[cas-user] Re: 401 page after failed login

2018-09-20 Thread Sean Day 
For reference I have found

Changed from using the ISAP redirector to HttpPlatformHandler and the 
system works so it appears to be a problem with using the ISAP redirector 
or I am missing a config setting that would allow the 401 to be passed back 
to Tomcat/CAS to display the message on the login page.

So I have 2 options, just use Tomcat or use HttpPlatformHandler instead of 
ISAPI redirector but I am curious if anyone else fronts their CAS service 
with IIS and has found this issue?

Sean

>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9793829-5a59-4b82-8abb-842572b1a8bd%40apereo.org.

Re: [cas-user] Problem on docker versions

2018-09-20 Thread Jason Sherman 
>
> 2018-09-20 12:23:33,448 INFO
> [org.apereo.cas.configuration.DefaultCasConfigurationPropertiesSourceLocator]
> -  be found at the specific path>
>

Your container doesn't have a config directory, and


> Caused by: java.lang.IllegalArgumentException: No aliases for private keys
> found in key store
>

It looks like the keystore hasn't been setup in your container, either.


If you use
https://github.com/apereo/cas-webapp-docker
instead of putting together your own Dockerfile, this should be taken care
of for you.

Otherwise, you'll have to make sure that you put all the things in place
that CAS needs to work that are unique to a given CAS instance, like
configuration and encryption keys. The images themselves (rightly) don't
have any of that stuff.

On Thu, Sep 20, 2018 at 7:27 AM Umut Arus  wrote:

> Last part of the log...
>
> 2018-09-20 12:24:05,606 INFO
> [org.apereo.cas.support.events.listener.CasConfigurationEventListener] -
> 
> 2018-09-20 12:24:06,220 WARN
> [org.apereo.cas.config.CasCoreServicesConfiguration] -  used as the persistence storage for retrieving and persisting service
> definitions. Changes that are made to service definitions during runtime
> WILL be LOST when the web server is restarted. Ideally for production, you
> need to choose a storage option (JDBC, etc) to store and track service
> definitions.>
> 2018-09-20 12:24:06,293 INFO
> [org.apereo.cas.services.AbstractServicesManager] -  from [InMemoryServiceRegistry].>
> 2018-09-20 12:24:06,732 WARN
> [org.apereo.cas.util.cipher.BaseStringCipherExecutor] -  encryption is not defined for [Ticket-granting Cookie]; CAS will attempt to
> auto-generate the encryption key>
> 2018-09-20 12:24:06,753 WARN
> [org.apereo.cas.util.cipher.BaseStringCipherExecutor] -  encryption key [sO4QOgf98hS-2fZEfB4PttueNvibknDSZa5xlC9suyQ] of size [256]
> for [Ticket-granting Cookie]. The generated key MUST be added to CAS
> settings under setting [cas.tgc.crypto.encryption.key].>
> 2018-09-20 12:24:06,761 WARN
> [org.apereo.cas.util.cipher.BaseStringCipherExecutor] -  signing is not defined for [Ticket-granting Cookie]. CAS will attempt to
> auto-generate the signing key>
> 2018-09-20 12:24:06,762 WARN
> [org.apereo.cas.util.cipher.BaseStringCipherExecutor] -  key
> [CJqJINZp9drK7hjHrXproIAT-EbPpSToNTW8SA1NPV9MO_cWTe3c9wuMazpUYjmi5ii20f43d0SczCcTxsIncQ]
> of size [512] for [Ticket-granting Cookie]. The generated key MUST be added
> to CAS settings under setting [cas.tgc.crypto.signing.key].>
> 2018-09-20 12:24:07,537 WARN
> [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] -  signing is not defined under [cas.webflow.crypto.signing.key]. CAS will
> attempt to auto-generate the signing key>
> 2018-09-20 12:24:07,538 WARN
> [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] -  key
> [vvVdP_t8HW9MhVFiTTqS2xb5Uip4lxJf4uIPJoLRUNkre8wP3_v7uvpELNAFPUsmACn3nqF0Bjt-f_69DpIXdA]
> of size [512]. The generated key MUST be added to CAS settings under
> setting [cas.webflow.crypto.signing.key].>
> 2018-09-20 12:24:07,539 WARN
> [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] -  encryption is not defined under [cas.webflow.crypto.encryption.key]. CAS
> will attempt to auto-generate the encryption key>
> 2018-09-20 12:24:07,542 WARN
> [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] -  encryption key [nLM2R9XE7xeZEemeD27zzA] of size [16]. The generated key
> MUST be added to CAS settings under setting
> [cas.webflow.crypto.encryption.key].>
> 2018-09-20 12:24:07,902 ERROR [org.apache.catalina.core.StandardService] -
> 
> org.apache.catalina.LifecycleException: Failed to start component
> [Connector[HTTP/1.1-8443]]
> at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
> ~[tomcat-catalina-8.5.32.jar!/:8.5.32]
> at
> org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
> ~[tomcat-catalina-8.5.32.jar!/:8.5.32]
> at
> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:265)
> ~[spring-boot-1.5.14.RELEASE.jar!/:1.5.14.RELEASE]
> at
> org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:208)
> ~[spring-boot-1.5.14.RELEASE.jar!/:1.5.14.RELEASE]
> at
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
> ~[spring-boot-1.5.14.RELEASE.jar!/:1.5.14.RELEASE]
> at
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
> ~[spring-boot-1.5.14.RELEASE.jar!/:1.5.14.RELEASE]
> at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
> ~[spring-context-4.3.18.RELEASE.jar!/:4.3.18.RELEASE]
> at
> org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)

[cas-user] How does CAS load log4j2.xml based on cas.properties

2018-09-20 Thread Yan Zhou 
Hello!

I wish to figure out how CAS 5.x loads an externalized log4j2.xml based on 
the setting in cas.properties.

logging.config=file:///... some location... /config/log4j2.xml

As far as Spring doc., it says:  An ApplicationContextInitializer that 
configures a logging framework depending on what it finds on the classpath 
and in the Environment. If the environment contains a property 
logging.config then that will be used to initialize the logging system, 
otherwise a default location is used. 

This is why, when I tries to use the same approach for my web application 
(NOT related to CAS). it does not work.  the externalized log4j2.xml is not 
loaded because it is not in classpath, nor is it specified in an 
environment property. 

I deploy multiple web apps (Spring Boot apps) on the same host, each Web 
app has its own Log4j2.xml file, so I want to find a approach that is 
specific to the app., not a global one.

Thx!
Yan

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f17a31b4-7d5a-48dc-b3dc-28e420081539%40apereo.org.

Re: [cas-user] Problem on docker versions

2018-09-20 Thread Umut Arus 
Last part of the log...

2018-09-20 12:24:05,606 INFO
[org.apereo.cas.support.events.listener.CasConfigurationEventListener] -

2018-09-20 12:24:06,220 WARN
[org.apereo.cas.config.CasCoreServicesConfiguration] - 
2018-09-20 12:24:06,293 INFO
[org.apereo.cas.services.AbstractServicesManager] - 
2018-09-20 12:24:06,732 WARN
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 
2018-09-20 12:24:06,753 WARN
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 
2018-09-20 12:24:06,761 WARN
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 
2018-09-20 12:24:06,762 WARN
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 
2018-09-20 12:24:07,537 WARN
[org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - 
2018-09-20 12:24:07,538 WARN
[org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - 
2018-09-20 12:24:07,539 WARN
[org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - 
2018-09-20 12:24:07,542 WARN
[org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - 
2018-09-20 12:24:07,902 ERROR [org.apache.catalina.core.StandardService] -

org.apache.catalina.LifecycleException: Failed to start component
[Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
~[tomcat-catalina-8.5.32.jar!/:8.5.32]
at
org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
~[tomcat-catalina-8.5.32.jar!/:8.5.32]
at
org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:265)
~[spring-boot-1.5.14.RELEASE.jar!/:1.5.14.RELEASE]
at
org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:208)
~[spring-boot-1.5.14.RELEASE.jar!/:1.5.14.RELEASE]
at
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
~[spring-boot-1.5.14.RELEASE.jar!/:1.5.14.RELEASE]
at
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
~[spring-boot-1.5.14.RELEASE.jar!/:1.5.14.RELEASE]
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
~[spring-context-4.3.18.RELEASE.jar!/:4.3.18.RELEASE]
at
org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
~[spring-boot-1.5.14.RELEASE.jar!/:1.5.14.RELEASE]
at
org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
~[spring-boot-1.5.14.RELEASE.jar!/:1.5.14.RELEASE]
at
org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
~[spring-boot-1.5.14.RELEASE.jar!/:1.5.14.RELEASE]
at
org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
~[spring-boot-1.5.14.RELEASE.jar!/:1.5.14.RELEASE]
at
org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:134)
~[spring-boot-1.5.14.RELEASE.jar!/:1.5.14.RELEASE]
at org.apereo.cas.web.CasWebApplication.main(CasWebApplication.java:71)
~[cas-server-webapp-init-5.3.2.jar!/:5.3.2]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.8.0_172]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_172]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_172]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_172]
at
org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
~[cas.war:?]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
~[cas.war:?]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
~[cas.war:?]
at
org.springframework.boot.loader.WarLauncher.main(WarLauncher.java:59)
~[cas.war:?]
Caused by: org.apache.catalina.LifecycleException: Protocol handler start
failed
at
org.apache.catalina.connector.Connector.startInternal(Connector.java:1020)
~[tomcat-catalina-8.5.32.jar!/:8.5.32]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
~[tomcat-catalina-8.5.32.jar!/:8.5.32]
... 20 more
Caused by: java.lang.IllegalArgumentException: No aliases for private keys
found in key store
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116)
~[tomcat-coyote-8.5.32.jar!/:8.5.32]
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87)
~[tomcat-coyote-8.5.32.jar!/:8.5.32]
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225)
~[tomcat-coyote-8.5.32.jar!/:8.5.32]
at
org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1150)
~[tomcat-coyote-8.5.32.jar!/:8.5.32]
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:591)
~[tomcat-coyote-8.5.32.jar!/:8.5.32]
at
org.apache.cata

Re: [cas-user] Problem on docker versions

2018-09-20 Thread Umut Arus 
Hi,

You are welcome for your feedbacks.

thanks.

root@umuta:~# docker pull apereo/cas:v5.3.2
v5.3.2: Pulling from apereo/cas
Digest:
sha256:81532b1fb2177f8d048fd6ea8663af98a91eb298f36e47c83912f56f2d4a2adc
Status: Image is up to date for apereo/cas:v5.3.2
root@umuta:~#
root@umuta:~#
root@umuta:~# docker run -d -p 8080:8080 -p 8443:8443 --name="cas"
apereo/cas:v5.3.2
ed7ff40f67098eef32226054624acc8d554424782cea12bf26b1ca95d8186d8e
root@umuta:~#
root@umuta:~#
root@umuta:~# docker ps -a
CONTAINER IDIMAGE   COMMAND
CREATED STATUS
PORTSNAMES
ed7ff40f6709apereo/cas:v5.3.2   "bin/run-cas.sh"15 seconds
ago  Up 14 seconds   0.0.0.0:8080->8080/tcp, 0.0.0.0:8443->8443/tcp
cas
root@umuta:~#
root@umuta:~# docker logs ed7ff40f6709

   __     _     __
  / /  / ___|/ \/ ___|  \ \
 | |  | |   / _ \   \___ \   | |
 | |  | |___   / ___ \   ___) |  | |
 | |   \| /_/   \_\ |/   | |
  \_\   /_/

CAS Version: 5.3.2
CAS Commit Id: 145d8c3dd5e27333dd05f5cc10987df4656fba5e
CAS Build Date/Time: 2018-07-30T21:09:46Z
Spring Boot Version: 1.5.14.RELEASE
Spring Version: 4.3.18.RELEASE
Java Home: /opt/zulu8.30.0.1-jdk8.0.172-linux_x64/jre
Java Vendor: Azul Systems, Inc.
Java Version: 1.8.0_172
JVM Free Memory: 50 MB
JVM Maximum Memory: 1 GB
JVM Total Memory: 690 MB
JCE Installed: Yes
Node Version: N/A
NPM Version: N/A
OS Architecture: amd64
OS Name: Linux
OS Version: 4.15.0-33-generic
OS Date/Time: 2018-09-20T12:23:33.336
OS Temp Directory: /tmp

Apache Tomcat Version: Apache Tomcat/8.5.32



2018-09-20 12:23:33,448 INFO
[org.apereo.cas.configuration.DefaultCasConfigurationPropertiesSourceLocator]
- 
2018-09-20 12:23:33,492 INFO
[org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration]
- 
2018-09-20 12:23:33,511 INFO [org.apereo.cas.web.CasWebApplication] - 
2018-09-20 12:23:33,606 INFO [org.apereo.cas.web.CasWebApplicationContext]
- 
2018-09-20 12:23:39,856 WARN
[org.apereo.cas.config.CasCoreTicketsConfiguration] - 
2018-09-20 12:23:39,860 INFO [org.apereo.cas.util.CoreTicketUtils] -

2018-09-20 12:23:57,141 INFO
[org.apereo.cas.config.CasConfigurationSupportUtilitiesConfiguration] -

2018-09-20 12:23:58,027 WARN
[org.apereo.cas.config.support.authentication.AcceptUsersAuthenticationEventExecutionPlanConfiguration]
- <>
2018-09-20 12:23:58,032 WARN
[org.apereo.cas.config.support.authentication.AcceptUsersAuthenticationEventExecutionPlanConfiguration]
- <

  _____
 / ___|  |_   _|  / _ \  |  _ \  | |
 \___ \| |   | | | | | |_) | | |
  ___) |   | |   | |_| | |  __/  |_|
 |/|_|\___/  |_| (_)


CAS is configured to accept a static list of credentials for
authentication. While this is generally useful for demo purposes, it is
STRONGLY recommended that you DISABLE this authentication method (by
setting 'cas.authn.accept.users' to a blank value) and switch to a mode
that is more suitable for production.>
2018-09-20 12:23:58,032 WARN
[org.apereo.cas.config.support.authentication.AcceptUsersAuthenticationEventExecutionPlanConfiguration]
- <>
root@umuta:~#
root@umuta:~#



On Thu, Sep 20, 2018 at 9:51 AM Umut Arus  wrote:

> Hi,
>
> I'm getting the below error on last cas docker version.
>
> docker run -d -p 8080:8080 -p 8443:8443 --name="cas" apereo/cas
>
> root@umuta:~# docker logs cd62fe31b9c9
> Sep 20, 2018 6:47:03 AM java.util.prefs.FileSystemPreferences$1 run
> INFO: Created user preferences directory.
> |  Welcome to JShell -- Version 11
> |  For an introduction type: /help intro
>
> jshell> root@umuta:~#
> root@umuta:~#
>
> What can be the issue?
>
> thanks.
>
>
> On Wed, Sep 19, 2018 at 4:16 PM Jason Sherman 
> wrote:
>
>> Hi,
>>
>> The fist step I would take is to look at the logs. So:
>> docker logs c01c55d5b7ab
>> and
>> docker logs 533144080d80
>>
>> Also, it sounds like your running these straight from docker hub. Have
>> you tried:
>> https://github.com/apereo/cas-webapp-docker
>> as a starting point on your host machine?
>>
>> On Wed, Sep 19, 2018 at 6:48 AM Umut Arus  wrote:
>>
>>> Hi,
>>>
>>> I'm trying to run on docker of the different versions of CAS from
>>> https://hub.docker.com/r/apereo/cas/. But I couldnt run any top of
>>> versions.
>>>
>>> It is just "Exited"... What could be the problem?
>>>
>>> c01c55d5b7abapereo/cas:v5.3.2"bin/run-cas.sh" 13
>>> minutes ago  Exited (1) 12 minutes ago
>>> wonderful_aryabhata
>>> 533144080d80apereo/cas  "jshell"
>>> 16 minutes ago  Exited (0) 16 minutes ago
>>> jolly_khorana
>>>
>>> thanks..
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> -

Re: [cas-user] Problem on docker versions

2018-09-20 Thread Jason Sherman 
Hmm,

Can you run docker inspect on the container with an erroneous exit status
(e.g. apereo/cas:v5.3.2) and post the output? It looks to me like the image
build is fine, but it's dying on run.

On Thu, Sep 20, 2018 at 1:51 AM Umut Arus  wrote:

> Hi,
>
> I'm getting the below error on last cas docker version.
>
> docker run -d -p 8080:8080 -p 8443:8443 --name="cas" apereo/cas
>
> root@umuta:~# docker logs cd62fe31b9c9
> Sep 20, 2018 6:47:03 AM java.util.prefs.FileSystemPreferences$1 run
> INFO: Created user preferences directory.
> |  Welcome to JShell -- Version 11
> |  For an introduction type: /help intro
>
> jshell> root@umuta:~#
> root@umuta:~#
>
> What can be the issue?
>
> thanks.
>
>
> On Wed, Sep 19, 2018 at 4:16 PM Jason Sherman 
> wrote:
>
>> Hi,
>>
>> The fist step I would take is to look at the logs. So:
>> docker logs c01c55d5b7ab
>> and
>> docker logs 533144080d80
>>
>> Also, it sounds like your running these straight from docker hub. Have
>> you tried:
>> https://github.com/apereo/cas-webapp-docker
>> as a starting point on your host machine?
>>
>> On Wed, Sep 19, 2018 at 6:48 AM Umut Arus  wrote:
>>
>>> Hi,
>>>
>>> I'm trying to run on docker of the different versions of CAS from
>>> https://hub.docker.com/r/apereo/cas/. But I couldnt run any top of
>>> versions.
>>>
>>> It is just "Exited"... What could be the problem?
>>>
>>> c01c55d5b7abapereo/cas:v5.3.2"bin/run-cas.sh" 13
>>> minutes ago  Exited (1) 12 minutes ago
>>> wonderful_aryabhata
>>> 533144080d80apereo/cas  "jshell"
>>> 16 minutes ago  Exited (0) 16 minutes ago
>>> jolly_khorana
>>>
>>> thanks..
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/530e8844-32d7-4e7f-9965-0446413de586%40apereo.org
>>> 
>>> .
>>>
>>
>>
>> --
>> Jason
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGdX6GYzaOCeVj3Jqd5bw7ypfFc-FhnhRKAgdk9gCjiypumjjg%40mail.gmail.com
>> 
>> .
>>
>
>
> --
> *Umut Arus*
> System Specialist
> Information Technology
> Sabancı University
>
> Phone: +90216 483 9172
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALwryzGE5pv-5dyqqduTVsHvCwjSkXh0SyNN3TcVrj_WwUg8Bg%40mail.gmail.com
> 
> .
>


-- 
Jason

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGdX6Ga2JhH-%3Dd%3DD4Oqmgr00qE%3DaxK5Pnigr6jFGb2WL_O1zGw%40mail.gmail.com.

[cas-user] oauth 2 access token scope in json array? not string

2018-09-20 Thread Ruslan Mezentsev 
Hi, I'm using cas 6.0.0-rc2 with reactive spring-security-oauth2-client 
service:

{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "clientId",
  "clientSecret": "clientSecret",
  "serviceId" : "http://server.docker:8080/login/oauth2/code/cas";,
  "name" : "OAuthService",
  "jsonFormat" : true,
  "id" : 100
}


when access token scope comes from cas

{"access_token":"AT-19-L8znqVHp3Tm4gMZmnuW7aQ9Clez6cNaP","token_type":
"bearer","expires_in":28800,"scope":["PROFILE"]}

but in rfc6749 it's a list of space-delimited, case-sensitive strings:

 The value of the scope parameter is expressed as a list of space-
   delimited, case-sensitive strings.  The strings are defined by the
   authorization server.  If the value contains multiple space-delimited
   strings, their order does not matter, and each string adds an
   additional access range to the requested scope.


 https://tools.ietf.org/html/rfc6749#section-3.3

In spring-security-oauth2-core (OAuth2AccessTokenResponseBodyExtractor) 
it's string:

ParameterizedTypeReference> type = new 
ParameterizedTypeReference>() {};
BodyExtractor>, ReactiveHttpInputMessage> delegate = 
BodyExtractors.toMono(type);

Error on cas access token:


JSON decoding error: Cannot deserialize instance of `java.lang.String` out of 
START_ARRAY token; 

nested exception is 
com.fasterxml.jackson.databind.exc.MismatchedInputException: 

Cannot deserialize instance of `java.lang.String` out of START_ARRAY token at 

[Source: UNKNOWN; line: -1, column: -1] (through reference chain: 
java.util.LinkedHashMap["scope"])


from 
https://docs.apigee.com/api-platform/security/oauth/working-scopes#codeexamples-defaultcase

{
  ...
  *"scope" : "A B C"*,

  ...

}






-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d33669f3-93bd-4914-8daf-b9da6c8e8eb0%40apereo.org.