Va, It sounds like you are trying to build a client application. https://github.com/apereo/java-cas-client
If you are using spring, https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/cas.html Here is a tutorial, https://www.baeldung.com/spring-security-cas-sso There are other languages as well, https://apereo.github.io/cas/6.0.x/integration/CAS-Clients.html Ray On Fri, 2019-05-17 at 00:44 -0700, Va Sja wrote: Hello rbon, I am already build, install, configured almost ALL variants from Github and around. My problem is - after "successfully" configured the CAS-server I have no glue about "what is the next step!?". The server works fine, but there are no one line description "how it is possible to integrate this server with my needs". I can read a lot of messages from Web-GUI, logs etc., but how to configure my HelloWorld-Tomcat-App to be able use controlled Auth-service from CAS - no idea. In most of cases - there are no way to use old documentation - old links already overwritten by "new releases". The single "readable" (( from my view! )) documentation I found on http://hacsoc.org/wiki/technical/cas.html. But it is from September 6, 2005!!! OfCoz - nobody is able to reuse it - all important refs are already broken. The latest "usable" public example for using CAS i found on https://github.com/casinthecloud/java-jasig-cas-client-demo. But it is : - at least 4 years old - based on CAS 3.6.0-SNAPSHOT - can make only login, NO logout David Curry has described success story about his organization. But he has more luck as me- his team has access to original documentation with correct links and examples. Now it is not exist anymore. That, what exist now - just a lot of bytes without sense, copy-paste from many independent sources ( sorry for my extreme frustration! ). So - the main question - what was done with this project last 3-4-5 years. I would name it "monetization". 8-) ...Hope - I am wrong! Otherwise it is the time to "fork" the state 5 years old and make it in the real "open-source-style" :(( @David I want use - just currently it is not usable! My goal is really simple, and when I get the "help from community" like "goto ....", and it is get me back after 1-2 weeks to the same point, where I started - something is wrong. I will appreciate, when somebody can demonstrate how with help from actual version of documentation step-by-step ( or even better with 1-2-3 "git clone" ) I can build 3-user-2-roles-1-webapp secured application on the CAS-basis. If it is not possible - it will be also THE answer.... Kindest regards to ALL. Am Donnerstag, 16. Mai 2019 17:40:16 UTC+2 schrieb rbon: Va, I understand your frustration. It took me quite some time to learn and understand what goes on with CAS. But, it solves a complex problem in a flexible way. Out of all the authentication mechanisms, you probably only need one. Which one is up to you. You should be able to get the code from, https://github.com/apereo/cas-overlay-template and run the docker or embedded tomcat within a few minutes. https://apereo.github.io/cas/6.0.x/installation/WAR-Overlay-Installation.html You can also pay for support. We used Unicon, https://www.unicon.net/. (I am not affiliated with them.) Ray On Thu, 2019-05-16 at 05:54 -0700, Va Sja wrote: Hello David, many thanks for your explanation. I am sure - CAS works on many productions environments, and support a lot of possible protocols and standarts. But... ...did You played with Lego? There you can be successful already in 20 minutes. Then you just increase your success step-by-step. Did you install some server from latest past? MySQL, Tomcat, Cassandra? How many steps you need to "read-download-install-configure-start-check"? Is it oft takes more then 20 min to understand what you really do ? As I and many other peoples has already explained : for CAS there are no way to do it from read-2-check in 10 mins, 10 hours, and even in 10 days! ...the latests readable documentation is minimum 2-3 years old. Then we have a lot of linked and not readable pages. You can check yourself the link, what you sendet to me and try to answer for a) who need to know as first page about for ex ?: - Support for many SPs built in: Adobe Creative Cloud, Google Apps, Office 365, b) what version is possible to start when on the same page are: - .. CAS 6._ , CAS 5., CAS 3.5 , CAS 5.2.7, CAS 5.3.x .,CAS 4 ... c) where is the start ? d) what should I DO ? e) am I really need so complex solution, when it is not possible to setup even Plain-User-Password-Auth for 1 web-site in weeks? f) there are a lot of left-menu-Items, but is all I need to read and understand for very first installation? Create? Build? Configure? Install? Commit? Add? ( BTW even on Intro-page there are no explanation WHAT IS CAS!!! You have to search it somewhere else over Google? ) i will appreciate your answers and constructive feedback without links this time ! We can then "attach it" to already existing Documentation portals as only one new page like "CAS for Dummy" , "CAS for lazy admin" or "CAS in 20 minutes" :) Kindest regards Am Donnerstag, 16. Mai 2019 14:02:00 UTC+2 schrieb David Curry: Va, If you want 1-2-3 FINISH then perhaps, as Matthew already suggested, this is what you're looking for: https://dacurry-tns.github.io/deploying-apereo-cas/ It starts from zero knowledge of CAS and goes step-by-step to an installation that is running in production today. And it does it in increments, so you can check that things are working along the way. The initial "Building the CAS server" section will in fact get you a running server in 1-2-3-4-FINISH (create an overlay project, build the default server, edit a couple of config files, install and test). But just as "Hello World" is a pretty useless program, the CAS server you're going to get in 4 steps is a pretty useless server. If you want to use it to do any real work, you're going to have to configure it to talk to your user directories, define the services you want it to manage, figure out the attributes you need to release, perhaps enable multifactor authentication, customize the user interface to meet your corporate branding standards, perhaps enable other protocols like SAML2 or OAuth, perhaps add in support for high availability, etc. Every one of those things is supported by CAS, most of them in multiple flavors. But to use them, you're going to have to learn how to add them to the server and configure them. The above guide shows how to do that for one set (sometimes two) of choices; they may not be the choices you want, but it should be easy to extrapolate from one to another once you see how the basic setup works. If you don't want to exert the effort to learn how the software works, or don't have the patience to start a project that's going to take more than 20 minutes to complete, then perhaps doing it yourself isn't the right answer. There are several third party service providers that will provide consulting expertise to help you configure and support it; some of them will even host and operate it for you. -- DAVID A. CURRY, CISSP DIRECTOR OF INFORMATION SECURITY THE NEW SCHOOL • INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david...@newschool.edu On Thu, May 16, 2019 at 6:47 AM Va Sja <vasj...@gmail.com> wrote: Matthew, you are fully right - there are a lot of much worse software as well as documentation. And in case, when is the goal "getting as much as more money for support" - it is exactly the right tactic - to make documentation unusable, and release as often as possible new releases with more and more features, that will be selled as a next. But it is not really the main vector for open-source, when you need weeks and some hundred gurus for install at least "HelloWorld". And you point me again to some " very easy to follow guide " may be very informative but for my case unusable documentation, when I need really to jumping over hundreds links just to getting again the understanding - IT IS TOO COMPLEX TO UNDERSTAND. It is exactly " very easy to follow " with a lot of links , but "absolutely not possible to understand what this manual about. Sorry that I am scream - otherwise I have to cry :) May be we understand the words "follow", "understand", "jump", "start", "finish", "result", "productivity" different? The documentation should help to focus to the problem, and your link make exactly opposite: it point me in next 2-3 sentences to jump to some another Web Page. Nothing more. But I need to know steps to success: 1-2-3-FINISH. And there are no complete story about "how to do install HelloWorld?". U cannot push all of it into your brain in 1 hour, 1 day, 1 week, but you need much more! May be U are absolutely right: " the documentation does in fact tell me what I need to know ". And you a able to "getting started"! But it not help to finish some minimal positive result. Alternatively you have to pay for somebody else who know this software - that is the only one Idea, what you have to get from such documentation. Unfortunately... ...and it is not only my view. Fortunately! 8-) Am Mittwoch, 15. Mai 2019 15:10:46 UTC+2 schrieb Matthew Uribe: Va, I would like to mention that your complaint is about a product that you get to use *for free*. I support some paid software with worse documentation. I do understand the frustration, as the learning curve is steep, but that's where this community comes in. Everyone here tries to be very helpful, giving one another their time *for free*. I've been supporting CAS 5 in my organization now for just over a year, and I find that the documentation does in fact tell me what I need to know. It's just that getting started can be tough. Yet another free resource you may find helpful: David Curry, one of our community members, created a very easy to follow guide to implementing CAS 5. Check it out here: https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html<https://www.google.com/url?q=https%3A%2F%2Fdacurry-tns.github.io%2Fdeploying-apereo-cas%2Fintroduction_overview.html&sa=D&sntz=1&usg=AFQjCNFX1J25kRvoW2H7j5N4HxolCh8Kjw> Matt On Wednesday, May 15, 2019 at 7:01:39 AM UTC-6, Va Sja wrote: As I see after almost 2 years documentation still don't getted better ... ... there are no some 1-2-3-Specs to finish even HelloWorld with CAS. But the release number grows extremely. 3.6, 4.0-1-2-3, 5.0-1-2-3, 6.0. So - looks like the developers stacked in the similar way as users :) I would wait till first release with suffix "STABLE", before start to use IT. After a week of rolling over LinkDoc-to-LinkDoc-to-LinkDoc-to-LinkDoc I give Up. Jan has created ___THE_BEST_MANUAL_EVER__ , but currently on my side I reach the pont, that I can logIn, but LogOut not works as expected... Hope somebody from DigitalOcean<https://www.digitalocean.com/> can repeat success from already thousand of HOW_TO like that : how-to-install-mysql-on-ubuntu-18-04<https://www.digitalocean.com/community/tutorials/how-to-install-mysql-on-ubuntu-18-04> . It should be not harder as 10 mins, isn't- it? Am Montag, 30. Oktober 2017 14:50:43 UTC+1 schrieb Jan: Hello, As a new user of CAS, I'd like to voice my opinion that the official documentation of how one can get started with CAS is just awful. By this I mean not the lack of it, but rather how indirect, not step-by-step it is. Clarity could often be improved too. In the end I managed to do what I hoped for, ie investigate CAS locally as an SSO solution, for which I needed to (1) run CAS server locally, (2) connect and authenticate using a simple CAS client locally, (3) run the service management app. However, the difficulty I had at most steps of getting it all to work make me really want to use something else even if I have to implement parts of it from scratch.. Only now, when wanting to post this message, did I find this helpful guide: https://dacurry-tns.github.io/deploying-apereo-cas/ Could the CAS team incorporate some step-by-step tutorial like this into the official documentation? These threads seem to voice a similar concern: https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/documentation/cas-user/z3BLJ0IQwZ0/wRybEK1LAQAJ https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/documentation/cas-user/qaAINooFi1s/D3k7Pr-7BQAJ I'm also posting the notes I made for myself during the process. I wouldn't have written them if there was something like this available in official docs, or I had found the unofficial guide earlier. I'm adding **** to points that took me particularly long to figure out. Building - Described here: https://apereo.github.io/cas/developer/Build-Process.html - git clone --depth=1 --single-branch --branch=master g...@github.com:apereo/cas.git cas-server - cd cas-server - git checkout master - ./gradlew build install --parallel -x test -x javadoc -x check Config - Default config dir is /etc/cas/config (may need to be created, given permissions) If you create application.properties in there, CAS seems to pick them up. **** - You can override in there any properties listed on https://apereo.github.io/cas/development/installation/Configuration-Properties.html Keys - keytool -genkey -alias cas -keyalg RSA -validity 999 -keystore /etc/cas/thekeystore -ext san=dns:cas-sso.local - Add 127.0.0.1 cas-sso.local to /etc/hosts - keytool -export -file /etc/cas/config/cas.crt -keystore /etc/cas/thekeystore -alias cas - sudo keytool -import -file /etc/cas/config/cas.crt -alias cas -keystore $JAVA_HOME/jre/lib/security/cacerts (default password to cacerts is changeit) - Add the following lines to application.properties in CAS config dir (with whatever password you set up for /etc/cas/thekeystore) **** server.ssl.keyStorePassword=qwer1234 server.ssl.keyPassword=qwer1234 Adding JSON service registry (to get a sample client registered) - Add line >>compile "org.apereo.cas:cas-server-support-json-service-registry:5.2.0-SNAPSHOT"<< to the file cas-server/webapp/cas-server-webapp-tomcat/build.gradle, replacing 5.2.0-SNAPSHOT with whatever version of CAS you have. The version can be figured out after starting CAS (is displayed). **** - Recompile the whole thing as above. - Add the following lines to application.properties in CAS config dir: **** cas.serviceRegistry.watcherEnabled=true cas.serviceRegistry.repeatInterval=10 cas.serviceRegistry.startDelay=1 cas.serviceRegistry.initFromJson=true - Add json file with service defs in directory cas-server/webapp/resources/services (the server seems to display which directory it watches after start). { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "http://localhost/.*";, **** "name" : "testId", "id" : 1, "accessStrategy" : { "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", "enabled" : true, "ssoEnabled" : true } } Getting access to /status/dashboard endpoint **** - Add the following lines to application.properties in CAS config dir: cas.adminPagesSecurity.ip=127\.0\.0\.1 cas.monitor.endpoints.enabled=true cas.monitor.endpoints.sensitive=false Running - cd webapp/cas-server-webapp-tomcat - ../../gradlew build bootRun --parallel Simple client - git clone g...@github.com:apereo/phpCAS.git - cd phpCAS - Copy docs/examples/config.example.php to docs/examples/config.php and edit: // Full Hostname of your CAS Server $cas_host = 'cas-sso.local'; // Context of the CAS Server $cas_context = '/cas'; // Port of your CAS server. Normally for a https server it's 443 $cas_port = 8443; - Make the file docs/examples/example_simple.php accessible by www. - Navigate to http://localhost/phpCAS/docs/examples/example_simple.php Service management app - Based on https://github.com/apereo/cas-services-management-overlay - git clone g...@github.com:apereo/cas-services-management-overlay.git - cd cas-services-management-overlay - ./build.sh package - This creates target/cas-management.war, which should be deployed to Tomcat. Make sure Tomcat uses the same Java as CAS server. Otherwise, it won't find the SSL keys in the Java truststore. **** - On first run, it copies various files from cas/config into /etc/cas/config. You may want to update management.properties as follows, in particular: # CAS server that management app will authenticate with # This server will authenticate for any app (service) and you can login as casuser/Mellon cas.server.name<http://cas.server.name>: https://cas-sso.local:8443/ cas.server.prefix: https://cas-sso.local:8443/cas cas.mgmt.adminRoles[0]=ROLE_ADMIN cas.mgmt.userPropertiesFile=file:/etc/cas/config/users.properties # Update this URL to point at server running this management app cas.mgmt.serverName=http://localhost:8080 server.context-path=/cas-management server.port=8080 logging.config=file:/etc/cas/config/log4j2-management.xml - http://localhost:8080/cas-management Conclusions - Really painful to set up. - CAS documentation is very unclear, tons of linked documents, not sure where to find information. - Wonder if better to do OAuth2 even if redirecting to Google / FB needs to be implemented from scratch. --- With all that, thank you for writing and maintaining this software. It does seem like a good choice for SSO solutions - but the initial learning curve shouldn't be quite so sharp. Jan -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b1f5e450-ab52-482d-8e19-944f656c71a3%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/b1f5e450-ab52-482d-8e19-944f656c71a3%40apereo.org?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | rb...@uvic.ca<javascript:> -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cba80aa51023ebc1ca32802b3edd6a082bf23bd3.camel%40uvic.ca.
