Re: [cas-user] How to install CAS 3.3 with Tomcat 8.0

2019-10-25 Thread Carlota Viña 
Hi Richard,

Thanks you for the message.

What means Tomcat 8 is EOL?

Best wishes,

Carlota

El vie., 25 oct. 2019 a las 21:22, Richard Frovarp (<
richard.frov...@ndsu.edu>) escribió:

> Tomcat 8 is also EOL.
>
>
> On 10/25/19 1:29 PM, Ray Bon wrote:
>
> Carlota,
>
> Out of curiosity, why are you bound to an ancient, unsupported, and
> insecure version of CAS?
>
> Maven can be downloaded, https://maven.apache.org/
>
> Have you found any documentation on CAS 3.3?
>
> I suspect that you will spend more time trying to figure out how to
> install and run CAS 3.3 than changing the requirements. There have been a
> lot of improvements to CAS in the more than 5 years since I have been using
> it (which was after 3.3).
>
> Lastly, when you have troubles (and you will), no one has the knowledge to
> help you.
>
> Ray
>
> On Fri, 2019-10-25 at 10:04 -0700, CarlotaVina wrote:
>
> Hello,
>
> Recently I start to work with a project with Java 1.8,  tomcat 8.0. We
> don't have Maven. One of the requirements is to install CAS 3.3 with tomcat
> 8.0. The project is old and we can't change these requirements.
>
> I don't know how to install CAS 3.3 with Tomcat 8.0
>
>
> Could somebody to help me.
>
>
> Best wishes,
>
> Carlota
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/01e0ceeccdfc1139211302198b6066aa48d2cfaf.camel%40uvic.ca
> 
> .
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "CAS Community" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/a/apereo.org/d/topic/cas-user/q39gJhUk2w8/unsubscribe
> .
> To unsubscribe from this group and all its topics, send an email to
> cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6d9aa635-363f-0a36-f5fd-fda29745d9f3%40ndsu.edu
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALaSPS3H2EioTrX7SUZxSNnUsnqxS2LJi_xw%2Bce9bz3anCFRYQ%40mail.gmail.com.

Re: [cas-user] How to install CAS 3.3 with Tomcat 8.0

2019-10-25 Thread Richard Frovarp 
The 3.4 method was to create a Maven overlay and build a war from there. I 
think there was a special config file. Don't remember how that was referenced. 
You'll need to dig into old documentation.

You probably can do it without Maven, but it would be a giant pain. Maven is a 
build tool and in this case is gathering all of the dependencies and putting 
them into a war. You could likely work your way through each dependency, find 
their dependencies, find their dependencies, etc and grab each one off of 
maven.org, and build the war by hand. But I don't know why you would want to 
subject yourself to that.


On 10/25/19 12:04 PM, CarlotaVina wrote:
Hello,

Recently I start to work with a project with Java 1.8,  tomcat 8.0. We don't 
have Maven. One of the requirements is to install CAS 3.3 with tomcat 8.0. The 
project is old and we can't change these requirements.

I don't know how to install CAS 3.3 with Tomcat 8.0


Could somebody to help me.


Best wishes,

Carlota
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/887cf9e1-b396-405d-b4d1-5879bc2da244%40apereo.org.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/efbd5ca7-b069-0d62-fc93-cae9bbd37b21%40ndsu.edu.

Re: [cas-user] How to install CAS 3.3 with Tomcat 8.0

2019-10-25 Thread Richard Frovarp 
Tomcat 8 is also EOL.


On 10/25/19 1:29 PM, Ray Bon wrote:
Carlota,

Out of curiosity, why are you bound to an ancient, unsupported, and insecure 
version of CAS?

Maven can be downloaded, https://maven.apache.org/

Have you found any documentation on CAS 3.3?

I suspect that you will spend more time trying to figure out how to install and 
run CAS 3.3 than changing the requirements. There have been a lot of 
improvements to CAS in the more than 5 years since I have been using it (which 
was after 3.3).

Lastly, when you have troubles (and you will), no one has the knowledge to help 
you.

Ray

On Fri, 2019-10-25 at 10:04 -0700, CarlotaVina wrote:
Hello,

Recently I start to work with a project with Java 1.8,  tomcat 8.0. We don't 
have Maven. One of the requirements is to install CAS 3.3 with tomcat 8.0. The 
project is old and we can't change these requirements.

I don't know how to install CAS 3.3 with Tomcat 8.0


Could somebody to help me.


Best wishes,

Carlota

--


Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/01e0ceeccdfc1139211302198b6066aa48d2cfaf.camel%40uvic.ca.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6d9aa635-363f-0a36-f5fd-fda29745d9f3%40ndsu.edu.

Re: [cas-user] How to install CAS 3.3 with Tomcat 8.0

2019-10-25 Thread Carlota Viña 
Hello,

The requirements don't depend on me. The requirements are set .

Best wishes,

Carlota



El vie., 25 oct. 2019 a las 20:29, Ray Bon () escribió:

> Carlota,
>
> Out of curiosity, why are you bound to an ancient, unsupported, and
> insecure version of CAS?
>
> Maven can be downloaded, https://maven.apache.org/
>
> Have you found any documentation on CAS 3.3?
>
> I suspect that you will spend more time trying to figure out how to
> install and run CAS 3.3 than changing the requirements. There have been a
> lot of improvements to CAS in the more than 5 years since I have been using
> it (which was after 3.3).
>
> Lastly, when you have troubles (and you will), no one has the knowledge to
> help you.
>
> Ray
>
> On Fri, 2019-10-25 at 10:04 -0700, CarlotaVina wrote:
>
> Hello,
>
> Recently I start to work with a project with Java 1.8,  tomcat 8.0. We
> don't have Maven. One of the requirements is to install CAS 3.3 with tomcat
> 8.0. The project is old and we can't change these requirements.
>
> I don't know how to install CAS 3.3 with Tomcat 8.0
>
>
> Could somebody to help me.
>
>
> Best wishes,
>
> Carlota
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "CAS Community" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/a/apereo.org/d/topic/cas-user/q39gJhUk2w8/unsubscribe
> .
> To unsubscribe from this group and all its topics, send an email to
> cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/01e0ceeccdfc1139211302198b6066aa48d2cfaf.camel%40uvic.ca
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALaSPS3XDiEHSdeegq2YdQCEmP7OQmO%3DwnZVoPASzNJhe11b0g%40mail.gmail.com.

Re: [cas-user] Re: cas-management 6.1 RC4 turn off version control

2019-10-25 Thread Ray Bon 
I tried building from source to add more debugging, but was unable to build 
without error. If I fixed one error, then another popped up. I do not have time 
to chase them down.
I will come back to it, perhaps in the new year. Until then we will use an 
older version.

Ray

On Fri, 2019-10-25 at 06:55 -0700, randomuser878 wrote:
Hello

  Thanks for the hint per 
CasManagementConfigurationProperties.java
  Have been really struggling with this one as well.  Really feel 
cas-management is behind cas and sure hope the recent indicators of moving 
dashboards from cas to cas-management means better product eventually.

  Ranting aside, cas-management 6.1 RC4, these two flags end up as non-bound 
and service will fail/crash to restart.
   mgmt.enableVersionControl=false
   mgmt.enableDelegatedMgmt=false

  Overlaying this file 
src/main/java/org/apereo/cas/configuration/CasManagementConfigurationProperties.java
 by setting the two references you alluded to false it will compile but then on 
restart it will throw tons of errors about ALL mgmt parameters being unbound.  
If you can figure out what I could have missed by just modifying that code 
directly that would be great.
  Added this to build.gradle
compile "org.apereo.cas:cas-mgmt-api-core:${project.'casmgmt.version'}"
compile "org.projectlombok:lombok:1.18.8"

  Then tried the 6.1. RC5 snapshot, maybe those two parameters that are in 
documentation would work but nope, it would crash per  some collusion about 
groovy libraries and such, anyway gave up on that front, it is snapshot after 
all.

  HERE is what currently WORKS for me (not sure if it breaks anything else but 
I am past the point of desperation)
  1) deploy cas-management.war and explode into webapps (remove war afterwards)
  rm -v 
$CATALINA_BASE/webapps/cas-management/WEB-INF/lib/cas-mgmt-config-version-control-6.1.0-RC4.jar
  rm -v 
$CATALINA_BASE/webapps/cas-management/WEB-INF/lib/cas-mgmt-config-delegated-6.1.0-RC4.jar


  Now here are other gems
  1) using JPA so would really like to tell JSON to take a back-seat.
 cas.serviceRegistry.initFromJson=false
   YET it loads from services default or whatever you specify including 
commenting out or leaving default or whatever:  
cas.serviceRegistry.json.location=classpath:/services
   Implicit PROBLEM for me: when you create new service you see double entries. 
One for JPA, the other one for json. Which is which?
   Workaround:
1) do not specify at all cas.serviceRegistry.json.location in config (not 
sure it matters)
2) same as above post explode cas-management.war (not sure how can I remove 
them from overlay, I could just try empty files in overlay but removing is 
cleaner)
   rm -v 
$CATALINA_BASE/webapps/cas-management/WEB-INF/classes/services/*.json

   Another headache: I want to have search work for me. Why can't I change the 
path of luceneIndexDir. (no parameter, nor can change and compile above without 
other failures)
   So must create folder /etc/cas/lucene even though for this scenario it is 
just a placeholder, so I can get search working. I never see anything get 
stored there?

   And finally,  really no idea why but if you logout the manager with a 
success message at /cas-management/logout.html,
  throws an exception 500 in access logs like "GET 
/cas-management/error?ticket=ST-XYZ...  but you click on "Services Management" 
link to get you back to /cas-management/manage.html and then cas-management is 
unavailable.
 WORKAROUND: just change URL to /cas-management/ and voila you are back to 
admin

  Stuff like this, I really really hope cas-management gets its love back.  Not 
gonna bother with discoveryEndpointPath = "/actuator/discoveryProfile" and how 
to actually properly securely setup magical setting in CAS separate service 
itself to that cas-management can get info. Tried but at this point I am happy 
to just use the web app.

  All the best.




On Tuesday, September 17, 2019 at 12:43:03 PM UTC-4, rbon wrote:
How do I turn off version control in cas-management 6.1 RC4.

In 5.3.x branch there was a config setting: mgmt.enableVersionControl=true, but 
this has been replaced by the following code (line 155 in 
https://github.com/apereo/cas-management/blob/master/api/cas-mgmt-api-configuration/src/main/java/org/apereo/cas/configuration/CasManagementConfigurationProperties.java):
private boolean enabled = 
ClassUtils.isPresent("org.ape

Re: [cas-user] How to install CAS 3.3 with Tomcat 8.0

2019-10-25 Thread Ray Bon 
Carlota,

Out of curiosity, why are you bound to an ancient, unsupported, and insecure 
version of CAS?

Maven can be downloaded, https://maven.apache.org/

Have you found any documentation on CAS 3.3?

I suspect that you will spend more time trying to figure out how to install and 
run CAS 3.3 than changing the requirements. There have been a lot of 
improvements to CAS in the more than 5 years since I have been using it (which 
was after 3.3).

Lastly, when you have troubles (and you will), no one has the knowledge to help 
you.

Ray

On Fri, 2019-10-25 at 10:04 -0700, CarlotaVina wrote:
Hello,

Recently I start to work with a project with Java 1.8,  tomcat 8.0. We don't 
have Maven. One of the requirements is to install CAS 3.3 with tomcat 8.0. The 
project is old and we can't change these requirements.

I don't know how to install CAS 3.3 with Tomcat 8.0


Could somebody to help me.


Best wishes,

Carlota

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/01e0ceeccdfc1139211302198b6066aa48d2cfaf.camel%40uvic.ca.

Re: [cas-user] mod_auth_cas and attributes

2019-10-25 Thread Ray Bon 
Alberto,

To be sure CAS is releasing the attributes:




Ray

On Fri, 2019-10-25 at 11:45 +0200, Alberto Cabello Sánchez wrote:

On Thu, 24 Oct 2019 16:12:58 -0400

David Hawes <



dha...@vt.edu

> wrote:


What version of mod_auth_cas are you using?


Sorry, I didn't included it in my question:


mod_auth_cas is 1.2, freshly cloned from



https://github.com/apereo/mod_auth_cas.git


CAS server is 5.3.12.1.


v1.2 supports CASv2 attributes, which should work with /serviceValidate

provided your server supports it.


Turn "CASDebug On" and you should be able to see the validation

response with the attributes returned from your server. With

CASAuthnHeader set to some attribute like you've done, the released

attributes should be in the HTTP headers.


This is the CAS info logged in Tomcat


INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
mailto:albe...@unex.es>

albe...@unex.es

], sn=[cabello sánchez], sn1=[cabello], sn2=[sánchez], uid=[alberto]}] via 
credentials [[UsernamePasswordCredential(username=alberto)]].>


I can't find any reference to headers in Apache 2 logs, except


Adding outgoing header: Set-Cookie: 
MOD_AUTH_CAS_S=6c60***d099;Secure;Path=/examples/jsp/; 
HttpOnly, referer: /login?service=


I guess I will add some printf() statements in mod_auth_cas to gather more

info, and explore the SAML approach.


If it helps, I do get an "ATTR" header (CASAuthNHeader is set to ATTR),

but it just contains the REMOTE_USER value ("alberto" in this case).


Thanks for your help.



On Thu, 24 Oct 2019 at 06:26, Alberto Cabello Sánchez <



albe...@unex.es

> wrote:


Hi,


I'm trying to get attributes released by CAS through mod_auth_cas and CASv2

protocol (not SAML), but I'm not sure how to achieve it.


I set


CASAuthNHeader ATTR


but it just gives the authenticated user, even if successful login page shows

correctly the attributes defined in application.properties.


Attribute release policy for that service is

"attributeReleasePolicy" : {

"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"

},


My validation URL is


CASValidateURL /serviceValidate


I don't know if this is correct. I found another value when using SAML

validation, but I don't know if I have to change this one for CASv2 (only

found this information regarding the SAML version).


Thanks in advance,


--

Alberto Cabello Sánchez

Servicio de Informática

Universidad de Extremadura


--

- Website:



https://apereo.github.io/cas


- Gitter Chatroom:



https://gitter.im/apereo/cas


- List Guidelines:



https://goo.gl/1VRrw7


- Contributions:



https://goo.gl/mh7qDG


---

You received this message because you are subscribed to the Google Groups "CAS 
Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to



cas-user+unsubscr...@apereo.org

.

To view this discussion on the web visit



https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191024122634.9aee358820053e3c75081f5e%40unex.es

.


--

- Website:



https://apereo.github.io/cas


- Gitter Chatroom:



https://gitter.im/apereo/cas


- List Guidelines:



https://goo.gl/1VRrw7


- Contributions:



https://goo.gl/mh7qDG


---

You received this message because you are subscribed to the Google Groups "CAS 
Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to



cas-user+unsubscr...@apereo.org

.

To view this discussion on the web visit



https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wDKF8kj6NuQBKhfP9DeT10vmRWXguFafrzxNAg8454JXQ%40mail.gmail.com

.



--

Alberto Cabello Sánchez

Servicio de Informática

Universidad de Extremadura


--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an

Re: [cas-user] How to consume rest api call via jsp

2019-10-25 Thread Ray Bon 
Vikash,

Perhaps some examples here might help, 
https://apereo.github.io/cas/6.0.x/integration/Attribute-Release-Policies.html

Ray

On Fri, 2019-10-25 at 05:06 -0700, Vikash Chandra Ansh wrote:
I have created a rest api which will fetch user details from AD. it is giving 
me all the set of attributes in a JSON. Now, I am trying to use that API but 
unable to do so. Kindly help and suggest me the steps to do so.

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/28505a0dd2c84332cb48bf3ec36b65c70cd6ea88.camel%40uvic.ca.

[cas-user] How to install CAS 3.3 with Tomcat 8.0

2019-10-25 Thread CarlotaVina 
Hello,

Recently I start to work with a project with Java 1.8,  tomcat 8.0. We 
don't have Maven. One of the requirements is to install CAS 3.3 with tomcat 
8.0. The project is old and we can't change these requirements.

I don't know how to install CAS 3.3 with Tomcat 8.0


Could somebody to help me.


Best wishes,

Carlota 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/887cf9e1-b396-405d-b4d1-5879bc2da244%40apereo.org.

Re: [cas-user] Re: cas-management 6.1 RC4 turn off version control

2019-10-25 Thread Travis Schmidt 
Admittedly the CAS Mgmt documentation is lagging some of the latest
refactors in the snapshots.  I usually try and make an effort when GA rolls
around to try and make sure at least config properties are updated.  You
can look here directly at the source of truth:

https://github.com/apereo/cas-management/blob/master/api/cas-mgmt-api-configuration/src/main/java/org/apereo/cas/configuration/CasManagementConfigurationProperties.java

The property name would just follow object "." notation starting with
"mgmt."

You can specify a luceneIndexDir and I think it only uses this directory as
temp storage when executing queries, so I think it is always cleaned up.
Anyways Lucene needed some file system dir configured.

If you are using version control then you will always see a
JSONServiceRegistry popup in the logs, since JSON files in a Git repository
is how that is implemented, regardless of the persistence you use for your
configured service registry.

Not sure what the logout thing is.

For the /dashboard and discovery endpoint, I have it configured and about
the only way I know it would work is to open up the admin endpoints by IP
address to the IP of your running CAS Management webapp.  Documentation can
be found here:

https://apereo.github.io/cas/development/monitoring/Monitoring-Statistics.html

I do not personally use the gradle overlays or even do any real testing
with them.  It has turned out in the past that the overlay was picking up
conflicting config from cas in the overlay that wasn't realized when just
building and deploying from source.

Lastly, I do believe some resources may be picking up the cause of CAS
Mgmt, and I may have some more time for the OS version freeing up soon, at
least will try and smooth out some rough edges for GA.  As always pull
requests are welcomed and encouraged.

Travis






On Fri, Oct 25, 2019 at 6:55 AM randomuser878  wrote:

> Hello
>
>   Thanks for the hint per CasManagementConfigurationProperties.java
> 
>   Have been really struggling with this one as well.  Really feel
> cas-management is behind cas and sure hope the recent indicators of moving
> dashboards from cas to cas-management means better product eventually.
>
>   Ranting aside, cas-management 6.1 RC4, these two flags end up as
> non-bound and service will fail/crash to restart.
>mgmt.enableVersionControl=false
>mgmt.enableDelegatedMgmt=false
>
>   Overlaying this
> file 
> src/main/java/org/apereo/cas/configuration/CasManagementConfigurationProperties.java
> by setting the two references you alluded to false it will compile but then
> on restart it will throw tons of errors about ALL mgmt parameters being
> unbound.  If you can figure out what I could have missed by just modifying
> that code directly that would be great.
>   Added this to build.gradle
> compile "org.apereo.cas:cas-mgmt-api-core:${project.'casmgmt.version'}"
> compile "org.projectlombok:lombok:1.18.8"
>
>   Then tried the 6.1. RC5 snapshot, maybe those two parameters that are in
> documentation would work but nope, it would crash per  some collusion about
> groovy libraries and such, anyway gave up on that front, it is snapshot
> after all.
>
>   HERE is what currently WORKS for me (not sure if it breaks anything else
> but I am past the point of desperation)
>   1) deploy cas-management.war and explode into webapps (remove war
> afterwards)
>   rm -v
> $CATALINA_BASE/webapps/cas-management/WEB-INF/lib/cas-mgmt-config-version-control-6.1.0-RC4.jar
>   rm -v
> $CATALINA_BASE/webapps/cas-management/WEB-INF/lib/cas-mgmt-config-delegated-6.1.0-RC4.jar
>
>
>   Now here are other gems
>   1) using JPA so would really like to tell JSON to take a back-seat.
>  cas.serviceRegistry.initFromJson=false
>YET it loads from services default or whatever you specify including
> commenting out or leaving default or whatever:
> cas.serviceRegistry.json.location=classpath:/services
>Implicit PROBLEM for me: when you create new service you see double
> entries. One for JPA, the other one for json. Which is which?
>Workaround:
> 1) do not specify at all cas.serviceRegistry.json.location in config
> (not sure it matters)
> 2) same as above post explode cas-management.war (not sure how can I
> remove them from overlay, I could just try empty files in overlay but
> removing is cleaner)
>rm -v
> $CATALINA_BASE/webapps/cas-management/WEB-INF/classes/services/*.json
>
>Another headache: I want to have search work for me. Why can't I change
> the path of luceneIndexDir. (no parameter, nor can change and compile above
> without other failures)
>So must create folder /etc/cas/lucene even though for this scenario it
> is just a placeho

[cas-user] Re: cas-management 6.1 RC4 turn off version control

2019-10-25 Thread randomuser878 
Hello

  Thanks for the hint per CasManagementConfigurationProperties.java 

  Have been really struggling with this one as well.  Really feel 
cas-management is behind cas and sure hope the recent indicators of moving 
dashboards from cas to cas-management means better product eventually.

  Ranting aside, cas-management 6.1 RC4, these two flags end up as 
non-bound and service will fail/crash to restart.
   mgmt.enableVersionControl=false
   mgmt.enableDelegatedMgmt=false

  Overlaying this 
file 
src/main/java/org/apereo/cas/configuration/CasManagementConfigurationProperties.java
 
by setting the two references you alluded to false it will compile but then 
on restart it will throw tons of errors about ALL mgmt parameters being 
unbound.  If you can figure out what I could have missed by just modifying 
that code directly that would be great.
  Added this to build.gradle
compile "org.apereo.cas:cas-mgmt-api-core:${project.'casmgmt.version'}"
compile "org.projectlombok:lombok:1.18.8"

  Then tried the 6.1. RC5 snapshot, maybe those two parameters that are in 
documentation would work but nope, it would crash per  some collusion about 
groovy libraries and such, anyway gave up on that front, it is snapshot 
after all.

  HERE is what currently WORKS for me (not sure if it breaks anything else 
but I am past the point of desperation)
  1) deploy cas-management.war and explode into webapps (remove war 
afterwards) 
  rm -v 
$CATALINA_BASE/webapps/cas-management/WEB-INF/lib/cas-mgmt-config-version-control-6.1.0-RC4.jar
  rm -v 
$CATALINA_BASE/webapps/cas-management/WEB-INF/lib/cas-mgmt-config-delegated-6.1.0-RC4.jar


  Now here are other gems
  1) using JPA so would really like to tell JSON to take a back-seat.
 cas.serviceRegistry.initFromJson=false
   YET it loads from services default or whatever you specify including 
commenting out or leaving default or whatever:  
cas.serviceRegistry.json.location=classpath:/services
   Implicit PROBLEM for me: when you create new service you see double 
entries. One for JPA, the other one for json. Which is which?
   Workaround: 
1) do not specify at all cas.serviceRegistry.json.location in config 
(not sure it matters)
2) same as above post explode cas-management.war (not sure how can I 
remove them from overlay, I could just try empty files in overlay but 
removing is cleaner)
   rm -v 
$CATALINA_BASE/webapps/cas-management/WEB-INF/classes/services/*.json

   Another headache: I want to have search work for me. Why can't I change 
the path of luceneIndexDir. (no parameter, nor can change and compile above 
without other failures)
   So must create folder /etc/cas/lucene even though for this scenario it 
is just a placeholder, so I can get search working. I never see anything 
get stored there?

   And finally,  really no idea why but if you logout the manager with a 
success message at /cas-management/logout.html, 
  throws an exception 500 in access logs like "GET 
/cas-management/error?ticket=ST-XYZ...  but you click on "Services 
Management" link to get you back to /cas-management/manage.html and then 
cas-management is unavailable.
 WORKAROUND: just change URL to /cas-management/ and voila you are back 
to admin

  Stuff like this, I really really hope cas-management gets its love back.  
Not gonna bother with discoveryEndpointPath = "/actuator/discoveryProfile" 
and how to actually properly securely setup magical setting in CAS separate 
service itself to that cas-management can get info. Tried but at this point 
I am happy to just use the web app. 

  All the best.


  

On Tuesday, September 17, 2019 at 12:43:03 PM UTC-4, rbon wrote:
>
> How do I turn off version control in cas-management 6.1 RC4.
>
> In 5.3.x branch there was a config setting: mgmt.enableVersionControl=true, 
> but this has been replaced by the following code (line 155 in 
> https://github.com/apereo/cas-management/blob/master/api/cas-mgmt-api-configuration/src/main/java/org/apereo/cas/configuration/CasManagementConfigurationProperties.java
>  
> 
> ):
> private boolean enabled = ClassUtils.isPresent("
> org.apereo.cas.mgmt.config.CasManagementVersionControlConfiguration", 
> this.getClass().getClassLoader());
>
> It looks like 
> org.apereo.cas.mgmt.config.CasManagementVersionControlConfiguration 
> is included by default (the libraries are in the war). All I have/want is 
> ldap service registry (com

Re: [cas-user] mod_auth_cas and attributes

2019-10-25 Thread David Hawes 
On Fri, Oct 25, 2019, 05:45 Alberto Cabello Sánchez  wrote:

> On Thu, 24 Oct 2019 16:12:58 -0400
> David Hawes  wrote:
>
> > What version of mod_auth_cas are you using?
>
> Sorry, I didn't included it in my question:
>
> mod_auth_cas is 1.2, freshly cloned from
> https://github.com/apereo/mod_auth_cas.git
> CAS server is 5.3.12.1.
>
> > v1.2 supports CASv2 attributes, which should work with /serviceValidate
> > provided your server supports it.
> >
> > Turn "CASDebug On" and you should be able to see the validation
> > response with the attributes returned from your server. With
> > CASAuthnHeader set to some attribute like you've done, the released
> > attributes should be in the HTTP headers.
>
> This is the CAS info logged in Tomcat
>
> INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>  givenName=[alberto], irisPersonalUniqueID=[DOC:12345678R], mail=[
> albe...@unex.es], sn=[cabello sánchez], sn1=[cabello], sn2=[sánchez],
> uid=[alberto]}] via credentials
> [[UsernamePasswordCredential(username=alberto)]].>
>
> I can't find any reference to headers in Apache 2 logs, except
>
> Adding outgoing header: Set-Cookie:
> MOD_AUTH_CAS_S=6c60***d099;Secure;Path=/examples/jsp/;
> HttpOnly, referer: /login?service=
>
> I guess I will add some printf() statements in mod_auth_cas to gather more
> info, and explore the SAML approach.
>

Not necessary. Set "LogLevel debug" and "CASDebug On". Search for
"Validation response" in the Apache logs.

>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wDtuobnoaUsmqXtO-nL5E3uoA_%2BtQHi083hY8ViXbiehA%40mail.gmail.com.


smime.p7s
Description: S/MIME Cryptographic Signature

[cas-user] How to consume rest api call via jsp

2019-10-25 Thread Vikash Chandra Ansh 
I have created a rest api which will fetch user details from AD. it is 
giving me all the set of attributes in a JSON. Now, I am trying to use that 
API but unable to do so. Kindly help and suggest me the steps to do so.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fabe0a36-f5c7-4a40-b514-387ae4f6ec0a%40apereo.org.

Re: [cas-user] CAS 5.2.4 Endpoint access

2019-10-25 Thread David Curry 
At first blush it looks like your cas.properties property names are wrong;
there might be other things too that you didn't happen to quote. Here's a
step-by-step for enabling them all, if you find it helpful:

https://dacurry-tns.github.io/deploying-apereo-cas/building_server_dashboard_overview.html


--Dave

--

DAVID A. CURRY, CISSP
*DIRECTOR • INFORMATION SECURITY & PRIVACY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david.cu...@newschool.edu


On Fri, Oct 25, 2019 at 1:09 AM Sam Erie  wrote:

> I have been struggling to get access to development CAS v5.2.4 status
> endpoints. I was unable to get them unsecured and went on to add Spring
> Security with master user, who it is correctly validating, but somehow my
> IP is still not authorized. Following are relevant properties and logs. I'm
> confused by the fact that it should be matching any IP with .+ yet it still
> says Unauthorized IP address. Any help would be much appreciated.
>
>
> endpoints.status.enabled=true
> endpoints.status.sensitive=false
> endpoints.dashboard.enabled=true
> endpoints.dashboard.sensitive=false
> cas.adminPagesSecurity.ip=.+
> security.user.name=admin
> security.user.password=admin
>
>
> 2019-10-23 21:58:11,093 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - 
> <===
> SECURITY ===>
>
> 2019-10-23 21:58:11,093 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - 
>  https://sanitized/cas/status>
>
> 2019-10-23 21:58:11,093 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - 
> 
>
> 2019-10-23 21:58:11,093 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - 
> 
> 2019-10-23 21:58:11,094 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic]
>  -  #IpClient# | name: IpClient | credentialsExtractor: null | authenticator: 
> IpRegexpAuthenticator[.+ ]
>
>  | profileCreator: 
> org.pac4j.core.profile.creator.AuthenticatorProfileCreator@290e9599
>  | authorizationGenerators: [] |]>
>
> 2019-10-23 21:58:11,095 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - 
> 
>
> 2019-10-23 21:58:11,110 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - 
> 
> 2019-10-23 21:58:11,110 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic]
>  -  #IpClient# | name: IpClient | credentialsExtractor: null | authenticator: 
> IpRegexpAuthenticator[.+ ]
>
>  | profileCreator: 
> org.pac4j.core.profile.creator.AuthenticatorProfileCreator@290e9599
>  | authorizationGenerators: [] |>
>
> 2019-10-23 21:58:11,126 DEBUG [org.pac4j.http.client.direct.IpClient] - 
> 
>
> 2019-10-23 21:58:11,126 INFO [org.pac4j.http.client.direct.IpClient] - 
>  172.21.96.74>
>
> 2019-10-23 21:58:11,126 DEBUG [org.pac4j.http.client.direct.IpClient] - 
> 
>
> org.pac4j.core.exception.CredentialsException: Unauthorized IP address: 
> 172.21.96.74
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMM6z%2BLYuO2dihVM96XAKC-EXEJBjMqyYhqau1jHMBwHJ9Bncw%40mail.gmail.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAP6HfJqfdVtX2J639vo7XnMHY_vwGaFqyp0Z7OLYqs%3DSA%40mail.gmail.com.

Re: [cas-user] mod_auth_cas and attributes

2019-10-25 Thread Alberto Cabello Sánchez 
On Thu, 24 Oct 2019 16:20:09 -0400
David Hawes  wrote:

> Note that you can use /serviceValidate with mod_auth_cas v1.2 if your
> server releases attributes.

Well, it seems this is not the case: validation response is


  
alberto
  


No node named "attributes", so no mod_auth_cas problem here.

-- 
Alberto Cabello Sánchez
Servicio de Informática
Universidad de Extremadura

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191025124030.bc08488929993daee23722d8%40unex.es.

Re: [cas-user] mod_auth_cas and attributes

2019-10-25 Thread Alberto Cabello Sánchez 
On Thu, 24 Oct 2019 16:12:58 -0400
David Hawes  wrote:

> What version of mod_auth_cas are you using?

Sorry, I didn't included it in my question:

mod_auth_cas is 1.2, freshly cloned from 
https://github.com/apereo/mod_auth_cas.git
CAS server is 5.3.12.1.

> v1.2 supports CASv2 attributes, which should work with /serviceValidate
> provided your server supports it.
> 
> Turn "CASDebug On" and you should be able to see the validation
> response with the attributes returned from your server. With
> CASAuthnHeader set to some attribute like you've done, the released
> attributes should be in the HTTP headers.

This is the CAS info logged in Tomcat

INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 


I can't find any reference to headers in Apache 2 logs, except

Adding outgoing header: Set-Cookie: 
MOD_AUTH_CAS_S=6c60***d099;Secure;Path=/examples/jsp/; 
HttpOnly, referer: /login?service=

I guess I will add some printf() statements in mod_auth_cas to gather more
info, and explore the SAML approach.

If it helps, I do get an "ATTR" header (CASAuthNHeader is set to ATTR),
but it just contains the REMOTE_USER value ("alberto" in this case).

Thanks for your help.
 
> On Thu, 24 Oct 2019 at 06:26, Alberto Cabello Sánchez  wrote:
> >
> > Hi,
> >
> > I'm trying to get attributes released by CAS through mod_auth_cas and CASv2
> > protocol (not SAML), but I'm not sure how to achieve it.
> >
> > I set
> >
> > CASAuthNHeader ATTR
> >
> > but it just gives the authenticated user, even if successful login page 
> > shows
> > correctly the attributes defined in application.properties.
> >
> > Attribute release policy for that service is
> > "attributeReleasePolicy" : {
> > "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> > },
> >
> > My validation URL is
> >
> > CASValidateURL /serviceValidate
> >
> > I don't know if this is correct. I found another value when using SAML
> > validation, but I don't know if I have to change this one for CASv2 (only
> > found this information regarding the SAML version).
> >
> > Thanks in advance,
> >
> > --
> > Alberto Cabello Sánchez
> > Servicio de Informática
> > Universidad de Extremadura
> >
> > --
> > - Website: https://apereo.github.io/cas
> > - Gitter Chatroom: https://gitter.im/apereo/cas
> > - List Guidelines: https://goo.gl/1VRrw7
> > - Contributions: https://goo.gl/mh7qDG
> > ---
> > You received this message because you are subscribed to the Google Groups 
> > "CAS Community" group.
> > To unsubscribe from this group and stop receiving emails from it, send an 
> > email to cas-user+unsubscr...@apereo.org.
> > To view this discussion on the web visit 
> > https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191024122634.9aee358820053e3c75081f5e%40unex.es.
> 
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wDKF8kj6NuQBKhfP9DeT10vmRWXguFafrzxNAg8454JXQ%40mail.gmail.com.


-- 
Alberto Cabello Sánchez
Servicio de Informática
Universidad de Extremadura

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20191025114525.ebc9b494c5b68d121e09c3fa%40unex.es.

[cas-user] Is possible with jasig ?

2019-10-25 Thread vallee.romain 
Hello,
my population are store in Active Directory .

I try to use Jasig Password for "forget password"  action .

When user lost password, jasig can use 
"cas.authn.pm.reset.mail.AttributeName" for send mail to user .

So, we don't store alternative mail in our AD (for confidentiality reasons 
).

The alternative mail is currently store in web service (XML return ) .

I try to concatain like this 

cas.authn.pm.reset.mail.AttributeName=cas.authn.pm.rest.endpointUrlEmail=http://xxx{user}xxx

but it's unsuccessful ! ( of course )

Do you know if it's possible for Jasig to look for alternative mail 
elsewhere  an AD attribute ?

Thank you

Best regards



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/68598564-f8a9-437e-8bb2-42230152aeab%40apereo.org.