",
  "id" : 100,
  "codeExpirationPolicy": {
"@class":
"org.apereo.cas.support.oauth.services.DefaultRegisteredServiceOAuthCodeExpirationPolicy",
"numberOfUses": 1,
"timeToLive": "60"
  }
}

Vào Th 2, 14 thg 9, 2020 vào lúc 22:57 Ray Bon  đã viết:

> Nguyen,
>
> Try double quotes and escape :// in redirect_uri, replace it with %3A%2F%2F
>
> Can you curl https://ssostandalone.vdc2.com.vn:8443/cas/login
>
> Ray
>
> On Mon, 2020-09-14 at 22:11 +0700, Nguyen Tran Thanh Lam wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hello Mr Sven Specker
> I have tried
> 1. Using Ubuntu command line like this
> root@ssostandalone:~# curl '
> https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*'
> | jq
> End it responses nothing
> 2. Then I try to use POSTMAN
> Like this
> [image: image.png]
>
> And it replies HTML page
> I don't know, what are wrong.
> Plase help me.
> Thank you.
>
>
>
> Vào Th 2, 14 thg 9, 2020 vào lúc 16:20 Sven Specker <
> spec...@rz.uni-frankfurt.de> đã viết:
>
> On 2020-09-14 10:33, Napoleon Ponaparte wrote:
> Hi!
>
> > Step 2:
> > I request Authorization code like this:
> > Request
> > curl
> >
> https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*
> > Response
> > [1] 14428
> > [2] 14429
>
> That looks like a bash command line. You will need to do
>
> curl
> '
> https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*
> '
>
> Otherwise &/*/? are interpreted in the command line and will break the
> request.
>
> Here, the 2 "&" caused the command line to spawn 2 background processes
> that will try in vain to do anything.
>
> If the screenshot just ate the '' around the curl command, disregard my
> comment.
>
> Best regards,
>
> Sven Specker
> --
> __
> *** Sven Specker -- University of Frankfurt Computing Center   ***
> *** UNIX System Administration (Auth/IDM) 
> * spec...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *
> **
> __
>
> Johann Wolfgang Goethe Universitaet
>- Hochschulrechenzentrum -
>  Theodor W. Adorno-Platz 1 (PA-1P16)
>
>D-60323 Frankfurt/Main
> __
> __ TeX-users do it in {groups}
>
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an

Re: [cas-user] [CAS As Authorization Server Problem]

[Nguyen Tran Thanh Lam]

Hello Mr Sven Specker
I have tried
1. Using Ubuntu command line like this
root@ssostandalone:~# curl '
https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*'
| jq
End it responses nothing
2. Then I try to use POSTMAN
Like this
[image: image.png]

And it replies HTML page
I don't know, what are wrong.
Plase help me.
Thank you.



Vào Th 2, 14 thg 9, 2020 vào lúc 16:20 Sven Specker <
spec...@rz.uni-frankfurt.de> đã viết:

> On 2020-09-14 10:33, Napoleon Ponaparte wrote:
> Hi!
>
> > Step 2:
> > I request Authorization code like this:
> > Request
> > curl
> >
> https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*
> > Response
> > [1] 14428
> > [2] 14429
>
> That looks like a bash command line. You will need to do
>
> curl
> '
> https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code_id=clientid_uri=https://hello.*
> '
>
> Otherwise &/*/? are interpreted in the command line and will break the
> request.
>
> Here, the 2 "&" caused the command line to spawn 2 background processes
> that will try in vain to do anything.
>
> If the screenshot just ate the '' around the curl command, disregard my
> comment.
>
> Best regards,
>
> Sven Specker
> --
> __
> *** Sven Specker -- University of Frankfurt Computing Center   ***
> *** UNIX System Administration (Auth/IDM) 
> * spec...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *
> **
> __
>
> Johann Wolfgang Goethe Universitaet
>- Hochschulrechenzentrum -
>  Theodor W. Adorno-Platz 1 (PA-1P16)
>
>D-60323 Frankfurt/Main
> __
> __ TeX-users do it in {groups}
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAhG1kz-dGME_9e6RRsP8ESyCespC02d2faVzDHdDo7BJQ%40mail.gmail.com.

Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry

[Nguyen Tran Thanh Lam]

 Hi Jérôm,
I have done.
Thank you very much.

Vào Th 3, 1 thg 9, 2020 vào lúc 13:40 Jérôme LELEU  đã
viết:

> Hi,
>
> Reading the code, you need to setup a * for the authzAttributes property.
> Something like this in your *management.properties* file:
> *mgmt.authzAttributes[0]=**
> Thanks.
> Best regards,
> Jérôme
>
>
> Le mar. 1 sept. 2020 à 08:35, Nguyen Tran Thanh Lam <
> naphaluan211...@gmail.com> a écrit :
>
>> Hi Jérôm,
>> Exactly what i wanted, I want to setup static roles for all user with CAS
>> Management Web App service.
>> If you know how to setup, please help me.
>> Thank you in advance.
>> Regards
>> ---
>> Thanh Lam
>>
>>
>> Vào Th 3, 1 thg 9, 2020 vào lúc 13:19 Jérôme LELEU 
>> đã viết:
>>
>>> Hi,
>>>
>>> Depending on your configuration, you have several options: either pick
>>> up static roles (but I don't think this is what you want) or take some
>>> user's attributes as roles or use the users file.
>>> See:
>>> https://github.com/apereo/cas-management/blob/master/config/cas-mgmt-config-authz/src/main/java/org/apereo/cas/mgmt/config/CasManagementAuthorizationConfiguration.java#L39
>>> Thanks.
>>> Best regards,
>>> Jérôme
>>>
>>>
>>> Le lun. 31 août 2020 à 09:03, Nguyen Tran Thanh Lam <
>>> naphaluan211...@gmail.com> a écrit :
>>>
>>>> Hi Mr Jérôme LELEU,
>>>> Yes I know this configuration but I have inconvenient process when I
>>>> create new user.
>>>> It means, when I create new user in MongoDB, CAS Overlay can
>>>> authenticated new user (I must not restart cas service) but with CAS
>>>> Management Web App, I must add this role for new user to user.json file and
>>>> restart CAS Management Web App service.
>>>> For example:
>>>> First:
>>>> I have already had one user with username is casuser and password =x1.
>>>> I could use casuser/x1 as CAS's account to use CAS Overlay and CAS
>>>> Management Web app feature.
>>>> Next:
>>>> I add new user  with username is casuser2 and password =x2.
>>>> I could use casuser2/x2 as CAS's account to use CAS Overlay feature.
>>>> But with CAS Management Web App, I need modified user.json file like
>>>> this
>>>>
>>>> {
>>>>  "casuser" : {
>>>>"roles" : [ "ROLE_ADMIN" ]
>>>>  },
>>>>   "casuser2" : {
>>>>"roles" : [ "ROLE_ADMIN" ]
>>>>  },
>>>> }
>>>>
>>>> Then restart CAS Management service. After that, I could use this
>>>> casuser2 account for CAS Management Web App.
>>>> It's very inconvenient, thus I hope any way to fix this role for all
>>>> users.
>>>> Please help me.
>>>> Thank you in advance.
>>>>
>>>> Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU 
>>>> đã viết:
>>>>
>>>>> Hi,
>>>>>
>>>>> You need to add a *users.json* (or *users.yml* in YAML format) file
>>>>> in the classpath.
>>>>> For example:
>>>>>
>>>>> {
>>>>>  "casuser" : {
>>>>>"roles" : [ "ROLE_ADMIN" ]
>>>>>  }
>>>>> }
>>>>>
>>>>>
>>>>> Thanks.
>>>>> Best regards,
>>>>> Jérôme
>>>>>
>>>>>
>>>>> Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte <
>>>>> naphaluan211...@gmail.com> a écrit :
>>>>>
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I have succeeded config CAS Overlay template 6.2.x can authenticated
>>>>>> user that registed in MongoDB.
>>>>>> Here is my config:
>>>>>>
>>>>>> 1. CAS Properties
>>>>>> "name":"cas.authn.mongo.name","value":"users"
>>>>>> "name":"cas.authn.mongo.database-name","value":"users"
>>>>>> "name":"cas.authn.mongo.collection","value":"users"
>>>>>> "name":"cas.authn.mongo.username-attribute","value":"username"
>>>>>> "name":"cas.authn.

Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry

[Nguyen Tran Thanh Lam]

Hi Jérôm,
Exactly what i wanted, I want to setup static roles for all user with CAS
Management Web App service.
If you know how to setup, please help me.
Thank you in advance.
Regards
---
Thanh Lam


Vào Th 3, 1 thg 9, 2020 vào lúc 13:19 Jérôme LELEU  đã
viết:

> Hi,
>
> Depending on your configuration, you have several options: either pick up
> static roles (but I don't think this is what you want) or take some user's
> attributes as roles or use the users file.
> See:
> https://github.com/apereo/cas-management/blob/master/config/cas-mgmt-config-authz/src/main/java/org/apereo/cas/mgmt/config/CasManagementAuthorizationConfiguration.java#L39
> Thanks.
> Best regards,
> Jérôme
>
>
> Le lun. 31 août 2020 à 09:03, Nguyen Tran Thanh Lam <
> naphaluan211...@gmail.com> a écrit :
>
>> Hi Mr Jérôme LELEU,
>> Yes I know this configuration but I have inconvenient process when I
>> create new user.
>> It means, when I create new user in MongoDB, CAS Overlay can
>> authenticated new user (I must not restart cas service) but with CAS
>> Management Web App, I must add this role for new user to user.json file and
>> restart CAS Management Web App service.
>> For example:
>> First:
>> I have already had one user with username is casuser and password =x1.
>> I could use casuser/x1 as CAS's account to use CAS Overlay and CAS
>> Management Web app feature.
>> Next:
>> I add new user  with username is casuser2 and password =x2.
>> I could use casuser2/x2 as CAS's account to use CAS Overlay feature.
>> But with CAS Management Web App, I need modified user.json file like this
>>
>> {
>>  "casuser" : {
>>"roles" : [ "ROLE_ADMIN" ]
>>  },
>>   "casuser2" : {
>>"roles" : [ "ROLE_ADMIN" ]
>>  },
>> }
>>
>> Then restart CAS Management service. After that, I could use this
>> casuser2 account for CAS Management Web App.
>> It's very inconvenient, thus I hope any way to fix this role for all
>> users.
>> Please help me.
>> Thank you in advance.
>>
>> Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU 
>> đã viết:
>>
>>> Hi,
>>>
>>> You need to add a *users.json* (or *users.yml* in YAML format) file in
>>> the classpath.
>>> For example:
>>>
>>> {
>>>  "casuser" : {
>>>"roles" : [ "ROLE_ADMIN" ]
>>>  }
>>> }
>>>
>>>
>>> Thanks.
>>> Best regards,
>>> Jérôme
>>>
>>>
>>> Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte <
>>> naphaluan211...@gmail.com> a écrit :
>>>
>>>>
>>>> Hi,
>>>>
>>>> I have succeeded config CAS Overlay template 6.2.x can authenticated
>>>> user that registed in MongoDB.
>>>> Here is my config:
>>>>
>>>> 1. CAS Properties
>>>> "name":"cas.authn.mongo.name","value":"users"
>>>> "name":"cas.authn.mongo.database-name","value":"users"
>>>> "name":"cas.authn.mongo.collection","value":"users"
>>>> "name":"cas.authn.mongo.username-attribute","value":"username"
>>>> "name":"cas.authn.mongo.password-attribute","value":"password"
>>>> "name":"cas.authn.mongo.user-id","value":"casuser"
>>>> "name":"cas.authn.mongo.password","value":"Mellon"
>>>> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
>>>> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
>>>> :port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
>>>> 2. And this is user properties in User collecion
>>>>
>>>> "username":"root",
>>>> "password":"root",
>>>> "lastname":"VNPT ADMIN",
>>>> "useremail":"xxx",
>>>> "usertel":"xxx"
>>>>
>>>> But,  I have faced with problem about CAS Management Web App service.
>>>> Here is CAS Management Web App log:
>>>>
>>>> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - >>> authorize ac

Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry

[Nguyen Tran Thanh Lam]

solvedAttributes": false
> },
> "consentPolicy":
> {
>   "@class":
> "org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy",
>   "enabled": true,
>   "order": 0
> },
> "authorizedToReleaseCredentialPassword": false,
> "authorizedToReleaseProxyGrantingTicket": false,
> "excludeDefaultAttributes": false,
> "authorizedToReleaseAuthenticationAttributes": true,
> "order": 0
>   },
>   "multifactorPolicy":
>   {
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
> "multifactorAuthenticationProviders":
> [
>   "java.util.HashSet",[]
> ],
> "failureMode": "CLOSED",
> "bypassEnabled": false,
> "forceExecution": false,
> "bypassTrustedDeviceEnabled": false
>   },
>   "logoutUrl": "https://local.uvic.ca/cas/logout;,
>   "accessStrategy":
>   {
> "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
> "order": 0,
> "enabled": true,
> "ssoEnabled": true,
> "delegatedAuthenticationPolicy":
> {
>   "@class":
> "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
>   "allowedProviders":
>   [
>     "java.util.ArrayList",[]
>   ],
>   "permitUndefined": true,
>   "exclusive": false
> },
> "requireAllAttributes": true,
> "requiredAttributes":
> {
>   "@class": "java.util.LinkedHashMap",
>   "description":
>   [
> "java.util.HashSet",
> [
>   "ADMIN"
> ]
>   ]
> },
> "rejectedAttributes":
> {
>   "@class": "java.util.LinkedHashMap"
> },
> "caseInsensitive": false
>   },
>   "properties":
>   {
> "@class": "java.util.LinkedHashMap",
> "test":
> {
>   "@class": "org.apereo.cas.services.DefaultRegisteredServiceProperty",
>   "values":
>   [
> "java.util.HashSet",
> [
>   "FALSE"
> ]
>   ]
> }
>   },
>   "contacts":
>   [
> "java.util.ArrayList",[]
>   ]
> }
>
> I am going to edit our ldap data today to change from ADMIN to ROLE_ADMIN.
> (I got the attribute release working on Friday.)
>
> You can see the attributes in cas management with this logging
>
> 
> 
>
> and release in cas with
>
> 
>  name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
> level="debug"/>
>
> Ray
>
> On Mon, 2020-08-31 at 23:29 +0700, Nguyen Tran Thanh Lam wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hi Ray,
> Could you show me your config that returned properties roles=[ADMIN]?
> And
> Have you ever tried return this:
> roles=[ROLE_ADMIN]
> Like user.json
>
> {
>
>  "casuser" : {
>
>   "roles" : [ "ROLE_ADMIN" ]
>
>  }
>
>
> }
>
>
> Since my CAS Management Error log like bellow:
>
> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] -  authorize access, since the authenticated profile [#CasProfile# | id: root
> | attributes: {credentialType=UsernamePasswordCredential,
> isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
> authenticationMethod=users, successfulAuthenticationHandlers=users,
> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions:
> [] | isRemembered: false | clientName: CasClient | linkedId: null |] does
> not contain any required roles>
>
> And I guess, If we could fill roles: [] (in red) become role:
> [ADMIN_ROLE], it will run.
> Thank you.
> Vào Th 2, 31 thg 8, 2020 vào lúc 23:12 Ray Bon  đã viết:
>
> Nguyen,
>
> I am at this point in configuring cas management too.
> Our 4.x deploy of cas management used to look up the user in ldap (you
> would use mongo), and get the ADMIN attribute there. But the 6.1 version
> does not seem to use ldap (I configured it but no calls to ldap were made)

Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry

[Nguyen Tran Thanh Lam]

Hi Ray,
Could you show me your config that returned properties roles=[ADMIN]?
And
Have you ever tried return this:
roles=[ROLE_ADMIN]
Like user.json

{

 "casuser" : {

  "roles" : [ "ROLE_ADMIN" ]

 }
}

Since my CAS Management Error log like bellow:

WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - 

And I guess, If we could fill roles: [] (in red) become role: [ADMIN_ROLE],
it will run.
Thank you.
Vào Th 2, 31 thg 8, 2020 vào lúc 23:12 Ray Bon  đã viết:

> Nguyen,
>
> I am at this point in configuring cas management too.
> Our 4.x deploy of cas management used to look up the user in ldap (you
> would use mongo), and get the ADMIN attribute there. But the 6.1 version
> does not seem to use ldap (I configured it but no calls to ldap were made).
> Cas management uses cas protocol 3, which means that attributes can be
> returned. I have configured this and I am returning roles=[ADMIN]. This
> also seems to be ignored.
>
> Perhaps one of the developers of cas management could comment if the .json
> file is the only way to identify users and roles.
>
> Ray
>
> On Mon, 2020-08-31 at 14:02 +0700, Nguyen Tran Thanh Lam wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
> Hi Mr Jérôme LELEU,
> Yes I know this configuration but I have inconvenient process when I
> create new user.
> It means, when I create new user in MongoDB, CAS Overlay can authenticated
> new user (I must not restart cas service) but with CAS Management Web App,
> I must add this role for new user to user.json file and restart CAS
> Management Web App service.
> For example:
> First:
> I have already had one user with username is casuser and password =x1.
> I could use casuser/x1 as CAS's account to use CAS Overlay and CAS
> Management Web app feature.
> Next:
> I add new user  with username is casuser2 and password =x2.
> I could use casuser2/x2 as CAS's account to use CAS Overlay feature.
> But with CAS Management Web App, I need modified user.json file like this
>
> {
>
>
>  "casuser" : {
>
>
>"roles" : [ "ROLE_ADMIN" ]
>
>
>  },
>
>
>   "casuser2" : {
>
>
>"roles" : [ "ROLE_ADMIN" ]
>
>
>  },
>
>
> }
>
> Then restart CAS Management service. After that, I could use this casuser2
> account for CAS Management Web App.
> It's very inconvenient, thus I hope any way to fix this role for all users.
> Please help me.
> Thank you in advance.
>
> Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU 
> đã viết:
>
> Hi,
>
> You need to add a *users.json* (or *users.yml* in YAML format) file in
> the classpath.
> For example:
>
> {
>
>
>  "casuser" : {
>
>
>"roles" : [ "ROLE_ADMIN" ]
>
>
>  }
>
>
> }
>
>
> Thanks.
> Best regards,
> Jérôme
>
>
> Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte <
> naphaluan211...@gmail.com> a écrit :
>
>
> Hi,
>
> I have succeeded config CAS Overlay template 6.2.x can authenticated user
> that registed in MongoDB.
> Here is my config:
>
> 1. CAS Properties
> "name":"cas.authn.mongo.name","value":"users"
> "name":"cas.authn.mongo.database-name","value":"users"
> "name":"cas.authn.mongo.collection","value":"users"
> "name":"cas.authn.mongo.username-attribute","value":"username"
> "name":"cas.authn.mongo.password-attribute","value":"password"
> "name":"cas.authn.mongo.user-id","value":"casuser"
> "name":"cas.authn.mongo.password","value":"Mellon"
> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
> :port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
> 2. And this is user properties in User collecion
>
> "username":"root",
> "password":"root",
> "lastname":"VNPT ADMIN",
> "useremail":"xxx",
> "usertel":"xxx"
>
> But,  I have faced with problem about CAS Management Web App service.
> Here is CAS Management Web App log:
>
> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] -  authorize access, since the authenticated pro

Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry

[Nguyen Tran Thanh Lam]

Hi Mr Jérôme LELEU,
Yes I know this configuration but I have inconvenient process when I create
new user.
It means, when I create new user in MongoDB, CAS Overlay can authenticated
new user (I must not restart cas service) but with CAS Management Web App,
I must add this role for new user to user.json file and restart CAS
Management Web App service.
For example:
First:
I have already had one user with username is casuser and password =x1.
I could use casuser/x1 as CAS's account to use CAS Overlay and CAS
Management Web app feature.
Next:
I add new user  with username is casuser2 and password =x2.
I could use casuser2/x2 as CAS's account to use CAS Overlay feature.
But with CAS Management Web App, I need modified user.json file like this

{
 "casuser" : {
   "roles" : [ "ROLE_ADMIN" ]
 },
  "casuser2" : {
   "roles" : [ "ROLE_ADMIN" ]
 },
}

Then restart CAS Management service. After that, I could use this casuser2
account for CAS Management Web App.
It's very inconvenient, thus I hope any way to fix this role for all users.
Please help me.
Thank you in advance.

Vào Th 2, 31 thg 8, 2020 vào lúc 13:44 Jérôme LELEU  đã
viết:

> Hi,
>
> You need to add a *users.json* (or *users.yml* in YAML format) file in
> the classpath.
> For example:
>
> {
>  "casuser" : {
>"roles" : [ "ROLE_ADMIN" ]
>  }
> }
>
>
> Thanks.
> Best regards,
> Jérôme
>
>
> Le jeu. 27 août 2020 à 14:11, Napoleon Ponaparte <
> naphaluan211...@gmail.com> a écrit :
>
>>
>> Hi,
>>
>> I have succeeded config CAS Overlay template 6.2.x can authenticated user
>> that registed in MongoDB.
>> Here is my config:
>>
>> 1. CAS Properties
>> "name":"cas.authn.mongo.name","value":"users"
>> "name":"cas.authn.mongo.database-name","value":"users"
>> "name":"cas.authn.mongo.collection","value":"users"
>> "name":"cas.authn.mongo.username-attribute","value":"username"
>> "name":"cas.authn.mongo.password-attribute","value":"password"
>> "name":"cas.authn.mongo.user-id","value":"casuser"
>> "name":"cas.authn.mongo.password","value":"Mellon"
>> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
>> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
>> :port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
>> 2. And this is user properties in User collecion
>>
>> "username":"root",
>> "password":"root",
>> "lastname":"VNPT ADMIN",
>> "useremail":"xxx",
>> "usertel":"xxx"
>>
>> But,  I have faced with problem about CAS Management Web App service.
>> Here is CAS Management Web App log:
>>
>> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - > authorize access, since the authenticated profile [#CasProfile# | id: root
>> | attributes: {credentialType=UsernamePasswordCredential,
>> isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
>> authenticationMethod=users, successfulAuthenticationHandlers=users,
>> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: []
>> | isRemembered: false | clientName: CasClient | linkedId: null |] *does
>> not contain any required roles*>
>>
>> Here is my service registry for CAS Manaement Web App:
>>
>> {
>>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>>   "serviceId":"^https://cas-server-domain:8088/cas-management.+;,
>>   "name" : "casManagement",
>>   "id" : 1,
>>   "evaluationOrder" : 1,
>>   "allowedAttributes":["cn","mail"]
>> }
>>
>> CAS server succeed create and authorized access token for user (id =
>> root) but CAS Management missing user's role.
>>
>> I don't know how to assign ROLE for user or indicate user's role fixed in
>> service registry.
>> Please help me.
>> Thank you in advance.
>>
>>
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org
>> 
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LydnJDBBuVcJzjGPE6bVPOQUAZkEaxz6J25bcT0kzKO_Q%40mail.gmail.com
> 

Re: [cas-user] Assign roles properties for CAS's user or CAS's service registry

[Nguyen Tran Thanh Lam]

Sorry,
Could you use English, please?

Vào Th 5, 27 thg 8, 2020 vào lúc 22:28 Victor Manuel Contreras Ponce <
victormanuelcontrerasponce...@gmail.com> đã viết:

> No melo podrá mandar en español
>
> El jue., 27 de agosto de 2020 7:11 a. m., Napoleon Ponaparte <
> naphaluan211...@gmail.com> escribió:
>
>>
>> Hi,
>>
>> I have succeeded config CAS Overlay template 6.2.x can authenticated user
>> that registed in MongoDB.
>> Here is my config:
>>
>> 1. CAS Properties
>> "name":"cas.authn.mongo.name","value":"users"
>> "name":"cas.authn.mongo.database-name","value":"users"
>> "name":"cas.authn.mongo.collection","value":"users"
>> "name":"cas.authn.mongo.username-attribute","value":"username"
>> "name":"cas.authn.mongo.password-attribute","value":"password"
>> "name":"cas.authn.mongo.user-id","value":"casuser"
>> "name":"cas.authn.mongo.password","value":"Mellon"
>> "name":"cas.authn.mongo.attributes","value":"lastname,useremail,usertel"
>> "name":"cas.authn.mongo.clientUri","value":"mongodb://casuser:Mellon@IP
>> :port/users?authSource=admin=primary=MongoDB%20Compass%20Community=false"
>> 2. And this is user properties in User collecion
>>
>> "username":"root",
>> "password":"root",
>> "lastname":"VNPT ADMIN",
>> "useremail":"xxx",
>> "usertel":"xxx"
>>
>> But,  I have faced with problem about CAS Management Web App service.
>> Here is CAS Management Web App log:
>>
>> WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - > authorize access, since the authenticated profile [#CasProfile# | id: root
>> | attributes: {credentialType=UsernamePasswordCredential,
>> isFromNewLogin=false, authenticationDate=2020-08-26T08:51:16.865441Z[UTC],
>> authenticationMethod=users, successfulAuthenticationHandlers=users,
>> longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: []
>> | isRemembered: false | clientName: CasClient | linkedId: null |] *does
>> not contain any required roles*>
>>
>> Here is my service registry for CAS Manaement Web App:
>>
>> {
>>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>>   "serviceId":"^https://cas-server-domain:8088/cas-management.+;,
>>   "name" : "casManagement",
>>   "id" : 1,
>>   "evaluationOrder" : 1,
>>   "allowedAttributes":["cn","mail"]
>> }
>>
>> CAS server succeed create and authorized access token for user (id =
>> root) but CAS Management missing user's role.
>>
>> I don't know how to assign ROLE for user or indicate user's role fixed in
>> service registry.
>> Please help me.
>> Thank you in advance.
>>
>>
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/d45135e1-e8d4-4f55-9e49-02e1d825c18bn%40apereo.org
>> 
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGdHp3kNTDV6aDh%2BnB88Xnf7v9V4c%3DnSjAYRJb%3DstuBWac0JyA%40mail.gmail.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAjqDDd_v5rOXtPqju1RHfa6mtgjv1Xb-O1u_J3ZptZ27g%40mail.gmail.com.

Re: [cas-user] [Auto Reload CAS Server After Register New Service]

[Nguyen Tran Thanh Lam]

Yes thank you Sir,
Your guide,
Remove two cas properties and build again.
That's magic.
Thank you very much.

Vào Th 3, 25 thg 8, 2020 vào lúc 21:58 David Curry <
david.cu...@newschool.edu> đã viết:

> That's great. Glad you figured it out.
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 646 909-4728 • david.cu...@newschool.edu
>
>
> On Tue, Aug 25, 2020 at 10:49 AM Nguyen Tran Thanh Lam <
> naphaluan211...@gmail.com> wrote:
>
>> Dear Mr David.
>> I have success.
>> Thank you very much.
>>
>> Vào Th 3, 25 thg 8, 2020 vào lúc 21:21 Nguyen Tran Thanh Lam <
>> naphaluan211...@gmail.com> đã viết:
>>
>>> Dear Mr David Curry,
>>> I have read the guide from your link.
>>> Then I setup follow these step bellow:
>>> *Step 1:*
>>> I keep two properties in my CAS configuration to initialized CAS server
>>> load some services in directory /etc/cas/services-repo to mongoDB
>>>
>>> "name":"cas.service-registry.json.location","value":"file:/etc/cas/services-repo"
>>> "name":"cas.service-registry.mongo.drop-collection","value":"true"
>>> Then I build CAS server (First time).
>>> Result,
>>> -CAS create collection "cas-service-registry"
>>> -loaded to this collection
>>> Done.
>>> *Step 2:*
>>> I stop CAS and remove two properties above.
>>> Then I build CAS again.
>>> Now CAS works with service registry in MongoDB
>>> Here is my logs:
>>> 2020-08-25 07:00:03,217 INFO
>>> [org.apereo.cas.services.AbstractServicesManager] - >> from [MongoDbServiceRegistry].>
>>> *Step 3:*
>>> I build my CAS Management Web App
>>> Then I create a new service
>>> But It still didn't store my new service registry in collection
>>> "cas-service-registry".
>>> It create new json file for this service and store this file in
>>> directory "/etc/cas/service-repo"
>>> Here is CAS Management log
>>> 2020-08-25 06:55:29,029 INFO
>>> [org.apereo.cas.mgmt.web.CasManagementWebApplication] - >> profiles are active: mongodb>
>>> 2020-08-25 06:55:58,528 INFO
>>> [org.apereo.cas.authentication.config.CasMongoAuthenticationConfiguration]
>>> - >> [Mongo{options=MongoClientOptions{description='null',
>>> applicationName='null', compressors='[]', readPreference=primary,
>>> writeConcern=WriteConcern{w=null, wTimeout=null ms, fsync=null,
>>> journal=null, retryWrites=false, readConcern=com.mongodb.ReadConcern@0,
>>> codecRegistry=org.bson.codecs.configuration.ProvidersCodecRegistry@ac36d621,
>>> serverSelector=null, clusterListeners=[], commandListeners=[],
>>> minConnectionsPerHost=0, maxConnectionsPerHost=10,
>>> threadsAllowedToBlockForConnectionMultiplier=5,
>>> serverSelectionTimeout=3, maxWaitTime=12,
>>> maxConnectionIdleTime=3, maxConnectionLifeTime=6,
>>> connectTimeout=5000, socketTimeout=5000, socketKeepAlive=false,
>>> sslEnabled=false, sslInvalidHostNamesAllowed=false,
>>> sslContext=javax.net.ssl.SSLContext@52f9e8bb, alwaysUseMBeans=false,
>>> heartbeatFrequency=1, minHeartbeatFrequency=500,
>>> heartbeatConnectTimeout=5000, heartbeatSocketTimeout=5000,
>>> localThreshold=15, requiredReplicaSetName='null',
>>> dbDecoderFactory=com.mongodb.DefaultDBDecoder$1@2035d65b,
>>> dbEncoderFactory=com.mongodb.DefaultDBEncoder$1@240a2619,
>>> socketFactory=null, cursorFinalizerEnabled=true,
>>> connectionPoolSettings=ConnectionPoolSettings{maxSize=10, minSize=0,
>>> maxWaitQueueSize=50, maxWaitTimeMS=12, maxConnectionLifeTimeMS=6,
>>> maxConnectionIdleTimeMS=3, maintenanceInitialDelayMS=0,
>>> maintenanceFrequencyMS=6, connectionPoolListeners=[]},
>>> socketSettings=SocketSettings{connectTimeoutMS=5000, readTimeoutMS=5000,
>>> keepAlive=false, receiveBufferSize=0, sendBufferSize=0},
>>> serverSettings=ServerSettings{heartbeatFrequencyMS=1,
>>> minHeartbeatFrequencyMS=500, serverListeners='[]',
>>> serverMonitorListeners='[]'},
>>> heartbeatSocketSettings=SocketSettings{connectTimeoutMS=5000,
>>> readTimeoutMS=5000, keepAlive=false, receiveBufferSize=0,
>>> sendBufferSize=0}}}]>
>>> 2020-08-25 06:56:02,60

Re: [cas-user] [Auto Reload CAS Server After Register New Service]

[Nguyen Tran Thanh Lam]

Dear Mr David.
I have success.
Thank you very much.

Vào Th 3, 25 thg 8, 2020 vào lúc 21:21 Nguyen Tran Thanh Lam <
naphaluan211...@gmail.com> đã viết:

> Dear Mr David Curry,
> I have read the guide from your link.
> Then I setup follow these step bellow:
> *Step 1:*
> I keep two properties in my CAS configuration to initialized CAS server
> load some services in directory /etc/cas/services-repo to mongoDB
>
> "name":"cas.service-registry.json.location","value":"file:/etc/cas/services-repo"
> "name":"cas.service-registry.mongo.drop-collection","value":"true"
> Then I build CAS server (First time).
> Result,
> -CAS create collection "cas-service-registry"
> -loaded to this collection
> Done.
> *Step 2:*
> I stop CAS and remove two properties above.
> Then I build CAS again.
> Now CAS works with service registry in MongoDB
> Here is my logs:
> 2020-08-25 07:00:03,217 INFO
> [org.apereo.cas.services.AbstractServicesManager] -  from [MongoDbServiceRegistry].>
> *Step 3:*
> I build my CAS Management Web App
> Then I create a new service
> But It still didn't store my new service registry in collection
> "cas-service-registry".
> It create new json file for this service and store this file in directory
> "/etc/cas/service-repo"
> Here is CAS Management log
> 2020-08-25 06:55:29,029 INFO
> [org.apereo.cas.mgmt.web.CasManagementWebApplication] -  profiles are active: mongodb>
> 2020-08-25 06:55:58,528 INFO
> [org.apereo.cas.authentication.config.CasMongoAuthenticationConfiguration]
> -  [Mongo{options=MongoClientOptions{description='null',
> applicationName='null', compressors='[]', readPreference=primary,
> writeConcern=WriteConcern{w=null, wTimeout=null ms, fsync=null,
> journal=null, retryWrites=false, readConcern=com.mongodb.ReadConcern@0,
> codecRegistry=org.bson.codecs.configuration.ProvidersCodecRegistry@ac36d621,
> serverSelector=null, clusterListeners=[], commandListeners=[],
> minConnectionsPerHost=0, maxConnectionsPerHost=10,
> threadsAllowedToBlockForConnectionMultiplier=5,
> serverSelectionTimeout=3, maxWaitTime=12,
> maxConnectionIdleTime=3, maxConnectionLifeTime=6,
> connectTimeout=5000, socketTimeout=5000, socketKeepAlive=false,
> sslEnabled=false, sslInvalidHostNamesAllowed=false,
> sslContext=javax.net.ssl.SSLContext@52f9e8bb, alwaysUseMBeans=false,
> heartbeatFrequency=1, minHeartbeatFrequency=500,
> heartbeatConnectTimeout=5000, heartbeatSocketTimeout=5000,
> localThreshold=15, requiredReplicaSetName='null',
> dbDecoderFactory=com.mongodb.DefaultDBDecoder$1@2035d65b,
> dbEncoderFactory=com.mongodb.DefaultDBEncoder$1@240a2619,
> socketFactory=null, cursorFinalizerEnabled=true,
> connectionPoolSettings=ConnectionPoolSettings{maxSize=10, minSize=0,
> maxWaitQueueSize=50, maxWaitTimeMS=12, maxConnectionLifeTimeMS=6,
> maxConnectionIdleTimeMS=3, maintenanceInitialDelayMS=0,
> maintenanceFrequencyMS=6, connectionPoolListeners=[]},
> socketSettings=SocketSettings{connectTimeoutMS=5000, readTimeoutMS=5000,
> keepAlive=false, receiveBufferSize=0, sendBufferSize=0},
> serverSettings=ServerSettings{heartbeatFrequencyMS=1,
> minHeartbeatFrequencyMS=500, serverListeners='[]',
> serverMonitorListeners='[]'},
> heartbeatSocketSettings=SocketSettings{connectTimeoutMS=5000,
> readTimeoutMS=5000, keepAlive=false, receiveBufferSize=0,
> sendBufferSize=0}}}]>
> 2020-08-25 06:56:02,609 INFO [org.apereo.cas.mgmt.factory.FormDataFactory]
> -  https://casoverlay.vdc2.com.vn:8443/cas/actuator/discoveryProfile. Using
> default FormData values.>
> 2020-08-25 06:56:07,754 INFO
> [org.apereo.cas.mgmt.web.CasManagementWebApplication] -  CasManagementWebApplication in 53.965 seconds (JVM running for 62.606)>
> 2020-08-25 06:56:09,008 INFO
> [org.apereo.cas.services.AbstractServicesManager] -  from [MongoDbServiceRegistry].>
> 2020-08-25 06:56:09,009 INFO
> [org.apereo.cas.mgmt.web.DefaultCasManagementEventListener] - <>
> 2020-08-25 06:56:09,015 INFO
> [org.apereo.cas.mgmt.web.DefaultCasManagementEventListener] - <
>
>   _  _     __   __
>  |  _ \  | |/ \|  _ \  \ \ / /
>  | |_) | |  _| / _ \   | | | |  \ V /
>  |  _ <  | |___   / ___ \  | |_| |   | |
>  |_| \_\ |_| /_/   \_\ |/|_|
> 2020-08-25 06:59:23,275 INFO
> [org.apereo.cas.services.AbstractServicesManager] -  from [JsonServiceRegistry].>
> 2020-08-25 06:59:26,788 INFO
> [org.apereo.cas.services.AbstractServicesManager] -  from [MongoDbServiceRegistry].>
> 2020-08-25 07:00:26,804 INFO
> [org.apereo.cas.services.AbstractServicesManager] -  from [MongoDbServiceRegist

Re: [cas-user] [Auto Reload CAS Server After Register New Service]

[Nguyen Tran Thanh Lam]

Dear Mr David Curry,
I have read the guide from your link.
Then I setup follow these step bellow:
*Step 1:*
I keep two properties in my CAS configuration to initialized CAS server
load some services in directory /etc/cas/services-repo to mongoDB
"name":"cas.service-registry.json.location","value":"file:/etc/cas/services-repo"
"name":"cas.service-registry.mongo.drop-collection","value":"true"
Then I build CAS server (First time).
Result,
-CAS create collection "cas-service-registry"
-loaded to this collection
Done.
*Step 2:*
I stop CAS and remove two properties above.
Then I build CAS again.
Now CAS works with service registry in MongoDB
Here is my logs:
2020-08-25 07:00:03,217 INFO
[org.apereo.cas.services.AbstractServicesManager] - 
*Step 3:*
I build my CAS Management Web App
Then I create a new service
But It still didn't store my new service registry in collection
"cas-service-registry".
It create new json file for this service and store this file in directory
"/etc/cas/service-repo"
Here is CAS Management log
2020-08-25 06:55:29,029 INFO
[org.apereo.cas.mgmt.web.CasManagementWebApplication] - 
2020-08-25 06:55:58,528 INFO
[org.apereo.cas.authentication.config.CasMongoAuthenticationConfiguration]
- 
2020-08-25 06:56:02,609 INFO [org.apereo.cas.mgmt.factory.FormDataFactory]
- https://casoverlay.vdc2.com.vn:8443/cas/actuator/discoveryProfile. Using
default FormData values.>
2020-08-25 06:56:07,754 INFO
[org.apereo.cas.mgmt.web.CasManagementWebApplication] - 
2020-08-25 06:56:09,008 INFO
[org.apereo.cas.services.AbstractServicesManager] - 
2020-08-25 06:56:09,009 INFO
[org.apereo.cas.mgmt.web.DefaultCasManagementEventListener] - <>
2020-08-25 06:56:09,015 INFO
[org.apereo.cas.mgmt.web.DefaultCasManagementEventListener] - <

  _  _     __   __
 |  _ \  | |/ \|  _ \  \ \ / /
 | |_) | |  _| / _ \   | | | |  \ V /
 |  _ <  | |___   / ___ \  | |_| |   | |
 |_| \_\ |_| /_/   \_\ |/|_|
2020-08-25 06:59:23,275 INFO
[org.apereo.cas.services.AbstractServicesManager] - 
2020-08-25 06:59:26,788 INFO
[org.apereo.cas.services.AbstractServicesManager] - 
2020-08-25 07:00:26,804 INFO
[org.apereo.cas.services.AbstractServicesManager] - 
2020-08-25 07:00:59,350 INFO
[org.apereo.cas.services.AbstractServicesManager] - 
2020-08-25 07:00:59,428 INFO
[org.apereo.cas.mgmt.controller.ServiceController] - 
2020-08-25 07:00:59,485 INFO
[org.apereo.cas.services.AbstractServicesManager] - 

I don't know what does it wrong?
P/s: here is my CAS config and CAS Management config
1. CAS
"name":"cas.service-registry.mongo.host","value":"203.162.141.22"
"name":"cas.service-registry.mongo.client-uri","value":"mongodb://
casuser:Mellon@203.162.141.22:27017/cas?authSource=admin=primary=MongoDB%20Compass%20Community=false
"
"name":"cas.service-registry.mongo.port","value":"27017"
"name":"cas.service-registry.mongo.password","value":"Mellon"
"name":"cas.service-registry.mongo.collection","value":"cas-service-registry"
"name":"cas.service-registry.mongo.database-name","value":"cas"
"name":"cas.service-registry.mongo.user-id","value":"casuser"
"name":"cas.service-registry.mongo.write-concern","value":"NORMAL"
"name":"cas.service-registry.mongo.ssl-enabled","value":"false"
"name":"cas.service-registry.watcher-enabled","value":"true"
"name":"cas.service-registry.mongo.drop-collection","value":"false"
2.CAS Management
"name":"cas.service-registry.mongo.host","value":"203.162.141.22"
"name":"cas.service-registry.mongo.client-uri","value":"mongodb://
casuser:Mellon@203.162.141.22:27017/cas?authSource=admin=primary=MongoDB%20Compass%20Community=false
"
"name":"cas.service-registry.mongo.port","value":"27017"
"name":"cas.service-registry.mongo.password","value":"Mellon"
"name":"cas.service-registry.mongo.collection","value":"cas-service-registry"
"name":"cas.service-registry.mongo.database-name","value":"cas"
"name":"cas.service-registry.mongo.user-id","value":"casuser"
"name":"cas.service-registry.mongo.ssl-enabled","value":"false"
"name":"cas.service-registry.mongo.drop-collection","value":"

Re: [cas-user] [Auto Reload CAS Server After Register New Service]

[Nguyen Tran Thanh Lam]

Hi Mr David Curry,
I understand your point.
But when I use CAS server, I want to register my new service, what should I
do?
I can use CAS Management Web app to register my new service but, it still
only create a json file in directory /etc/cas/services-repo.
I have tried to config my CAS Management Web to insert new register service
directly to MongoDB, but it still didn't work.
Please help me.
Note: my CAS version is 6.2.1 and my CAS Management Overlay Web App is
6.1.2 (the newest version)
Here is my CAS Mamagement Web App Configuration:
1. build.gradle
compile "org.apereo.cas:cas-server-webapp-tomcat:${casMgmtServerVersion}"
compile
"org.apereo.cas:cas-server-support-configuration-cloud-mongo:${casMgmtServerVersion}"
compile "org.apereo.cas:cas-server-support-mongo:${casMgmtServerVersion}"
compile
"org.apereo.cas:cas-server-support-mongo-service-registry:${casMgmtServerVersion}"
2. Cas Management Global config in MongoDB
"name":"cas.server.name","value":"https://casoverlay.vdc2.com.vn:8443;
"name":"cas.server.prefix","value":"${cas.server.name}/cas"
"name":"mgmt.serverName","value":"https://casoverlay.vdc2.com.vn:8088;
"name":"mgmt.adminRoles[0]","value":"ROLE_ADMIN"
"name":"mgmt.userPropertiesFile","value":"file:/etc/cas/config/users.json"
"name":"mgmt.userRoles[0]","value":"ROLE_USER"
"name":"spring.thymeleaf.mode","value":"HTML"
"name":"server.port","value":"8088"
"name":"server.ssl.enabled","value":"true"}
"name":"server.ssl.keyStore","value":"file:/etc/cas/thekeystore"
"name":"server.ssl.keyStorePassword","value":"changeit"
"name":"server.ssl.keyPassword","value":"changeit"
"name":"cas.service-registry.mongo.host","value":"203.162.141.22"
"name":"cas.service-registry.mongo.client-uri","value":"mongodb://
casuser:Mellon@203.162.141.22:27017/cas?authSource=admin=primary=MongoDB%20Compass%20Community=false
"
"name":"cas.service-registry.mongo.port","value":"27017"
"name":"cas.service-registry.mongo.password","value":"Mellon"
"name":"cas.service-registry.mongo.collection","value":"cas-service-registry"
"name":"cas.service-registry.mongo.database-name","value":"cas"
"name":"cas.service-registry.mongo.user-id","value":"casuser"
"name":"cas.service-registry.mongo.ssl-enabled","value":"false"
"name":"cas.service-registry.mongo.drop-collection","value":"false"
Please help me.
Thank you in advance.

Vào Th 3, 25 thg 8, 2020 vào lúc 19:00 David Curry <
david.cu...@newschool.edu> đã viết:

> It doesn't do that because it's not supposed to.
>
> Populating an alternate service registry (MongoDB or whatever) from the
> JSON files is a one-time thing the server does to help you "bootstrap" the
> alternate service registry. After that, you don't need the JSON files any
> more (and should turn that registry off). You use the cas-management
> application to manage the service registry from that point forward.
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 646 909-4728 • david.cu...@newschool.edu
>
>
> On Tue, Aug 25, 2020 at 5:46 AM Napoleon Ponaparte <
> naphaluan211...@gmail.com> wrote:
>
>>
>> I am successful store service registry in MongoDB, but I have a trouble
>> in there.
>>
>> If I register new service store in  directory /etc/cas/services-repo, CAS
>> server didn't auto store this service to MongoDB. I must restart CAS to do
>> this.
>>
>> So, How could config CAS auto restart to load new service registry to
>> MongoDB?
>>
>> Note: My CAS server at version 6.2.x.
>>
>> Thank you in advance.
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/bbb8c8b6-a16e-4e94-88e3-74e2dd80a934n%40apereo.org
>> 
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOimF2-vHL-13Uj0vs98gcxpzZPQh%2Be1r4sUBBY_hYxvg%40mail.gmail.com
> 

Re: [cas-user] CAS Management not starting

[Nguyen Tran Thanh Lam]

Hi Mr Julien Sabatier,
I have read your cas-management configuration and I guessed your
cas-management authen user from LDAP and store service registry to
PostgreSQL.
Is that right?
You resolved your problem.
Can you show me your cas-managment, cas-overlay and service registry in
detail?
Thank you in advance.

Vào Th 2, 17 thg 8, 2020 vào lúc 21:41 Julien Sabatier 
đã viết:

> I solved the problem. It was that I didn't added
> "cas-server-support-discovery-profile" to my CAS dependencies at
> compilation, so the discovery service wasn't available.
>
> Thanks for your help.
>
> Now my problem is that I want to use ldap for CAS Management auth, and for
> this I need to include "cas-management-webapp-support-ldap".
> The problem is that this dependency isn't available in 6.2.1-SNAPSHOT
> version.
> The last version available is 5.3.6, and it probable will have conflict
> with 6.2.1 dependencies.
>
> Le lundi 17 août 2020 à 16:25:43 UTC+2, richard.frovarp a écrit :
>
>> You probably aren't waiting long enough?
>>
>> 2020-08-17 09:06:54,686 DEBUG
>> [org.apache.http.impl.execchain.MainClientExec] - Executing request GET
>> /actuator/discoveryProfile HTTP/1.1
>>
>> It's trying to make a connection to your CAS system. Looks like from your
>> logs it hasn't time out, and thus hasn't fully started. Either make sure
>> CAS is available upon startup of Management, or turn that feature off.
>> mgmt.enableDiscoveryEndpointCall=false
>>
>> This is an obvious problem if you are running the IdP and Management in
>> the same container.
>>
>> On Mon, 2020-08-17 at 00:34 -0700, Julien Sabatier wrote:
>>
>> I try to setup a CAS Management to manages services of my CAS instance.
>>
>> But when I launch the webapp, it's like it freeze on startup, and I can't
>> access it in my browser.
>>
>> CAS Version : 6.2.1
>> CAS Management Version : 6.2.1
>>
>> Here is my /etc/cas/config/management.properties :
>> https://pastebin.com/v04Q6GwE
>>
>> And here is the logs I get at CAS Management startup :
>> https://pastebin.com/Wc6Kfvnt
>>
>> Can someone help me to understand why Cas Management isn't reachable ?
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5719680f-880c-4326-8528-f45a4b72920bn%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAj8JO5C61ZrO-FR774s6RKYeBSoSSfQn7Gp_64eVqmQ2A%40mail.gmail.com.

Re: [cas-user] What is sign key for JWT in CAS OAuth2?

[Nguyen Tran Thanh Lam]

Hi
When you enable Oauth2, the signing key show in your logs when you build
CAS.
Don't worry about CAS build fail.
You can get signing key and build again, it will success.
Note: Oauth2 just support in CAS version 6.1.x
BRs

Vào 22:00, T.5, 28 Th5, 2020 dg  đã viết:

> I have configured CAS with OAuth2 and JWT as access token like this;
> https://apereo.github.io/2019/02/19/cas61-as-oauth-authz-server/
>
> it works well and it returns jwt, and also i decode it in jwt.io website
> and i can see payload. *but i cant validate JWT in resource server. i
> have same signing key in resource server.*
>
> my cas configs
>
> cas.authn.oauth.access-token.crypto.enabled=true
> cas.authn.oauth.access-token.crypto.signing-enabled=true
> cas.authn.oauth.access-token.crypto.encryption-enabled=false
> cas.authn.oauth.access-token.crypto.signing.key=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgYXF7qeNDWxzVVCkFaFwxGixkryifkDbu82n00fvT/ab2lx3KD3IxP9wqo3d3hUOZT7HeTlmvzJu2lZx0zLVnumz0m+Ksa5cuFyIEQ2nqkbi2bfD+moxEoCS6hXCvttihS8gyaJrHlHzvNugAGArSviNOJAdTrPJrIzcoqMxuC9UKoF8XJ6HirQOsR1+xSzqFeWxjCDe5IUJG0RA31rC7BbAJ148Ni8XUJm3UPB5+nfqGyOMYNBqiQ8OPD6D2kJKgQIy6pvSI/11bbFBL2ffWY257rh5gZJ+zQZ4cCCjDWsrWsA9okgPhPE2N/nKj1lcuqaWSj700uX0Ihxsp2l01QIDAQAB
>
>
>
> where am i wrong? don't apereo cas use 
> cas.authn.oauth.access-token.crypto.signing.key? or maybe apereo cas does 
> some additional encrpytion over sign key.
>
>
> could you provide some information? thanks for helps.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/302a2dcf-9df9-4f22-bc6c-8a5d4d01d60a%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAiJj48FPXcSvvhhMiREzTu22Q16SHwv%2B-4uHRzxU-urLw%40mail.gmail.com.

Re: [cas-user] Cas server not working with http

[Nguyen Tran Thanh Lam]

Hi,
Have you set this property to false?
[image: image.png]
BRs

Vào Th 3, 12 thg 5, 2020 vào lúc 11:37 'Suhas Bansude' via CAS Community <
cas-user@apereo.org> đã viết:

> Hello Sir,
>
>
>
> I have 2 cas clients(Spring Boot) which are working on
> App1(localhost:8080) and App1(localhost:8081) both are running on http
> port. My cas server is configured on localhost:8082 also running on http
> port.
>
>
>
> My issue is when I authenticate App1 I am not able to access App2 without
> authentication. This issue is for only http.
>
>
>
> For https cas server working fine.
>
>
>
> Thanks
>
> Suhas Bansude
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/4b1214ab1d9810002989f3184fa5ff6d%40mail.gmail.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAjNustFBRPwjQ04pWiy_d80DN7eNf2O_E%2Bmos6ozq6GeA%40mail.gmail.com.

Re: [cas-user] Re: [Enable Oauth JWT token on CAS overlay template version 6.0]

[Nguyen Tran Thanh Lam]

Hi Sneha,
Your client must use https too.
You can use Let's encrypt free SSL for you client.
Thank you.

Vào Th 5, 26 thg 3, 2020 vào lúc 10:05 Sneha Kashyap <
sneha.kash...@healthelife.in> đã viết:

> Hi napolean,
> Thanks for your prompt reply. Yes I do realise that the CAS oauth server
> works only on https protocol.
>
> What about the client applications that connect to the server? Must they
> be a https URL as well? Ideally that is not required by oauth2.. But
> somehow my application on http does not receive back the accesstoken from
> CAS oauth server.
>
> My question to you is, have you used serviceids values as a http URL and
> successful authenticated your application?
> Foe example: serviceid: "http://example.com/.*;
>
> Does such a URL get successful authentication in CAS oauth2 server?
>
> Thanks & regards
> Sneha
>
> On Thu, 26 Mar, 2020, 6:54 am Nguyen Tran Thanh Lam, <
> naphaluan211...@gmail.com> wrote:
>
>> Hi Sneha,
>> I know this.
>> You must use https for Oauth2
>> Thank you
>>
>> Vào Th 5, 26 thg 3, 2020 vào lúc 01:52 Sneha Kashyap <
>> sneha.kash...@healthelife.in> đã viết:
>>
>>> Hi napolean,
>>> Do you have any idea if there is restriction by CAS oauth2 server to use
>>> http urls instead of https urls in service id to be authenticated?
>>>
>>> Thanks sneha
>>>
>>> On Mon, 23 Mar, 2020, 10:37 pm Sneha, 
>>> wrote:
>>>
>>>> Hello All,
>>>>
>>>> Replying on this post as it is the most recent post on OAuth
>>>> authentication.I am back working on the project again.
>>>>
>>>> Having gotten the oauth2 with JWT sample code working on CAS 6.1
>>>> overlay I find that It works on service ids with https URLs but on
>>>> configuring  http URLs I am unable to obtain the JWT or access token with a
>>>> successful authentication and code generated. I am getting the following
>>>> output on debug logs on the server side:
>>>>
>>>>
>>>>
>>>> my json registration:
>>>>
>>>> {
>>>>   "@class" :
>>>> "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>>>>   "clientId": "exampleOauthClient",
>>>>   "clientSecret": "test1",
>>>>   "serviceId": "^http://localhost:/.*;,
>>>> "name": "oauth2test",
>>>> "id": 6,
>>>>   "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code"
>>>> ] ],
>>>>   "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
>>>>   "attributeReleasePolicy": {
>>>> "@class":
>>>> "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
>>>> "principalAttributesRepository": {
>>>> "@class":
>>>> "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
>>>> },
>>>>},
>>>> "jwtAccessToken": true,
>>>> "usernameAttributeProvider": {
>>>> "@class":
>>>> "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
>>>> "usernameAttribute": "username"
>>>>   }
>>>> }
>>>>
>>>>
>>>> On the client side, i receive a 403 forbidden status or a 401 :
>>>>
>>>> Not sure what I am missing out.. Or does the CAS OAuth server allow
>>>> only clients with https urls to participate in SSO?
>>>> Any inputs regarding this will be of great help..
>>>>
>>>> Thanks
>>>> Sneha
>>>> On Tuesday, March 10, 2020 at 3:01:34 PM UTC+5:30, Napoleon Ponaparte
>>>> wrote:
>>>>>
>>>>> Hi Mr Gandhi,
>>>>> You must use CAS version at least 6.1.x.
>>>>> The key will generate in log of CAS, when you build it.
>>>>> Please try again.
>>>>> Thanks
>>>>>
>>>>> Vào Th 3, 10 thg 3, 2020 vào lúc 16:15 Gandhi 
>>>>> đã viết:
>>>>>
>>>>>> I'm facing the same issue with 5.2.X version of CAS. i'm having
>>>>>> trouble to enable JWT for OIDC related flows.
>>>>>>
>>>&g

Re: [cas-user] Re: [Enable Oauth JWT token on CAS overlay template version 6.0]

[Nguyen Tran Thanh Lam]

Hi Sneha,
I know this.
You must use https for Oauth2
Thank you

Vào Th 5, 26 thg 3, 2020 vào lúc 01:52 Sneha Kashyap <
sneha.kash...@healthelife.in> đã viết:

> Hi napolean,
> Do you have any idea if there is restriction by CAS oauth2 server to use
> http urls instead of https urls in service id to be authenticated?
>
> Thanks sneha
>
> On Mon, 23 Mar, 2020, 10:37 pm Sneha, 
> wrote:
>
>> Hello All,
>>
>> Replying on this post as it is the most recent post on OAuth
>> authentication.I am back working on the project again.
>>
>> Having gotten the oauth2 with JWT sample code working on CAS 6.1 overlay
>> I find that It works on service ids with https URLs but on configuring
>> http URLs I am unable to obtain the JWT or access token with a successful
>> authentication and code generated. I am getting the following output on
>> debug logs on the server side:
>>
>>
>>
>> my json registration:
>>
>> {
>>   "@class" :
>> "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>>   "clientId": "exampleOauthClient",
>>   "clientSecret": "test1",
>>   "serviceId": "^http://localhost:/.*;,
>> "name": "oauth2test",
>> "id": 6,
>>   "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ]
>> ],
>>   "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
>>   "attributeReleasePolicy": {
>> "@class":
>> "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
>> "principalAttributesRepository": {
>> "@class":
>> "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
>> },
>>},
>> "jwtAccessToken": true,
>> "usernameAttributeProvider": {
>> "@class":
>> "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
>> "usernameAttribute": "username"
>>   }
>> }
>>
>>
>> On the client side, i receive a 403 forbidden status or a 401 :
>>
>> Not sure what I am missing out.. Or does the CAS OAuth server allow only
>> clients with https urls to participate in SSO?
>> Any inputs regarding this will be of great help..
>>
>> Thanks
>> Sneha
>> On Tuesday, March 10, 2020 at 3:01:34 PM UTC+5:30, Napoleon Ponaparte
>> wrote:
>>>
>>> Hi Mr Gandhi,
>>> You must use CAS version at least 6.1.x.
>>> The key will generate in log of CAS, when you build it.
>>> Please try again.
>>> Thanks
>>>
>>> Vào Th 3, 10 thg 3, 2020 vào lúc 16:15 Gandhi 
>>> đã viết:
>>>
 I'm facing the same issue with 5.2.X version of CAS. i'm having trouble
 to enable JWT for OIDC related flows.

 Can you please post any findings here, in case if you have solved this?

 On Thursday, February 13, 2020 at 8:48:02 AM UTC+5:30, Napoleon
 Ponaparte wrote:
>
> Hi all,
> I have trouble in enable Oauth JWT token on CAS overlay template
> version 6.0.
>
> I will sponsor 10$, if anyone help me in this case.
>
> I tried two tutorial on two link:
>
> 1) Link 1
> JWT Of All Things With CAS
> https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
> But I have a trouble with cas shell.
> I have described it here (
> https://stackoverflow.com/questions/60186080/generate-jwt-on-cas-apereo-version-6-0-for-oauth-jwt-access-tokens
> )
> 2) Link 2
> Apereo CAS - OAuth JWT Access Tokens But it uses for cas version
> 6.2.x.
> And this properties can't use
>
> cas.authn.oauth.access-token.crypto.encryption.key=cas.authn.oauth.access-token.crypto.signing.key=
> cas.authn.oauth.access-token.crypto.enabled=falsecas.authn.oauth.access-token.crypto.signing-enabled=falsecas.authn.oauth.access-token.crypto.encryption-enabled=false
>
> Thank you.
>
>
>
>
>
 *This mail contains confidential information intended only for the
 individual(s) named. If you’re not the named addressee, don’t disseminate,
 distribute or copy this e-mail. Please notify the sender immediately and
 delete it from your system.If you wish not to receive such e-mails you may
 reply with text “Unsubscribe”.*

 --
 - Website: https://apereo.github.io/cas
 - Gitter Chatroom: https://gitter.im/apereo/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 ---
 You received this message because you are subscribed to the Google
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to cas-...@apereo.org.
 To view this discussion on the web visit
 https://groups.google.com/a/apereo.org/d/msgid/cas-user/162ff6a6-d2e2-4149-aade-e404de062f06%40apereo.org
 
 .

>>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> 

Re: [cas-user] Re: Service Registry - Store in MySQL database

[Nguyen Tran Thanh Lam]

Dear Mr Mathieu HETRU
I have tried your solution, It's working fine but the service seem store
temporary on RAM.
It doesn't write to directory (/etc/cas/services-repo) or database.
This lead to service will disappear when I restart cas-management.
Thanks

Vào Th 3, 24 thg 3, 2020 vào lúc 23:13 Mathieu HETRU 
đã viết:

> hello Bob,
> i have the solution : remove the git feature from the war file (produced
> by gradlew) in order to cas-management 6.1.x works fine :
>
> add this line in the build.gradle (in the bootWar step) :
> ---
> excludes = ["**/cas-mgmt-config-version-control*.jar",
> "**/cas-mgmt-config-delegated*.jar", "**/HikariCP-java7-2.4.13.jar"]
> ---
>
> Sincerly,
>
> Mathieu
>
> Le mar. 24 mars 2020 à 16:04, Bob  a écrit :
>
>> Thanks Mathieu,
>>
>> I tried that also but never could get cas-management 6.1.x working (it
>> kept using the built-in git repo, despite having properties set not to use
>> that) with the MySQL data.
>> Finally I gave up on cas-management and have used the workaround from
>> Michele instead.
>> Thanks,
>>
>> Bob
>>
>>
>> On Monday, March 23, 2020 at 4:06:08 PM UTC+1, Mathieu HETRU wrote:
>>>
>>> Hello Bob,
>>>
>>> You should install cas-management web interface because the service
>>> entry in the db got java objects serialized in the db blob fields in the db
>>> tables.
>>>
>>> I have not use the initFromJson feature.
>>>
>>> Sincerly,
>>>
>>> Mathieu
>>>
>>> Le mardi 28 janvier 2020 12:50:54 UTC+1, Bob a écrit :

 Hello,

 We are upgrading to CAS 6.1.x.
 Most things seem to work fine (LDAP and reading Service Registry from
 json file) but we cannot get it to save the Service Registry in a MySQL
 casdb.
 Is there a way to manually enter a Service Registry into a MySQL
 database?

 Running CAS has created 3 tables in our MySQL database:

 regex_registered_service
 regex_registered_service_regex_registered_service_property
 regex_registered_service_registered_service_impl_contact


 Table regex_registered_service has the following columns:

 +--+
 | COLUMN_NAME  |
 +--+
 | access_strategy  |
 | attribute_release|
 | description  |
 | environments |
 | evaluation_order |
 | expiration_policy|
 | expression_type  |
 | id   |
 | information_Url  |
 | logo |
 | logout_type  |
 | logout_url   |
 | mfa_policy   |
 | name |
 | privacy_Url  |
 | proxy_policy |
 | proxy_ticket_expiration_policy   |
 | public_key   |
 | required_handlers|
 | response_Type|
 | service_Id   |
 | service_ticket_expiration_policy |
 | sso_participation_policy |
 | theme|
 | username_attr|
 +--+
 25 rows in set (0.00 sec)

 How would I get the following json into this table?

 {
   "@class" : "org.apereo.cas.services.RegexRegisteredService",
   "serviceId" : "https://localhost:9000/dashboard;,
   "name" : "My App",
   "id" : 10001000,
   "description" : "My Dashboard App",
   "attributeReleasePolicy" : {
 "@class" :
 "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
 "allowedAttributes" : {
   "@class" : "java.util.TreeMap",
   "memberOf" : "authorities"
 }
   },
   "evaluationOrder" : 100,
   "accessStrategy" : {
 "@class" :
 "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
 "enabled" : true,
 "ssoEnabled" : true
   }
 }

 Thanks in advance!

 Bob

>>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/85c1a43d-a4b1-4d91-9106-3ed8a4e9d92d%40apereo.org
>> 
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: 

Re: [cas-user] Registry service from CAS MANAGEMENT WEB APP to MONGODB

[Nguyen Tran Thanh Lam]

Exactly I want I can use Web Management web App create new services and
store it to MongoD

Vào 23:14, T.2, 16 Th3, 2020 Ray Bon  đã viết:

> Why do you want to have multiple service registry locations?
>
> If you want to use MongoDB, remove json entry.
>
> Ray
>
> On Fri, 2020-03-13 at 20:52 -0700, Napoleon Ponaparte wrote:
>
> Hi all,
> I have confused with service registry.
> I have  two methods to store service.
>
> *Method 1: Using cas-server-support-json-service*
>
> By compile "org.apereo.cas:cas-server-support-json-service-registry:6.1.3"
> The CAS server will read service from directory /etc/cas/services-repo
>
> *Method 2: Using cas-server-support-mongo-service-registry*
>
> By compile "org.apereo.cas:cas-server-support-mongo-service-registry:6.1.3"
> The CAS server will read service from directory /etc/cas/services-repo
> then load these service to MongoDB
>
> But, I have a trouble now.
> I cannot use both methods.  Exactly if I build cas with 2 methods like
>
> compile "org.apereo.cas:cas-server-support-json-service-registry:6.1.3"
> compile "org.apereo.cas:cas-server-support-mongo-service-registry:6.1.3"
> -->the cas will build fail.
>
> And the CAS Management web app seem only save new service to directory.
> This is lead to I can't create new service if I want to store service to
> MongoDB.
> Note: I want to store service to mongoDB to deploy cas in cluster.
> So, Do you have any suggest to solve this problem?
> Thank you.
>
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b90d35d44ca242663b7d6e318dffc286764633b.camel%40uvic.ca
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAgyvJc9rrx%2BuKnfzBzBt_2btsGFsc8ZCNeOeZKV9M-6KA%40mail.gmail.com.

Re: [cas-user] Registry service from CAS MANAGEMENT WEB APP to MONGODB

[Nguyen Tran Thanh Lam]

Dear Mr Ray Bon
But Web Management can only create json file and store in
/etc/cas/services-repo.
And I want to store services in mongodB
It conflicted.


Vào 23:14, T.2, 16 Th3, 2020 Ray Bon  đã viết:

> Why do you want to have multiple service registry locations?
>
> If you want to use MongoDB, remove json entry.
>
> Ray
>
> On Fri, 2020-03-13 at 20:52 -0700, Napoleon Ponaparte wrote:
>
> Hi all,
> I have confused with service registry.
> I have  two methods to store service.
>
> *Method 1: Using cas-server-support-json-service*
>
> By compile "org.apereo.cas:cas-server-support-json-service-registry:6.1.3"
> The CAS server will read service from directory /etc/cas/services-repo
>
> *Method 2: Using cas-server-support-mongo-service-registry*
>
> By compile "org.apereo.cas:cas-server-support-mongo-service-registry:6.1.3"
> The CAS server will read service from directory /etc/cas/services-repo
> then load these service to MongoDB
>
> But, I have a trouble now.
> I cannot use both methods.  Exactly if I build cas with 2 methods like
>
> compile "org.apereo.cas:cas-server-support-json-service-registry:6.1.3"
> compile "org.apereo.cas:cas-server-support-mongo-service-registry:6.1.3"
> -->the cas will build fail.
>
> And the CAS Management web app seem only save new service to directory.
> This is lead to I can't create new service if I want to store service to
> MongoDB.
> Note: I want to store service to mongoDB to deploy cas in cluster.
> So, Do you have any suggest to solve this problem?
> Thank you.
>
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b90d35d44ca242663b7d6e318dffc286764633b.camel%40uvic.ca
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAg2CEV9zPnbcP2C2YR%3DyHZuvmSLHZBr8MQ-i6sQMnNQ5g%40mail.gmail.com.

Re: [cas-user] Re: [Enable Oauth JWT token on CAS overlay template version 6.0]

[Nguyen Tran Thanh Lam]

Hi Mr Gandhi,
You must use CAS version at least 6.1.x.
The key will generate in log of CAS, when you build it.
Please try again.
Thanks

Vào Th 3, 10 thg 3, 2020 vào lúc 16:15 Gandhi 
đã viết:

> I'm facing the same issue with 5.2.X version of CAS. i'm having trouble to
> enable JWT for OIDC related flows.
>
> Can you please post any findings here, in case if you have solved this?
>
> On Thursday, February 13, 2020 at 8:48:02 AM UTC+5:30, Napoleon Ponaparte
> wrote:
>>
>> Hi all,
>> I have trouble in enable Oauth JWT token on CAS overlay template version
>> 6.0.
>>
>> I will sponsor 10$, if anyone help me in this case.
>>
>> I tried two tutorial on two link:
>>
>> 1) Link 1
>> JWT Of All Things With CAS
>> https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
>> But I have a trouble with cas shell.
>> I have described it here (
>> https://stackoverflow.com/questions/60186080/generate-jwt-on-cas-apereo-version-6-0-for-oauth-jwt-access-tokens
>> )
>> 2) Link 2
>> Apereo CAS - OAuth JWT Access Tokens But it uses for cas version 6.2.x.
>> And this properties can't use
>>
>> cas.authn.oauth.access-token.crypto.encryption.key=cas.authn.oauth.access-token.crypto.signing.key=
>> cas.authn.oauth.access-token.crypto.enabled=falsecas.authn.oauth.access-token.crypto.signing-enabled=falsecas.authn.oauth.access-token.crypto.encryption-enabled=false
>>
>> Thank you.
>>
>>
>>
>>
>>
> *This mail contains confidential information intended only for the
> individual(s) named. If you’re not the named addressee, don’t disseminate,
> distribute or copy this e-mail. Please notify the sender immediately and
> delete it from your system.If you wish not to receive such e-mails you may
> reply with text “Unsubscribe”.*
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/162ff6a6-d2e2-4149-aade-e404de062f06%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAheobOHp%3Ddrs8OB-rY3N%2BhUKANCHjZZguUjh71qTO7GFQ%40mail.gmail.com.

Re: [cas-user] Re: CAS Management Web App 6.1.4-RC error

[Nguyen Tran Thanh Lam]

Dear Mr B Ran,
I don't use git and don't enable any dependencies relevant git.

Thank you. Regards

Vào Th 2, 9 thg 3, 2020 vào lúc 16:49 B Ran  đã viết:

> I remember having an issue on that one.
> Can you try this configuration ?
>
> mgmt.versionControl.servicesRepo=//etc/cas/services-repo
>
>
> Make sure whatever runs cas-management has read/write access to
> /etc/cas/services-repo and on the git
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1d34c4ca-4f14-4f8a-ab94-2f8cd83864f6%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAghwpb8OgMi%2B0HZVLVduL6Wc%3DdDJCkXY%3D_OCKdm6h5GYQ%40mail.gmail.com.

Re: [cas-user] [CAS cluster for high-availability with CAS version 6.1]

[Nguyen Tran Thanh Lam]

Thanks MrRay Bon, I will follow your guide.

Vào Th 6, 21 thg 2, 2020 vào lúc 00:22 Ray Bon  đã viết:

> Napoleon,
>
> You can use a single MongoDB and have all your CAS servers point to it.
> The other options you mention are alternative ways to store and access
> data.
>
> Ray
>
> On Wed, 2020-02-19 at 19:13 -0800, Napoleon Ponaparte wrote:
>
> Hi everyone,
> I am deploying CAS Overlay template version 6.1 with server stand-alone.
> I have enabled these service to prepare for deploy CAS high availability,
> include:
> -REST API support
> -Register service to mongoDB
> -Authen user from MongoDB
> -Read CAS globle config from MongoDB
> -Store ticket to MongoDB (instead of in-memory)
>
> Now, I want do deploy CAS service as cluster for high-availability.
>
> I have read many guide and it's made me confused, such as:
> -use spring cloud config server
> -Eureka Server discovery service
> Please guide me exactly method and component to deploy CAS cluster for
> high-availability.
> Thank you.
>
>
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e51c609e4c2052dfd8a7b768b462ded332946bc.camel%40uvic.ca
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAj6GDRa2qXZwTd%3DLC7_pLBpNrviBtL9ATEQbMq0URkJKA%40mail.gmail.com.

Re: [cas-user] Re: CAS 6.X jwt issue with base64 encoded

[Nguyen Tran Thanh Lam]

Sorry, Mr Mathieu HETRU,
Have you success in CAS version 6.0?
If you success, could you show me how to config this?



Vào Th 5, 13 thg 2, 2020 vào lúc 14:03 Nguyen Tran Thanh Lam <
naphaluan211...@gmail.com> đã viết:

> Yeah, I found this. Thanks
>
> Vào Th 5, 13 thg 2, 2020 vào lúc 14:00 Mathieu HETRU 
> đã viết:
>
>> You can get theses values at the launch of cas server in the logs.
>>
>> Le 13 févr. 2020 à 04:36, Napoleon Ponaparte 
>> a écrit :
>>
>> 
>> Hi Raheem, How to get this value?
>> cas.authn.token.crypto.signing.key=
>> cas.authn.token.crypto.encryption.key=
>> THanks
>>
>> On Thursday, January 30, 2020 at 7:39:50 PM UTC+7, Raheem Shaik wrote:
>>>
>>> Hi,
>>>
>>> I am trying to upgrading from 5.2.x t0 6.x version for my testing but
>>> getting but getting issue with  base64 encode which is not working
>>> properly, When i try to decode the jwt token it is not able to get the
>>> payload data. But in earlier version 5.2.x i did not have any issues
>>>
>>> can somebody help me on this.
>>>
>>> build.gardle dependencies
>>>
>>>  compile
>>> "org.apereo.cas:cas-server-webapp${project.appServer}:${casServerVersion}"
>>>  compile
>>> "org.apereo.cas:cas-server-support-rest:${project.'cas.version'}"
>>>  compile
>>> "org.apereo.cas:cas-server-support-rest-tokens:${project.'cas.version'}"
>>>  compile
>>> "org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"
>>>  compile
>>> "org.apereo.cas:cas-server-support-token-tickets:${project.'cas.version'}"
>>>  compile
>>> "org.apereo.cas:cas-server-support-rest-authentication:${project.'cas.version'}"
>>>
>>> cas.authn.token.crypto.enabled=false
>>> cas.authn.token.crypto.encryptionEnabled=false
>>> cas.authn.token.crypto.signing.key=
>>> cas.authn.token.crypto.signing.keySize=512
>>> cas.authn.token.crypto.encryption.key=
>>> cas.authn.token.crypto.encryption.keySize=256
>>>
>>> and
>>>
>>> {
>>>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>>>   "serviceId" : https://.*.example.com;,
>>>   "name" : "myApplication",
>>>   "id" : 1001,
>>>   "description" : "This service definition authorized all application
>>> urls that support HTTPS protocol.",
>>>   "evaluationOrder": 2
>>>   "proxyPolicy" : {
>>> "@class" :
>>> "org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy"
>>>   },
>>>   "usernameAttributeProvider" : {
>>> "@class" :
>>> "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider"
>>>   },
>>>
>>>   "attributeReleasePolicy" : {
>>> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
>>>   "principalAttributesRepository" : {
>>>   "@class" :
>>> "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
>>> },
>>> "authorizedToReleaseCredentialPassword" : false,
>>> "authorizedToReleaseProxyGrantingTicket" : false
>>> },
>>> "logoutType" : "BACK_CHANNEL",
>>> "accessStrategy" : {
>>> "@class" :
>>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
>>> "enabled" : true,
>>> "ssoEnabled" : true
>>> },
>>>   "properties" : {
>>> "@class" : "java.util.HashMap",
>>> "jwtSigningSecret" : {
>>>   "@class" :
>>> "org.apereo.cas.services.DefaultRegisteredServiceProperty",
>>>   "values" : [ "java.util.HashSet", [ "9qzDlSwNx" ] ]
>>> },
>>> "jwtAsResponse" : {
>>>   "@class" :
>>> "org.apereo.cas.services.DefaultRegisteredServiceProperty",
>>>   "values" : [ "java.util.HashSet", [ "true" ] ]
>>> }
>>> }
>>>
>>> Regards,
>>> Raheem
>>>
>>> --

Re: [cas-user] Re: CAS 6.X jwt issue with base64 encoded

[Nguyen Tran Thanh Lam]

Yeah, I found this. Thanks

Vào Th 5, 13 thg 2, 2020 vào lúc 14:00 Mathieu HETRU 
đã viết:

> You can get theses values at the launch of cas server in the logs.
>
> Le 13 févr. 2020 à 04:36, Napoleon Ponaparte 
> a écrit :
>
> 
> Hi Raheem, How to get this value?
> cas.authn.token.crypto.signing.key=
> cas.authn.token.crypto.encryption.key=
> THanks
>
> On Thursday, January 30, 2020 at 7:39:50 PM UTC+7, Raheem Shaik wrote:
>>
>> Hi,
>>
>> I am trying to upgrading from 5.2.x t0 6.x version for my testing but
>> getting but getting issue with  base64 encode which is not working
>> properly, When i try to decode the jwt token it is not able to get the
>> payload data. But in earlier version 5.2.x i did not have any issues
>>
>> can somebody help me on this.
>>
>> build.gardle dependencies
>>
>>  compile
>> "org.apereo.cas:cas-server-webapp${project.appServer}:${casServerVersion}"
>>  compile "org.apereo.cas:cas-server-support-rest:${project.'cas.version'}"
>>  compile
>> "org.apereo.cas:cas-server-support-rest-tokens:${project.'cas.version'}"
>>  compile
>> "org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"
>>  compile
>> "org.apereo.cas:cas-server-support-token-tickets:${project.'cas.version'}"
>>  compile
>> "org.apereo.cas:cas-server-support-rest-authentication:${project.'cas.version'}"
>>
>> cas.authn.token.crypto.enabled=false
>> cas.authn.token.crypto.encryptionEnabled=false
>> cas.authn.token.crypto.signing.key=
>> cas.authn.token.crypto.signing.keySize=512
>> cas.authn.token.crypto.encryption.key=
>> cas.authn.token.crypto.encryption.keySize=256
>>
>> and
>>
>> {
>>   "@class" : "org.apereo.cas.services.RegexRegisteredService",
>>   "serviceId" : https://.*.example.com;,
>>   "name" : "myApplication",
>>   "id" : 1001,
>>   "description" : "This service definition authorized all application
>> urls that support HTTPS protocol.",
>>   "evaluationOrder": 2
>>   "proxyPolicy" : {
>> "@class" :
>> "org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy"
>>   },
>>   "usernameAttributeProvider" : {
>> "@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider"
>>   },
>>
>>   "attributeReleasePolicy" : {
>> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
>>   "principalAttributesRepository" : {
>>   "@class" :
>> "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
>> },
>> "authorizedToReleaseCredentialPassword" : false,
>> "authorizedToReleaseProxyGrantingTicket" : false
>> },
>> "logoutType" : "BACK_CHANNEL",
>> "accessStrategy" : {
>> "@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
>> "enabled" : true,
>> "ssoEnabled" : true
>> },
>>   "properties" : {
>> "@class" : "java.util.HashMap",
>> "jwtSigningSecret" : {
>>   "@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceProperty",
>>   "values" : [ "java.util.HashSet", [ "9qzDlSwNx" ] ]
>> },
>> "jwtAsResponse" : {
>>   "@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceProperty",
>>   "values" : [ "java.util.HashSet", [ "true" ] ]
>> }
>> }
>>
>> Regards,
>> Raheem
>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/feff506b-e209-4550-95d4-9e0831f07225%40apereo.org
> 
> .
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/63B44D43-DD53-40B0-A097-4A5CF1E2C908%40gmail.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this 

[cas-user] [Enable Oauth JWT token on CAS overlay template version 6.0]

[Nguyen Tran Thanh Lam]

Hi all,
I have trouble in enable Oauth JWT token on CAS overlay template version
6.0.

I will sponsor 10$, if anyone help me in this case.

I tried two tutorial on two link:

1) Link 1
JWT Of All Things With CAS
https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
But I have a trouble with cas shell.
I have described it here (
https://stackoverflow.com/questions/60186080/generate-jwt-on-cas-apereo-version-6-0-for-oauth-jwt-access-tokens
)
2) Link 2
Apereo CAS - OAuth JWT Access Tokens But it uses for cas version 6.2.x.
And this properties can't use

cas.authn.oauth.access-token.crypto.encryption.key=cas.authn.oauth.access-token.crypto.signing.key=
cas.authn.oauth.access-token.crypto.enabled=falsecas.authn.oauth.access-token.crypto.signing-enabled=falsecas.authn.oauth.access-token.crypto.encryption-enabled=false

Thank you.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAjXsza11pokTtao2_g_vwepjgFJwwiOOA13y9xueMsZzA%40mail.gmail.com.

[cas-user] [Problem] Generate JWT on CAS Apereo Version 6.0 for OAuth JWT Access Tokens

[Nguyen Tran Thanh Lam]

Dear CAS team,

I want to generate JWT on Apereo CAS Overlay template version 6.0.

Note Java version is Oracle 11

To generate a JWT, I ended up using the CAS Command-line Shell.

I do this follow these step:

STEP 1: I build CAS-shell

root@casoverlay:~/cas-overlay-template# ./build.sh cli

STEP 2: I generate JWT with command

generate-jwt --subject Thanhlam

But it shows this error

Failed to convert from type [java.lang.String] to type
[@org.springframework.shell.standard.ShellOption int] for value
'--subject'; nested exception is java.lang.NumberFormatException: For
input string: "--subject"
Details of the error have been omitted. You can use the stacktrace
command to print the full stacktrace.

Then, I use help command, and it shows that: [image: enter image
description here] 

I try again with full parameter

cas>generate-jwt signingSecretSize 256 --encryptionSecretSize 48
--signingAlgorithm HS256 --encryptionAlgorithm  dir --encryptionMethod
A192CBC-HS384 --subject Thanhlam

It shows error again (with some different)

Too many arguments: the following could not be mapped to parameters:
'dir --encryptionMethod A192CBC-HS384 --subject Thanhlam'
Details of the error have been omitted. You can use the stacktrace
command to print the full stacktrace.

I also try this command on CAS overlay template 5.2, and it works

cas>generate-jwt --subject Thanhlam

I don't know why it wrongs.

Please help.

Thank you in advance.

And output here [image: enter image description here]


Thank you and best regard.

Lam Nguyen

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAhPOqjeN-NdTNOM%3DH9fLMV5ALJvgku%3D%3DHv7VaDi1crp_A%40mail.gmail.com.