Jerome, Your test service is not being loaded.
05:22:45 INFO [o.a.c.s.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].> See https://apereo.github.io/cas/6.6.x/services/JSON-Service-Management.html and https://apereo.github.io/cas/6.6.x/services/Service-Management.html Ray On Mon, 2023-07-03 at 06:17 -0700, Jerome Denechaud (wanexa) wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello trying to deploy cas server for delegate azure ad auth I'm working with docker image apereo/cas:latest I added cas.properties file as below cas.authn.pac4j.oidc[0].azure.display-name= cas cas.authn.pac4j.oidc[0].azure.auto-redirect-type= SERVER cas.authn.pac4j.oidc[0].azure.client-name= cas cas.authn.pac4j.oidc[0].azure.enabled= true cas.authn.pac4j.oidc[0].azure.id= xxxxxxxxxxxx cas.authn.pac4j.oidc[0].azure.response-mode= form_post cas.authn.pac4j.oidc[0].azure.response-type= id_token cas.authn.pac4j.oidc[0].azure.scope= openid cas.authn.pac4j.oidc[0].azure.secret= xxxxxxxxxxxx cas.authn.pac4j.oidc[0].azure.tenant= xxxxxxxxxxxxxx cas.authn.pac4j.oidc[0].azure.use-nonce= true cas.authn.pac4j.oidc[0].azure.discovery-uri= https://login.microsoftonline.com/xxxxxxxxxxxxx/v2.0/.well-known/openid-configuration cas.authn.pac4j.oidc[0].azure.logout-url= https://login.microsoftonline.com/common/oauth2/logout cas.serviceRegistry.json.location: file:/etc/cas/services test-1.json { "@class" : "org.apereo.cas.services.CasRegisteredService", "serviceId" : "^(https?)://.*", "name" : "test", "id" : 1, "evaluationOrder" : 1 } on azure side https://x.x.x.x/cas/login?client_name=AzureClient public address no dns when I'm trying to authenticate on my app portal 06:10:07 ERROR [o.a.c.s.w.s.RegisteredServiceResponseHeadersEnforcementFilter] - <Service unauthorized RegisteredServiceAccessStrategyAuditableEnforcer.java:lambda$execute$6:200 Optional.java:orElseGet:364 RegisteredServiceAccessStrategyAuditableEnforcer.java:execute:194 > switch to debug in log4j but can't find anything more startup log: 05:22:12 INFO [o.a.c.c.CasConfigurationPropertiesValidator] - <Validated CAS property sources and configuration successfully.> 05:22:16 INFO [o.a.c.c.DefaultCasConfigurationPropertiesSourceLocator] - <Configuration files found at [/etc/cas/config] are [[]] under profile(s) [[standalone]]> 05:22:16 INFO [o.a.c.c.CasConfigurationPropertiesValidator] - <Validated CAS property sources and configuration successfully.> 05:22:16 INFO [o.a.c.w.CasWebApplication] - <The following 1 profile is active: "standalone"> 05:22:29 INFO [o.a.c.c.CasCoreServicesConfiguration] - <Runtime memory is used as the persistence storage for retrieving and persisting service definitions. Changes that ar e made to service definitions during runtime WILL be LOST when the CAS server is restarted. Ideally for production, you should choose a storage option (JSON, JDBC, MongoDb, etc ) to track service definitions.> 05:22:36 WARN [o.s.b.a.s.s.UserDetailsServiceAutoConfiguration] - < Using generated security password: jkljljlk This generated password is for development use only. Your security configuration must be updated before running your application in production. > 05:22:37 INFO [o.s.s.w.a.c.ChannelProcessingFilter] - <Validated configuration attributes> 05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will secure any request with [org.springframework.security.web.access.channel.ChannelProcessingFilter@69069866, org.sp ringframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@2f9addd4, org.springframework.web.filter.CorsFilter@1c43df76, org.springframework.security.web .servletapi.SecurityContextHolderAwareRequestFilter@1d7c9811, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@ff2266c, org.springframework.securit y.web.access.ExceptionTranslationFilter@7757a37f, org.springframework.security.web.access.intercept.AuthorizationFilter@2335aef2]> 05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/login/**']> 05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/logout/**']> 05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/validate/**']> 05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/serviceValidate/**']> 05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/p3/serviceValidate/**']> 05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/proxyValidate/**']> 05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/p3/proxyValidate/**']> 05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/proxy/**']> 05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/webjars/**']> 05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/js/**']> 05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/css/**']> 05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/images/**']> 05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/static/**']> 05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/error']> 05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/favicon.ico']> 05:22:41 INFO [o.a.c.c.CasCoreTicketsConfiguration] - <Runtime memory is used as the persistence storage for retrieving and managing tickets. Tickets that are issued during runtime will be LOST when the web server is restarted. This MAY impact SSO functionality.> 05:22:41 INFO [o.a.c.u.CoreTicketUtils] - <Ticket registry encryption/signing is turned off. This MAY NOT be safe in a clustered production environment. Consider using othe r choices to handle encryption, signing and verification of ticket registry tickets, and verify the chosen ticket registry does support this behavior.> 05:22:43 WARN [o.a.c.u.c.BaseStringCipherExecutor] - <Secret key for encryption is not defined for [Ticket-granting Cookie]; CAS will attempt to auto-generate the encryptio n key> 05:22:43 WARN [o.a.c.u.c.BaseStringCipherExecutor] - <Generated encryption key [jklhkjjk] of size [256] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings: cas.tgc.crypto.encryption.key=jklhkjjk > 05:22:43 WARN [o.a.c.u.c.BaseStringCipherExecutor] - <Secret key for signing is not defined for [Ticket-granting Cookie]. CAS will attempt to auto-generate the signing key> 05:22:43 WARN [o.a.c.u.c.BaseStringCipherExecutor] - <Generated signing key [oQ30Tk3YNd_mYgu7um3kuIUFzPamDVkfSjdDVaEvhW6Wh1YhgqRNgwoYHh5eSJhyc8sTin7naLdaob4UARLseA] of size [512] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings: cas.tgc.crypto.signing.key=oQ30Tk3YNd_mYgu7um3kuIUFzPamDVkfSjdDVaEvhW6Wh1YhgqRNgwoYHh5eSJhyc8sTin7naLdaob4UARLseA > 05:22:43 WARN [o.a.c.u.c.BaseBinaryCipherExecutor] - <Secret key for signing is not defined under [cas.webflow.crypto.signing.key]. CAS will attempt to auto-generate the si gning key> 05:22:43 WARN [o.a.c.u.c.BaseBinaryCipherExecutor] - <Generated signing key [gBCy5m2niOKZMNmLE-_yVJFhBRK2mCw1diQZHcr16CRqAs7aMUxyLHo-zYWyFizksC_JVaq7tLjYw0SYlW9s5Q] of size [512]. The generated key MUST be added to CAS settings: cas.webflow.crypto.signing.key=gBCy5m2niOKZMNmLE-_yVJFhBRK2mCw1diQZHcr16CRqAs7aMUxyLHo-zYWyFizksC_JVaq7tLjYw0SYlW9s5Q > 05:22:43 WARN [o.a.c.u.c.BaseBinaryCipherExecutor] - <Secret key for encryption is not defined under [cas.webflow.crypto.encryption.key]. CAS will attempt to auto-generate the encryption key> 05:22:43 WARN [o.a.c.u.c.BaseBinaryCipherExecutor] - <Generated encryption key [knHc-h7pqGrVVLbZYNXiuA] of size [16]. The generated key MUST be added to CAS settings: cas.webflow.crypto.encryption.key=knHc-h7pqGrVVLbZYNXiuA > 05:22:45 WARN [o.a.c.c.s.a.AcceptUsersAuthenticationEventExecutionPlanConfiguration] - <> 05:22:45 WARN [o.a.c.c.s.a.AcceptUsersAuthenticationEventExecutionPlanConfiguration] - < ____ _____ ___ ____ _ / ___|_ _/ _ \| _ \| | \___ \ | || | | | |_) | | ___) || || |_| | __/|_| |____/ |_| \___/|_| (_) CAS is configured to accept a static list of credentials for authentication. While this is generally useful for demo purposes, it is STRONGLY recommended that you DISABLE this authentication method by setting 'cas.authn.accept.enabled=false' and switch to a mode that is more suitable for production.> 05:22:45 WARN [o.a.c.c.s.a.AcceptUsersAuthenticationEventExecutionPlanConfiguration] - <> 05:22:45 INFO [o.a.c.w.CasWebApplication] - <Started CasWebApplication in 33.514 seconds (JVM running for 37.949)> 05:22:45 INFO [o.a.c.s.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].> 05:22:45 INFO [o.a.c.w.CasWebApplicationReady] - <> 05:22:45 INFO [o.a.c.w.CasWebApplicationReady] - < ____ _____ _ ______ __ | _ \| ____| / \ | _ \ \ / / | |_) | _| / _ \ | | | \ V / | _ <| |___ / ___ \| |_| || | |_| \_\_____/_/ \_\____/ |_| > 05:22:45 INFO [o.a.c.w.CasWebApplicationReady] - <> 05:22:45 INFO [o.a.c.w.CasWebApplicationReady] - <Ready to process requests @ [2023-07-03T12:22:45.529Z]> 05:23:15 INFO [o.a.c.t.r.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.> 05:23:40 INFO [o.a.i.a.s.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: {result=Service Access Denied, service=https://xxx.com/login.php} ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED APPLICATION: CAS WHEN: Mon Jul 03 12:23:40 UTC 2023 CLIENT IP ADDRESS: x.x.x.x SERVER IP ADDRESS: x.x.x.x ============================================================= > Any help please ? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9b7f4f358afc5c8864760c17be117f0a50c4278a.camel%40uvic.ca.
