I do , I will check everything again in the morning.
Thanks for your help. It’s frustrating because I know it’s something stupid but I just don’t see it yet. =========================== Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David Curry Sent: Monday, February 26, 2018 3:22 PM To: cas-user@apereo.org Subject: Re: [cas-user] /cas/status/dashboard Do you have <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-json-service-registry</artifactId> <version>${cas.version}</version> </dependency> in pom.xml and cas.serviceRegistry.json.location: file:/etc/cas/services in cas.properties? If not, you need them. If so, then dig through the archives of this group in the last month or twol some other folks were having similar issues. --Dave -- DAVID A. CURRY, CISSP DIRECTOR OF INFORMATION SECURITY INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • <mailto:david.cu...@newschool.edu> david.cu...@newschool.edu <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg> On Mon, Feb 26, 2018 at 2:50 PM, Cheltenham, Chris <ccheltenham-...@philasd.org <mailto:ccheltenham-...@philasd.org> > wrote: David, The only thing I can tell is that CAS is not seeing the json file from /etc/cas/services. I created two and they never show up loaded in the logs. Only the two default ones, I guess they are, show up. 2018-02-26 14:42:49,710 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Adding registered service [^https://www.apereo.org]> 2018-02-26 14:42:49,710 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Adding registered service [^(https|imaps)://.*]> 2018-02-26 14:42:49,710 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [2] service(s) from [JsonServiceRegistryDao].> I have two json files. cas-services5.xml { @class: org.apereo.cas.services.RegexRegisteredService serviceId: https://devcas5\.philasd\.org/cas-services/.* name: HTTPS id: 10000000001 description: HTTPS protocol wildcard service. evaluationOrder: 1000 } And cas-dashboard.xml { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*) <https://devcass5.philasd.org/cas/status/dashboard(%5C%5Cz%7C/.*)> ", "name" : "CAS Admin Dashboard", "id" : 1000000002 "description" : "CAS dashboard and administrative endpoints", "evaluationOrder" : 1001 } =========================== Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 From: cas-user@apereo.org <mailto:cas-user@apereo.org> [mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of David Curry Sent: Monday, February 26, 2018 2:29 PM To: cas-user@apereo.org <mailto:cas-user@apereo.org> Subject: Re: [cas-user] /cas/status/dashboard I think we've been through most of these at one time or another, but to assemble them all in one place... 1. You have all of these: # The /status endpoint is protected by IP address only. cas.adminPagesSecurity.ip: ...a valid regex to match your authorized addresses... # The /status/whatever endpoints are protected by the CAS server, using a # list of admin users in "users.properties". cas.adminPagesSecurity.loginUrl: ${cas.server.prefix}/login cas.adminPagesSecurity.service: ${cas.server.prefix}/status/dashboard cas.adminPagesSecurity.users: file:/etc/cas/config/users.properties # Define an administrator role. (This is the default; you probably don't need to set it explicitly.) cas.adminPagesSecurity.adminRoles[0]: ROLE_ADMIN # Enable the Spring Boot actuators as well as the CAS actuators. cas.adminPagesSecurity.actuatorEndpointsEnabled: true cas.monitor.endpoints.enabled: true endpoints.enabled: true # Marking the endpoints "sensitive" would protect them with Spring Security; # we want to protect them with the CAS server. cas.monitor.endpoints.sensitive: false endpoints.sensitive: false 2. You have a service definition that allows the dashboard to authenticate via CAS: { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^https://your.cas.server.host.and.port.here/cas/status/dashboard(\\z|/.*) <https://your.cas.server.host.and.port.here/cas/status/dashboard(/z%7C/.*)> ", "name" : "CAS Admin Dashboard", "id" : 123456789, "description" : "CAS dashboard and administrative endpoints", "evaluationOrder" : 1234 } 3. You're sure that the "ccheltenham-ext" user can successfully authenticate via CAS. Go to https:/yourserver/cas/login to check. (Even if you're "sure," check it anyway, just to remove it from the equation.) 4. You're attempting to access the dashboard from an IP address that matches the pattern configured in cas.adminPagesSecurity.ip. All of that together ought to do it. If it doesn't, change the CAS logging level to "debug" and see what you get in cas.log.... --Dave -- DAVID A. CURRY, CISSP DIRECTOR OF INFORMATION SECURITY INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g> +1 212 229-5300 x4728 • <mailto:david.cu...@newschool.edu> david.cu...@newschool.edu <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg> On Mon, Feb 26, 2018 at 2:04 PM, Cheltenham, Chris <ccheltenham-...@philasd.org <mailto:ccheltenham-...@philasd.org> > wrote: Hello, I have been stuggling with access denied on the dashboard - users.properties only has the following. ccheltenham-ext=passwordnotused,ROLE_ADMIN What else could I have misconfigured? =========================== Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00a001d3af34%24a1de58a0%24e59b09e0%24%40philasd.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/00a001d3af34%24a1de58a0%24e59b09e0%24%40philasd.org?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPG8nL99g6-zYfwWMCZBXQ2FhK6gR6UWatTYTGBK2fZqg%40mail.gmail.com <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPG8nL99g6-zYfwWMCZBXQ2FhK6gR6UWatTYTGBK2fZqg%40mail.gmail.com?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00cc01d3af3b%2408b4e340%241a1ea9c0%24%40philasd.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/00cc01d3af3b%2408b4e340%241a1ea9c0%24%40philasd.org?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOB%3DdrdSTwzr5d%2BFk5K-VPjjkGntE0cHSQozJb_9gk-Lg%40mail.gmail.com <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOB%3DdrdSTwzr5d%2BFk5K-VPjjkGntE0cHSQozJb_9gk-Lg%40mail.gmail.com?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00e301d3af41%244a9c5210%24dfd4f630%24%40philasd.org.
