Thanks a lot for your answer, Ray
The point is that, after dealing with this issue, I 'm not sure of
needing these metadata. Meaning, what are they for? The only IdPs that I
have to use are our corporate LDAP and a local user database. I'm
thinking I don't need it at all, but I'd rather if someone with a deeper
knowledge and more experience could confirm that.
Kind regards
El 14/03/2022 a las 16:59, Ray Bon escribió:
Juan,
Unfortunately the InCommon requirement is hard coded into the
management app; a serious flaw - it should be configurable like every
other federation or provider.
You can read about and get InCommon metadata here,
https://spaces.at.internet2.edu/display/federation/Metadata+Service
Then you can store it in a local web server and point that url
property to the local copy.
You may need to have their signing cert locally as well, see
https://spaces.at.internet2.edu/display/federation/consume-metadata-best-practice
If you do not need the contents of the file, then delete most of it,
just keep the InCommon entries which are first.
Ray
On Mon, 2022-03-14 at 01:34 -0700, Juan María Reina Ortiz wrote:
Notice: This message was sent from outside the University of Victoria
email system. Please be cautious with links and sensitive information.
Good morning
I've tried to use some config like this:
/mgmt.in-common-mdq-url=file:/etc/cas/config/entities
/
But, I'm afraid what it expects is a URL... So, it doesn't work. Is
there another option to take it from local?
Anyway, I am not sure of needing this. I don't know the purpose of
these metadata and how not having it could impact on my enviroment.
Could anybody of you guys provide me more info, at least at a basic
level, to have a better understanding? Perhaps I'm struggling with
something I don't need at all and therefore wasting my time...
Again, thank you very much
El viernes, 11 de marzo de 2022 a las 14:11:45 UTC+1,
petr.f...@gmail.com escribió:
Hello,
Technically MDQ is an API so not really set of XML files, sorry for
mistaking you a bit. But returning document is a valid XML, so... :)
If you do not need to use InCommon (or possibly other MDQ registry),
you can leave the property empty.
Otherwise,
https://github.com/apereo/cas-management/blob/0396f5a5a69af22845b4dd4e633cf74dda195e63/api/cas-mgmt-api-configuration/src/main/java/org/apereo/cas/configuration/CasManagementConfigurationProperties.java#L157
Cheers,
Fiisch
On 03/11/2022 01:48 PM, Juan María Reina Ortiz wrote:
Leaving this parameter empty allowed me tyo start cas-management,
but I'm still considering to have this xml locally downloaded. But,
here's another thing I need to ask: What is the URL from I could
download the xml file?
Again, thanks in advance. Your help is being very valuable
Cheers!
El viernes, 11 de marzo de 2022 a las 12:27:27 UTC+1,
petr.f...@gmail.com escribió:
Hello,
MDQ metadata endpoint is basically one huge XML file (or a set of
small ones) with SAML metadata of various organizations, in this
case, members of InCommon community.
MDQ as a technical standard is an IETF thing.
But what it means for CAS and Mgmt apps...
https://apereo.github.io/cas/6.5.x/installation/Configuring-SAML2-DynamicMetadata.html
- When you are creating a SAML registration in Mgmt app, the Mgmt
app can give you a choice of ready-made SAML metadata
configurations because it downloaded them upon its startup.
- CAS does not need to store the SAML metadata locally, it can
gather them from MDQ endpoint. This implies that CAS administrator
doesn't need to manage local metadata files of various connected
3rd parties.
- If you cannot access InCommon MDQ, you cannot consume 3rd party
SAML metadata automatically. So you are back to manual management
of metadata XML files. That is all.
Other than automating tasks around SAML metadata upkeeping, there
is no impact on the functionality.
However, even without proxy access, you can work around the issue.
You can, for example, periodically download the metadata with wget
and let CAS read the file locally or from some internal webserver.
You have a property (mgmt.in-common-mdq-url) which you can
configure, so if there is a will, there is a way. :) But I would
do it only if you really desperately need to access the InCommon
MDQ registry.
Cheers,
Fiisch
On 03/11/2022 11:05 AM, Juan María Reina Ortiz wrote:
Thanks, Petr
Having read that tread, what I've understood is that disabling
mdq would allow the process to start, but, what would be the
consecuences? I don't have a knowledge deep enough to foresee
what it will happen by not using this feature...
Thanks in advance
El viernes, 11 de marzo de 2022 a las 8:29:03 UTC+1,
petr.f...@gmail.com escribió:
Hello,
If the proxy settings do not work, you still should be able to
manipulate the URL of InCommon service... either to point it
somewhere where it can reach the data or to disable it completely.
If i remember the source code correctly, you do not have to
specify only an URL but a filesystem path (file:///somepath)
might work too.
Check this thread
https://groups.google.com/a/apereo.org/g/cas-user/c/8eJvw8oikPw/m/tNAH1jIKBgAJ
Cheers,
Fiisch
On 03/10/2022 07:20 PM, Juan María Reina Ortiz wrote:
Hello everybody
Doesn't anybody have to deal with this? I mean, having a
cas-management installed on a server behind a proxy...
In that case, can anybody point me to a different place where I
could find some help?
Cheers!
El jueves, 3 de marzo de 2022 a las 8:16:11 UTC+1, Juan María
Reina Ortiz escribió:
Hello everybody
Ray, first of all, I have to confirm that I'm using 6.3. And,
yes, some of the options were probably wrong, so I stuck to
the ones you've mentioned. Anyway, it doesn't work as the
request are not passing through the proxy... And I have to say
that proxy is working well as I've had to configure it to
build the product (gradle.properties)
This failure prevent my cas-management to start
Thanks for your help.
El 02/03/2022 a las 18:49, Ray Bon escribió:
Juan,
I am unable to find proxy-host in the cas 6.4 docs. It is in 6.3.
Is it still a property in 6.4?
Some cas. ... properties are available in cas-management. I
searched around the code but could not find a place where
proxy-host is used.
In cas 6.3 docs, I see only these proxy options
# cas.http-client.proxy-host=
# cas.http-client.proxy-port=0
I see that incommon is still hard coded into cas management
app; which is a shame.
Are you trying to get the incommon metadata?
Is that failure preventing cas management from working?
As a work around, you could filter out those log messages.
Ray
On Wed, 2022-03-02 at 14:13 +0100, Juan María Reina Ortiz wrote:
Notice: This message was sent from outside the University of
Victoria email system. Please be cautious with links and
sensitive information.
Well, just changing "cas" to "mgmt" didn't work... I'm
trying to configure proxy parameters when starting java,
but, it neither doesn't work
Cheers!
El 02/03/2022 a las 13:18, Petr Fišer escribió:
Hello,
cas.* properties are meant to configure CAS, not the
management app. Properties for management app start with
"mgmt."
Skimming through
https://github.com/apereo/cas-management/blob/6.3.x/api/cas-mgmt-api-configuration/src/main/java/org/apereo/cas/configuration/CasManagementConfigurationProperties.java
there is no obvious property to configure a proxy.
Cheers,
Fiisch
On 03/02/2022 01:00 PM, Juan María Reina Ortiz wrote:
I did some research and I don't see traffic through
proxy, but through firewall, so I'm affraid proxy is not
configured properly. I did it adding the above lines in
management.properties...
Cheers
El miércoles, 2 de marzo de 2022 a las 12:17:34 UTC+1,
Juan María Reina Ortiz escribió:
Good morning everybody
I'm trying to start cas-management and after a while, the
process shows me the following:
ERROR [org.apereo.cas.util.HttpUtils] - <Connect to
mdq.incommon.org:443 <http://mdq.incommon.org:443>
[mdq.incommon.org/13.33.232.95
<http://mdq.incommon.org/13.33.232.95>,
mdq.incommon.org/13.33.232.10
<http://mdq.incommon.org/13.33.232.10>,
mdq.incommon.org/13.33.232.66
<http://mdq.incommon.org/13.33.232.66>,
mdq.incommon.org/13.33.232.102
<http://mdq.incommon.org/13.33.232.102>] failed: Expiró
el tiempo de conexión (Connection timed out)>
org.apache.http.conn.HttpHostConnectException: Connect to
mdq.incommon.org:443 <http://mdq.incommon.org:443>
[mdq.incommon.org/13.33.232.95
<http://mdq.incommon.org/13.33.232.95>,
mdq.incommon.org/13.33.232.10
<http://mdq.incommon.org/13.33.232.10>,
mdq.incommon.org/13.33.232.66
<http://mdq.incommon.org/13.33.232.66>,
mdq.incommon.org/13.33.232.102
<http://mdq.incommon.org/13.33.232.102>] failed: Expiró
el tiempo de conexión (Connection timed out)
My server is behind a proxy so I've configured the following:
cas.http-client.proxy-host=my_proxy_hostname
cas.http-client.proxy-port=my_proxy_port
cas.http-client.proxy-nonproxyihosts=
domain_1,domain_2,domain_3
cas.https-client.proxy-host= my_proxy_hostname
cas.https-client.proxy-port= my_proxy_port
cas.https-client.proxy-nonproxyihosts=domain_1,domain_2,domain_3
But the situation persists. I've also tried to set the
above when start the process
java -jar PATH_TO_CAS_MAN/cas-management.war
-Dhttp.proxySet=true -Dhttps.proxySet=true
-Dhttp.proxyHost=my_proxy_hostname...
It doesn't work
What I have to configure? What's happening?
Thanks in advance
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to
the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails
from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bf1b275f-4182-4708-8725-87818fb5adb2n%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/bf1b275f-4182-4708-8725-87818fb5adb2n%40apereo.org?utm_medium=email&utm_source=footer>.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 <tel:%28250%29%20721-8831> | CLE 019 | rb...@uvic.ca
I acknowledge and respect the lək̓ʷəŋən peoples on whose
traditional territory the university stands, and the
Songhees, Esquimalt and WSÁNEĆ peoples whose historical
relationships with the land continue to this day.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to a
topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit
https://groups.google.com/a/apereo.org/d/topic/cas-user/1NIV6j269I8/unsubscribe.
To unsubscribe from this group and all its topics, send an
email to cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c06c58a6cfbf6cde3f2a124425f72231dfcbe8d1.camel%40uvic.ca
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/c06c58a6cfbf6cde3f2a124425f72231dfcbe8d1.camel%40uvic.ca?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the
Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/973a8aa7-61ce-44d5-b46f-4fb191f0b4c4n%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/973a8aa7-61ce-44d5-b46f-4fb191f0b4c4n%40apereo.org?utm_medium=email&utm_source=footer>.
--
Logo Soltel
Juan María Reina Ortiz
IT Project Manager
*+34 699 96 35 32*
juanmaria.re...@soltel.es <mailto:juanmaria.re...@soltel.es>
best workplaces
<https://www.soltel.es/soltel-group-la-5a-mejor-empresa-de-tecnologias-de-la-informacion-para-trabajar-en-espana-segun-great-place-to-work/>
facebook <http://www.facebook.com/SoltelIT> twitter
<http://twitter.com/soltel_it> linkedIn
<http://www.linkedin.com/company/soltel> YouTube
<http://www.youtube.com/user/SoltelTV> Google+ <http://www.soltel.es/>
www.soltel.es <http://www.soltel.es/>
Soltel Group
España: [Sevilla] - Madrid - Badajoz
México: México D.F.
Colombia: Bogotá
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bfb0f9a1-345a-89a7-18be-4254ce0e48b3%40soltel.es.