Re: [cas-user] How to evaluate user expiry date/time during database authentication?

2019-06-27 Thread Misagh Moayyed 


> 
> However, I'm stuck on the following 2 issues:
> Which authentication handler would be the best one to extend in this case? 

AbstractJdbcUsernamePasswordAuthenticationHandler

> How do I include the userExpiry column data from my database in my custom 
> authentication handler?
> 


Take a look at how QueryDatabaseAuthenticationHandler does things, and then 
model yours the same way.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/461DF081-63B0-4E46-A419-AD8E44E7765A%40gmail.com.

[cas-user] Re: Lernaean Hydra and cas 6 ws-federation claims

2019-06-27 Thread AT 

>
> For the SAML idp, there are plenty of examples and other people have shown 
> how it works (the syntax seems switched)
>

{
  "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
  "serviceId" :"urn:amazon:webservices",
  "name" : "urn:amazon:webservices",
  "id" : 1008,
  "evaluationOrder" : 14,
  "metadataLocation" : 
"/usr/local/apache-tomcat-8.5.11/webapps/cas.sso/WEB-INF/classes/services/aws-metadata.xml",
"attributeReleasePolicy" : {
  "@class" : 
"org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
  "allowedAttributes" : {
"@class" : "java.util.TreeMap",
"givenName": "urn:newschool:attribute-def:GIVEN_NAME"
  }
  }
}
 
but has anyone worked with the wsfed idp claims?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fbff651c-4aa3-4999-9826-1e45c2a68034%40apereo.org.

Re: [cas-user] Unauthorized Service Access. Service [] is not found in service registry

2019-06-27 Thread Trần Quang Long 
when access 
to 
https://localhost:9443/oauth2.0/accessToken?grant_type=password&client_id=1961521961528350196152786046&username=xxx&password=123456789.
 
i have got an error "Access Denied

You do not have permission to view this page."




On Friday, June 28, 2019 at 11:21:17 AM UTC+7, Tamnguyen wrote:
>
> Sorry for mistake : cas.serviceRegistry.initFromJson=true
> cas.serviceRegistry.json.location=file:/etc/cas/services
>
> On Fri, Jun 28, 2019 at 11:08 AM Tam Nguyen  > wrote:
>
>> You try changed : serviceRegistry.json.location=classpath:/etc/cas/services 
>>
>>
>> serviceRegistry.json.location=/etc/cas/services
>>
>> And created services : 
>> https://apereo.github.io/cas/6.0.x/services/Configuring-Service-Access-Strategy.html
>>
>>
>>
>> On Fri, Jun 28, 2019 at 10:52 AM Trần Quang Long > > wrote:
>>
>>> 2019-06-28 10:47:53,503 INFO 
>>> [org.apereo.cas.support.events.listener.DefaultCasEventListener] - >> to process requests @ [2019-06-28T03:47:53.500Z]>
>>> 2019-06-28 10:48:23,403 INFO 
>>> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] 
>>> expired tickets removed.>
>>> 2019-06-28 10:48:59,388 WARN 
>>> [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - 
>>> 
>>>
>>>
>>>
>>> serviceRegistry.watcherEnabled=true
>>> serviceRegistry.repeatInterval=12
>>> serviceRegistry.startDelay=15000
>>> serviceRegistry.initFromJson=true
>>> serviceRegistry.json.location=classpath:/etc/cas/services
>>>
>>>
>>> anybody please help me? thanks
>>>
>>> -- 
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> --- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to cas-...@apereo.org .
>>> To view this discussion on the web visit 
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/34335fd4-abbf-46f6-b11e-42184f6cf437%40apereo.org
>>>  
>>> 
>>> .
>>>
>>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/73aadee7-5d01-49a9-ad7a-2e02cb1afed9%40apereo.org.

Re: [cas-user] Unauthorized Service Access. Service [] is not found in service registry

2019-06-27 Thread Tam Nguyen 
Sorry for mistake : cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.json.location=file:/etc/cas/services

On Fri, Jun 28, 2019 at 11:08 AM Tam Nguyen  wrote:

> You try changed : serviceRegistry.json.location=classpath:/etc/cas/services
>
>
> serviceRegistry.json.location=/etc/cas/services
>
> And created services : 
> https://apereo.github.io/cas/6.0.x/services/Configuring-Service-Access-Strategy.html
>
>
>
> On Fri, Jun 28, 2019 at 10:52 AM Trần Quang Long 
> wrote:
>
>> 2019-06-28 10:47:53,503 INFO
>> [org.apereo.cas.support.events.listener.DefaultCasEventListener] - > to process requests @ [2019-06-28T03:47:53.500Z]>
>> 2019-06-28 10:48:23,403 INFO
>> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0]
>> expired tickets removed.>
>> 2019-06-28 10:48:59,388 WARN
>> [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] -
>> 
>>
>>
>>
>> serviceRegistry.watcherEnabled=true
>> serviceRegistry.repeatInterval=12
>> serviceRegistry.startDelay=15000
>> serviceRegistry.initFromJson=true
>> serviceRegistry.json.location=classpath:/etc/cas/services
>>
>>
>> anybody please help me? thanks
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/34335fd4-abbf-46f6-b11e-42184f6cf437%40apereo.org
>> 
>> .
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACF8bUvCYF-uOpDqz%3D9FTjxykfJE0A7E-TP%2Bi74w6euwtkJ4dA%40mail.gmail.com.

Re: [cas-user] Unauthorized Service Access. Service [] is not found in service registry

2019-06-27 Thread Tam Nguyen 
You try changed : serviceRegistry.json.location=classpath:/etc/cas/services

serviceRegistry.json.location=/etc/cas/services

And created services :
https://apereo.github.io/cas/6.0.x/services/Configuring-Service-Access-Strategy.html



On Fri, Jun 28, 2019 at 10:52 AM Trần Quang Long 
wrote:

> 2019-06-28 10:47:53,503 INFO
> [org.apereo.cas.support.events.listener.DefaultCasEventListener] -  to process requests @ [2019-06-28T03:47:53.500Z]>
> 2019-06-28 10:48:23,403 INFO
> [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0]
> expired tickets removed.>
> 2019-06-28 10:48:59,388 WARN
> [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] -
> 
>
>
>
> serviceRegistry.watcherEnabled=true
> serviceRegistry.repeatInterval=12
> serviceRegistry.startDelay=15000
> serviceRegistry.initFromJson=true
> serviceRegistry.json.location=classpath:/etc/cas/services
>
>
> anybody please help me? thanks
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/34335fd4-abbf-46f6-b11e-42184f6cf437%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACF8bUu-sHAeVcRpHGAmmG9%2BCRDgfdENoy6S4UTso0reaaf_Jw%40mail.gmail.com.

[cas-user] Unauthorized Service Access. Service [] is not found in service registry

2019-06-27 Thread Trần Quang Long 
2019-06-28 10:47:53,503 INFO 
[org.apereo.cas.support.events.listener.DefaultCasEventListener] - 
2019-06-28 10:48:23,403 INFO 
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] 
expired tickets removed.>
2019-06-28 10:48:59,388 WARN 
[org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - 




serviceRegistry.watcherEnabled=true
serviceRegistry.repeatInterval=12
serviceRegistry.startDelay=15000
serviceRegistry.initFromJson=true
serviceRegistry.json.location=classpath:/etc/cas/services


anybody please help me? thanks

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/34335fd4-abbf-46f6-b11e-42184f6cf437%40apereo.org.

[cas-user] Re: How to evaluate user expiry date/time during database authentication?

2019-06-27 Thread Bobby Esfandiari 
Just wanted to add that I'm using CAS 6.1.x and JDK 11.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4a0df3c3-eb6f-42e0-a89c-50d0c1002e32%40apereo.org.

[cas-user] How to evaluate user expiry date/time during database authentication?

2019-06-27 Thread Bobby Esfandiari 
Hello,

I'm in need of some help in modifying my CAS server's authentication 
process. In addition to the username/password check, I would like 
authentication to fail if a user has expired. An expired user is identified 
by a userExpiry column that stores date/time information, such that expired 
= CURRENT_TIMESTAMP > userExpiry date/time.

I realize there is a CAS overlay property 
( cas.authn.jdbc.query[0].fieldDisabled= ) that sort of does this, but I do 
not currently have a Boolean column in the user table that can be used for 
this purpose and implementing one is not feasible at this time.

I cam across this documentation (
https://apereo.github.io/cas/6.0.x/installation/Configuring-Custom-Authentication.html#custom-authentication-strategies)
 
and have been working on implementing it. 
However, I'm stuck on the following 2 issues:

   1. Which authentication handler would be the best one to extend in this 
   case? 
   2. How do I include the userExpiry column data from my database in my 
   custom authentication handler?


Any assistance would be greatly appreciated!

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b13d4191-31c9-46da-a965-36c2cee65135%40apereo.org.

[cas-user] Re: How do I enable cas/status page with CAS 5.3.2?

2019-06-27 Thread AT 
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false
cas.adminPagesSecurity.ip=^127\.(0|1)\.(0|1)\.(0|1)$

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e3bab30a-2eb6-4cb2-ac5a-9f03e105940c%40apereo.org.

[cas-user] Lernaean Hydra and cas 6 ws-federation claims

2019-06-27 Thread AT 
Getting a new error for ws federation idp claims in all 6.0.1-6.0.5 
versions ( I swear this ws-federation implementation is like the mythical 
Lernaean Hydra :) I have been trying with all cas versions between 5.0 - 
6.0 and each time I find new, different errors...  not sure if anyone ever 
got wsfederation to work?) 

All suggestions are appreciated: 
https://apereo.github.io/cas/6.0.x/protocol/WS-Federation-Protocol.html

^[[1;31m2019-06-27 16:58:25,412 ERROR [org.jasig.cas.client.util.XmlUtils] 
- ^[[m
org.xml.sax.SAXParseException: Element or attribute do not match QName 
production: QName::=(NCName':')?NCName.
at 
org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown 
Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown 
Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown 
Source) ~[xercesImpl-2.12.0.jar:2.12.0]
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown 
Source) ~[xercesImpl-2.12.0.jar:2.12.0]
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown 
Source) ~[xercesImpl-2.12.0.jar:2.12.0]
at org.apache.xerces.impl.XMLEntityScanner.scanQName(Unknown 
Source) ~[xercesImpl-2.12.0.jar:2.12.0]
at 
org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(Unknown 
Source) ~[xercesImpl-2.12.0.jar:2.12.0]
at 
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
 
Source) ~[xercesImpl-2.12.0.jar:2.12.0]
at 
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown 
Source) ~[xercesImpl-2.12.0.jar:2.12.0]
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown 
Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown 
Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) 
~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown 
Source) ~[xercesImpl-2.12.0.jar:?]
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown 
Source) ~[xercesImpl-2.12.0.jar:?]
at 
org.jasig.cas.client.util.XmlUtils.getTextForElement(XmlUtils.java:192) 
~[cas-client-core-3.5.1.jar:3.5.1]
at 
org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseAuthenticationFailureFromResponse(Cas20ServiceTicketValidator.java:125)
 
~[cas-client-core-3.5.1.jar:3.5.1]
at 
org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:81)
 
~[cas-client-core-3.5.1.jar:3.5.1]
at 
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:198)
 
~[cas-client-core-3.5.1.jar:3.5.1]
at 
org.apereo.cas.ws.idp.web.WSFederationValidateRequestCallbackController.validateRequestAndBuildCasAssertion(WSFederationValidateRequestCallbackController.java:166)
 
~[cas-server-support-ws-idp-6.0.0.jar:6.0.0]
at 
org.apereo.cas.ws.idp.web.WSFederationValidateRequestCallbackController.handleFederationRequest(WSFederationValidateRequestCallbackController.java:128)
 
~[cas-server-support-ws-idp-6.0.0.jar:6.0.0]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
Method) ~[?:?]
at 
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 
~[?:?]
at 
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
~[?:?]


Claims were set up as:
{
  "@class" : "org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
  "serviceId" : "https://xxx";,
  "realm" : "https://xxx";,
  "name" : "Sample WsFed Application",
  "id" : 100,
  "attributeReleasePolicy" : {
"@class" : 
"org.apereo.cas.ws.idp.services.WSFederationClaimsReleasePolicy",
"allowedAttributes" : {
  "@class" : "java.util.TreeMap",
  "NAME" : "givenName",
  "GIVEN_NAME" : "myName"
}
  }
}

and attributes:

cas.authn.attributeRepository.stub.attributes.givenName=Billy
cas.authn.attributeRepository.stub.attributes.myName=Bob

Thank you.





-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c2fa8027-b08f-4c87-8630-9db5b34998c7%40apereo.org.

Re: [cas-user] How do I enable cas/status page with CAS 5.3.2?

2019-06-27 Thread David Curry 
The overlay template you're using shouldn't make any difference. It's all
about configuration.

You need to set the cas.adminPagesSecurity.ip to a regex that matches where
you want to access it from. For example:

cas.adminPagesSecurity.ip:
 ^192\\.168\\.(50\\.[0-9]{1,3}|1\\.[12]0)$

This says allow anything on the 192.168.50.0/24 network, plus 192.168.1.10
and 192.168.1.20.

All the other items you had looked okay to me. I'm not aware that anything
in this area changed between 5.2.x (what we're running) and 5.3.x, so that
should do it. If not, up the logging level on CAS and see what it says...

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR • INFORMATION SECURITY & PRIVACY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david.cu...@newschool.edu


On Thu, Jun 27, 2019 at 11:21 AM 123 456  wrote:

> Sorry, my mistake.. I'm running CAS 5.3 with the following release:
> https://github.com/apereo/cas-gradle-overlay-template.
>
> quinta-feira, 27 de Junho de 2019 às 16:02:27 UTC+1, David Curry escreveu:
>>
>> I'm not running CAS 6, so I can't tell you specifically for that release;
>> maybe someone else can.
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
>> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> +1 646 909-4728 • david...@newschool.edu
>>
>>
>> On Thu, Jun 27, 2019 at 10:51 AM 123 456  wrote:
>>
>>> Still not working ..
>>>
>>> The used template is the right one? I used the following:
>>> https://github.com/apereo/cas-overlay-template
>>>
>>>
>>> quinta-feira, 27 de Junho de 2019 às 12:46:12 UTC+1, David Curry
>>> escreveu:

 My apologies... I told you to comment it out, but that's the default
 value, so it's still picking it up from the default properties. You need to
 set it to a pattern that matches the host(s) you want to be able to access
 it from. See this page:


 https://dacurry-tns.github.io/deploying-apereo-cas/building_server_dashboard_configure-admin-pages-properties.html


 for some more detail.

 --Dave


 --

 DAVID A. CURRY, CISSP
 *DIRECTOR • INFORMATION SECURITY & PRIVACY*
 THE NEW SCHOOL • INFORMATION TECHNOLOGY

 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
 +1 646 909-4728 • david...@newschool.edu


 On Thu, Jun 27, 2019 at 4:46 AM 123 456  wrote:

> I have commented out this line, but still doesn't work. I get the
> following error message when trying to access cas/status :
>
> [image: Capture.PNG]
>
>
> quarta-feira, 26 de Junho de 2019 às 18:07:19 UTC+1, David Curry
> escreveu:
>>
>> Unless you really want it to only be accessible from the local host
>> that the server is running on, you need to comment out this line:
>>
>> cas.adminPagesSecurity.ip=127\.0\.0\.1
>>
>> Or more appropriately, set it to a value that matches the IPs you
>> want to be able to reach the status page. It's a Java regex, so you can 
>> do
>> just about anything.
>>
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
>> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> +1 646 909-4728 • david...@newschool.edu
>>
>>
>> On Wed, Jun 26, 2019 at 12:09 PM 123 456  wrote:
>>
>>> Template:  https://github.com/apereo/cas-gradle-overlay-template
>>>
>>> #=
>>> # cas.properties
>>> #=
>>>
>>>
>>> server.port = 
>>> cas.server.name: https://{server}:
>>> cas.server.prefix: https://{server}:/cas
>>>
>>> cas.adminPagesSecurity.ip=127\.0\.0\.1
>>>
>>> logging.config: file:/etc/cas/config/log4j2.xml
>>> #cas.serviceRegistry.json.location: classpath:/etc/cas/services-repo
>>>
>>> # SSL
>>> server.ssl.enabled=true
>>> server.ssl.keyStore=file:/etc/cas/thekeystore
>>> server.ssl.keyStorePassword=changeit
>>> server.ssl.keyPassword=changeit
>>>
>>> cas.authn.accept.users=
>>>
>>> #
>>> # Service Registry
>>> #
>>> cas.serviceRegistry.watcherEnabled=true
>>> cas.serviceRegistry.initFromJson=true
>>> cas.serviceRegistry.json.location=classpath:/etc/cas/services
>>>
>>> #==
>>> # Status
>>> #==
>>>
>>> cas.adminPagesSecurity.actuatorEndpointsEnabled=true
>>> cas.monitor.endpoints.enabled=true
>>> endpoints.enabled=true
>>>
>>> cas.monitor.endpoints.sensitive=false
>>> endpoints.sensitive=false
>>> cas.monitor.endpoints.status.enabled=false
>>> cas.monitor.endpoints.status.sensitive=true
>>>
>>> cas.adminPagesSecurity.loginUrl=http

Re: [cas-user] How do I enable cas/status page with CAS 5.3.2?

2019-06-27 Thread 123 456 
Sorry, my mistake.. I'm running CAS 5.3 with the following release: 
https://github.com/apereo/cas-gradle-overlay-template.

quinta-feira, 27 de Junho de 2019 às 16:02:27 UTC+1, David Curry escreveu:
>
> I'm not running CAS 6, so I can't tell you specifically for that release; 
> maybe someone else can.
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 646 909-4728 • david...@newschool.edu 
>
>
> On Thu, Jun 27, 2019 at 10:51 AM 123 456 > 
> wrote:
>
>> Still not working ..
>>
>> The used template is the right one? I used the following: 
>> https://github.com/apereo/cas-overlay-template
>>
>>
>> quinta-feira, 27 de Junho de 2019 às 12:46:12 UTC+1, David Curry escreveu:
>>>
>>> My apologies... I told you to comment it out, but that's the default 
>>> value, so it's still picking it up from the default properties. You need to 
>>> set it to a pattern that matches the host(s) you want to be able to access 
>>> it from. See this page:
>>>
>>>
>>> https://dacurry-tns.github.io/deploying-apereo-cas/building_server_dashboard_configure-admin-pages-properties.html
>>>  
>>>
>>> for some more detail.  
>>>
>>> --Dave
>>>
>>>
>>> --
>>>
>>> DAVID A. CURRY, CISSP
>>> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
>>> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>>>
>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>>> +1 646 909-4728 • david...@newschool.edu
>>>
>>>
>>> On Thu, Jun 27, 2019 at 4:46 AM 123 456  wrote:
>>>
 I have commented out this line, but still doesn't work. I get the 
 following error message when trying to access cas/status :

 [image: Capture.PNG]


 quarta-feira, 26 de Junho de 2019 às 18:07:19 UTC+1, David Curry 
 escreveu:
>
> Unless you really want it to only be accessible from the local host 
> that the server is running on, you need to comment out this line:
>
> cas.adminPagesSecurity.ip=127\.0\.0\.1 
>
> Or more appropriately, set it to a value that matches the IPs you want 
> to be able to reach the status page. It's a Java regex, so you can do 
> just 
> about anything.
>  
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 646 909-4728 • david...@newschool.edu
>
>
> On Wed, Jun 26, 2019 at 12:09 PM 123 456  wrote:
>
>> Template:  https://github.com/apereo/cas-gradle-overlay-template
>>
>> #=
>> # cas.properties
>> #=
>>
>>
>> server.port = 
>> cas.server.name: https://{server}:
>> cas.server.prefix: https://{server}:/cas
>>
>> cas.adminPagesSecurity.ip=127\.0\.0\.1
>>
>> logging.config: file:/etc/cas/config/log4j2.xml
>> #cas.serviceRegistry.json.location: classpath:/etc/cas/services-repo
>>
>> # SSL
>> server.ssl.enabled=true
>> server.ssl.keyStore=file:/etc/cas/thekeystore
>> server.ssl.keyStorePassword=changeit
>> server.ssl.keyPassword=changeit 
>>
>> cas.authn.accept.users=
>>
>> #
>> # Service Registry
>> #
>> cas.serviceRegistry.watcherEnabled=true
>> cas.serviceRegistry.initFromJson=true
>> cas.serviceRegistry.json.location=classpath:/etc/cas/services
>>
>> #==
>> # Status
>> #==
>>
>> cas.adminPagesSecurity.actuatorEndpointsEnabled=true
>> cas.monitor.endpoints.enabled=true
>> endpoints.enabled=true
>>
>> cas.monitor.endpoints.sensitive=false
>> endpoints.sensitive=false
>> cas.monitor.endpoints.status.enabled=false
>> cas.monitor.endpoints.status.sensitive=true
>>
>> cas.adminPagesSecurity.loginUrl=https://{server}/cas/login
>> cas.adminPagesSecurity.service=https://{server}/cas/status
>> cas.adminPagesSecurity.users=file:/etc/cas/config/admusers.properties 
>> cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
>>
>>
>> ***
>>
>>
>> #
>> #  admnusers.properties
>> #
>>
>> # This file lists the users who are allowed access to the CAS 
>> /status/*
>> # endpoints ("adminpages").
>> #
>> # The syntax for each line is:
>> #
>> # 
>> username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]
>> #
>> casuser=notused,ROLE_ADMIN
>>
>>
>>
>> 
>>
>>
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines:

Re: [cas-user] Can't disable static authentication?

2019-06-27 Thread Ray Bon 
Perhaps your config file location is not being set in the deploy and CAS is 
picking up default configs (where static auth is enabled).

Ray

On Thu, 2019-06-27 at 02:16 -0700, tnbreitkreutz wrote:
Hi,

while trying to deploy CAS 6.0.4 to Kubernetes via Hudson/Jenkins, I ran into 
some problems.

CAS keeps showing a hint that static authentication is enabled, even though it 
was disabled in cas.properties by setting cas.authn.accept.users to blank like 
mentioned in https://apereo.github.io/2018/06/09/cas53-gettingstarted-overlay/

Build is (successfully) done via Gradle and LDAP is included as depencendy
compile "org.apereo.cas:cas-server-support-ldap:${casServerVersion}"


LDAP settings are correct (according to the admin I'm working with) and equally 
to an older CAS version we're currently running.
LDAP log shows nothing.

CAS is supposed to be running behind a proxy (nginx).

cas.properties:

cas.server.name=https://cas.example.org
cas.server.prefix=${cas.server.name}/cas

logging.config: file:/etc/cas/config/log4j2.xml
logging.level.org.apereo=DEBUG

cas.authn.accept.users=
# cas.authn.accept.name=
# cas.authn.accept.credentialCriteria=

# cas.authn.ldap[0].name=domain.lan
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldaps://domain.lan:636
cas.authn.ldap[0].baseDn=DC=domain,DC=lan
cas.authn.ldap[0].validatePeriod=PT5M
cas.authn.ldap[0].poolPassivator=NONE
cas.authn.ldap[0].userFilter=sAMAccountName={user}
cas.authn.ldap[0].minPoolSize=1
cas.authn.ldap[0].maxPoolSize=10
cas.authn.ldap[0].validateOnCheckout=false
cas.authn.ldap[0].validatePeriodically=true
cas.authn.ldap[0].validatePeriod=PT5M
cas.authn.ldap[0].validateTimeout=PT5S
cas.authn.ldap[0].failFast=true
cas.authn.ldap[0].idleTime=PT10M
cas.authn.ldap[0].prunePeriod=PT2H
cas.authn.ldap[0].blockWaitTime=PT3S
cas.authn.ldap[0].useStartTls=false
# cas.authn.ldap[0].useSsl=true

# server.port=8080
# server.ssl.enabled=false
# cas.server.http.enabled=false
# cas.server.httpProxy.enabled=true
# cas.server.httpProxy.secure=true
# cas.server.httpProxy.scheme=https
# cas.server.httpProxy.protocol=HTTP/1.1


Is there somethng I could've missed to enable LDAP auth the right way...?

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/213debdd7510788ba994ba903d4560739a4b4937.camel%40uvic.ca.

Re: [cas-user] How do I enable cas/status page with CAS 5.3.2?

2019-06-27 Thread David Curry 
I'm not running CAS 6, so I can't tell you specifically for that release;
maybe someone else can.

--

DAVID A. CURRY, CISSP
*DIRECTOR • INFORMATION SECURITY & PRIVACY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david.cu...@newschool.edu


On Thu, Jun 27, 2019 at 10:51 AM 123 456  wrote:

> Still not working ..
>
> The used template is the right one? I used the following:
> https://github.com/apereo/cas-overlay-template
>
>
> quinta-feira, 27 de Junho de 2019 às 12:46:12 UTC+1, David Curry escreveu:
>>
>> My apologies... I told you to comment it out, but that's the default
>> value, so it's still picking it up from the default properties. You need to
>> set it to a pattern that matches the host(s) you want to be able to access
>> it from. See this page:
>>
>>
>> https://dacurry-tns.github.io/deploying-apereo-cas/building_server_dashboard_configure-admin-pages-properties.html
>>
>>
>> for some more detail.
>>
>> --Dave
>>
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
>> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> +1 646 909-4728 • david...@newschool.edu
>>
>>
>> On Thu, Jun 27, 2019 at 4:46 AM 123 456  wrote:
>>
>>> I have commented out this line, but still doesn't work. I get the
>>> following error message when trying to access cas/status :
>>>
>>> [image: Capture.PNG]
>>>
>>>
>>> quarta-feira, 26 de Junho de 2019 às 18:07:19 UTC+1, David Curry
>>> escreveu:

 Unless you really want it to only be accessible from the local host
 that the server is running on, you need to comment out this line:

 cas.adminPagesSecurity.ip=127\.0\.0\.1

 Or more appropriately, set it to a value that matches the IPs you want
 to be able to reach the status page. It's a Java regex, so you can do just
 about anything.


 --

 DAVID A. CURRY, CISSP
 *DIRECTOR • INFORMATION SECURITY & PRIVACY*
 THE NEW SCHOOL • INFORMATION TECHNOLOGY

 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
 +1 646 909-4728 • david...@newschool.edu


 On Wed, Jun 26, 2019 at 12:09 PM 123 456  wrote:

> Template:  https://github.com/apereo/cas-gradle-overlay-template
>
> #=
> # cas.properties
> #=
>
>
> server.port = 
> cas.server.name: https://{server}:
> cas.server.prefix: https://{server}:/cas
>
> cas.adminPagesSecurity.ip=127\.0\.0\.1
>
> logging.config: file:/etc/cas/config/log4j2.xml
> #cas.serviceRegistry.json.location: classpath:/etc/cas/services-repo
>
> # SSL
> server.ssl.enabled=true
> server.ssl.keyStore=file:/etc/cas/thekeystore
> server.ssl.keyStorePassword=changeit
> server.ssl.keyPassword=changeit
>
> cas.authn.accept.users=
>
> #
> # Service Registry
> #
> cas.serviceRegistry.watcherEnabled=true
> cas.serviceRegistry.initFromJson=true
> cas.serviceRegistry.json.location=classpath:/etc/cas/services
>
> #==
> # Status
> #==
>
> cas.adminPagesSecurity.actuatorEndpointsEnabled=true
> cas.monitor.endpoints.enabled=true
> endpoints.enabled=true
>
> cas.monitor.endpoints.sensitive=false
> endpoints.sensitive=false
> cas.monitor.endpoints.status.enabled=false
> cas.monitor.endpoints.status.sensitive=true
>
> cas.adminPagesSecurity.loginUrl=https://{server}/cas/login
> cas.adminPagesSecurity.service=https://{server}/cas/status
> cas.adminPagesSecurity.users=file:/etc/cas/config/admusers.properties
> cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
>
>
> ***
>
>
> #
> #  admnusers.properties
> #
>
> # This file lists the users who are allowed access to the CAS /status/*
> # endpoints ("adminpages").
> #
> # The syntax for each line is:
> #
> #
> username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]
> #
> casuser=notused,ROLE_ADMIN
>
>
>
> 
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-u

Re: [cas-user] How do I enable cas/status page with CAS 5.3.2?

2019-06-27 Thread 123 456 
Still not working ..

The used template is the right one? I used the following: 
https://github.com/apereo/cas-overlay-template


quinta-feira, 27 de Junho de 2019 às 12:46:12 UTC+1, David Curry escreveu:
>
> My apologies... I told you to comment it out, but that's the default 
> value, so it's still picking it up from the default properties. You need to 
> set it to a pattern that matches the host(s) you want to be able to access 
> it from. See this page:
>
>
> https://dacurry-tns.github.io/deploying-apereo-cas/building_server_dashboard_configure-admin-pages-properties.html
>  
>
> for some more detail.  
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 646 909-4728 • david...@newschool.edu 
>
>
> On Thu, Jun 27, 2019 at 4:46 AM 123 456 > 
> wrote:
>
>> I have commented out this line, but still doesn't work. I get the 
>> following error message when trying to access cas/status :
>>
>> [image: Capture.PNG]
>>
>>
>> quarta-feira, 26 de Junho de 2019 às 18:07:19 UTC+1, David Curry escreveu:
>>>
>>> Unless you really want it to only be accessible from the local host that 
>>> the server is running on, you need to comment out this line:
>>>
>>> cas.adminPagesSecurity.ip=127\.0\.0\.1 
>>>
>>> Or more appropriately, set it to a value that matches the IPs you want 
>>> to be able to reach the status page. It's a Java regex, so you can do just 
>>> about anything.
>>>  
>>>
>>> --
>>>
>>> DAVID A. CURRY, CISSP
>>> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
>>> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>>>
>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>>> +1 646 909-4728 • david...@newschool.edu
>>>
>>>
>>> On Wed, Jun 26, 2019 at 12:09 PM 123 456  wrote:
>>>
 Template:  https://github.com/apereo/cas-gradle-overlay-template

 #=
 # cas.properties
 #=


 server.port = 
 cas.server.name: https://{server}:
 cas.server.prefix: https://{server}:/cas

 cas.adminPagesSecurity.ip=127\.0\.0\.1

 logging.config: file:/etc/cas/config/log4j2.xml
 #cas.serviceRegistry.json.location: classpath:/etc/cas/services-repo

 # SSL
 server.ssl.enabled=true
 server.ssl.keyStore=file:/etc/cas/thekeystore
 server.ssl.keyStorePassword=changeit
 server.ssl.keyPassword=changeit 

 cas.authn.accept.users=

 #
 # Service Registry
 #
 cas.serviceRegistry.watcherEnabled=true
 cas.serviceRegistry.initFromJson=true
 cas.serviceRegistry.json.location=classpath:/etc/cas/services

 #==
 # Status
 #==

 cas.adminPagesSecurity.actuatorEndpointsEnabled=true
 cas.monitor.endpoints.enabled=true
 endpoints.enabled=true

 cas.monitor.endpoints.sensitive=false
 endpoints.sensitive=false
 cas.monitor.endpoints.status.enabled=false
 cas.monitor.endpoints.status.sensitive=true

 cas.adminPagesSecurity.loginUrl=https://{server}/cas/login
 cas.adminPagesSecurity.service=https://{server}/cas/status
 cas.adminPagesSecurity.users=file:/etc/cas/config/admusers.properties 
 cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN


 ***


 #
 #  admnusers.properties
 #

 # This file lists the users who are allowed access to the CAS /status/*
 # endpoints ("adminpages").
 #
 # The syntax for each line is:
 #
 # 
 username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]
 #
 casuser=notused,ROLE_ADMIN



 



 -- 
 - Website: https://apereo.github.io/cas
 - Gitter Chatroom: https://gitter.im/apereo/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 --- 
 You received this message because you are subscribed to the Google 
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send 
 an email to cas-...@apereo.org.
 To view this discussion on the web visit 
 https://groups.google.com/a/apereo.org/d/msgid/cas-user/7330ab0c-ba94-4f6d-9926-18a3d8458311%40apereo.org
  
 
 .

>>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to th

Re: [cas-user] How do I enable cas/status page with CAS 5.3.2?

2019-06-27 Thread David Curry 
My apologies... I told you to comment it out, but that's the default value,
so it's still picking it up from the default properties. You need to set it
to a pattern that matches the host(s) you want to be able to access it
from. See this page:

https://dacurry-tns.github.io/deploying-apereo-cas/building_server_dashboard_configure-admin-pages-properties.html


for some more detail.

--Dave


--

DAVID A. CURRY, CISSP
*DIRECTOR • INFORMATION SECURITY & PRIVACY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david.cu...@newschool.edu


On Thu, Jun 27, 2019 at 4:46 AM 123 456  wrote:

> I have commented out this line, but still doesn't work. I get the
> following error message when trying to access cas/status :
>
> [image: Capture.PNG]
>
>
> quarta-feira, 26 de Junho de 2019 às 18:07:19 UTC+1, David Curry escreveu:
>>
>> Unless you really want it to only be accessible from the local host that
>> the server is running on, you need to comment out this line:
>>
>> cas.adminPagesSecurity.ip=127\.0\.0\.1
>>
>> Or more appropriately, set it to a value that matches the IPs you want to
>> be able to reach the status page. It's a Java regex, so you can do just
>> about anything.
>>
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
>> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> +1 646 909-4728 • david...@newschool.edu
>>
>>
>> On Wed, Jun 26, 2019 at 12:09 PM 123 456  wrote:
>>
>>> Template:  https://github.com/apereo/cas-gradle-overlay-template
>>>
>>> #=
>>> # cas.properties
>>> #=
>>>
>>>
>>> server.port = 
>>> cas.server.name: https://{server}:
>>> cas.server.prefix: https://{server}:/cas
>>>
>>> cas.adminPagesSecurity.ip=127\.0\.0\.1
>>>
>>> logging.config: file:/etc/cas/config/log4j2.xml
>>> #cas.serviceRegistry.json.location: classpath:/etc/cas/services-repo
>>>
>>> # SSL
>>> server.ssl.enabled=true
>>> server.ssl.keyStore=file:/etc/cas/thekeystore
>>> server.ssl.keyStorePassword=changeit
>>> server.ssl.keyPassword=changeit
>>>
>>> cas.authn.accept.users=
>>>
>>> #
>>> # Service Registry
>>> #
>>> cas.serviceRegistry.watcherEnabled=true
>>> cas.serviceRegistry.initFromJson=true
>>> cas.serviceRegistry.json.location=classpath:/etc/cas/services
>>>
>>> #==
>>> # Status
>>> #==
>>>
>>> cas.adminPagesSecurity.actuatorEndpointsEnabled=true
>>> cas.monitor.endpoints.enabled=true
>>> endpoints.enabled=true
>>>
>>> cas.monitor.endpoints.sensitive=false
>>> endpoints.sensitive=false
>>> cas.monitor.endpoints.status.enabled=false
>>> cas.monitor.endpoints.status.sensitive=true
>>>
>>> cas.adminPagesSecurity.loginUrl=https://{server}/cas/login
>>> cas.adminPagesSecurity.service=https://{server}/cas/status
>>> cas.adminPagesSecurity.users=file:/etc/cas/config/admusers.properties
>>> cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
>>>
>>>
>>> ***
>>>
>>>
>>> #
>>> #  admnusers.properties
>>> #
>>>
>>> # This file lists the users who are allowed access to the CAS /status/*
>>> # endpoints ("adminpages").
>>> #
>>> # The syntax for each line is:
>>> #
>>> #
>>> username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]
>>> #
>>> casuser=notused,ROLE_ADMIN
>>>
>>>
>>>
>>> 
>>>
>>>
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7330ab0c-ba94-4f6d-9926-18a3d8458311%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/293d4552-e7cb-4f8a-bfec-983919810979%40apereo.org
>

[cas-user] Can't disable static authentication?

2019-06-27 Thread tnbreitkreutz 
Hi,

while trying to deploy CAS 6.0.4 to Kubernetes via Hudson/Jenkins, I ran 
into some problems.

CAS keeps showing a hint that static authentication is enabled, even though 
it was disabled in cas.properties by setting *cas.authn.accept.users* to 
blank like mentioned in 
https://apereo.github.io/2018/06/09/cas53-gettingstarted-overlay/

Build is (successfully) done via Gradle and LDAP is included as depencendy
compile "org.apereo.cas:cas-server-support-ldap:${casServerVersion}"


LDAP settings are correct (according to the admin I'm working with) and 
equally to an older CAS version we're currently running.
LDAP log shows nothing.

CAS is supposed to be running behind a proxy (nginx).

cas.properties:

cas.server.name=https://cas.example.org
cas.server.prefix=${cas.server.name}/cas

logging.config: file:/etc/cas/config/log4j2.xml
logging.level.org.apereo=DEBUG

cas.authn.accept.users=
# cas.authn.accept.name=
# cas.authn.accept.credentialCriteria=

# cas.authn.ldap[0].name=domain.lan
cas.authn.ldap[0].type=AD
cas.authn.ldap[0].ldapUrl=ldaps://domain.lan:636
cas.authn.ldap[0].baseDn=DC=domain,DC=lan
cas.authn.ldap[0].validatePeriod=PT5M
cas.authn.ldap[0].poolPassivator=NONE
cas.authn.ldap[0].userFilter=sAMAccountName={user}
cas.authn.ldap[0].minPoolSize=1
cas.authn.ldap[0].maxPoolSize=10
cas.authn.ldap[0].validateOnCheckout=false
cas.authn.ldap[0].validatePeriodically=true
cas.authn.ldap[0].validatePeriod=PT5M
cas.authn.ldap[0].validateTimeout=PT5S
cas.authn.ldap[0].failFast=true
cas.authn.ldap[0].idleTime=PT10M
cas.authn.ldap[0].prunePeriod=PT2H
cas.authn.ldap[0].blockWaitTime=PT3S
cas.authn.ldap[0].useStartTls=false
# cas.authn.ldap[0].useSsl=true

# server.port=8080
# server.ssl.enabled=false
# cas.server.http.enabled=false
# cas.server.httpProxy.enabled=true
# cas.server.httpProxy.secure=true
# cas.server.httpProxy.scheme=https
# cas.server.httpProxy.protocol=HTTP/1.1


Is there somethng I could've missed to enable LDAP auth the right way...?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d123831b-c160-4824-9a87-0546f252306f%40apereo.org.

Re: [cas-user] How do I enable cas/status page with CAS 5.3.2?

2019-06-27 Thread 123 456 
I have commented out this line, but still doesn't work. I get the following 
error message when trying to access cas/status :

[image: Capture.PNG]


quarta-feira, 26 de Junho de 2019 às 18:07:19 UTC+1, David Curry escreveu:
>
> Unless you really want it to only be accessible from the local host that 
> the server is running on, you need to comment out this line:
>
> cas.adminPagesSecurity.ip=127\.0\.0\.1 
>
> Or more appropriately, set it to a value that matches the IPs you want to 
> be able to reach the status page. It's a Java regex, so you can do just 
> about anything.
>  
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR • INFORMATION SECURITY & PRIVACY*
> THE NEW SCHOOL • INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 646 909-4728 • david...@newschool.edu 
>
>
> On Wed, Jun 26, 2019 at 12:09 PM 123 456 > 
> wrote:
>
>> Template:  https://github.com/apereo/cas-gradle-overlay-template
>>
>> #=
>> # cas.properties
>> #=
>>
>>
>> server.port = 
>> cas.server.name: https://{server}:
>> cas.server.prefix: https://{server}:/cas
>>
>> cas.adminPagesSecurity.ip=127\.0\.0\.1
>>
>> logging.config: file:/etc/cas/config/log4j2.xml
>> #cas.serviceRegistry.json.location: classpath:/etc/cas/services-repo
>>
>> # SSL
>> server.ssl.enabled=true
>> server.ssl.keyStore=file:/etc/cas/thekeystore
>> server.ssl.keyStorePassword=changeit
>> server.ssl.keyPassword=changeit 
>>
>> cas.authn.accept.users=
>>
>> #
>> # Service Registry
>> #
>> cas.serviceRegistry.watcherEnabled=true
>> cas.serviceRegistry.initFromJson=true
>> cas.serviceRegistry.json.location=classpath:/etc/cas/services
>>
>> #==
>> # Status
>> #==
>>
>> cas.adminPagesSecurity.actuatorEndpointsEnabled=true
>> cas.monitor.endpoints.enabled=true
>> endpoints.enabled=true
>>
>> cas.monitor.endpoints.sensitive=false
>> endpoints.sensitive=false
>> cas.monitor.endpoints.status.enabled=false
>> cas.monitor.endpoints.status.sensitive=true
>>
>> cas.adminPagesSecurity.loginUrl=https://{server}/cas/login
>> cas.adminPagesSecurity.service=https://{server}/cas/status
>> cas.adminPagesSecurity.users=file:/etc/cas/config/admusers.properties 
>> cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
>>
>>
>> ***
>>
>>
>> #
>> #  admnusers.properties
>> #
>>
>> # This file lists the users who are allowed access to the CAS /status/*
>> # endpoints ("adminpages").
>> #
>> # The syntax for each line is:
>> #
>> # username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]
>> #
>> casuser=notused,ROLE_ADMIN
>>
>>
>>
>> 
>>
>>
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7330ab0c-ba94-4f6d-9926-18a3d8458311%40apereo.org
>>  
>> 
>> .
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/293d4552-e7cb-4f8a-bfec-983919810979%40apereo.org.