Re: [cas-user] Service Registry -- Getting the 1st Application Entered
please can you share with me your LDAP configuration , exactly the modification of the file "cas.properties" modification , have you modfied some classes in the overlay.? thanks alot Le lundi 3 septembre 2018 03:21:33 UTC+2, 党田力 a écrit : > > But 5.1.9 works. > Why? > > 在 2018年8月31日星期五 UTC+8下午9:46:17,Francois Campbell写道: >> >> Hi. >> >> I believe only one of the two should be in the pom.xml file at a time. >> >> Regards >> *Francois Campbell* >> Teaching and Learning Product Lead >> >> >> >> >> >> >> On Fri, 31 Aug 2018 at 13:05, 党田力 wrote: >> >>> I had test on 5.2.6 adn 5.2.7 version >>> Only append `cas-server-support-json-service-registry` to pom.xml, the ' >>> cas.serviceRegistry.initFromJson=true' is worked. >>> Only append `cas-server-support-jpa-service-registry` to pom.xml, the >>> database is worked. >>> But I append both them, the services defined in json is not loaded. >>> >>> On 5.1.9 version works. >>> >>> >>> 在 2018年5月15日星期二 UTC+8下午8:15:55,David Curry写道: Lionel and Jann, Did you ever have the JSON service registry working? If not, I recommend that you take all the JPA stuff out of pom.xml and cas.properties and get that working correctly first, so that you're only trying to debug one thing at a time. Once you have the JSON service registry working correctly, for both the main server and the management webapp, then it's time to move things to JPA. The basic steps for moving to JPA *should* be this: 1. REMOVE the "cas-server-support-json-service-registry" dependency from pom.xml (server and management webapp) 2. Add the "cas-server-support-jpa-service-registry" dependency and whatever other dependencies go with it to pom.xml (server and management webapp) 3. Rebuild the server and management webapp 4. In the server's cas.properties file, include BOTH of these lines: cas.serviceRegistry.json.location: file:/etc/cas/services cas.serviceRegistry.initFromJson: true The first line should already be there (since before you start these steps you're using the JSON service registry), but you must add the second line. 5. Add all the lines you need to configure the JPA service registry to the server's cas.properties file. 6. Start the CAS server (do not start the management webapp). You should see it load the services from the JSON files (again, this should already be working before you start) and then it will magically save them into the JPA registry. 7. Shut the server down. 8. Check the database to see that the services actually got loaded there. If not, this is where you need to start debugging. And the first step of that would be setting the log level to "debug" in log4j2.xml, and adding whatever Logger configuration you need to make the Oracle JDBC library log for you as well. Once you've got the services loaded into the database 9. Remove the "cas.serviceRegistry.json.location" and "cas.serviceRegistry.initFromJson" properties from the server's cas.properties file. 10. Remove the "cas.serviceRegistry.json.location" property from, and add all the JPA properties to, the management webapp's management.properties file. At least, that's the procedure I followed to get the MongoDB service registry working (see https://dacurry-tns.github.io/deploying-apereo-cas/high-avail_service-registry_overview.html). I've not used the JPA stuff at all, so no guarantees, but I don't see why it should be any different. --Dave -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu [image: The New School] On Tue, May 15, 2018 at 12:14 AM, Lionel Samuel wrote: > Changing in "cas.properties" > 'cas.serviceRegistry.json.location:file:/etc/cas/services' to > 'cas.serviceRegistry.json.location:foobar:/etc/cas/services' > > The above does not generate an error message --- is that a sign it's > not loaded? > > > On Monday, May 14, 2018 at 8:25:37 PM UTC-7, Lionel Samuel wrote: >> >> I'm working with Jann -- attached is our pom file (we call the jar >> my-cas -- which is reflected in the URLs). >> >> It does not look like the JSON file is loaded -- I don't think it's >> pom related --- but at the moment we are both stumped so anything goes. >> >> 2018-05-14 20:23:17,715 WARN >> [org.apereo.cas.services.web.ServiceThemeResolver] - > service >> is found to match >> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@330c1ecf[id= >>
Re: [cas-user] Service Registry -- Getting the 1st Application Entered
please can you share with me your LDAP configuration , exactly the modification of the file "cas.properties" modification , have you modfied some classes in the overlay.? thanks alot Le lundi 3 septembre 2018 03:21:33 UTC+2, 党田力 a écrit : > > But 5.1.9 works. > Why? > > 在 2018年8月31日星期五 UTC+8下午9:46:17,Francois Campbell写道: >> >> Hi. >> >> I believe only one of the two should be in the pom.xml file at a time. >> >> Regards >> *Francois Campbell* >> Teaching and Learning Product Lead >> >> >> >> >> >> >> On Fri, 31 Aug 2018 at 13:05, 党田力 wrote: >> >>> I had test on 5.2.6 adn 5.2.7 version >>> Only append `cas-server-support-json-service-registry` to pom.xml, the ' >>> cas.serviceRegistry.initFromJson=true' is worked. >>> Only append `cas-server-support-jpa-service-registry` to pom.xml, the >>> database is worked. >>> But I append both them, the services defined in json is not loaded. >>> >>> On 5.1.9 version works. >>> >>> >>> 在 2018年5月15日星期二 UTC+8下午8:15:55,David Curry写道: Lionel and Jann, Did you ever have the JSON service registry working? If not, I recommend that you take all the JPA stuff out of pom.xml and cas.properties and get that working correctly first, so that you're only trying to debug one thing at a time. Once you have the JSON service registry working correctly, for both the main server and the management webapp, then it's time to move things to JPA. The basic steps for moving to JPA *should* be this: 1. REMOVE the "cas-server-support-json-service-registry" dependency from pom.xml (server and management webapp) 2. Add the "cas-server-support-jpa-service-registry" dependency and whatever other dependencies go with it to pom.xml (server and management webapp) 3. Rebuild the server and management webapp 4. In the server's cas.properties file, include BOTH of these lines: cas.serviceRegistry.json.location: file:/etc/cas/services cas.serviceRegistry.initFromJson: true The first line should already be there (since before you start these steps you're using the JSON service registry), but you must add the second line. 5. Add all the lines you need to configure the JPA service registry to the server's cas.properties file. 6. Start the CAS server (do not start the management webapp). You should see it load the services from the JSON files (again, this should already be working before you start) and then it will magically save them into the JPA registry. 7. Shut the server down. 8. Check the database to see that the services actually got loaded there. If not, this is where you need to start debugging. And the first step of that would be setting the log level to "debug" in log4j2.xml, and adding whatever Logger configuration you need to make the Oracle JDBC library log for you as well. Once you've got the services loaded into the database 9. Remove the "cas.serviceRegistry.json.location" and "cas.serviceRegistry.initFromJson" properties from the server's cas.properties file. 10. Remove the "cas.serviceRegistry.json.location" property from, and add all the JPA properties to, the management webapp's management.properties file. At least, that's the procedure I followed to get the MongoDB service registry working (see https://dacurry-tns.github.io/deploying-apereo-cas/high-avail_service-registry_overview.html). I've not used the JPA stuff at all, so no guarantees, but I don't see why it should be any different. --Dave -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu [image: The New School] On Tue, May 15, 2018 at 12:14 AM, Lionel Samuel wrote: > Changing in "cas.properties" > 'cas.serviceRegistry.json.location:file:/etc/cas/services' to > 'cas.serviceRegistry.json.location:foobar:/etc/cas/services' > > The above does not generate an error message --- is that a sign it's > not loaded? > > > On Monday, May 14, 2018 at 8:25:37 PM UTC-7, Lionel Samuel wrote: >> >> I'm working with Jann -- attached is our pom file (we call the jar >> my-cas -- which is reflected in the URLs). >> >> It does not look like the JSON file is loaded -- I don't think it's >> pom related --- but at the moment we are both stumped so anything goes. >> >> 2018-05-14 20:23:17,715 WARN >> [org.apereo.cas.services.web.ServiceThemeResolver] - > service >> is found to match >> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@330c1ecf[id= >>
[cas-user] probelm with cas 5.1 + ldap configuration
Hi all, i'm trying to configure cas ( 5.1.9) + LDAP authentication ( using apache directoy ) i have modify the pom/.xml file also i modify cas.propreties file , after deploy cas.war to tomacte server , i have this messages in the cas.log file *cas.log :* * WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - * *2018-08-31 16:34:04,220 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - org.apereo.cas cas-server-webapp${app.server} ${cas.version} war runtime org.apereo.cas cas-server-support-ldap ${cas.version} * *cas.properties:* *server.name=https://localhost:8443 server.prefix=${server.name}/cas cas.securityContext.serviceProperties.service=${server.prefix}/services/j_acegi_cas_security_check # Names of roles allowed to access the CAS service manager cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${server.prefix}/login cas.securityContext.ticketValidator.casServerUrlPrefix=${server.prefix} # IP address or CIDR subnet allowed to access the /status URI of CAS that exposes health check information # IPv6 version cas.securityContext.status.allowedSubnet=0:0:0:0:0:0:0:1 # IPv4 version #cas.securityContext.status.allowedSubnet=127.0.0.1 cas.themeResolver.defaultThemeName=cas-theme-default cas.viewResolver.basename=default_views host.name=cas.example.org ## Log4J log4j.config.location=log4j2.xml log4j.refresh.interval=6 #database.hibernate.dialect=org.hibernate.dialect.HSQLDialect ## # Single Sign-On Session Timeouts # Defaults sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml # # Maximum session timeout - TGT will expire in maxTimeToLiveInSeconds regardless of usage tgt.maxTimeToLiveInSeconds=28800 # # Idle session timeout - TGT will expire sooner than maxTimeToLiveInSeconds if no further requests # for STs occur within timeToKillInSeconds tgt.timeToKillInSeconds=7200 ## # Service Ticket Timeout # Default sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml # # Service Ticket timeout - typically kept short as a control against replay attacks, default is 10s. You'll want to # increase this timeout if you are manually testing service ticket creation/validation via tamperdata or similar tools # Set to 3 min here for easy testing/demonstrating new features. st.timeToKillInSeconds=10 #== # Define attributes to be retrieved from LDAP as part of the same authentication transaction # The left-hand size notes the source while the right-hand size indicate an optional renaming/remapping # of the attribute definition. The same attribute name is allowed to be mapped multiple times to # different attribute names. #== cas.authn.ldap[0].principalAttributeList=sn,cn:admin cas.authn.ldap[0].collectDnAttribute=false cas.authn.ldap[0].principalDnAttributeName=dc=,dc=com cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true cas.authn.ldap[0].credentialCriteria= cas.authn.attributeRepository.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider # # Authentication # cas.authn.accept.users= cas.authn.ldap[0].type=AD cas.authn.ldap[0].ldapUrl=ldap://localhost:10389/dc=,dc=com cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].baseDn=cn=admin,ou=Users,dc=,dc=com cas.authn.ldap[0].userFilter=uid={user} cas.authn.ldap[0].bindCredential=userPassword* *and this ldap : * -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c2ed74dc-c55e-48ba-84cd-916435324ae8%40apereo.org.
Re: [cas-user] Re: Service Registry -- Getting the 1st Application Entered
that not solve the problem !! Le vendredi 31 août 2018 16:11:09 UTC+2, Francois Campbell a écrit : > > Not sure if it just a typo, but your example repeats ldap protocol twice. > cas.authn.ldap[0].ldapUrl=*ldap:ldap*://localhost:10389/dc=XXX,dc=com > > You may also require cas.authn.ldap[0].bindDn > e.g. > cas.authn.ldap[0].bindDn: CN=ADMIN_USERNAME,cn=Users,dc=XXX,dc=com > > > Regards > *Francois Campbell* > Teaching and Learning Product Lead > > > > > > > On Fri, 31 Aug 2018 at 16:02, abdellhak tlili > wrote: > >> Hi All , >> i'm trying to configure CAS 5.1.9 with LDAP authentication , i have add >> ldap support dependency in pom.xml also i have add ldap configuration into >> cas.properites , and when i try to connect LDAP i have this 2 messages in >> cas.log >> >> *cas.properites:* >> cas.authn.ldap[0].principalAttributeList=sn,cn:admin >> cas.authn.ldap[0].collectDnAttribute=false >> cas.authn.ldap[0].principalDnAttributeName=dc=XXX,dc=com >> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true >> cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true >> cas.authn.ldap[0].credentialCriteria= >> >> >> cas.authn.attributeRepository.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider >> >> # >> # Authentication >> # >> cas.authn.accept.users= >> cas.authn.ldap[0].type=AD >> cas.authn.ldap[0].ldapUrl=ldap:ldap://localhost:10389/dc=XXX,dc=com >> cas.authn.ldap[0].useSsl=false >> cas.authn.ldap[0].baseDn=ou=Users,dc=XXX,dc=com >> cas.authn.ldap[0].userFilter=uid={user} >> cas.authn.ldap[0].bindCredential=userPassword >> >> >> >> *cas.log* >> 1- /***/ >> N [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >> > authentication handler that supports [admin@**.com] of type >> [UsernamePasswordCredential], which suggests a configuration problem.> >> 2018-08-31 14:51:28,279 INFO >> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - > trail record BEGIN >> /**/ >> >> 2-/**/ >> 2018-08-31 14:51:28,285 ERROR >> [org.apereo.cas.web.flow.AuthenticationExceptionHandlerAction] - > translate handler errors of the authentication exception >> [org.apereo.cas.authentication.AuthenticationException: 0 errors, 0 >> successes]Returning [UNKNOWN]> >> /***/ >> >> >> >> *pleas HELP HELP* >> >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+u...@apereo.org . >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8baed680-b5ec-405a-8f13-b2b3054e7a88%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8baed680-b5ec-405a-8f13-b2b3054e7a88%40apereo.org?utm_medium=email_source=footer> >> . >> > > > -- > See OpenCollab email disclaimer at > http://www.opencollab.co.za/email-disclaimer -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/03043b14-30da-4677-8d46-309e26a02140%40apereo.org.
[cas-user] Re: Service Registry -- Getting the 1st Application Entered
Hi All , i'm trying to configure CAS 5.1.9 with LDAP authentication , i have add ldap support dependency in pom.xml also i have add ldap configuration into cas.properites , and when i try to connect LDAP i have this 2 messages in cas.log *cas.properites:* cas.authn.ldap[0].principalAttributeList=sn,cn:admin cas.authn.ldap[0].collectDnAttribute=false cas.authn.ldap[0].principalDnAttributeName=dc=XXX,dc=com cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true cas.authn.ldap[0].credentialCriteria= cas.authn.attributeRepository.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider # # Authentication # cas.authn.accept.users= cas.authn.ldap[0].type=AD cas.authn.ldap[0].ldapUrl=ldap:ldap://localhost:10389/dc=XXX,dc=com cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].baseDn=ou=Users,dc=XXX,dc=com cas.authn.ldap[0].userFilter=uid={user} cas.authn.ldap[0].bindCredential=userPassword *cas.log* 1- /***/ N [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 2018-08-31 14:51:28,279 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - /***/ *pleas HELP HELP* -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8baed680-b5ec-405a-8f13-b2b3054e7a88%40apereo.org.
[cas-user] CAS 5.1.X + LDAP issues
I'm working now in project that i must configure CAS( 5.1.9 ) base on LDAP ( apache directory ) authentication , after deployet the cas war i have this messag in log -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/98d64864-6db5-4e25-903a-47794037f707%40apereo.org. application.properties Description: Binary data cas.properties Description: Binary data