David,
Re: cas.properties I tried using the colon on every single line and I got all kinds of errors. Mainly ssl errors .. When I put the equals back in , it worked. I am NOT saying you’re wrong nanny nanny poo poo … I just saw a bunch of things break without the equals. =========================== Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David Curry Sent: Tuesday, February 27, 2018 8:36 AM To: cas-user@apereo.org Subject: Re: [cas-user] /cas/status/dashboard You can use colons or equals signs, it doesn't matter. And whitespace between the property name and the property value is ignored (but whitespace at the end of the line is not). https://docs.oracle.com/cd/E23095_01/Platform.93/ATGProgGuide/html/s0204propertiesfileformat01.html Personally I like colons and columns that line up for readability, but that's me. The CAS team seems to like equals signs and no extra whitespace. You can use whichever format you're comfortable with, although I might suggest standardizing on one or the other just for sanity's sake. :-) --Dave -- DAVID A. CURRY, CISSP DIRECTOR OF INFORMATION SECURITY INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • <mailto:david.cu...@newschool.edu> david.cu...@newschool.edu <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg> On Tue, Feb 27, 2018 at 8:11 AM, Cheltenham, Chris <ccheltenham-...@philasd.org <mailto:ccheltenham-...@philasd.org> > wrote: Thanks guys, I have the json service resitry dependency in both cas and cas-management pom.xml. One thing that might be tripping me up here is when to use an “=” or is it a “:’ For example I have them mixed. i.e. cas.serviceRegistry.json.location: file:/etc/cas/services or is it cas.serviceRegistry.json.location = file:/etc/cas/services and I am assuming those long blank spaces don’t mean anything. I 95% am sure my problem is in the config files, I just not sure where. =========================== Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 From: cas-user@apereo.org <mailto:cas-user@apereo.org> [mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of Kevin Liu Sent: Monday, February 26, 2018 3:56 PM To: CAS Community <cas-user@apereo.org <mailto:cas-user@apereo.org> > Subject: Re: [cas-user] /cas/status/dashboard I concur with Matthew. That was my issue too until I changed it. Then services started picking up. On Monday, February 26, 2018 at 2:37:37 PM UTC-6, David Curry wrote: But think of all the experience you're getting! :-) Seriously, I know the feeling. I think we've all been there before. --Dave -- DAVID A. CURRY, CISSP DIRECTOR OF INFORMATION SECURITY INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g> +1 212 229-5300 x4728 • david.cu...@newschool.edu <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg> On Mon, Feb 26, 2018 at 3:35 PM, Cheltenham, Chris <cchelte...@philasd.org> wrote: I do , I will check everything again in the morning. Thanks for your help. It’s frustrating because I know it’s something stupid but I just don’t see it yet. =========================== Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 From: cas-...@apereo.org [mailto:cas-...@apereo.org] On Behalf Of David Curry Sent: Monday, February 26, 2018 3:22 PM To: cas-...@apereo.org Subject: Re: [cas-user] /cas/status/dashboard Do you have <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-json-service-registry</artifactId> <version>${cas.version}</version> </dependency> in pom.xml and cas.serviceRegistry.json.location: file:/etc/cas/services in cas.properties? If not, you need them. If so, then dig through the archives of this group in the last month or twol some other folks were having similar issues. --Dave -- DAVID A. CURRY, CISSP DIRECTOR OF INFORMATION SECURITY INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g> +1 212 229-5300 x4728 • david.cu...@newschool.edu <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg> On Mon, Feb 26, 2018 at 2:50 PM, Cheltenham, Chris <cchelte...@philasd.org> wrote: David, The only thing I can tell is that CAS is not seeing the json file from /etc/cas/services. I created two and they never show up loaded in the logs. Only the two default ones, I guess they are, show up. 2018-02-26 14:42:49,710 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Adding registered service [^https://www.apereo.org]> 2018-02-26 14:42:49,710 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Adding registered service [^(https|imaps)://.*]> 2018-02-26 14:42:49,710 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [2] service(s) from [JsonServiceRegistryDao].> I have two json files. cas-services5.xml { @class: org.apereo.cas.services.RegexRegisteredService serviceId: https://devcas5\.philasd\.org/cas-services/.* name: HTTPS id: 10000000001 description: HTTPS protocol wildcard service. evaluationOrder: 1000 } And cas-dashboard.xml { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*) <https://devcass5.philasd.org/cas/status/dashboard(%5C%5Cz%7C/.*)> ", "name" : "CAS Admin Dashboard", "id" : 1000000002 "description" : "CAS dashboard and administrative endpoints", "evaluationOrder" : 1001 } =========================== Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 From: cas-...@apereo.org <mailto:cas-...@apereo.org> [mailto:cas-...@apereo.org] On Behalf Of David Curry Sent: Monday, February 26, 2018 2:29 PM To: cas-...@apereo.org <mailto:cas-...@apereo.org> Subject: Re: [cas-user] /cas/status/dashboard I think we've been through most of these at one time or another, but to assemble them all in one place... 1. You have all of these: # The /status endpoint is protected by IP address only. cas.adminPagesSecurity.ip: ...a valid regex to match your authorized addresses... # The /status/whatever endpoints are protected by the CAS server, using a # list of admin users in "users.properties". cas.adminPagesSecurity.loginUrl: ${cas.server.prefix}/login cas.adminPagesSecurity.service: ${cas.server.prefix}/status/dashboard cas.adminPagesSecurity.users: file:/etc/cas/config/users.properties # Define an administrator role. (This is the default; you probably don't need to set it explicitly.) cas.adminPagesSecurity.adminRoles[0]: ROLE_ADMIN # Enable the Spring Boot actuators as well as the CAS actuators. cas.adminPagesSecurity.actuatorEndpointsEnabled: true cas.monitor.endpoints.enabled: true endpoints.enabled: true # Marking the endpoints "sensitive" would protect them with Spring Security; # we want to protect them with the CAS server. cas.monitor.endpoints.sensitive: false endpoints.sensitive: false 2. You have a service definition that allows the dashboard to authenticate via CAS: { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^https://your.cas.server.host.and.port.here/cas/status/dashboard(\\z|/.*) <https://your.cas.server.host.and.port.here/cas/status/dashboard(/z%7C/.*)> ", "name" : "CAS Admin Dashboard", "id" : 123456789, "description" : "CAS dashboard and administrative endpoints", "evaluationOrder" : 1234 } 3. You're sure that the "ccheltenham-ext" user can successfully authenticate via CAS. Go to https:/yourserver/cas/login to check. (Even if you're "sure," check it anyway, just to remove it from the equation.) 4. You're attempting to access the dashboard from an IP address that matches the pattern configured in cas.adminPagesSecurity.ip. All of that together ought to do it. If it doesn't, change the CAS logging level to "debug" and see what you get in cas.log.... --Dave -- DAVID A. CURRY, CISSP DIRECTOR OF INFORMATION SECURITY INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g> +1 212 229-5300 x4728 • david.cu...@newschool.edu <mailto:david.cu...@newschool.edu> <http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg> On Mon, Feb 26, 2018 at 2:04 PM, Cheltenham, Chris <cchelte...@philasd.org <mailto:cchelte...@philasd.org> > wrote: <https://groups.google.com/a/apereo.org/group/cas-user/attach/cdae4a62e1c07/image001.gif?part=0.1&authuser=0> Hello, I have been stuggling with access denied on the dashboard - users.properties only has the following. ccheltenham-ext=passwordnotused,ROLE_ADMIN What else could I have misconfigured? =========================== Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org <mailto:cas-user+u...@apereo.org> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00a001d3af34%24a1de58a0%24e59b09e0%24%40philasd.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/00a001d3af34%24a1de58a0%24e59b09e0%24%40philasd.org?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org <mailto:cas-user+u...@apereo.org> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPG8nL99g6-zYfwWMCZBXQ2FhK6gR6UWatTYTGBK2fZqg%40mail.gmail.com <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPG8nL99g6-zYfwWMCZBXQ2FhK6gR6UWatTYTGBK2fZqg%40mail.gmail.com?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org <mailto:cas-user+u...@apereo.org> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00cc01d3af3b%2408b4e340%241a1ea9c0%24%40philasd.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/00cc01d3af3b%2408b4e340%241a1ea9c0%24%40philasd.org?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org <mailto:cas-user+u...@apereo.org> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOB%3DdrdSTwzr5d%2BFk5K-VPjjkGntE0cHSQozJb_9gk-Lg%40mail.gmail.com <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOB%3DdrdSTwzr5d%2BFk5K-VPjjkGntE0cHSQozJb_9gk-Lg%40mail.gmail.com?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org <mailto:cas-user+u...@apereo.org> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00e301d3af41%244a9c5210%24dfd4f630%24%40philasd.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/00e301d3af41%244a9c5210%24dfd4f630%24%40philasd.org?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d479e8bf-5403-4485-87f3-9477acc764ff%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d479e8bf-5403-4485-87f3-9477acc764ff%40apereo.org?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/002d01d3afcc%24876fb2f0%24964f18d0%24%40philasd.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/002d01d3afcc%24876fb2f0%24964f18d0%24%40philasd.org?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMX%3DUOrnv0VdDrbCm%2BcErc-5WJDbuBgGLufFqtoWOd1zA%40mail.gmail.com <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMX%3DUOrnv0VdDrbCm%2BcErc-5WJDbuBgGLufFqtoWOd1zA%40mail.gmail.com?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/003b01d3afd0%24c86d48e0%245947daa0%24%40philasd.org.