attached my config files and logs
On Monday, August 31, 2020 at 12:08:47 PM UTC+2 saimir pollogati wrote:
> Hello!
>
> I am using cas v. 4.2.7, I use authentication from database and
> everything works perfect,
> now I have to add also authentication from idp provider (idp delegation
> with saml).
> After a successful auth on idp login page, cas redirect me on login
> page again
> CAS Login link :
> * <a
> href="/cas/login?client_name=SAML2Client&needs_client_redirection=true">Hyr
> nga e-Test</a>*
> I did configs as on attached files. I followed cas documentations bud I
> don't know what I am missing
>
> Any help is welcomed!
>
> Regards
> Saimir
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/19446797-2c2e-4176-97c8-abe00766abd7n%40apereo.org.
# TEST properties #
#
# Licensed to Apereo under one or more contributor license
# agreements. See the NOTICE file distributed with this work
# for additional information regarding copyright ownership.
# Apereo licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a
# copy of the License at the following location:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
server.name=https://geotest
#server.name=https://localhost
server.prefix=${server.name}/cas
# security configuration based on IP address to access the /status and
/statistics pages
cas.securityContext.adminpages.ip=127\.0\.0\.1|0:0:0:0:0:0:0:1|172.24.16.105
##
# Unique CAS node name
# host.name is used to generate unique Service Ticket IDs and SAMLArtifacts.
This is usually set to the specific
# hostname of the machine running the CAS node, but it could be any label so
long as it is unique in the cluster.
host.name=geotest
##
# JPA Ticket Registry Database Configuration
#
# ticketreg.database.ddl.auto=create-drop
#
ticketreg.database.dialect=org.hibernate.dialect.OracleDialect|MySQLInnoDBDialect|HSQLDialect
# ticketreg.database.batchSize=10
# ticketreg.database.driverClass=org.hsqldb.jdbcDriver
# ticketreg.database.url=jdbc:hsqldb:mem:cas-ticket-registry
# ticketreg.database.user=sa
# ticketreg.database.password=
# ticketreg.database.pool.minSize=6
# ticketreg.database.pool.maxSize=18
# ticketreg.database.pool.maxWait=10000
# ticketreg.database.pool.maxIdleTime=120
# ticketreg.database.pool.acquireIncrement=6
# ticketreg.database.pool.idleConnectionTestPeriod=30
# ticketreg.database.pool.connectionHealthQuery=select 1
# ticketreg.database.pool.acquireRetryAttempts=5
# ticketreg.database.pool.acquireRetryDelay=2000
# ticketreg.database.pool.connectionHealthQuery=select 1
##
# JPA Service Registry Database Configuration
#
#svcreg.database.ddl.auto=create
#svcreg.database.hibernate.dialect=org.hibernate.dialect.PostgreSQL94Dialect
#svcreg.database.hibernate.batchSize=10
#svcreg.database.driverClass=org.postgresql.Driver
#svcreg.database.url=jdbc:postgresql://localhost:5432/postgres
#svcreg.database.user=postgres
#svcreg.database.password=postgres
#svcreg.database.pool.minSize=6
#svcreg.database.pool.maxSize=18
#svcreg.database.pool.maxWait=10000
#svcreg.database.pool.maxIdleTime=120
#svcreg.database.pool.acquireIncrement=6
#svcreg.database.pool.idleConnectionTestPeriod=30
#svcreg.database.pool.connectionHealthQuery=select 1
#svcreg.database.pool.acquireRetryAttempts=5
#svcreg.database.pool.acquireRetryDelay=2000
#svcreg.database.pool.connectionHealthQuery=select 1
##
# CAS SSO Cookie Generation & Security
# See https://github.com/mitreid-connect/json-web-key-generator
#
# Do note that the following settings MUST be generated per deployment.
#
# The encryption secret key. By default, must be a octet string of size 256.
# tgc.encryption.key=
# The signing secret key. By default, must be a octet string of size 512.
# tgc.signing.key=
# Decides whether SSO cookie should be created only under secure connections.
# tgc.secure=true
# The expiration value of the SSO cookie
# tgc.maxAge=-1
# The name of the SSO cookie
# tgc.name=TGC
# The path to which the SSO cookie will be scoped
# tgc.path=/cas
# The expiration value of the SSO cookie for long-term authentications
# tgc.remember.me.maxAge=1209600
# Decides whether SSO Warning cookie should be created only under secure
connections.
# warn.cookie.secure=true
# The expiration value of the SSO Warning cookie
# warn.cookie.maxAge=-1
# The name of the SSO Warning cookie
# warn.cookie.name=CASPRIVACY
# The path to which the SSO Warning cookie will be scoped
# warn.cookie.path=/cas
# Whether we should track the most recent session by keeping the latest service
ticket
# tgt.onlyTrackMostRecentSession = true
##
# CAS UI Theme Resolution
#
# cas.themeResolver.defaultThemeName=cas-theme-default
# cas.themeResolver.pathprefix=/WEB-INF/view/jsp/
# cas.themeResolver.param.name=theme
# Location of the Spring xml config file where views may be collected
# cas.viewResolver.xmlFile=/META-INF/spring/views.xml
##
# CAS Logout Behavior
# WEB-INF/cas-servlet.xml
#
# Specify whether CAS should redirect to the specified service parameter on
/logout requests
cas.logout.followServiceRedirects=true
##
# CAS Cached Attributes Timeouts
# Controls the cached attribute expiration policy
#
# Notes the duration in which attributes will be kept alive
# cas.attrs.timeToExpireInHours=2
##
# Single Sign-On Session
#
# Indicates whether an SSO session should be created for renewed authentication
requests.
# create.sso.renewed.authn=true
#
# Indicates whether an SSO session can be created if no service is present.
# create.sso.missing.service=true
##
# CAS Authentication Policy
#
# cas.authn.policy.any.tryall=false
# cas.authn.policy.req.tryall=false
# cas.authn.policy.req.handlername=handlerName
##
# CAS PersonDirectory Principal Resolution
#
# cas.principal.resolver.persondir.principal.attribute=cn
# cas.principal.resolver.persondir.return.null=false
##
# CAS Internationalization
#
locale.default=sq
locale.param.name=locale
message.bundle.encoding=UTF-8
# message.bundle.cacheseconds=180
# message.bundle.fallback.systemlocale=false
# message.bundle.usecode.message=true
# message.bundle.basenames=classpath:custom_messages,classpath:messages
##
# CAS Authentication Throttling
#
#cas.throttle.failure.threshold=
#cas.throttle.failure.range.seconds=
#cas.throttle.username.parameter=
#cas.throttle.appcode=
#cas.throttle.authn.failurecode=
#cas.throttle.audit.query=
##
# CAS Health Monitoring
#
# cas.monitor.st.warn.threshold=5000
# cas.monitor.tgt.warn.threshold=10000
# cas.monitor.free.mem.threshold=10
##
# CAS MongoDB Service Registry
#
# mongodb.host=mongodb database url
# mongodb.port=mongodb database port
# mongodb.userId=mongodb userid to bind
# mongodb.userPassword=mongodb password to bind
# cas.service.registry.mongo.db=Collection name to store service definitions
# mongodb.timeout=5000
##
# Spring Webflow Web Application Session
# Define the settings that are required to encrypt and persist the CAS web
application session.
# See the cas-servlet.xml file to understand how these properties are used.
#
# The encryption secret key. By default, must be a octet string of size 256.
# webflow.encryption.key=
# The signing secret key. By default, must be a octet string of size 512.
# webflow.signing.key=
##
# Remote User Authentication
#
# ip.address.range=
##
# Apache Shiro Authentication
#
# shiro.authn.requiredRoles=
# shiro.authn.requiredPermissions=
# shiro.authn.config.file=classpath:shiro.ini
##
# YubiKey Authentication
#
# yubikey.client.id=
# yubikey.secret.key=
##
# JDBC Authentication
#
# cas.jdbc.authn.query.encode.sql=
# cas.jdbc.authn.query.encode.alg=
# cas.jdbc.authn.query.encode.salt.static=
# cas.jdbc.authn.query.encode.password=
# cas.jdbc.authn.query.encode.salt=
# cas.jdbc.authn.query.encode.iterations.field=
# cas.jdbc.authn.query.encode.iterations=
# cas.jdbc.authn.query.sql=
# cas.jdbc.authn.search.password=
# cas.jdbc.authn.search.user=
# cas.jdbc.authn.search.table=
##
# Duo security 2fa authentication provider
# https://www.duosecurity.com/docs/duoweb#1.-generate-an-akey
#
# cas.duo.api.host=
# cas.duo.integration.key=
# cas.duo.secret.key=
# cas.duo.application.key=
##
# File Authentication
#
# file.authn.filename=classpath:people.txt
# file.authn.separator=::
##
# General Authentication
#
# cas.principal.transform.upperCase=false
# cas.authn.password.encoding.char=UTF-8
# cas.authn.password.encoding.alg=SHA-256
# cas.principal.transform.prefix=
# cas.principal.transform.suffix=
##
# X509 Authentication
#
# cas.x509.authn.crl.checkAll=false
# cas.x509.authn.crl.throw.failure=true
# cas.x509.authn.crl.refresh.interval=
# cas.x509.authn.revocation.policy.threshold=
# cas.x509.authn.trusted.issuer.dnpattern=
# cas.x509.authn.max.path.length=
# cas.x509.authn.max.path.length.unspecified=
# cas.x509.authn.check.key.usage=
# cas.x509.authn.require.key.usage=
# cas.x509.authn.subject.dnpattern=
# cas.x509.authn.principal.descriptor=
# cas.x509.authn.principal.serial.no.prefix=
# cas.x509.authn.principal.value.delim=
##
# Accepted Users Authentication
#
#accept.authn.users=casuser::Mellon
##
# Rejected Users Authentication
#
# reject.authn.users=
##
# JAAS Authentication
#
# cas.authn.jaas.realm=CAS
# cas.authn.jaas.kerb.realm=
# cas.authn.jaas.kerb.kdc=
##
# Single Sign-On Session TGT Timeouts
#
# Inactivity Timeout Policy
# tgt.timeout.maxTimeToLiveInSeconds=28800
# Hard Timeout Policy
# tgt.timeout.hard.maxTimeToLiveInSeconds
#
# Throttled Timeout Policy
# tgt.throttled.maxTimeToLiveInSeconds=28800
# tgt.throttled.timeInBetweenUsesInSeconds=5
# Default Expiration Policy
# tgt.maxTimeToLiveInSeconds=28800
# tgt.timeToKillInSeconds=7200
##
# Service Ticket Timeout
#
# st.timeToKillInSeconds=10
# st.numberOfUses=1
##
# Http Client Settings
#
# The http client read timeout in milliseconds
# http.client.read.timeout=5000
# The http client connection timeout in milliseconds
# http.client.connection.timeout=5000
#
# The http client truststore file, in addition to the default's
# http.client.truststore.file=classpath:truststore.jks
#
# The http client truststore's password
# http.client.truststore.psw=changeit
##
# Single Logout Out Callbacks
#
# To turn off all back channel SLO requests set this to true
# slo.callbacks.disabled=false
#
# To send callbacks to endpoints synchronously, set this to false
# slo.callbacks.asynchronous=true
##
# CAS Protocol Security Filter
#
# Are multi-valued parameters accepted?
# cas.http.allow.multivalue.params=false
# Define the list of request parameters to examine for sanity
#
cas.http.check.params=ticket,service,renew,gateway,warn,target,SAMLart,pgtUrl,pgt,pgtId,pgtIou,targetService
# Define the list of request parameters only allowed via POST
# cas.http.allow.post.params=username,password
##
# JSON Service Registry
#
# Directory location where JSON service files may be found.
# service.registry.config.location=classpath:services
service.registry.config.location=file:/etc/cas/services
#service.registry.config.location=file:C:/Users/igorh/Desktop/albanija/services
##
# Service Registry Periodic Reloading Scheduler
# Default sourced from WEB-INF/spring-configuration/applicationContext.xml
#
# Force a startup delay of 2 minutes.
# service.registry.quartz.reloader.startDelay=120000
#
# Reload services every 2 minutes
# service.registry.quartz.reloader.repeatInterval=120000
##
# Background Scheduler
#
# Wait for scheduler to finish running before shutting down CAS.
# scheduler.shutdown.wait=true
#
# Attempt to interrupt background jobs when shutting down CAS
# scheduler.shutdown.interruptJobs=true
##
# Audits
#
# Use single line format for audit blocks
# cas.audit.singleline=true
# Separator to use between each fields in a single audit event
# cas.audit.singleline.separator=|
# Application code for audits
# cas.audit.appcode=CAS
#
## JDBC Audits
#
#cas.audit.max.agedays=
#cas.audit.database.dialect=
#cas.audit.database.batchSize=
#cas.audit.database.ddl.auto=true
#cas.audit.database.gen.ddl=true
#cas.audit.database.show.sql=true
#cas.audit.database.driverClass=org.postgresql.Driver
#cas.audit.database.url=jdbc:postgresql://vz-vm-asig:5432/asig_geoportal
#cas.audit.database.user=asig_geoportal
#cas.audit.database.password=asig_geoportal
#cas.audit.database.pool.minSize=
#cas.audit.database.pool.minSize=
#cas.audit.database.pool.maxSize=
#cas.audit.database.pool.maxIdleTime=
#cas.audit.database.pool.maxWait=
#cas.audit.database.pool.acquireIncrement=
#cas.audit.database.pool.acquireRetryAttempts=
#cas.audit.database.pool.acquireRetryDelay=
#cas.audit.database.pool.idleConnectionTestPeriod=
#cas.audit.database.pool.connectionHealthQuery=
# cache for tickets
cas.audit.timeToExpireInHours=24
##
# Metrics
# Default sourced from WEB-INF/spring-configuration/metricsConfiguration.xml:
#
# Define how often should metric data be reported. Default is 30 seconds.
# metrics.refresh.internal=30s
##
# Encoding
#
# Set the encoding to use for requests. Default is UTF-8
# httprequest.web.encoding=UTF-8
# Default is true. Switch this to "false" to not enforce the specified encoding
in any case,
# applying it as default response encoding as well.
# httprequest.web.encoding.force=true
##
# Response Headers
#
# httpresponse.header.cache=false
# httpresponse.header.hsts=false
# httpresponse.header.xframe=false
# httpresponse.header.xcontent=false
# httpresponse.header.xss=false
##
# SAML
#
# Indicates the SAML response issuer
# cas.saml.response.issuer=localhost
#
# Indicates the skew allowance which controls the issue instant of the SAML
response
# cas.saml.response.skewAllowance=0
#
# Indicates whether SAML ticket id generation should be saml2-compliant.
# cas.saml.ticketid.saml2=false
##
# Default Ticket Registry
#
# default.ticket.registry.initialcapacity=1000
# default.ticket.registry.loadfactor=1
# default.ticket.registry.concurrency=20
##
# Ticket Registry Cleaner
#
# Indicates how frequently the Ticket Registry cleaner should run. Configured
in seconds.
# ticket.registry.cleaner.startdelay=20
# ticket.registry.cleaner.repeatinterval=5000
##
# Ticket ID Generation
#
# lt.ticket.maxlength=20
# st.ticket.maxlength=20
# tgt.ticket.maxlength=50
# pgt.ticket.maxlength=50
##
# Google Apps public/private key
#
# cas.saml.googleapps.publickey.file=file:/etc/cas/public.key
# cas.saml.googleapps.privatekey.file=file:/etc/cas/private.p8
# cas.saml.googleapps.key.alg=RSA
##
# WS-FED
#
# The claim from ADFS that should be used as the user's identifier.
# cas.wsfed.idp.idattribute=upn
#
# Federation Service identifier
# cas.wsfed.idp.id=https://adfs.example.org/adfs/services/trust
#
# The ADFS login url.
# cas.wsfed.idp.url=https://adfs.example.org/adfs/ls/
#
# Identifies resource(s) that point to ADFS's signing certificates.
# These are used verify the WS Federation token that is returned by ADFS.
# Multiple certificates may be separated by comma.
# cas.wsfed.idp.signingcerts=classpath:adfs-signing.crt
#
# Unique identifier that will be set in the ADFS configuration.
# cas.wsfed.rp.id=urn:cas:localhost
#
# Slack dealing with time-drift between the ADFS Server and the CAS Server.
# cas.wsfed.idp.tolerance=10000
#
# Decides which bundle of attributes should be resolved during WS-FED
authentication.
# cas.wsfed.idp.attribute.resolver.enabled=true
# cas.wsfed.idp.attribute.resolver.type=WSFED
##
# LDAP User Details
#
# ldap.userdetails.service.user.attr=
# ldap.userdetails.service.role.attr=
##
# Password Policy
#
# Warn all users of expiration date regardless of warningDays value.
# password.policy.warnAll=false
# Threshold number of days to begin displaying password expiration warnings.
# password.policy.warningDays=30
# URL to which the user will be redirected to change the password.
# password.policy.url=https://password.example.edu/change
# password.policy.warn.attribute.name=attributeName
# password.policy.warn.attribute.value=attributeValue
# password.policy.warn.display.matched=true
##
# CAS REST API Services
#
# cas.rest.services.attributename=
# cas.rest.services.attributevalue=
##
# Ticket Registry
#
# Secret key to use when encrypting tickets in a distributed ticket registry.
# ticket.encryption.secretkey=C@$W3bSecretKey!
# Seed to use when encrypting tickets in a distributed ticket registry.
# ticket.encryption.seed=S!ngl3$ign0n4W3b
# Secret key to use when signing tickets in a distributed ticket registry.
# By default, must be a octet string of size 512.
#
ticket.signing.secretkey=szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dWxsOVGutZWgvmY3l5oVPO3w
# Secret key algorithm used
# ticket.secretkey.alg=AES
##
# Hazelcast Ticket Registry
#
# hz.config.location=file:/etc/cas/hazelcast.xml
# hz.mapname=tickets
# hz.cluster.logging.type=slf4j
# hz.cluster.portAutoIncrement=true
# hz.cluster.port=5701
# hz.cluster.multicast.enabled=false
# hz.cluster.members=cas1.example.com,cas2.example.com
# hz.cluster.tcpip.enabled=true
# hz.cluster.multicast.enabled=false
# hz.cluster.max.heapsize.percentage=85
# hz.cluster.max.heartbeat.seconds=5
# hz.cluster.eviction.percentage=10
# hz.cluster.eviction.policy=LRU
# hz.cluster.instance.name=${host.name}
##
# Ehcache Ticket Registry
#
# ehcache.config.file=classpath:ehcache-replicated.xml
# ehcache.cachemanager.shared=false
# ehcache.cachemanager.name=ticketRegistryCacheManager
# ehcache.disk.expiry.interval.seconds=0
# ehcache.disk.persistent=false
# ehcache.eternal=false
# ehcache.max.elements.memory=10000
# ehcache.max.elements.disk=0
# ehcache.eviction.policy=LRU
# ehcache.overflow.disk=false
# ehcache.cache.st.name=org.jasig.cas.ticket.ServiceTicket
# ehcache.cache.st.timeIdle=0
# ehcache.cache.st.timeAlive=300
# ehcache.cache.tgt.name=org.jasig.cas.ticket.TicketGrantingTicket
# ehcache.cache.tgt.timeIdle=7201
# ehcache.cache.tgt.timeAlive=0
# ehcache.cache.loader.async=true
# ehcache.cache.loader.chunksize=5000000
# ehcache.repl.async.interval=10000
# ehcache.repl.async.batch.size=100
# ehcache.repl.sync.puts=true
# ehcache.repl.sync.putscopy=true
# ehcache.repl.sync.updates=true
# ehcache.repl.sync.updatesCopy=true
# ehcache.repl.sync.removals=true
##
# Ehcache Monitoring
#
# cache.monitor.warn.free.threshold=10
# cache.monitor.eviction.threshold=0
##
# Memcached Ticket Registry
#
# memcached.servers=localhost:11211
# memcached.hashAlgorithm=FNV1_64_HASH
# memcached.protocol=BINARY
# memcached.locatorType=ARRAY_MOD
# memcached.failureMode=Redistribute
##
# Memcached Monitoring
#
# cache.monitor.warn.free.threshold=10
# cache.monitor.eviction.threshold=0
##
# RADIUS Authentication Server
#
# cas.radius.client.inetaddr=localhost
# cas.radius.client.port.acct=
# cas.radius.client.socket.timeout=60
# cas.radius.client.port.authn=
# cas.radius.client.sharedsecret=N0Sh@ar3d$ecReT
# cas.radius.server.protocol=EAP_MSCHAPv2
# cas.radius.server.retries=3
# cas.radius.server.nasIdentifier=-1
# cas.radius.server.nasPort=-1
# cas.radius.server.nasPortId=-1
# cas.radius.server.nasRealPort=-1
# cas.radius.server.nasPortType=-1
# cas.radius.server.nasIpAddress=
# cas.radius.server.nasIpv6Address=
# cas.radius.failover.authn=false
# cas.radius.failover.exception=false
##
# SPNEGO Authentication
#
# cas.spnego.ldap.attribute=spnegoattribute
# cas.spnego.ldap.filter=host={0}
# cas.spnego.ldap.basedn=
# cas.spnego.hostname.pattern=.+
# cas.spnego.ip.pattern=
# cas.spnego.alt.remote.host.attribute
# cas.spengo.use.principal.domain=false
# cas.spnego.ntlm.allowed=true
# cas.spnego.kerb.debug=false
# cas.spnego.kerb.realm=EXAMPLE.COM
# cas.spnego.kerb.kdc=172.10.1.10
# cas.spnego.login.conf.file=/path/to/login
# cas.spnego.jcifs.domain=
# cas.spnego.jcifs.domaincontroller=
# cas.spnego.jcifs.netbios.cache.policy:600
# cas.spnego.jcifs.netbios.wins=
# cas.spnego.jcifs.password=
# cas.spnego.jcifs.service.password=
# cas.spnego.jcifs.socket.timeout:300000
# cas.spnego.jcifs.username=
# cas.spnego.kerb.conf=
# cas.spnego.ntlm=false
# cas.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit
# cas.spnego.mixed.mode.authn=false
# cas.spnego.send.401.authn.failure=false
# cas.spnego.principal.resolver.transform=NONE
# cas.spnego.service.principal=HTTP/cas.example....@example.com
##
# NTLM Authentication
#
# ntlm.authn.domain.controller=
# ntlm.authn.include.pattern=
# ntlm.authn.load.balance=true
##
# Authentication delegation using pac4j
#
# cas.pac4j.client.authn.typedidused=true
# cas.pac4j.facebook.id=
# cas.pac4j.facebook.secret=
# cas.pac4j.facebook.scope=
# cas.pac4j.facebook.fields=
# cas.pac4j.twitter.id=
# cas.pac4j.twitter.secret=
# cas.pac4j.saml.keystorePassword=
# cas.pac4j.saml.privateKeyPassword=
# cas.pac4j.saml.keystorePath=
# cas.pac4j.saml.identityProviderMetadataPath=
# cas.pac4j.saml.maximumAuthenticationLifetime=
# cas.pac4j.saml.serviceProviderEntityId=
# cas.pac4j.saml.serviceProviderMetadataPath=
# cas.pac4j.cas.loginUrl=
# cas.pac4j.cas.protocol=
# cas.pac4j.oidc.id=
# cas.pac4j.oidc.secret=
# cas.pac4j.oidc.discoveryUri=
# cas.pac4j.oidc.useNonce=
# cas.pac4j.oidc.preferredJwsAlgorithm=
# cas.pac4j.oidc.maxClockSkew=
# cas.pac4j.oidc.customParamKey1=
# cas.pac4j.oidc.customParamValue1=
# cas.pac4j.oidc.customParamKey2=
# cas.pac4j.oidc.customParamValue2=
cas.pac4j.client.authn.typedidused=true
cas.pac4j.saml.keystorePassword=pac4j-demo-passwd
cas.pac4j.saml.privateKeyPassword=pac4j-demo-passwd
cas.pac4j.saml.keystorePath=/etc/samlKeystore.jks
cas.pac4j.saml.identityProviderMetadataPath=https://e-test.com/FPSTS/FederationMetadata/2007-06/FederationMetadata.xml
cas.pac4j.saml.maximumAuthenticationLifetime=3600
cas.pac4j.saml.serviceProviderEntityId=urn:mace:saml:pac4j.org
cas.pac4j.saml.serviceProviderMetadataPath=/etc/sp-metadata.xml
# == Basic database connection pool configuration ==
database.driverClass=org.postgresql.Driver
database.url=jdbc:postgresql://localhost:5432/asig_portal
database.user=xxxxx
database.password=yyyyyyyy
database.pool.minSize=6
database.pool.maxSize=18
# Maximum amount of time to wait in ms for a connection to become
# available when the pool is exhausted
database.pool.maxWait=10000
# Amount of time in seconds after which idle connections
# in excess of minimum size are pruned.
database.pool.maxIdleTime=120
# Number of connections to obtain on pool exhaustion condition.
# The maximum pool size is always respected when acquiring
# new connections.
database.pool.acquireIncrement=6
# == Connection testing settings ==
# Period in s at which a health query will be issued on idle
# connections to determine connection liveliness.
database.pool.idleConnectionTestPeriod=30
# Query executed periodically to test health
database.pool.connectionHealthQuery=select 1
# == Database recovery settings ==
# Number of times to retry acquiring a _new_ connection
# when an error is encountered during acquisition.
database.pool.acquireRetryAttempts=5
# Amount of time in ms to wait between successive aquire retry attempts.
database.pool.acquireRetryDelay=2000
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd";
version="3.0">
<display-name>Central Authentication System (CAS)</display-name>
<context-param>
<param-name>isLog4jAutoInitializationDisabled</param-name>
<param-value>true</param-value>
</context-param>
<listener>
<listener-class>org.apache.logging.log4j.web.Log4jServletContextListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-configuration/*.xml
/WEB-INF/deployerConfigContext.xml
<!-- this enables extensions and addons to contribute to overall CAS' application context
by loading spring context files from classpath i.e. found in classpath jars, etc. -->
classpath*:/META-INF/spring/*.xml
</param-value>
</context-param>
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Client Info Logging Filter</filter-name>
<filter-class>org.jasig.inspektr.common.web.ClientInfoThreadLocalFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>CAS Client Info Logging Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>requestParameterSecurityFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>requestParameterSecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>responseHeadersSecurityFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>responseHeadersSecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
- Loads the CAS ApplicationContext.
-->
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>
org.jasig.cas.CasEnvironmentContextListener
</listener-class>
</listener>
<!--
- This is the Spring dispatcher servlet which delegates all requests to the
- Spring WebMVC controllers as configured in cas-servlet.xml.
- This configuration also provides a plugin mechanism which enables un-intrusive contributions to the DispatcherServlet
- child application context (via local Maven or Gradle war overlays for example)
- and thus an ability to override beans defined in cas-servlet.xml by means of including additional
- Spring XML config files with a naming convention pattern of /WEB-INF/cas-servlet-*.xml
-->
<servlet>
<servlet-name>cas</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<!-- Load the child application context. Start with the default, then modules, then overlays. -->
<param-value>/WEB-INF/cas-servlet.xml,classpath*:/META-INF/cas-servlet-*.xml,/WEB-INF/cas-servlet-*.xml</param-value>
</init-param>
<init-param>
<param-name>publishContext</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/logout</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/validate</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/serviceValidate</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/p3/serviceValidate</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/proxy</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/proxyValidate</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/p3/proxyValidate</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/CentralAuthenticationService</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/status</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/statistics</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/statistics/ping</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/statistics/metrics</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/statistics/threads</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/statistics/healthcheck</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/statistics/ssosessions/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/asig/services</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/statistics/ssosessions</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/status/config/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/status/config</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/authorizationFailure.html</url-pattern>
</servlet-mapping>
<!-- REST support if cas-server-support-rest is included -->
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/v1/tickets/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/v1/services/*</url-pattern>
</servlet-mapping>
<session-config>
<!-- Default to 5 minute session timeouts -->
<session-timeout>5</session-timeout>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
<error-page>
<error-code>401</error-code>
<location>/authorizationFailure.html</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/authorizationFailure.html</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/WEB-INF/view/jsp/errors.jsp</location>
</error-page>
<error-page>
<error-code>501</error-code>
<location>/WEB-INF/view/jsp/errors.jsp</location>
</error-page>
<error-page>
<error-code>503</error-code>
<location>/WEB-INF/view/jsp/errors.jsp</location>
</error-page>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>2020-08-31 11:20:14,169 DEBUG
[org.jasig.cas.web.support.DefaultArgumentExtractor] - <No service could be
extracted based on the given request>
2020-08-31 11:20:14,170 DEBUG
[org.jasig.cas.web.support.DefaultArgumentExtractor] - <Extractor did not
generate service.>
2020-08-31 11:20:14,171 DEBUG
[org.jasig.cas.support.pac4j.web.flow.ClientAction] - <clientName: SAML2Client>
2020-08-31 11:20:14,171 DEBUG
[org.jasig.cas.support.pac4j.web.flow.ClientAction] - <client: <SAML2Client> |
name: SAML2Client |>
2020-08-31 11:20:16,122 DEBUG
[org.jasig.cas.support.pac4j.web.flow.ClientAction] - <requires http action: {}>
org.pac4j.core.exception.RequiresHttpAction: Needs client redirection
at
org.pac4j.core.exception.RequiresHttpAction.ok(RequiresHttpAction.java:88)
~[pac4j-core-1.8.9.jar:?]
at
org.pac4j.core.client.IndirectClient.getCredentials(IndirectClient.java:184)
~[pac4j-core-1.8.9.jar:?]
at
org.jasig.cas.support.pac4j.web.flow.ClientAction.doExecute(ClientAction.java:139)
~[cas-server-support-pac4j-4.2.7.jar:4.2.7]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.webflow.engine.Transition.execute(Transition.java:228)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at org.springframework.webflow.engine.State.enter(State.java:194)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at org.springframework.webflow.engine.Flow.start(Flow.java:527)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:238)
~[spring-webflow-2.4.2.RELEASE.jar:2.4.2.RELEASE]
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:961)
~[spring-webmvc-4.2.8.RELEASE.jar:4.2.8.RELEASE]
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:895)
~[spring-webmvc-4.2.8.RELEASE.jar:4.2.8.RELEASE]
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:967)
~[spring-webmvc-4.2.8.RELEASE.jar:4.2.8.RELEASE]
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:858)
~[spring-webmvc-4.2.8.RELEASE.jar:4.2.8.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)
~[servlet-api.jar:?]
at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:843)
~[spring-webmvc-4.2.8.RELEASE.jar:4.2.8.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
~[servlet-api.jar:?]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
~[catalina.jar:8.5.34]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[catalina.jar:8.5.34]
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
~[tomcat-websocket.jar:8.5.34]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[catalina.jar:8.5.34]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[catalina.jar:8.5.34]
at
org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:238)
~[cas-server-security-filter-2.0.6.jar:2.0.6]
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
~[spring-web-4.2.8.RELEASE.jar:4.2.8.RELEASE]
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
~[spring-web-4.2.8.RELEASE.jar:4.2.8.RELEASE]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[catalina.jar:8.5.34]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[catalina.jar:8.5.34]
at
org.jasig.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:62)
~[inspektr-common-1.3.GA.jar:1.3.GA]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[catalina.jar:8.5.34]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[catalina.jar:8.5.34]
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)
~[spring-web-4.2.8.RELEASE.jar:4.2.8.RELEASE]
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-4.2.8.RELEASE.jar:4.2.8.RELEASE]
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
~[spring-web-4.2.8.RELEASE.jar:4.2.8.RELEASE]
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
~[spring-web-4.2.8.RELEASE.jar:4.2.8.RELEASE]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[catalina.jar:8.5.34]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[catalina.jar:8.5.34]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
~[catalina.jar:8.5.34]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
~[catalina.jar:8.5.34]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
~[catalina.jar:8.5.34]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
~[catalina.jar:8.5.34]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
~[catalina.jar:8.5.34]
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
~[catalina.jar:8.5.34]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
~[catalina.jar:8.5.34]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
~[catalina.jar:8.5.34]
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
~[tomcat-coyote.jar:8.5.34]
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
~[tomcat-coyote.jar:8.5.34]
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806)
~[tomcat-coyote.jar:8.5.34]
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
~[tomcat-coyote.jar:8.5.34]
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
~[tomcat-coyote.jar:8.5.34]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[?:1.8.0_181]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[?:1.8.0_181]
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
~[tomcat-util.jar:8.5.34]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
2020-08-31 11:20:27,642 DEBUG
[org.jasig.cas.web.support.DefaultArgumentExtractor] - <No service could be
extracted based on the given request>
2020-08-31 11:20:27,643 DEBUG
[org.jasig.cas.web.support.DefaultArgumentExtractor] - <Extractor did not
generate service.>
2020-08-31 11:20:27,643 DEBUG
[org.jasig.cas.support.pac4j.web.flow.ClientAction] - <clientName: SAML2Client>
2020-08-31 11:20:27,644 DEBUG
[org.jasig.cas.support.pac4j.web.flow.ClientAction] - <client: <SAML2Client> |
name: SAML2Client |>
2020-08-31 11:20:27,895 DEBUG
[org.jasig.cas.support.pac4j.web.flow.ClientAction] - <credentials:
SAMLCredential [nameId=org.opensaml.saml.saml2.core.impl.NameIDImpl@61c08a02,
attributes=[org.opensaml.saml.saml2.core.impl.AttributeImpl@3fcb3359,
org.opensaml.saml.saml2.core.impl.AttributeImpl@3475abf2,
org.opensaml.saml.saml2.core.impl.AttributeImpl@5da1de08,
org.opensaml.saml.saml2.core.impl.AttributeImpl@3854df24,
org.opensaml.saml.saml2.core.impl.AttributeImpl@5ee3728c,
org.opensaml.saml.saml2.core.impl.AttributeImpl@47507899,
org.opensaml.saml.saml2.core.impl.AttributeImpl@1452bfe5,
org.opensaml.saml.saml2.core.impl.AttributeImpl@a61efb4,
org.opensaml.saml.saml2.core.impl.AttributeImpl@4fd39b66]]>
2020-08-31 11:20:27,896 DEBUG
[org.jasig.cas.support.pac4j.web.flow.ClientAction] - <retrieve service:
https://apptest/sq/casservice?returnto=http%3A//apptest/sq/user/login>
2020-08-31 11:20:27,935 DEBUG
[org.jasig.cas.support.pac4j.authentication.handler.support.ClientAuthenticationHandler]
- <Pollogati clientCredentials
org.jasig.cas.authentication.principal.ClientCredential@73a626a8>
2020-08-31 11:20:27,936 DEBUG
[org.jasig.cas.support.pac4j.authentication.handler.support.ClientAuthenticationHandler]
- <Pollogati clientName: SAML2Client>
2020-08-31 11:20:27,936 DEBUG
[org.jasig.cas.support.pac4j.authentication.handler.support.ClientAuthenticationHandler]
- < Pollogati client: <SAML2Client> | name: SAML2Client |>
2020-08-31 11:20:27,942 DEBUG
[org.jasig.cas.support.pac4j.authentication.handler.support.ClientAuthenticationHandler]
- <userProfile: <SAML2Profile> | id: 233348 | attributes:
{http://schemas.microsoft.com/cgg/2010/profile/claims/email=[saimi...@gmail.com],
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier=[I90803023C],
roles=[CMS_USER, ROLE_USER, Download],
http://schemas.microsoft.com/cgg/2010/profile/claims/mobile=[069234234324,
http://schemas.microsoft.com/cgg/2010/identity/claims/idprealm=[urn:microsoft:cgg2010:ipsts:uidpwd],
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name=[Saimir],
http://schemas.microsoft.com/cgg/2010/identity/claims/profiletype=[Individual],
http://schemas.microsoft.com/cgg/2010/identity/claims/profileid=[233348],
http://schemas.microsoft.com/cgg/2010/identity/claims/clientip=[14.0.22.60],
http://schemas.microsoft.com/cgg/2010/identity/claims/profilestate=[Active],
email=saimi...@gmail.com} | roles: [CMS_USER, ROLE_USER, Download] |
permissions: [] | isRemembered: false |>
2020-08-31 11:20:27,946 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Saimir
ClientAuthenticationHandler successfully authenticated
org.jasig.cas.authentication.principal.ClientCredential@73a626a8>
2020-08-31 11:20:27,946 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <No resolver
configured for ClientAuthenticationHandler. Falling back to handler principal
SAML2Profile#233348>
2020-08-31 11:20:27,947 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Final
principal resolved for this authentication event is SAML2Profile#233348>
2020-08-31 11:20:27,949 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
<Authenticated SAML2Profile#233348 with credentials
[org.jasig.cas.authentication.principal.ClientCredential@73a626a8].>
2020-08-31 11:20:27,950 DEBUG
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Attribute
map for SAML2Profile#233348:
{http://schemas.microsoft.com/cgg/2010/profile/claims/email=[saimi...@gmail.com],
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier=[I90803023C],
roles=[CMS_USER, ROLE_USER, Download],
http://schemas.microsoft.com/cgg/2010/profile/claims/mobile=[0695234534],
http://schemas.microsoft.com/cgg/2010/identity/claims/idprealm=[urn:microsoft:cgg2010:ipsts:uidpwd],
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name=[Saimir],
http://schemas.microsoft.com/cgg/2010/identity/claims/profiletype=[Individual],
http://schemas.microsoft.com/cgg/2010/identity/claims/profileid=[233348],
http://schemas.microsoft.com/cgg/2010/identity/claims/clientip=[134.0.35.60],
http://schemas.microsoft.com/cgg/2010/identity/claims/profilestate=[Active],
email=saimi...@gmail.com}>
2020-08-31 11:20:27,952 DEBUG
[org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Trying to
see if target's return value is instance of [Assertion]...>
2020-08-31 11:20:27,952 DEBUG
[org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Resolving
principal from the delegate principal resolver:
[org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver@3b1ed9dc]...>
2020-08-31 11:20:27,954 DEBUG
[org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving
argument [AuthenticationTransaction] for audit>
2020-08-31 11:20:27,955 DEBUG
[org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving
argument [ClientCredential] for audit>
2020-08-31 11:20:27,971 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationTransactionManager] -
<Successful authentication; Collecting authentication result
[org.jasig.cas.authentication.ImmutableAuthentication@e27dab88]>
2020-08-31 11:20:27,975 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationTransactionManager] -
<Transaction ignored since there are no credentials to authenticate>
2020-08-31 11:20:27,976 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] -
<Collecting authentication history based on [1] authentication events>
2020-08-31 11:20:27,976 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] -
<Evaluating authentication principal [SAML2Profile#233348] for inclusion in
context>
2020-08-31 11:20:27,977 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - <Collected
principal attributes
[{http://schemas.microsoft.com/cgg/2010/profile/claims/email=[saimi...@gmail.com],
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier=[I90803023C],
roles=[CMS_USER, ROLE_USER, Download],
http://schemas.microsoft.com/cgg/2010/profile/claims/mobile=[0695234534],
http://schemas.microsoft.com/cgg/2010/identity/claims/idprealm=[urn:microsoft:cgg2010:ipsts:uidpwd],
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name=[Saimir],
http://schemas.microsoft.com/cgg/2010/identity/claims/profiletype=[Individual],
http://schemas.microsoft.com/cgg/2010/identity/claims/profileid=[233348],
http://schemas.microsoft.com/cgg/2010/identity/claims/clientip=[134.0.35.60],
http://schemas.microsoft.com/cgg/2010/identity/claims/profilestate=[Active],
email=saimi...@gmail.com}] for inclusion in context for principal
[SAML2Profile#233348]>
2020-08-31 11:20:27,977 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - <Collected
single authentication attribute [authenticationMethod] ->
[ClientAuthenticationHandler]>
2020-08-31 11:20:27,978 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - <Collected
single authentication attribute [successfulAuthenticationHandlers] ->
[[ClientAuthenticationHandler]]>
2020-08-31 11:20:27,978 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - <Collected
single authentication attribute [clientName] -> [SAML2Client]>
2020-08-31 11:20:27,978 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - <Finalized
authentication attributes [{authenticationMethod=ClientAuthenticationHandler,
clientName=SAML2Client,
successfulAuthenticationHandlers=[ClientAuthenticationHandler]}] for inclusion
in authentication context>
2020-08-31 11:20:27,980 DEBUG
[org.jasig.cas.authentication.DefaultPrincipalElectionStrategy] - <Nominated
[SAML2Profile#233348] as the primary principal>
2020-08-31 11:20:27,980 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] -
<Determined primary authentication principal to be [SAML2Profile#233348]>
2020-08-31 11:20:27,981 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - <Saimir
Collected authentication attributes for this context are
[{authenticationMethod=ClientAuthenticationHandler, clientName=SAML2Client,
successfulAuthenticationHandlers=[ClientAuthenticationHandler]}]>
2020-08-31 11:20:27,981 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] -
<Authentication context commenced at [2020-08-31T11:20:27.981+02:00]>
2020-08-31 11:20:27,981 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - <Building
an authentication context for authentication
org.jasig.cas.authentication.ImmutableAuthentication@df84b652 and service
https://apptest/sq/casservice?returnto=http%3A//apptest/sq/user/login>
2020-08-31 11:20:27,997 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[TGT-1-uQHuiAIvl56bmrpBeaZjgqM6rDFMh05PVXAjn4hRZvSjRfJUbl-apptest] to registry.>
2020-08-31 11:20:28,001 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl]
- <Publishing
org.jasig.cas.support.events.CasTicketGrantingTicketCreatedEvent@e8f3d71[ticketGrantingTicket=TGT-1-uQHuiAIvl56bmrpBeaZjgqM6rDFMh05PVXAjn4hRZvSjRfJUbl-apptest]>
2020-08-31 11:20:28,001 DEBUG
[org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Trying to
see if target's return value is instance of [Assertion]...>
2020-08-31 11:20:28,002 DEBUG
[org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Resolving
principal from the delegate principal resolver:
[org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver@3b1ed9dc]...>
2020-08-31 11:20:28,005 DEBUG
[org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving
argument [DefaultAuthenticationContext] for audit>
2020-08-31 11:20:28,119 DEBUG
[org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Audit tickets
cache created>
2020-08-31 11:20:28,128 DEBUG
[org.jasig.cas.web.support.DefaultCasCookieValueManager] - <Encoding cookie
value
[TGT-1-uQHuiAIvl56bmrpBeaZjgqM6rDFMh05PVXAjn4hRZvSjRfJUbl-apptest@127.0.0.1@Mozilla/5.0
(Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/84.0.4147.135 Safari/537.36]>
2020-08-31 11:20:28,130 DEBUG [org.jasig.cas.util.TGCCipherExecutor] -
<Encrypting via [A128CBC-HS256]>
2020-08-31 11:20:28,166 DEBUG
[org.jasig.cas.web.support.TGCCookieRetrievingCookieGenerator] - <Added cookie
with name [TGC] and value
[eyJhbGciOiJIUzUxMiJ9.WlhsS2FHSkhZMmxQYVVwcllWaEphVXhEU214aWJVMXBUMmxLUWsxVVNUUlJNRXBFVEZWb1ZFMXFWVEpKYmpBdUxtUjJSbVZDTkZoelNtMVhTRFpNVFY5R2FGZHZaMmN1VW5oVldUSkZSV0ZwYkRjNFRtSlZjVTlCV214blJuSXhiVTlDVURad2JsSnFkalYyYUROaFEwVjBUR3h0WTBoUGEyaEhTa3BCTUVWaVQyNUNjMjVZVDNKMVJucHhhVEpWTlZKQ2N6SjZibXh0YTBzeFN6WkxiVk5XZWxGSGNVMWxhRmgyUkU5SU1qWnhYMDA0Ym1WYWFUbHRlVEF0VWpCUWQweGZUVXhHY0VaNWFsSTRiMEZKU210MFRHcFpabEpyY2tsSFVXVm1iMWM0VTJWbFMwZ3RaM0YwWm5BMlNGVXlUM0JTTW1ka1IyMXFVMHRaZEdwUkxYQnRlVTFzUmxsQ2NITjFSRVUxUTJ0RVoySk9lV0phWW5kME4yTkNUVkE0ZFdOMWIwNXJkSGxVWW5sSlkwbFpTelpIZVZobFMxcFNNak00UlRVNWFFRlZNMEkzYUVsMVNpNTZiMFJ5Y1VrNE1uWmZXWGgwTFdaTmRYUmhYek5u.sIbeHR0lkIORrSrEgdqleySGe2lmvIfMA8KXtQGAhFgxfU3sHg-VovkwCB7j11fhvl3pae-DWOXOQSXtgpBT8Q]>
2020-08-31 11:20:28,177 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve
ticket [TGT-1-uQHuiAIvl56bmrpBeaZjgqM6rDFMh05PVXAjn4hRZvSjRfJUbl-apptest]>
2020-08-31 11:20:28,177 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[TGT-1-uQHuiAIvl56bmrpBeaZjgqM6rDFMh05PVXAjn4hRZvSjRfJUbl-apptest] found in
registry.>
2020-08-31 11:20:28,179 DEBUG [org.jasig.cas.util.RegexUtils] - <Pattern
^https://apptest/cas-services.* is a valid regex.>
2020-08-31 11:20:28,184 DEBUG [org.jasig.cas.util.RegexUtils] - <Pattern
^https?://apptest.* is a valid regex.>
2020-08-31 11:20:28,185 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] -
<Collecting authentication history based on [1] authentication events>
2020-08-31 11:20:28,186 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] -
<Evaluating authentication principal [SAML2Profile#233348] for inclusion in
context>
2020-08-31 11:20:28,186 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - <Collected
principal attributes
[{http://schemas.microsoft.com/cgg/2010/profile/claims/email=[saimi...@gmail.com],
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier=[I90803023C],
roles=[CMS_USER, ROLE_USER, Download],
http://schemas.microsoft.com/cgg/2010/profile/claims/mobile=[0695234534],
http://schemas.microsoft.com/cgg/2010/identity/claims/idprealm=[urn:microsoft:cgg2010:ipsts:uidpwd],
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name=[Saimir],
http://schemas.microsoft.com/cgg/2010/identity/claims/profiletype=[Individual],
http://schemas.microsoft.com/cgg/2010/identity/claims/profileid=[233348],
http://schemas.microsoft.com/cgg/2010/identity/claims/clientip=[134.0.35.60],
http://schemas.microsoft.com/cgg/2010/identity/claims/profilestate=[Active],
email=saimi...@gmail.com}] for inclusion in context for principal
[SAML2Profile#233348]>
2020-08-31 11:20:28,187 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - <Collected
single authentication attribute [authenticationMethod] ->
[ClientAuthenticationHandler]>
2020-08-31 11:20:28,188 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - <Collected
single authentication attribute [clientName] -> [SAML2Client]>
2020-08-31 11:20:28,188 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - <Collected
single authentication attribute [successfulAuthenticationHandlers] ->
[[ClientAuthenticationHandler]]>
2020-08-31 11:20:28,189 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - <Finalized
authentication attributes [{authenticationMethod=ClientAuthenticationHandler,
clientName=SAML2Client,
successfulAuthenticationHandlers=[ClientAuthenticationHandler]}] for inclusion
in authentication context>
2020-08-31 11:20:28,189 DEBUG
[org.jasig.cas.authentication.DefaultPrincipalElectionStrategy] - <Nominated
[SAML2Profile#233348] as the primary principal>
2020-08-31 11:20:28,190 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] -
<Determined primary authentication principal to be [SAML2Profile#233348]>
2020-08-31 11:20:28,190 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - <Saimir
Collected authentication attributes for this context are
[{authenticationMethod=ClientAuthenticationHandler, clientName=SAML2Client,
successfulAuthenticationHandlers=[ClientAuthenticationHandler]}]>
2020-08-31 11:20:28,191 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] -
<Authentication context commenced at [2020-08-31T11:20:28.191+02:00]>
2020-08-31 11:20:28,192 DEBUG
[org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - <Building
an authentication context for authentication
org.jasig.cas.authentication.ImmutableAuthentication@c8bd084 and service
https://apptest/sq/casservice?returnto=http%3A//apptest/sq/user/login>
2020-08-31 11:20:28,196 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl]
- <Attempting to get ticket id
TGT-1-uQHuiAIvl56bmrpBeaZjgqM6rDFMh05PVXAjn4hRZvSjRfJUbl-apptest to create
service ticket>
2020-08-31 11:20:28,203 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve
ticket [TGT-1-uQHuiAIvl56bmrpBeaZjgqM6rDFMh05PVXAjn4hRZvSjRfJUbl-apptest]>
2020-08-31 11:20:28,204 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[TGT-1-uQHuiAIvl56bmrpBeaZjgqM6rDFMh05PVXAjn4hRZvSjRfJUbl-apptest] found in
registry.>
2020-08-31 11:20:28,207 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl]
- <Added authentication to the collection of supplemental authentications>
2020-08-31 11:20:28,208 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl]
- <TGT TGT-1-uQHuiAIvl56bmrpBeaZjgqM6rDFMh05PVXAjn4hRZvSjRfJUbl-apptest is not
proxied by another service>
2020-08-31 11:20:28,208 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl]
- <Checking for authentication policy satisfaction...>
2020-08-31 11:20:28,230 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl]
- <Authentication policy
org.jasig.cas.authentication.AcceptAnyAuthenticationPolicyFactory$1@7247933c is
satisfied by the authentication associated with
TGT-1-uQHuiAIvl56bmrpBeaZjgqM6rDFMh05PVXAjn4hRZvSjRfJUbl-apptest>
2020-08-31 11:20:28,231 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl]
- <Located principal SAML2Profile#233348 for service ticket creation>
2020-08-31 11:20:28,231 DEBUG
[org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository] -
<DefaultPrincipalAttributesRepository will return the collection of attributes
directly associated with the principal object>
2020-08-31 11:20:28,232 DEBUG
[org.jasig.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository]
- <Found [11] cached attributes for principal [SAML2Profile#233348]>
2020-08-31 11:20:28,233 DEBUG
[org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy] - <These
required attributes [{roles=[CMS_USER|ROLE_USER]}] are examined against
[{http://schemas.microsoft.com/cgg/2010/profile/claims/email=[saimi...@gmail.com],
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier=[I90803023C],
roles=[CMS_USER, ROLE_USER, Download],
http://schemas.microsoft.com/cgg/2010/profile/claims/mobile=[0695234534],
http://schemas.microsoft.com/cgg/2010/identity/claims/idprealm=[urn:microsoft:cgg2010:ipsts:uidpwd],
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name=[Saimir],
http://schemas.microsoft.com/cgg/2010/identity/claims/profiletype=[Individual],
http://schemas.microsoft.com/cgg/2010/identity/claims/profileid=[233348],
http://schemas.microsoft.com/cgg/2010/identity/claims/clientip=[134.0.35.60],
http://schemas.microsoft.com/cgg/2010/identity/claims/profilestate=[Active],
email=saimi...@gmail.com}] before service can proceed.>
2020-08-31 11:20:28,237 DEBUG [org.jasig.cas.util.RegexUtils] - <Pattern
(CMS_USER|ROLE_USER) is a valid regex.>
2020-08-31 11:20:28,239 INFO
[org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy] - <Principal is
authorized to access the service>
2020-08-31 11:20:28,240 DEBUG
[org.jasig.cas.ticket.DefaultServiceTicketFactory] - <Looking up service ticket
id generator for
[org.jasig.cas.authentication.principal.SimpleWebApplicationServiceImpl]>
2020-08-31 11:20:28,244 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
<Granted ticket [ST-1-Z0ezZGbGet10OzBtuYqQ-apptest] for service
[https://apptest/sq/casservice?returnto=http%3A//apptest/sq/user/login] and
principal [SAML2Profile#233348]>
2020-08-31 11:20:28,244 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[ST-1-Z0ezZGbGet10OzBtuYqQ-apptest] to registry.>
2020-08-31 11:20:28,245 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl]
- <Added service ticket ST-1-Z0ezZGbGet10OzBtuYqQ-apptest to ticket registry>
2020-08-31 11:20:28,246 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl]
- <Publishing
org.jasig.cas.support.events.CasServiceTicketGrantedEvent@4edee8f8[ticketGrantingTicket=TGT-1-uQHuiAIvl56bmrpBeaZjgqM6rDFMh05PVXAjn4hRZvSjRfJUbl-apptest,serviceTicket=ST-1-Z0ezZGbGet10OzBtuYqQ-apptest]>
2020-08-31 11:20:28,247 DEBUG
[org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Trying to
see if target's return value is instance of [Assertion]...>
2020-08-31 11:20:28,248 DEBUG
[org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Resolving
principal from the delegate principal resolver:
[org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver@3b1ed9dc]...>
2020-08-31 11:20:28,248 DEBUG
[org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving
argument [String] for audit>
2020-08-31 11:20:28,250 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve
ticket [TGT-1-uQHuiAIvl56bmrpBeaZjgqM6rDFMh05PVXAjn4hRZvSjRfJUbl-apptest]>
2020-08-31 11:20:28,251 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[TGT-1-uQHuiAIvl56bmrpBeaZjgqM6rDFMh05PVXAjn4hRZvSjRfJUbl-apptest] found in
registry.>
2020-08-31 11:20:28,261 INFO [org.jasig.cas.audit.spi.ServiceResourceResolver]
- <>>>>>>>>>>>>>>>>>>>>>>>>>>>>>registeredServiceid=2552150336763730,name=Test
TEst description=Vendosni emrin e përdoruesit dhe fjalëkalimin për të hyrë në
Test
Kombëtar,serviceId=^https?://apptest.*,usernameAttributeProvider=org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider@d,theme=<null>,evaluationOrder=6,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.jasig.cas.services.ReturnAllAttributeReleasePolicy@57652b0a[attributeFilter=<null>,principalAttributesRepository=org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository@3272dd9e[],authorizedToReleaseCredentialPassword=true,authorizedToReleaseProxyGrantingTicket=true],accessStrategy=org.jasig.cas.services.TimeBasedRegisteredServiceAccessStrategy@2519695b[enabled=true,ssoEnabled=true,requireAllAttributes=false,requiredAttributes={roles=[CMS_USER|ROLE_USER]},unauthorizedRedirectUrl=<null>,caseInsensitive=false,startingDateTime=<null>,endingDateTime=<null>],publicKey=<null>,proxyPolicy=org.jasig.cas.services.RegexMatchingRegisteredServiceProxyPolicy@19570939[^https?://.*],logo=<null>,logoutUrl=https://apptest/casservice,requiredHandlers=[],properties={},<null>>
2020-08-31 11:20:28,585 DEBUG
[org.jasig.cas.web.support.DefaultArgumentExtractor] - <Created
https://apptest/sq/casservice?returnto=http%3A//apptest/sq/user/login based on
org.jasig.cas.authentication.principal.WebApplicationServiceFactory@39d08b4e>
2020-08-31 11:20:28,586 DEBUG
[org.jasig.cas.web.support.DefaultArgumentExtractor] - <Extractor generated
service for:
https://apptest/sq/casservice?returnto=http%3A//apptest/sq/user/login>
2020-08-31 11:20:28,592 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve
ticket [ST-1-Z0ezZGbGet10OzBtuYqQ-apptest]>
2020-08-31 11:20:28,593 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[ST-1-Z0ezZGbGet10OzBtuYqQ-apptest] found in registry.>
2020-08-31 11:20:28,594 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl]
- <Authentication policy
org.jasig.cas.authentication.AcceptAnyAuthenticationPolicyFactory$1@69480c4f is
satisfied by the authentication associated with
TGT-1-uQHuiAIvl56bmrpBeaZjgqM6rDFMh05PVXAjn4hRZvSjRfJUbl-apptest>
2020-08-31 11:20:28,594 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl]
- <Attribute policy
[org.jasig.cas.services.ReturnAllAttributeReleasePolicy@57652b0a[attributeFilter=<null>,principalAttributesRepository=org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository@3272dd9e[],authorizedToReleaseCredentialPassword=true,authorizedToReleaseProxyGrantingTicket=true]]
is associated with service [id=2552150336763730,name=Test
TEstdescription=Vendosni emrin e përdoruesit dhe fjalëkalimin për të hyrë në
Test
Kombëtar,serviceId=^https?://apptest.*,usernameAttributeProvider=org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider@d,theme=<null>,evaluationOrder=6,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.jasig.cas.services.ReturnAllAttributeReleasePolicy@57652b0a[attributeFilter=<null>,principalAttributesRepository=org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository@3272dd9e[],authorizedToReleaseCredentialPassword=true,authorizedToReleaseProxyGrantingTicket=true],accessStrategy=org.jasig.cas.services.TimeBasedRegisteredServiceAccessStrategy@2519695b[enabled=true,ssoEnabled=true,requireAllAttributes=false,requiredAttributes={roles=[CMS_USER|ROLE_USER]},unauthorizedRedirectUrl=<null>,caseInsensitive=false,startingDateTime=<null>,endingDateTime=<null>],publicKey=<null>,proxyPolicy=org.jasig.cas.services.RegexMatchingRegisteredServiceProxyPolicy@19570939[^https?://.*],logo=<null>,logoutUrl=https://apptest/casservice,requiredHandlers=[],properties={},<null>]>
2020-08-31 11:20:28,595 DEBUG
[org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository] -
<DefaultPrincipalAttributesRepository will return the collection of attributes
directly associated with the principal object>
2020-08-31 11:20:28,595 DEBUG
[org.jasig.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository]
- <Found [11] cached attributes for principal [SAML2Profile#233348]>
2020-08-31 11:20:28,596 DEBUG
[org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider] - <Returning
the default principal id [SAML2Profile#233348] for username.>
2020-08-31 11:20:28,599 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl]
- <Publishing
org.jasig.cas.support.events.CasServiceTicketValidatedEvent@4c6db63[assertion=org.jasig.cas.authentication.ImmutableAuthentication@df84b652:https://apptest/sq/casservice?returnto=http%3A//apptest/sq/user/login,serviceTicket=ST-1-Z0ezZGbGet10OzBtuYqQ-apptest]>
2020-08-31 11:20:28,600 DEBUG
[org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy] - <Ticket
usage count 1 is greater than or equal to 1>
2020-08-31 11:20:28,600 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve
ticket [ST-1-Z0ezZGbGet10OzBtuYqQ-apptest]>
2020-08-31 11:20:28,601 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[ST-1-Z0ezZGbGet10OzBtuYqQ-apptest] found in registry.>
2020-08-31 11:20:28,601 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket
[ST-1-Z0ezZGbGet10OzBtuYqQ-apptest] from the registry.>
2020-08-31 11:20:28,602 DEBUG
[org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Trying to
see if target's return value is instance of [Assertion]...>
2020-08-31 11:20:28,602 DEBUG
[org.jasig.cas.audit.spi.AssertionAsReturnValuePrincipalResolver] - <Assertion
instance is found in the return value. Resolving principal id from associated
Authentication...>
2020-08-31 11:20:28,644 DEBUG [org.jasig.cas.web.ServiceValidateController] -
<Successfully validated service ticket ST-1-Z0ezZGbGet10OzBtuYqQ-apptest for
service [https://apptest/sq/casservice?returnto=http%3A//apptest/sq/user/login]>
2020-08-31 11:20:28,669 DEBUG
[org.jasig.cas.web.view.Cas20ResponseView$Success] - <Preparing the output
model to render view...>
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:context="http://www.springframework.org/schema/context";
xmlns:p="http://www.springframework.org/schema/p"; xmlns:c="http://www.springframework.org/schema/c";
xmlns:aop="http://www.springframework.org/schema/aop"; xmlns:tx="http://www.springframework.org/schema/tx";
xmlns:util="http://www.springframework.org/schema/util"; xmlns:sec="http://www.springframework.org/schema/security";
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd";>
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"
p:driverClass="${database.driverClass}" p:jdbcUrl="${database.url}"
p:user="${database.user}" p:password="${database.password}"
p:initialPoolSize="${database.pool.minSize}" p:minPoolSize="${database.pool.minSize}"
p:maxPoolSize="${database.pool.maxSize}"
p:maxIdleTimeExcessConnections="${database.pool.maxIdleTime}"
p:checkoutTimeout="${database.pool.maxWait}" p:acquireIncrement="${database.pool.acquireIncrement}"
p:acquireRetryAttempts="${database.pool.acquireRetryAttempts}"
p:acquireRetryDelay="${database.pool.acquireRetryDelay}"
p:idleConnectionTestPeriod="${database.pool.idleConnectionTestPeriod}"
p:preferredTestQuery="${database.pool.connectionHealthQuery}" />
<bean id="dbAuthHandler"
class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler"
p:dataSource-ref="dataSource"
p:tableUsers="portal_administration.app_user" p:fieldUser="username"
p:fieldPassword="password" />
<bean id="primaryPrincipalResolver"
class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver">
<property name="attributeRepository" ref="attributeRepository" />
</bean>
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<constructor-arg index="0" ref="dataSource" />
</bean>
<bean id="attributeRepository" class="hr.in2.asig.cas.CustomJdbcAttributeDao">
<constructor-arg index="0" ref="dataSource" />
<constructor-arg index="1"
value="select user_id,email from portal_administration.app_user where status = 1 and {0}" />
<property name="jdbcTemplate" ref="jdbcTemplate" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="username" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="roles" value="roles" />
<entry key="email" value="email" />
</map>
</property>
</bean>
<util:map id="authenticationHandlersResolvers">
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<!-- Comment active line and uncomment this one for naïve, hard coded authentication
<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver"
/> -->
<!-- Comment active line and uncomment this one for relational database
authentication -->
<entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver" />
<!-- Comment active line and uncomment this one for LDAP authentication
<entry key-ref="ldapAuthenticationHandler" value="#{null}" /> -->
</util:map>
<util:list id="authenticationMetadataPopulators">
<ref bean="successfulHandlerMetaDataPopulator" />
<ref bean="rememberMeAuthenticationMetaDataPopulator" />
</util:list>
<alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" />
<alias name="serviceThemeResolver" alias="themeResolver" />
<alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" />
<alias name="defaultTicketRegistry" alias="ticketRegistry" />
<alias name="ticketGrantingTicketExpirationPolicy" alias="grantingTicketExpirationPolicy" />
<alias name="multiTimeUseOrTimeoutExpirationPolicy" alias="serviceTicketExpirationPolicy" />
<alias name="anyAuthenticationPolicy" alias="authenticationPolicy" />
<alias name="acceptAnyAuthenticationPolicyFactory" alias="authenticationPolicyFactory" />
<alias name="neverThrottle" alias="authenticationThrottle" />
<util:list id="monitorsList">
<ref bean="memoryMonitor" />
<ref bean="sessionMonitor" />
</util:list>
<alias name="defaultPrincipalFactory" alias="principalFactory" />
<alias name="defaultAuthenticationTransactionManager" alias="authenticationTransactionManager" />
<alias name="defaultPrincipalElectionStrategy" alias="principalElectionStrategy" />
<alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor" />
<bean id="auditCleanupCriteria"
class="org.jasig.inspektr.audit.support.MaxAgeWhereClauseMatchCriteria">
<constructor-arg index="0" value="180" />
</bean>
<bean id="auditTrailManager" class="org.jasig.inspektr.audit.support.JdbcAuditTrailManager"
c:transactionTemplate-ref="inspektrTransactionTemplate"
p:dataSource-ref="dataSource" p:cleanupCriteria-ref="auditCleanupCriteria" />
<bean id="inspektrTransactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
p:dataSource-ref="dataSource" />
<bean id="inspektrTransactionTemplate"
class="org.springframework.transaction.support.TransactionTemplate"
p:transactionManager-ref="inspektrTransactionManager"
p:isolationLevelName="ISOLATION_READ_COMMITTED"
p:propagationBehaviorName="PROPAGATION_REQUIRED" />
<util:map id="auditResourceResolverMap">
<entry key="AUTHENTICATION_RESOURCE_RESOLVER">
<bean class="org.jasig.cas.audit.spi.CredentialsAsFirstParameterResourceResolver"/>
</entry>
<entry key="CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER">
<ref bean="returnValueResourceResolver"/>
</entry>
<entry key="DESTROY_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER">
<ref bean="ticketResourceResolver"/>
</entry>
<entry key="CREATE_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER">
<ref bean="returnValueResourceResolver"/>
</entry>
<entry key="DESTROY_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER">
<ref bean="ticketResourceResolver"/>
</entry>
<entry key="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER">
<ref bean="serviceResourceResolver"/>
</entry>
<entry key="GRANT_PROXY_TICKET_RESOURCE_RESOLVER">
<ref bean="serviceResourceResolver"/>
</entry>
<entry key="VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER">
<ref bean="ticketResourceResolver"/>
</entry>
<entry key="SAVE_SERVICE_RESOURCE_RESOLVER">
<ref bean="returnValueResourceResolver"/>
</entry>
</util:map>
<!-- <bean id="returnValueResourceResolver"
class="org.jasig.cas.audit.spi.MessageBundleAwareResourceResolver"/> -->
<bean id="serviceResourceResolver"
class="org.jasig.cas.audit.spi.ServiceResourceResolver"/>
<!-- <bean id="ticketResourceResolver"
class="org.jasig.cas.audit.spi.TicketAsFirstParameterResourceResolver" /> -->
</beans>
