Re: [cas-user] CAS 5.2.4 Endpoint access

[Sam Erie]

Thank you very much, that did the trick. Your site is a huge help, very
nice to have clear examples and explanations. The only thing I am still not
sure about is how to secure the /status endpoint.

On Fri, Oct 25, 2019 at 3:45 AM David Curry 
wrote:

> At first blush it looks like your cas.properties property names are wrong;
> there might be other things too that you didn't happen to quote. Here's a
> step-by-step for enabling them all, if you find it helpful:
>
>
> https://dacurry-tns.github.io/deploying-apereo-cas/building_server_dashboard_overview.html
>
>
> --Dave
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 646 909-4728 • david.cu...@newschool.edu
>
>
> On Fri, Oct 25, 2019 at 1:09 AM Sam Erie  wrote:
>
>> I have been struggling to get access to development CAS v5.2.4 status
>> endpoints. I was unable to get them unsecured and went on to add Spring
>> Security with master user, who it is correctly validating, but somehow my
>> IP is still not authorized. Following are relevant properties and logs. I'm
>> confused by the fact that it should be matching any IP with .+ yet it still
>> says Unauthorized IP address. Any help would be much appreciated.
>>
>>
>> endpoints.status.enabled=true
>> endpoints.status.sensitive=false
>> endpoints.dashboard.enabled=true
>> endpoints.dashboard.sensitive=false
>> cas.adminPagesSecurity.ip=.+
>> security.user.name=admin
>> security.user.password=admin
>>
>>
>> 2019-10-23 21:58:11,093 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - 
>> <===
>> SECURITY ===>
>>
>> 2019-10-23 21:58:11,093 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - 
>> > https://sanitized/cas/status>
>>
>> 2019-10-23 21:58:11,093 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - 
>> 
>>
>> 2019-10-23 21:58:11,093 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - 
>> 
>> 2019-10-23 21:58:11,094 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic]
>>  - > #IpClient# | name: IpClient | credentialsExtractor: null | authenticator: 
>> IpRegexpAuthenticator[.+ ]
>>
>>  | profileCreator: 
>> org.pac4j.core.profile.creator.AuthenticatorProfileCreator@290e9599
>>  | authorizationGenerators: [] |]>
>>
>> 2019-10-23 21:58:11,095 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - 
>> 
>>
>> 2019-10-23 21:58:11,110 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - 
>> 
>> 2019-10-23 21:58:11,110 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic]
>>  - > #IpClient# | name: IpClient | credentialsExtractor: null | authenticator: 
>> IpRegexpAuthenticator[.+ ]
>>
>>  | profileCreator: 
>> org.pac4j.core.profile.creator.AuthenticatorProfileCreator@290e9599
>>  | authorizationGenerators: [] |>
>>
>> 2019-10-23 21:58:11,126 DEBUG [org.pac4j.http.client.direct.IpClient] - 
>> 
>>
>> 2019-10-23 21:58:11,126 INFO [org.pac4j.http.client.direct.IpClient] - 
>> > 172.21.96.74>
>>
>> 2019-10-23 21:58:11,126 DEBUG [org.pac4j.http.client.direct.IpClient] - 
>> 
>>
>> org.pac4j.core.exception.CredentialsException: Unauthorized IP address: 
>> 172.21.96.74
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BLYuO2dihVM96XAKC-EXEJBjMqyYhqau1jHMBwHJ9Bncw%40mail.gmail.com
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BLYuO2dihVM96XAKC-EXEJBjMqyYhqau1jHMBwHJ9Bncw%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google

[cas-user] CAS 5.2.4 Endpoint access

[Sam Erie]

I have been struggling to get access to development CAS v5.2.4 status
endpoints. I was unable to get them unsecured and went on to add Spring
Security with master user, who it is correctly validating, but somehow my
IP is still not authorized. Following are relevant properties and logs. I'm
confused by the fact that it should be matching any IP with .+ yet it still
says Unauthorized IP address. Any help would be much appreciated.


endpoints.status.enabled=true
endpoints.status.sensitive=false
endpoints.dashboard.enabled=true
endpoints.dashboard.sensitive=false
cas.adminPagesSecurity.ip=.+
security.user.name=admin
security.user.password=admin

2019-10-23 21:58:11,093 DEBUG
[org.pac4j.core.engine.DefaultSecurityLogic] - <===
SECURITY ===>
2019-10-23 21:58:11,093 DEBUG
[org.pac4j.core.engine.DefaultSecurityLogic] - https://sanitized/cas/status>
2019-10-23 21:58:11,093 DEBUG
[org.pac4j.core.engine.DefaultSecurityLogic] - 
2019-10-23 21:58:11,093 DEBUG
[org.pac4j.core.engine.DefaultSecurityLogic] - 
2019-10-23 21:58:11,094 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic]
 - 
2019-10-23 21:58:11,095 DEBUG
[org.pac4j.core.engine.DefaultSecurityLogic] -

2019-10-23 21:58:11,110 DEBUG
[org.pac4j.core.engine.DefaultSecurityLogic] - 
2019-10-23 21:58:11,110 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic]
 - 
2019-10-23 21:58:11,126 DEBUG [org.pac4j.http.client.direct.IpClient]
- 
2019-10-23 21:58:11,126 INFO [org.pac4j.http.client.direct.IpClient] -

2019-10-23 21:58:11,126 DEBUG [org.pac4j.http.client.direct.IpClient]
- 
org.pac4j.core.exception.CredentialsException: Unauthorized IP
address: 172.21.96.74

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BLYuO2dihVM96XAKC-EXEJBjMqyYhqau1jHMBwHJ9Bncw%40mail.gmail.com.

[cas-user] ajp with cas-management-overlay

[Sam Erie]

Is there a way to use ajp with the cas-management-overlay?

I am using ajp with cas-overlay 5.2.4, but it uses the tomcat appserver -
and it doesn't look like that is available yet for the
cas-management-overlay.

The settings for my cas-overlay are as follows:

cas.server.ajp.secure=true
cas.server.ajp.enabled=true
cas.server.ajp.proxyPort=443
cas.server.ajp.protocol=AJP/1.3
cas.server.ajp.asyncTimeout=5
cas.server.ajp.scheme=https
cas.server.ajp.maxPostSize=20971520
cas.server.ajp.port=8009

I have tried to use similar properties for the manager, but it doesn't
work. I'm not entirely sure how the executable profile works, so I don't
know if what I'm trying is even possible.

The server I'm setting up needs to use httpd to serve pages, so ajp is not
an option at this point. I could attempt to use the built war in my own
servlet container to accomplish this, but if there is an easier way that is
just not documented yet I want to know.

Thanks in advance, I'm pretty new to this so any advice is appreciated.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BK-XHEeSWcXiCVYA9XvpxvdZvMSgq9HbzeWYucpps89Vg%40mail.gmail.com.

Re: [cas-user] How to route new page

[Sam Erie]

Seems so obvious now that you say it. Thank you very much, works like a
charm.

On Thu, May 24, 2018 at 12:14 PM, David Curry <david.cu...@newschool.edu>
wrote:

> The "root" of the web server, i.e., where "https://casserver/cas; points,
> is the ".../webapps/cas/WEB-INF/classes/static" directory. And you can't
> "../" your way out of there, for security reasons.
>
> So on further thought, you probably need to move "timeout.html" into the
> "static" directory and then redirect to "/timeout.html".
>
> --Dave
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003=gmail=g>
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
>
> On Thu, May 24, 2018 at 4:05 PM Sam Erie <se...@alaska.edu> wrote:
>
>> Absolutely that would work. I think I am still doing something wrong
>> though. I have timedOut.html under templates next to casLoginView.html etc.
>> When I redirect to /cas/timedOut.html it gives me a cas page not found
>> page. When I redirect to /timedOut.html it says my page is not found on the
>> server. I could put the page directly on my server, but I would much rather
>> keep it in the cas webapp to make deploying on other servers easier.
>>
>> Perhaps there is a better way to redirect, I'm upgrading an old version
>> of cas so I may be using an outdated method. I do window.location =
>> myRedirect; in a script in the loginform.html fragment. Where myRedirect is
>> "/cas/timedOut.html". It just goes to https://server/cas/timedOut.html.
>>
>> Thank you for your time, and I apologize I have limited experience with
>> java webflows.
>>
>> On Thu, May 24, 2018 at 11:39 AM, David Curry <david.cu...@newschool.edu>
>> wrote:
>>
>>> How strongly do you feel about having "https://server/cas/timeout; as
>>> opposed to "https://server/cas/timeout.html;?
>>>
>>> If you're fine with the latter, you should just be able to drop
>>> "timeout.html" into the same place where all the other casWhateverView.html
>>> pages are and redirect to "/timeout.html".
>>>
>>> Or, since you have access to jQuery and all that good stuff, you could
>>> perhaps do something like:
>>>
>>> $("#cas.login").replaceWith("TimeoutYou are too slow. Go
>>> away.");
>>>
>>>
>>> If you really want the "/cas/timeout" thing, then I believe you'd have
>>> to add it to extend the webflow (or create a new one?).
>>>
>>> Just some ideas...
>>>
>>> --
>>>
>>> DAVID A. CURRY, CISSP
>>> *DIRECTOR OF INFORMATION SECURITY*
>>> INFORMATION TECHNOLOGY
>>>
>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003=gmail=g>
>>> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>>>
>>> [image: The New School]
>>>
>>>
>>> On Thu, May 24, 2018 at 3:18 PM Sam Erie <se...@alaska.edu> wrote:
>>>
>>>> I am trying to provide a timeout page to redirect to when a timer on my
>>>> login page goes off. I can get it to redirect, but there is no page so it
>>>> just goes to the not found page. Is there an easy way to route an extra
>>>> page so I can go to https://server:8443/cas/timeOut?
>>>>
>>>> Or how would I go about using fragments to show my timeOut.html page?
>>>>
>>>> --
>>>> - Website: https://apereo.github.io/cas
>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>> - Contributions: https://goo.gl/mh7qDG
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to cas-user+unsubscr...@apereo.org.
>>>> To view this discussion on the web visit https://groups.google.com/a/
>>>> apereo.org/d/msgid/cas-user/CAMM6z%2BJzJRHQPvCm09Wo8M_3%
>>>> 2BL_b1%3DHZCc04bmSROZkiyzE9QQ%40mail.gmail.com
>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BJzJRHQPvCm09Wo8M_3%2BL_b1%3DHZCc04bmSROZkiyzE9QQ%40mail.gmail.com?utm_

Re: [cas-user] How to route new page

[Sam Erie]

Absolutely that would work. I think I am still doing something wrong
though. I have timedOut.html under templates next to casLoginView.html etc.
When I redirect to /cas/timedOut.html it gives me a cas page not found
page. When I redirect to /timedOut.html it says my page is not found on the
server. I could put the page directly on my server, but I would much rather
keep it in the cas webapp to make deploying on other servers easier.

Perhaps there is a better way to redirect, I'm upgrading an old version of
cas so I may be using an outdated method. I do window.location =
myRedirect; in a script in the loginform.html fragment. Where myRedirect is
"/cas/timedOut.html". It just goes to https://server/cas/timedOut.html.

Thank you for your time, and I apologize I have limited experience with
java webflows.

On Thu, May 24, 2018 at 11:39 AM, David Curry <david.cu...@newschool.edu>
wrote:

> How strongly do you feel about having "https://server/cas/timeout; as
> opposed to "https://server/cas/timeout.html;?
>
> If you're fine with the latter, you should just be able to drop
> "timeout.html" into the same place where all the other casWhateverView.html
> pages are and redirect to "/timeout.html".
>
> Or, since you have access to jQuery and all that good stuff, you could
> perhaps do something like:
>
> $("#cas.login").replaceWith("TimeoutYou are too slow. Go
> away.");
>
>
> If you really want the "/cas/timeout" thing, then I believe you'd have to
> add it to extend the webflow (or create a new one?).
>
> Just some ideas...
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003=gmail=g>
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
>
> On Thu, May 24, 2018 at 3:18 PM Sam Erie <se...@alaska.edu> wrote:
>
>> I am trying to provide a timeout page to redirect to when a timer on my
>> login page goes off. I can get it to redirect, but there is no page so it
>> just goes to the not found page. Is there an easy way to route an extra
>> page so I can go to https://server:8443/cas/timeOut?
>>
>> Or how would I go about using fragments to show my timeOut.html page?
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/
>> apereo.org/d/msgid/cas-user/CAMM6z%2BJzJRHQPvCm09Wo8M_3%
>> 2BL_b1%3DHZCc04bmSROZkiyzE9QQ%40mail.gmail.com
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BJzJRHQPvCm09Wo8M_3%2BL_b1%3DHZCc04bmSROZkiyzE9QQ%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CA%2Bd9XAPcBDMjbs76yN0uaLurdd8exn
> PLO6QbDMxvfWxLqLmjZg%40mail.gmail.com
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPcBDMjbs76yN0uaLurdd8exnPLO6QbDMxvfWxLqLmjZg%40mail.gmail.com?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BL4-h3xAQioCOLCpvJpetAAP%2BVBK6e73oQdT8L0jc%3Di%2Bg%40mail.gmail.com.

[cas-user] How to route new page

[Sam Erie]

I am trying to provide a timeout page to redirect to when a timer on my
login page goes off. I can get it to redirect, but there is no page so it
just goes to the not found page. Is there an easy way to route an extra
page so I can go to https://server:8443/cas/timeOut?

Or how would I go about using fragments to show my timeOut.html page?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BJzJRHQPvCm09Wo8M_3%2BL_b1%3DHZCc04bmSROZkiyzE9QQ%40mail.gmail.com.

[cas-user] How to set custom Java TrustStore for CAS Maven Overlay

[Sam Erie]

So I have tested my certifications using the suggested SSLPoke tool, and I
know I can use the java option -Djavax.net.ssl.trustStore= to make
CAS use the correct custom java truststore for my ldap connection. I was
even able to get it to run like java -Djavax.net.ssl.trustStore= -jar
target/cas.war. However I am trying to set it up to use ./build.sh run
maven command.

My question is how can I set a custom truststore for CAS to run? There is a
keystore property, and a trustCertificates property (which does not take a
keystore, only loose certs). There is a truststore property for server or
httpClient. I must be missing something, because this seems like a pretty
common usage case.

Or is there a way to set the execution command? Or an environmental
variable I can set? (I tried JAVA_OPTS, MAVEN_OPTS, CATALINA_OPTS etc) I
have tried many things, but there is so much documentation I am having
trouble finding this specific answer.

I appreciate any advice, hopefully this isn't something extremely obvious
that is just eluding me because I have been staring at it for so long.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BKXXY-j_iFi3KjNBj%2BT1FK1mJJoPS0vavqZvsaw1yUE4g%40mail.gmail.com.

Re: [cas-user] Service Manager question

[Sam Erie]

So I tried putting in a simple test.war that I know can be served from my
local version of tomcat. When I use cas with ./build.sh run I am able to
access the cas webapp from my browser. After the build I have tried putting
test.war into /cas-overlay-template/target/test.war by the cas.war. I also
tried putting it into
/cas-overlay-template/build/tomcat/work/Tomcat/localhost/test/test.war.

It serves cas with a nice 302 in the access logs, but test gets a 404.

I don't see a place to put it, like my local tomcat has a webapps folder. I
have not tried it with the cas-management.war yet because I am having build
problems. I think I need to try the gradle build, as the maven is giving me
issues.

Am I missing something, like does cas' embedded tomcat need the war in a
special format? Or did I misunderstand you and I do need to run these from
my own local tomcat?


On Mon, May 21, 2018 at 5:35 PM, Mailvaganam, Hari <hari.mailvaga...@ubc.ca>
wrote:

> >Is this the intended replacement service manager?
>
> Yes --- for management via a UI
>
> >I could imagine just adding the war to the work directory of the cas
> tomcat build, but the build folder doesn't contain cas.war, or any tomcat
> config files,
>
> Drop in the WAR file after build --- default name is 'cas-management'
>
> You will have 2 paths in same tomcat ---
>
> hxxps://foobar/cas
> hxxps://foobar/cas-management
>
> --
> *From:* cas-user@apereo.org [cas-user@apereo.org] on behalf of Sam Erie [
> se...@alaska.edu]
> *Sent:* Monday, May 21, 2018 15:53
> *To:* cas-user@apereo.org
> *Subject:* [cas-user] Service Manager question
>
> I am attempting to recreate my university's cas installation from version
> 3.5 currently in production to the new 5.2. The service manager in use now
> uses j_acegi_cas_security_check. As far as I can tell from the
> documentation this has been separated into a new webapp, which I am
> currently exploring at https://github.com/apereo/cas-management-overlay.
>
> Is this the intended replacement service manager?
>
> Assuming that it is I need to plan how to run these webapps from a single
> server. Initially I was planning to use the maven cas-overlay's embedded
> tomcat server to serve cas. Ideally the server would not need to run two
> instances of tomcat. If I was to run only the executable war for cas is
> there a way to package the cas-management.war and run it from the cas
> embedded tomcat?
>
> I could imagine just adding the war to the work directory of the cas
> tomcat build, but the build folder doesn't contain cas.war, or any tomcat
> config files, so I am a little confused as to how this would work.
>
> Is there some intended way to do this I am overlooking? Or is the best
> option to just package both webapps to run on my own servlet container, and
> run from a locally installed tomcat on my server?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CAMM6z%2BKUq%3DVwq4EL4hdLuV%3D-WovpYLhD-vT8o2%
> 3DhhZpinM7Xwg%40mail.gmail.com
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BKUq%3DVwq4EL4hdLuV%3D-WovpYLhD-vT8o2%3DhhZpinM7Xwg%40mail.gmail.com?utm_medium=email_source=footer>
> .
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/EC0CBF4FEE159740B93D387CA8E301
> 86021EC7C34F%40S-ITSV-MBX07P.ead.ubc.ca
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/EC0CBF4FEE159740B93D387CA8E30186021EC7C34F%40S-ITSV-MBX07P.ead.ubc.ca?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BKR7WfDPCtONHzEA9dZWN1mB%3DGGY1adZjSZjg5HyEkGew%40mail.gmail.com.

[cas-user] Service Manager question

[Sam Erie]

I am attempting to recreate my university's cas installation from version
3.5 currently in production to the new 5.2. The service manager in use now
uses j_acegi_cas_security_check. As far as I can tell from the
documentation this has been separated into a new webapp, which I am
currently exploring at https://github.com/apereo/cas-management-overlay.

Is this the intended replacement service manager?

Assuming that it is I need to plan how to run these webapps from a single
server. Initially I was planning to use the maven cas-overlay's embedded
tomcat server to serve cas. Ideally the server would not need to run two
instances of tomcat. If I was to run only the executable war for cas is
there a way to package the cas-management.war and run it from the cas
embedded tomcat?

I could imagine just adding the war to the work directory of the cas tomcat
build, but the build folder doesn't contain cas.war, or any tomcat config
files, so I am a little confused as to how this would work.

Is there some intended way to do this I am overlooking? Or is the best
option to just package both webapps to run on my own servlet container, and
run from a locally installed tomcat on my server?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BKUq%3DVwq4EL4hdLuV%3D-WovpYLhD-vT8o2%3DhhZpinM7Xwg%40mail.gmail.com.

Re: [cas-user] Re: Size of maven cas-overlay-template

[Sam Erie]

Thank you sir. That is how it seemed, just wanted to make sure I have done
everything possible before requesting more space on the server.

On Wed, May 16, 2018 at 10:40 PM, Andy Ng <long...@gmail.com> wrote:

> Hi Sam,
>
> Since the default CAS 5 server already included so many components, the
> large size is to be expected I think,
> and I also tried but failed to find any way to shrink down the size of CAS
> 5.
>
> However, my previous blockage is actually *I hit tomcat default
> max-file-size*, and actually I can do this and be fine: "
> https://maxrohde.com/2011/04/27/large-war-file-cannot-be-
> deployed-in-tomcat-7/". If it is also your case then this might help you.
>
> But if for other reason, then I probably can't help you...
>
> Cheers!
> - Andy
>
>
> On Thursday, 17 May 2018 09:01:14 UTC+8, Sam Erie wrote:
>>
>> I am putting together CAS version 5.2.4.x, and I would like to run it as
>> an executable war, however the size of the built project is still too big
>> for the server I am developing it for. I have taken out as many of the
>> obviously unneeded dependancies from pom.xml as I can, but I can not seem
>> to get build any smaller than 309 MB.
>>
>> Is there any documentation on minimal builds? Or does that seem like a
>> minimal size? Any information on how I could go about pairing down the
>> final build size and still be able to run as executable war would be
>> appreciated.
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/48f50e28-168e-4a12-ae4a-
> 0b42d25b6527%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/48f50e28-168e-4a12-ae4a-0b42d25b6527%40apereo.org?utm_medium=email_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BLFEiqVnMTBrKMuqqjE_J%2BbyEtwjRkRxxDCOksoF7F84A%40mail.gmail.com.

[cas-user] Size of maven cas-overlay-template

[Sam Erie]

I am putting together CAS version 5.2.4.x, and I would like to run it as an
executable war, however the size of the built project is still too big for
the server I am developing it for. I have taken out as many of the
obviously unneeded dependancies from pom.xml as I can, but I can not seem
to get build any smaller than 309 MB.

Is there any documentation on minimal builds? Or does that seem like a
minimal size? Any information on how I could go about pairing down the
final build size and still be able to run as executable war would be
appreciated.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BLgLZcqMHP6cNOAnKo2r-3%2Bshye_Sa%2BDbermH8dK3e%2BJg%40mail.gmail.com.