Hello,
MDQ metadata endpoint is basically one huge XML file (or a set of small
ones) with SAML metadata of various organizations, in this case, members
of InCommon community.
MDQ as a technical standard is an IETF thing.
But what it means for CAS and Mgmt apps...
https://apereo.github.io/cas/6.5.x/installation/Configuring-SAML2-DynamicMetadata.html
- When you are creating a SAML registration in Mgmt app, the Mgmt app
can give you a choice of ready-made SAML metadata configurations because
it downloaded them upon its startup.
- CAS does not need to store the SAML metadata locally, it can gather
them from MDQ endpoint. This implies that CAS administrator doesn't need
to manage local metadata files of various connected 3rd parties.
- If you cannot access InCommon MDQ, you cannot consume 3rd party SAML
metadata automatically. So you are back to manual management of metadata
XML files. That is all.
Other than automating tasks around SAML metadata upkeeping, there is no
impact on the functionality.
However, even without proxy access, you can work around the issue. You
can, for example, periodically download the metadata with wget and let
CAS read the file locally or from some internal webserver. You have a
property (mgmt.in-common-mdq-url) which you can configure, so if there
is a will, there is a way. :) But I would do it only if you really
desperately need to access the InCommon MDQ registry.
Cheers,
Fiisch
On 03/11/2022 11:05 AM, Juan María Reina Ortiz wrote:
Thanks, Petr
Having read that tread, what I've understood is that disabling mdq
would allow the process to start, but, what would be the consecuences?
I don't have a knowledge deep enough to foresee what it will happen by
not using this feature...
Thanks in advance
El viernes, 11 de marzo de 2022 a las 8:29:03 UTC+1,
petr.f...@gmail.com escribió:
Hello,
If the proxy settings do not work, you still should be able to
manipulate the URL of InCommon service... either to point it
somewhere where it can reach the data or to disable it completely.
If i remember the source code correctly, you do not have to
specify only an URL but a filesystem path (file:///somepath) might
work too.
Check this thread
https://groups.google.com/a/apereo.org/g/cas-user/c/8eJvw8oikPw/m/tNAH1jIKBgAJ
Cheers,
Fiisch
On 03/10/2022 07:20 PM, Juan María Reina Ortiz wrote:
Hello everybody
Doesn't anybody have to deal with this? I mean, having a
cas-management installed on a server behind a proxy...
In that case, can anybody point me to a different place where I
could find some help?
Cheers!
El jueves, 3 de marzo de 2022 a las 8:16:11 UTC+1, Juan María
Reina Ortiz escribió:
Hello everybody
Ray, first of all, I have to confirm that I'm using 6.3. And,
yes, some of the options were probably wrong, so I stuck to
the ones you've mentioned. Anyway, it doesn't work as the
request are not passing through the proxy... And I have to
say that proxy is working well as I've had to configure it to
build the product (gradle.properties)
This failure prevent my cas-management to start
Thanks for your help.
El 02/03/2022 a las 18:49, Ray Bon escribió:
Juan,
I am unable to find proxy-host in the cas 6.4 docs. It is in
6.3.
Is it still a property in 6.4?
Some cas. ... properties are available in cas-management. I
searched around the code but could not find a place where
proxy-host is used.
In cas 6.3 docs, I see only these proxy options
# cas.http-client.proxy-host=
# cas.http-client.proxy-port=0
I see that incommon is still hard coded into cas management
app; which is a shame.
Are you trying to get the incommon metadata?
Is that failure preventing cas management from working?
As a work around, you could filter out those log messages.
Ray
On Wed, 2022-03-02 at 14:13 +0100, Juan María Reina Ortiz wrote:
Notice: This message was sent from outside the University
of Victoria email system. Please be cautious with links and
sensitive information.
Well, just changing "cas" to "mgmt" didn't work... I'm
trying to configure proxy parameters when starting java,
but, it neither doesn't work
Cheers!
El 02/03/2022 a las 13:18, Petr Fišer escribió:
Hello,
cas.* properties are meant to configure CAS, not the
management app. Properties for management app start with
"mgmt."
Skimming through
https://github.com/apereo/cas-management/blob/6.3.x/api/cas-mgmt-api-configuration/src/main/java/org/apereo/cas/configuration/CasManagementConfigurationProperties.java
there is no obvious property to configure a proxy.
Cheers,
Fiisch
On 03/02/2022 01:00 PM, Juan María Reina Ortiz wrote:
I did some research and I don't see traffic through
proxy, but through firewall, so I'm affraid proxy is not
configured properly. I did it adding the above lines in
management.properties...
Cheers
El miércoles, 2 de marzo de 2022 a las 12:17:34 UTC+1,
Juan María Reina Ortiz escribió:
Good morning everybody
I'm trying to start cas-management and after a while,
the process shows me the following:
ERROR [org.apereo.cas.util.HttpUtils] - <Connect to
mdq.incommon.org:443 <http://mdq.incommon.org:443>
[mdq.incommon.org/13.33.232.95
<http://mdq.incommon.org/13.33.232.95>,
mdq.incommon.org/13.33.232.10
<http://mdq.incommon.org/13.33.232.10>,
mdq.incommon.org/13.33.232.66
<http://mdq.incommon.org/13.33.232.66>,
mdq.incommon.org/13.33.232.102
<http://mdq.incommon.org/13.33.232.102>] failed: Expiró
el tiempo de conexión (Connection timed out)>
org.apache.http.conn.HttpHostConnectException: Connect
to mdq.incommon.org:443 <http://mdq.incommon.org:443>
[mdq.incommon.org/13.33.232.95
<http://mdq.incommon.org/13.33.232.95>,
mdq.incommon.org/13.33.232.10
<http://mdq.incommon.org/13.33.232.10>,
mdq.incommon.org/13.33.232.66
<http://mdq.incommon.org/13.33.232.66>,
mdq.incommon.org/13.33.232.102
<http://mdq.incommon.org/13.33.232.102>] failed: Expiró
el tiempo de conexión (Connection timed out)
My server is behind a proxy so I've configured the
following:
cas.http-client.proxy-host=my_proxy_hostname
cas.http-client.proxy-port=my_proxy_port
cas.http-client.proxy-nonproxyihosts=
domain_1,domain_2,domain_3
cas.https-client.proxy-host= my_proxy_hostname
cas.https-client.proxy-port= my_proxy_port
cas.https-client.proxy-nonproxyihosts=domain_1,domain_2,domain_3
But the situation persists. I've also tried to set the
above when start the process
java -jar PATH_TO_CAS_MAN/cas-management.war
-Dhttp.proxySet=true -Dhttps.proxySet=true
-Dhttp.proxyHost=my_proxy_hostname...
It doesn't work
What I have to configure? What's happening?
Thanks in advance
--
- Website: https://apereo.github.io/cas
<https://apereo.github.io/cas>
- Gitter Chatroom: https://gitter.im/apereo/cas
<https://gitter.im/apereo/cas>
- List Guidelines: https://goo.gl/1VRrw7
<https://goo.gl/1VRrw7>
- Contributions: https://goo.gl/mh7qDG
<https://goo.gl/mh7qDG>
---
You received this message because you are subscribed to
the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails
from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bf1b275f-4182-4708-8725-87818fb5adb2n%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/bf1b275f-4182-4708-8725-87818fb5adb2n%40apereo.org?utm_medium=email&utm_source=footer>.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 <tel:%28250%29%20721-8831> | CLE 019 | rb...@uvic.ca
I acknowledge and respect the lək̓ʷəŋən peoples on whose
traditional territory the university stands, and the
Songhees, Esquimalt and WSÁNEĆ peoples whose historical
relationships with the land continue to this day.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to a
topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit
https://groups.google.com/a/apereo.org/d/topic/cas-user/1NIV6j269I8/unsubscribe.
To unsubscribe from this group and all its topics, send an
email to cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c06c58a6cfbf6cde3f2a124425f72231dfcbe8d1.camel%40uvic.ca
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/c06c58a6cfbf6cde3f2a124425f72231dfcbe8d1.camel%40uvic.ca?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the
Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/973a8aa7-61ce-44d5-b46f-4fb191f0b4c4n%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/973a8aa7-61ce-44d5-b46f-4fb191f0b4c4n%40apereo.org?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9e4ecb9a-c633-0628-388d-7c0aeac2d6b7%40gmail.com.