Va, The link I gave you was to documentation that I developed for use in my organization. It was produced to meet our needs (not yours) and it does that quite well. We contributed it to the community in the hopes that others might find it useful, too. Apparently at least a few people have, because they have let me know it was helpful to them. But we never advertised it as being the perfect answer for everybody.
So if you don't like it or don't find it helpful, that's fine, nobody's forcing you to use it. Good luck with your project. -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* THE NEW SCHOOL • INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu On Thu, May 16, 2019 at 8:54 AM Va Sja <vasja0...@gmail.com> wrote: > Hello David, > many thanks for your explanation. I am sure - CAS works on many > productions environments, and support a lot of possible protocols and > standarts. But... > ...did You played with Lego? There you can be successful already in 20 > minutes. Then you just increase your success step-by-step. Did you install > some server from latest past? MySQL, Tomcat, Cassandra? How many steps you > need to "read-download-install-configure-start-check"? Is it oft takes more > then 20 min to understand what you really do ? > > As I and many other peoples has already explained : for CAS there are no > way to do it from read-2-check in 10 mins, 10 hours, and even in 10 days! > ...the latests readable documentation is minimum 2-3 years old. Then we > have a lot of linked and not readable pages. > You can check yourself the link, what you sendet to me and try to answer > for > a) who need to know as first page about for ex ?: > - Support for many SPs built in: Adobe Creative Cloud, Google Apps, > Office 365, > b) what version is possible to start when on the same page are: > - .. CAS 6._ , CAS 5., CAS 3.5 , CAS 5.2.7, CAS 5.3.*x* .,CAS 4 ... > c) where is the start ? > d) what should I DO ? > e) am I really need so complex solution, when it is not possible to setup > even Plain-User-Password-Auth for 1 web-site in weeks? > f) there are a lot of left-menu-Items, but is all I need to read and > understand for very first installation? Create? Build? Configure? Install? > Commit? Add? > > ( BTW even on Intro-page there are no explanation WHAT IS CAS!!! You > have to search it somewhere else over Google? ) > > i will appreciate your answers and constructive feedback without links > this time ! We can then "attach it" to already existing Documentation > portals as only one new page like "CAS for Dummy" , "CAS for lazy admin" or > "CAS in 20 minutes" :) > > Kindest regards > > > > > > Am Donnerstag, 16. Mai 2019 14:02:00 UTC+2 schrieb David Curry: >> >> Va, >> >> If you want 1-2-3 FINISH then perhaps, as Matthew already suggested, this >> is what you're looking for: >> >> https://dacurry-tns.github.io/deploying-apereo-cas/ >> >> >> It starts from zero knowledge of CAS and goes step-by-step to an >> installation that is running in production today. And it does it in >> increments, so you can check that things are working along the way. The >> initial "Building the CAS server" section will in fact get you a running >> server in 1-2-3-4-FINISH (create an overlay project, build the default >> server, edit a couple of config files, install and test). >> >> But just as "Hello World" is a pretty useless program, the CAS server >> you're going to get in 4 steps is a pretty useless server. If you want to >> use it to do any real work, you're going to have to configure it to talk to >> your user directories, define the services you want it to manage, figure >> out the attributes you need to release, perhaps enable multifactor >> authentication, customize the user interface to meet your corporate >> branding standards, perhaps enable other protocols like SAML2 or OAuth, >> perhaps add in support for high availability, etc. Every one of those >> things is supported by CAS, most of them in multiple flavors. But to use >> them, you're going to have to learn how to add them to the server and >> configure them. The above guide shows how to do that for one set (sometimes >> two) of choices; they may not be the choices you want, but it should be >> easy to extrapolate from one to another once you see how the basic setup >> works. >> >> If you don't want to exert the effort to learn how the software works, or >> don't have the patience to start a project that's going to take more than >> 20 minutes to complete, then perhaps doing it yourself isn't the right >> answer. There are several third party service providers that will provide >> consulting expertise to help you configure and support it; some of them >> will even host and operate it for you. >> >> -- >> >> DAVID A. CURRY, CISSP >> *DIRECTOR OF INFORMATION SECURITY* >> THE NEW SCHOOL • INFORMATION TECHNOLOGY >> >> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >> +1 212 229-5300 x4728 • david...@newschool.edu >> >> >> On Thu, May 16, 2019 at 6:47 AM Va Sja <vasj...@gmail.com> wrote: >> >>> Matthew, you are fully right - there are a lot of much worse software as >>> well as documentation. And in case, when is the goal "getting as much as >>> more money for support" - it is exactly the right tactic - to make >>> documentation unusable, and release as often as possible new releases with >>> more and more features, that will be selled as a next. But it is not really >>> the main vector for open-source, when you need weeks and some hundred gurus >>> for install at least "HelloWorld". And you point me again to some " very >>> easy to follow guide " may be very informative but for my case unusable >>> documentation, when I need really to jumping over hundreds links just to >>> getting again the understanding - IT IS TOO COMPLEX TO UNDERSTAND. It is >>> exactly " very easy to follow " with a lot of links , but "absolutely not >>> possible to understand what this manual about. Sorry that I am scream - >>> otherwise I have to cry :) >>> >>> May be we understand the words "follow", "understand", "jump", "start", >>> "finish", "result", "productivity" different? >>> >>> The documentation should help to focus to the problem, and your link >>> make exactly opposite: it point me in next 2-3 sentences to jump to some >>> another Web Page. Nothing more. But I need to know steps to success: >>> 1-2-3-FINISH. And there are no complete story about "how to do install >>> HelloWorld?". U cannot push all of it into your brain in 1 hour, 1 day, 1 >>> week, but you need much more! >>> >>> May be U are absolutely right: " the documentation does in fact tell me >>> what I need to know ". And you a able to "getting started"! But it not help >>> to finish some minimal positive result. >>> >>> Alternatively you have to pay for somebody else who know this software - >>> that is the only one Idea, what you have to get from such documentation. >>> Unfortunately... >>> ...and it is not only my view. Fortunately! 8-) >>> >>> Am Mittwoch, 15. Mai 2019 15:10:46 UTC+2 schrieb Matthew Uribe: >>>> >>>> Va, >>>> >>>> I would like to mention that your complaint is about a product that you >>>> get to use *for free*. I support some paid software with worse >>>> documentation. I do understand the frustration, as the learning curve is >>>> steep, but that's where this community comes in. Everyone here tries to be >>>> very helpful, giving one another their time *for free*. I've been >>>> supporting CAS 5 in my organization now for just over a year, and I find >>>> that the documentation does in fact tell me what I need to know. It's just >>>> that getting started can be tough. >>>> >>>> Yet another free resource you may find helpful: David Curry, one of our >>>> community members, created a very easy to follow guide to implementing CAS >>>> 5. Check it out here: >>>> https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html >>>> <https://www.google.com/url?q=https%3A%2F%2Fdacurry-tns.github.io%2Fdeploying-apereo-cas%2Fintroduction_overview.html&sa=D&sntz=1&usg=AFQjCNFX1J25kRvoW2H7j5N4HxolCh8Kjw> >>>> >>>> Matt >>>> >>>> On Wednesday, May 15, 2019 at 7:01:39 AM UTC-6, Va Sja wrote: >>>>> >>>>> As I see after almost 2 years documentation still don't getted better >>>>> ... >>>>> ... there are no some 1-2-3-Specs to finish even HelloWorld with CAS. >>>>> But the release number grows extremely. 3.6, 4.0-1-2-3, 5.0-1-2-3, 6.0. >>>>> >>>>> So - looks like the developers stacked in the similar way as users :) >>>>> >>>>> I would wait till first release with suffix "STABLE", before start to >>>>> use IT. After a week of rolling over >>>>> LinkDoc-to-LinkDoc-to-LinkDoc-to-LinkDoc I give Up. Jan has created >>>>> *___THE_BEST_MANUAL_EVER__ >>>>> *, but currently on my side I reach the pont, that I can logIn, but* >>>>> LogOut not works *as expected... >>>>> >>>>> Hope somebody from DigitalOcean <https://www.digitalocean.com/> can >>>>> repeat success from already thousand of HOW_TO like that : >>>>> how-to-install-mysql-on-ubuntu-18-04 >>>>> <https://www.digitalocean.com/community/tutorials/how-to-install-mysql-on-ubuntu-18-04> >>>>> . >>>>> It should be not harder as 10 mins, isn't- it? >>>>> >>>>> >>>>> >>>>> Am Montag, 30. Oktober 2017 14:50:43 UTC+1 schrieb Jan: >>>>>> >>>>>> Hello, >>>>>> >>>>>> As a new user of CAS, I'd like to voice my opinion that the official >>>>>> documentation of how one can get started with CAS is just awful. By this >>>>>> I >>>>>> mean not the lack of it, but rather how indirect, not step-by-step it is. >>>>>> Clarity could often be improved too. >>>>>> >>>>>> In the end I managed to do what I hoped for, ie investigate CAS >>>>>> locally as an SSO solution, for which I needed to (1) run CAS server >>>>>> locally, (2) connect and authenticate using a simple CAS client locally, >>>>>> (3) run the service management app. However, the difficulty I had at most >>>>>> steps of getting it all to work make me really want to use something else >>>>>> even if I have to implement parts of it from scratch.. >>>>>> >>>>>> Only now, when wanting to post this message, did I find this helpful >>>>>> guide: https://dacurry-tns.github.io/deploying-apereo-cas/ Could the >>>>>> CAS team incorporate some step-by-step tutorial like this into the >>>>>> official >>>>>> documentation? >>>>>> >>>>>> These threads seem to voice a similar concern: >>>>>> >>>>>> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/documentation/cas-user/z3BLJ0IQwZ0/wRybEK1LAQAJ >>>>>> >>>>>> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/documentation/cas-user/qaAINooFi1s/D3k7Pr-7BQAJ >>>>>> >>>>>> I'm also posting the notes I made for myself during the process. I >>>>>> wouldn't have written them if there was something like this available in >>>>>> official docs, or I had found the unofficial guide earlier. I'm adding >>>>>> **** >>>>>> to points that took me particularly long to figure out. >>>>>> >>>>>> *Building* >>>>>> - Described here: >>>>>> https://apereo.github.io/cas/developer/Build-Process.html >>>>>> - git clone --depth=1 --single-branch --branch=master >>>>>> g...@github.com:apereo/cas.git >>>>>> cas-server >>>>>> - cd cas-server >>>>>> - git checkout master >>>>>> - ./gradlew build install --parallel -x test -x javadoc -x check >>>>>> >>>>>> *Config* >>>>>> - Default config dir is /etc/cas/config (may need to be created, >>>>>> given permissions) If you create application.properties in there, CAS >>>>>> seems >>>>>> to pick them up. **** >>>>>> - You can override in there any properties listed on >>>>>> https://apereo.github.io/cas/development/installation/Configuration-Properties.html >>>>>> >>>>>> *Keys* >>>>>> - keytool -genkey -alias cas -keyalg RSA -validity 999 -keystore >>>>>> /etc/cas/thekeystore -ext san=dns:cas-sso.local >>>>>> - Add 127.0.0.1 cas-sso.local to /etc/hosts >>>>>> - keytool -export -file /etc/cas/config/cas.crt -keystore >>>>>> /etc/cas/thekeystore -alias cas >>>>>> - sudo keytool -import -file /etc/cas/config/cas.crt -alias cas >>>>>> -keystore $JAVA_HOME/jre/lib/security/cacerts (default password to >>>>>> cacerts >>>>>> is changeit) >>>>>> - Add the following lines to application.properties in CAS config dir >>>>>> (with whatever password you set up for /etc/cas/thekeystore) **** >>>>>> server.ssl.keyStorePassword=qwer1234 >>>>>> server.ssl.keyPassword=qwer1234 >>>>>> >>>>>> *Adding JSON service registry (to get a sample client registered)* >>>>>> - Add line >>compile >>>>>> "org.apereo.cas:cas-server-support-json-service-registry:5.2.0-SNAPSHOT"<< >>>>>> to the file cas-server/webapp/cas-server-webapp-tomcat/build.gradle, >>>>>> replacing 5.2.0-SNAPSHOT with whatever version of CAS you have. The >>>>>> version >>>>>> can be figured out after starting CAS (is displayed). **** >>>>>> - Recompile the whole thing as above. >>>>>> - Add the following lines to application.properties in CAS config >>>>>> dir: **** >>>>>> cas.serviceRegistry.watcherEnabled=true >>>>>> cas.serviceRegistry.repeatInterval=10 >>>>>> cas.serviceRegistry.startDelay=1 >>>>>> cas.serviceRegistry.initFromJson=true >>>>>> - Add json file with service defs in directory >>>>>> cas-server/webapp/resources/services (the server seems to display which >>>>>> directory it watches after start). >>>>>> { >>>>>> "@class" : "org.apereo.cas.services.RegexRegisteredService", >>>>>> "serviceId" : "http://localhost/.*";, **** >>>>>> "name" : "testId", >>>>>> "id" : 1, >>>>>> "accessStrategy" : { >>>>>> "@class" : >>>>>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", >>>>>> "enabled" : true, >>>>>> "ssoEnabled" : true >>>>>> } >>>>>> } >>>>>> >>>>>> *Getting access to /status/dashboard endpoint ***** >>>>>> - Add the following lines to application.properties in CAS config dir: >>>>>> cas.adminPagesSecurity.ip=127\.0\.0\.1 >>>>>> cas.monitor.endpoints.enabled=true >>>>>> cas.monitor.endpoints.sensitive=false >>>>>> >>>>>> *Running* >>>>>> - cd webapp/cas-server-webapp-tomcat >>>>>> - ../../gradlew build bootRun --parallel >>>>>> >>>>>> *Simple client* >>>>>> - git clone g...@github.com:apereo/phpCAS.git >>>>>> - cd phpCAS >>>>>> - Copy docs/examples/config.example.php to docs/examples/config.php >>>>>> and edit: >>>>>> // Full Hostname of your CAS Server >>>>>> $cas_host = 'cas-sso.local'; >>>>>> // Context of the CAS Server >>>>>> $cas_context = '/cas'; >>>>>> // Port of your CAS server. Normally for a https server it's 443 >>>>>> $cas_port = 8443; >>>>>> - Make the file docs/examples/example_simple.php accessible by www. >>>>>> - Navigate to >>>>>> http://localhost/phpCAS/docs/examples/example_simple.php >>>>>> >>>>>> *Service management app* >>>>>> - Based on https://github.com/apereo/cas-services-management-overlay >>>>>> - git clone g...@github.com:apereo/cas-services-management-overlay.git >>>>>> - cd cas-services-management-overlay >>>>>> - ./build.sh package >>>>>> - This creates target/cas-management.war, which should be deployed to >>>>>> Tomcat. Make sure Tomcat uses the same Java as CAS server. Otherwise, it >>>>>> won't find the SSL keys in the Java truststore. **** >>>>>> - On first run, it copies various files from cas/config into >>>>>> /etc/cas/config. You may want to update management.properties as follows, >>>>>> in particular: >>>>>> # CAS server that management app will authenticate with >>>>>> # This server will authenticate for any app (service) and you can >>>>>> login as casuser/Mellon >>>>>> cas.server.name: https://cas-sso.local:8443/ >>>>>> cas.server.prefix: https://cas-sso.local:8443/cas >>>>>> cas.mgmt.adminRoles[0]=ROLE_ADMIN >>>>>> cas.mgmt.userPropertiesFile=file:/etc/cas/config/users.properties >>>>>> # Update this URL to point at server running this management app >>>>>> cas.mgmt.serverName=http://localhost:8080 >>>>>> server.context-path=/cas-management >>>>>> server.port=8080 >>>>>> logging.config=file:/etc/cas/config/log4j2-management.xml >>>>>> - http://localhost:8080/cas-management >>>>>> >>>>>> *Conclusions* >>>>>> - Really painful to set up. >>>>>> - CAS documentation is very unclear, tons of linked documents, not >>>>>> sure where to find information. >>>>>> - Wonder if better to do OAuth2 even if redirecting to Google / FB >>>>>> needs to be implemented from scratch. >>>>>> >>>>>> --- >>>>>> >>>>>> With all that, thank you for writing and maintaining this software. >>>>>> It does seem like a good choice for SSO solutions - but the initial >>>>>> learning curve shouldn't be quite so sharp. >>>>>> >>>>>> Jan >>>>>> >>>>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/b1f5e450-ab52-482d-8e19-944f656c71a3%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b1f5e450-ab52-482d-8e19-944f656c71a3%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/c858a349-d322-4c5b-bb7d-93946e47d749%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c858a349-d322-4c5b-bb7d-93946e47d749%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOCHPxzBaYa6swqNH%2B2VOWQt2Oc-9%2BF5SpDFUb4B_X6RA%40mail.gmail.com.
