Thank you for the quick reply.
First I accessed via the browser
https://cas.example.com/cas/status/discovery, then CAS directed to
login. After successfully logging in, the results are like this:
{
"@class": "java.util.LinkedHashMap",
"profile": {
"@class": "org.apereo.cas.discovery.CasServerProfile",
"registeredServiceTypes": {
"@class": "java.util.HashMap",
"CAS Client": "org.apereo.cas.services.RegexRegisteredService"
},
"registeredServiceTypesSupported": {
"@class": "java.util.HashMap",
"SAML2 Service Provider":
"org.apereo.cas.support.saml.services.SamlRegisteredService",
"WS Federation Relying Party":
"org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
"OpenID Connect Relying Party":
"org.apereo.cas.services.OidcRegisteredService",
"OAuth2 Client":
"org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"CAS Client": "org.apereo.cas.services.RegexRegisteredService"
},
"multifactorAuthenticationProviderTypesSupported": {
"@class": "java.util.HashMap",
"mfa-gauth": "Google Authenticator",
"mfa-swivel": "Swivel Secure",
"mfa-authy": "Authy",
"mfa-radius": "RADIUS (RSA,WiKID)",
"mfa-u2f": "FIDO U2F",
"mfa-azure": "Microsoft Azure",
"mfa-duo": "Duo Security"
},
"delegatedClientTypesSupported": [
"java.util.HashSet",
[
"OAuth20Client",
"OAuth10Client",
"TwitterClient",
"FoursquareClient",
"QQClient",
"OrcidClient",
"FacebookClient",
"OkClient",
"FormClient",
"CasProxyReceptor",
"GitHubClient",
"KeycloakOidcClient",
"BitbucketClient",
"WordPressClient",
"OidcClient",
"WindowsLiveClient",
"VkClient",
"LinkedIn2Client",
"YahooClient",
"WechatClient",
"Google2Client",
"StravaClient",
"GenericOAuth20Client",
"AzureAdClient",
"GoogleOidcClient",
"CasOAuthWrapperClient",
"PayPalClient",
"WeiboClient",
"DropBoxClient",
"SAML2Client",
"CasClient",
"IndirectBasicAuthClient"
]
],
*"availableAttributes": [*
*"java.util.LinkedHashSet",*
* [*
* "mail",*
* "eppn",*
*"displayName",*
*"givenName",*
* "uid"*
* ]*
* ]*
}
}
You can see the availableAttributes section? I need it to make it
easier for CAS administrators to release attributes for each
service. But when I access
*/https://cas.example.com/cas-management/* and try to add services,
the */"mail", "eppn", "displayName", "givenName", "uid"/* attributes
*not show in the dropdown option* ( Attribute Release Policy). I
hope the dropdown option contains dynamic based on the attributes in
JDBC (Multi-Row), but I have not found a solution. How to solve this
problem?
Thank you.
Pada Rabu, 10 April 2019 07.45.56 UTC+7, rbon menulis:
Fahmi,
I have not set up any of the status features for cas, so have no
experience here.
Can you access it with a browser (that is, have you verified it is
working as expected)?
What is your reason for using curl?
Perhaps there is another alternative that others on the list have
tried.
Ray
On Wed, 2019-04-10 at 07:34 +0700, Fahmi L. Ramdhani wrote:
Please tell me how to unprotect? In cas.properties i have to set
endpoints.status.discovery.enabled = true
..sensitive = false
Sorry for my questions. Thank you Ray.
Sent from my iPhone
On 10 Apr 2019, at 07.05, Ray Bon <rb...@uvic.ca> wrote:
Fahmi,
It looks like /cas/status/discovery is protected by cas and it
redirects to cas/login (status code 302).
Should the discovery page be protected?
Ray
On Tue, 2019-04-09 at 16:43 -0700, Fahmi L. Ramdhani wrote:
I tried accessing the result curl like this:
|
curl -v https://cas.example.com:8443/cas/status/discovery
<http://cas.example.com:8443/cas/status/discovery>
*Trying2xx.60.112.9...
*Connectedto cas.example.com (2xx.60.112.9)port 8443(#0)
*found 148certificates in/etc/ssl/certs/ca-certificates.crt
*found 592certificates in/etc/ssl/certs
*ALPN,offering http/1.1
*SSL connection usingTLS1.2/ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name:cas.example.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate publickey:RSA
* certificate version:#3
* subject:CN=cas.example.com
* start date:Wed,03Apr201909:32:48GMT
* expire date:Tue,02Jul201909:32:48GMT
* issuer:C=US,O=XXXXXXXXXXX,CN=XXXXXXXXXXXXXX
* compression:NULL
*ALPN,server did notagree to a protocol
>GET /cas/status/discovery HTTP/1.1
>Host:cas.example.com:8443
>User-Agent:curl/7.47.0
>Accept:*/*
>
< HTTP/1.1 302
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< Strict-Transport-Security: max-age=15768000 ; includeSubDomains
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-XSS-Protection: 1; mode=block
< Set-Cookie: JSESSIONID=AECBB7BF899FAFB0B707CE228ECC19EC;
Path=/cas; Secure; HttpOnly
< Location:
https://cas.example.com:8443/cas/login?service=https%3A%2F%2Fcas.example.com%3A8443%2Fcas%2Fstatus%2Fdiscovery
<https://cas.example.com:8443/cas/login?service=https%3A%2F%2Fcas.example.com%3A8443%2Fcas%2Fstatus%2Fdiscovery>
< Transfer-Encoding: chunked
< Date: Tue, 09 Apr 2019 23:34:01 GMT
<
* Connection #0 to host cas.example.com <http://cas.example.com>
left intact
|
Can anyone help please?
--
- Website: https://apereo.github.io/cas
<https://apereo.github.io/cas>
- Gitter Chatroom: https://gitter.im/apereo/cas
<https://gitter.im/apereo/cas>
- List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7>
- Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG>
---
You received this message because you are subscribed to the
Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to cas-...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6865637d5002e54d38c2e2e619ff06ec63e45f0a.camel%40uvic.ca
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/6865637d5002e54d38c2e2e619ff06ec63e45f0a.camel%40uvic.ca?utm_medium=email&utm_source=footer>.
