> Someone should pay you for them. Well, I have to write it up as part of my job anyway; I just decided to go a little further and make it available to world+dog. So I do get paid for the work. Glad you (and others) are finding them helpful.
-- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu [image: The New School] On Fri, Feb 23, 2018 at 2:30 PM, Cheltenham, Chris < ccheltenham-...@philasd.org> wrote: > Oh right , you do have good docs. > > > > Thanks > > > > Someone should pay you for them. > > > > > > =========================== > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > > *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *David > Curry > *Sent:* Friday, February 23, 2018 1:48 PM > > *To:* cas-user@apereo.org > *Subject:* Re: [cas-user] CAS5 management > > > > > > The /status endpoint (but not the endpoints underneath it) is only > protected by an IP address pattern. You need to set the > cas.adminPagesSecurity.ip property to a regular expression that matches > the IP address(es) you want to allow access from. > > > > See https://dacurry-tns.github.io/deploying-apereo- > cas/building_server_dashboard_configure-admin-pages- > properties.html#configure-endpoint-security for an example. > > > > --Dave > > > > > -- > > *DAVID A. CURRY, CISSP* > *DIRECTOR OF INFORMATION SECURITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g> > +1 212 229-5300 x4728 • david.cu...@newschool.edu > > [image: The New School] > > > > On Fri, Feb 23, 2018 at 12:33 PM, Cheltenham, Chris < > ccheltenham-...@philasd.org> wrote: > > David, > > > > Along the same lines, > > > > /cas/status says access denied. > > > > Is a different file? > > > > > > =========================== > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > > *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *David > Curry > *Sent:* Friday, February 23, 2018 10:52 AM > > > *To:* cas-user@apereo.org > *Subject:* Re: [cas-user] CAS5 management > > > > Admin pages is the /status/dashboard stuff (and all the things > underneath). The access to that is controlled with a user.properties file > as well. > > > > The format is what I gave you in the earlier email. So for casuser, it > would be > > > > casuser=passwordnotused,ROLE_ADMIN > > > > or equivalently, > > > > casuser=empty,ROLE_ADMIN > > > > I should note that the password field (the first field after the "=") is > only "not used" if you're using CAS to authenticate access to the > management webapp (which I assume you are). > > > > --Dave > > > > > -- > > *DAVID A. CURRY, CISSP* > *DIRECTOR OF INFORMATION SECURITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g> > +1 212 229-5300 x4728 • david.cu...@newschool.edu > > [image: The New School] > > > > On Fri, Feb 23, 2018 at 10:47 AM, Cheltenham, Chris < > ccheltenham-...@philasd.org> wrote: > > David, > > > > I honestly don’t know what you mean. > > > > What admin pages? > > > > And how should this be formatted? > > > > casuser=ROLE_ADMIN,enabled > > > > > > > > =========================== > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > > *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *David > Curry > *Sent:* Friday, February 23, 2018 10:33 AM > *To:* cas-user@apereo.org > *Subject:* Re: [cas-user] CAS5 management > > > > Your users.properties file is not formatted correctly. It's the same > format (and in fact can be the same file) as the one for the admin pages: > > > > # The syntax for each line is: > > # > > # username=password,grantedAuthority[,grantedAuthority][,enabled|disabled] > > # > > gnarls=passwordnotused,ROLE_ADMIN > > > > The above allows a user named "gnarls" to have access. > > > > --Dave > > > > > -- > > *DAVID A. CURRY, CISSP* > *DIRECTOR OF INFORMATION SECURITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g> > +1 212 229-5300 x4728 • david.cu...@newschool.edu > > [image: The New School] > > > > On Fri, Feb 23, 2018 at 10:28 AM, Cheltenham, Chris < > ccheltenham-...@philasd.org> wrote: > > [image: cid:image001.gif@01D3ACA2.4C937D10] > > Hello Everyone, > > > > Still having problems with access denied on /cas-management > > > > I turned on DEBUG and I see this in the logs. > > > > 22T13:22:12.379-05:00[America/New_York], authenticationMethod=Employee-LDAP, > successfulAuthenticationHandlers=Employee-LDAP, > > longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: > [] | isRemembered: false | clientName: CasClient | > > linkedId: null |] does not contain the required role [ROLE_ADMIN] > > > > > > My users.properties files look thusly – > > casuser=ROLE_ADMIN,<myid> > > > > and yes ROLE_ADMIN is stated in the management.properties file. > > cas.mgmt.adminRoles[0]=ROLE_ADMIN > > > > There is a Json file in /etc/cas/services or the users.properties file. > > > > That is stated in cas.properties > > cas.serviceRegistry.config.location=file:/etc/cas/services > > > > Is there a way to format the users. Properties file so anyone can use the > management portal? > > > > > > > > =========================== > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/008301d3acba%24f0e4fe30% > 24d2aefa90%24%40philasd.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/008301d3acba%24f0e4fe30%24d2aefa90%24%40philasd.org?utm_medium=email&utm_source=footer> > . > > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/CA%2Bd9XAOZfm-azTX0TzCFs7AYmY2DkvNLF% > 2Bv82mJqicSZntatMA%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOZfm-azTX0TzCFs7AYmY2DkvNLF%2Bv82mJqicSZntatMA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/00a301d3acbd%249552e2f0% > 24bff8a8d0%24%40philasd.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/00a301d3acbd%249552e2f0%24bff8a8d0%24%40philasd.org?utm_medium=email&utm_source=footer> > . > > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/CA%2Bd9XAORN6K6VTdPmUCz_RAtO6% > 2BsPXoib9gTtFVFMF6W0n5ONQ%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAORN6K6VTdPmUCz_RAtO6%2BsPXoib9gTtFVFMF6W0n5ONQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/00ed01d3accc%246e1b38e0% > 244a51aaa0%24%40philasd.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/00ed01d3accc%246e1b38e0%244a51aaa0%24%40philasd.org?utm_medium=email&utm_source=footer> > . > > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/CA%2Bd9XANb3HKi%3DRsMjsz- > cHqk9StXT2%2BiAvKZy9g2_3Zv0HNO-w%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XANb3HKi%3DRsMjsz-cHqk9StXT2%2BiAvKZy9g2_3Zv0HNO-w%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/014801d3acdc%24c0a41e00% > 2441ec5a00%24%40philasd.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/014801d3acdc%24c0a41e00%2441ec5a00%24%40philasd.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPHXGLGih_MUgRA3CiQjbJKHg1ob2Tvsu9RTavjakOwJQ%40mail.gmail.com.
