Re: [cas-user] Configuration property overrides via environment variables does not work

[Jérôme Steve]

Hi Paul,

I had the same probleme. What I notice :

If you coment or you remove property in app.properties, the corresponding
env var is used.

But if you have it in the app.properties, property will not be erasse by
env var.

But for me is same as other spring-boot app. Maybe what you are tallking
about it's a new feature in a newest version of sprint boot ?!

For your purpose use spring boot profil and multi app.properties.











Le jeu. 25 juin 2020 à 17:04, Paul Roemer  a écrit :

> Hey guys,
>
> today we noticed that we are not able to override properties set in some
> application properties file by environment variables.
> For example, we have some property 'secrect' that we configure with value
> 'unknown' in application-production.properties. Now, for the deployment we
> want to override the property by setting the env variable SECRET=dontaskme.
> But it fails and it's still 'unknown'. On the other hand after removing the
> property 'secret' from the application-production.properties, the
> environment variable is taken into account and the value is 'dontaskme'.
>
> So, does CAS not behave as normal Spring Boot applications when it comes
> to property overrides?
>
> Cheers,
>   Paul
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0e49b715-d2d6-49f4-b33e-01670375343cn%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD6KnbycHuFgQDSQ8%2B4LnO6QKUyYb-VSdXc%3DBrcM0R4%3DX46L8A%40mail.gmail.com.

Re: [cas-user] Configuration property overrides via environment variables does not work

[Ray Bon]

Paul,

According to 
https://apereo.github.io/cas/6.1.x/configuration/Configuration-Properties.html#json-service-registry
 the property is cas.serviceRegistry.json.location.

I am not sure how you make comparisons with lower case and upper case for what 
looks to be the same property.

You might also consider mounting the the test/prod services with docker and 
leave the default variable value.

Ray

On Thu, 2020-06-25 at 09:11 -0700, Paul Roemer wrote:
Hey Ray,

this was just an example. We actually used the property to set the JSON 
registry location for testing:

cas.service-registry.json.location=file:etc/cas/services

Also, Docker is in use and then you end up with something like that

1) docker run --rm -it -v $PWD/etc/cas/config:/etc/cas/config cas:latest

[...]
2020-06-25 12:45:14,401 WARN [org.apereo.cas.web.CasWebApplicationContext] - 


Configuration from the application-production.properties is used with value 
'/cas-overlay/etc/cas/services'

2a) docker run --rm -it -v $PWD/etc/cas/config:/etc/cas/config -e 
cas.service-registry.json.location=file:/foobar cas:latest
2b) docker run --rm -it -v $PWD/etc/cas/config:/etc/cas/config -e 
CAS.SERVICE_REGISTRY_JSON_LOCATION=file:/foobar cas:latest

We got the same result as above. The environment variable is not respected.

3) Same commands as above but we commented out 
'cas.service-registry.json.location' in the properties file

[...]
2020-06-25 12:47:48,725 WARN [org.apereo.cas.web.CasWebApplicationContext] - 


Only now, the environment variable's value is respected...

Very strange.
On Thursday, June 25, 2020 at 5:24:09 PM UTC+2 rbon wrote:
Paul,

Is the value in properties 'secrect' a typo?
What about case, SECRET != secret?

Ray

On Thu, 2020-06-25 at 08:04 -0700, Paul Roemer wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hey guys,

today we noticed that we are not able to override properties set in some 
application properties file by environment variables.
For example, we have some property 'secrect' that we configure with value 
'unknown' in application-production.properties. Now, for the deployment we want 
to override the property by setting the env variable SECRET=dontaskme. But it 
fails and it's still 'unknown'. On the other hand after removing the property 
'secret' from the application-production.properties, the environment variable 
is taken into account and the value is 'dontaskme'.

So, does CAS not behave as normal Spring Boot applications when it comes to 
property overrides?

Cheers,
  Paul

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5dc69d6b98173165dc55f6e4db88fdcd22a45325.camel%40uvic.ca.

[cas-user] OpenID

[Bryan Wooten]

We are trying to test:

https://github.com/cas-projects/openid-sample-java-webapp

But in the CAS logs I see:

[1;31m2020-06-24 13:43:52,517 ERROR
[org.springframework.boot.web.servlet.support.ErrorPageFilter] -
ESC[m
org.thymeleaf.exceptions.TemplateInputException: Error resolving template
[openIdProviderView], template might not exist or might not be accessible
by any of the configured Template Resolvers

We can't find openIdProviderView HTML file in any repo.

What are we missing?

Thanks,

Bryan

University of Utah

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GU0PP7%2BEYyLO6AHvhxKxJeocZuu34xdmJpozfW%3DD5mo9A%40mail.gmail.com.

Re: [cas-user] Configuration property overrides via environment variables does not work

[Paul Roemer]

Hey Ray,

this was just an example. We actually used the property to set the JSON 
registry location for testing:

cas.service-registry.json.location=file:etc/cas/services

Also, Docker is in use and then you end up with something like that

1) docker run --rm -it -v $PWD/etc/cas/config:/etc/cas/config cas:latest

[...]
2020-06-25 12:45:14,401 WARN [org.apereo.cas.web.CasWebApplicationContext] 
- 

Configuration from the application-production.properties is used with value 
'/cas-overlay/etc/cas/services'

2a) docker run --rm -it -v $PWD/etc/cas/config:/etc/cas/config -e 
cas.service-registry.json.location=file:/foobar cas:latest
2b) docker run --rm -it -v $PWD/etc/cas/config:/etc/cas/config -e 
CAS.SERVICE_REGISTRY_JSON_LOCATION=file:/foobar cas:latest

We got the same result as above. The environment variable is not respected.

3) Same commands as above but we commented out 
'cas.service-registry.json.location' 
in the properties file

[...]
2020-06-25 12:47:48,725 WARN [org.apereo.cas.web.CasWebApplicationContext] 
- 

Only now, the environment variable's value is respected...

Very strange.
On Thursday, June 25, 2020 at 5:24:09 PM UTC+2 rbon wrote:

> Paul,
>
> Is the value in properties 'secrect' a typo?
> What about case, SECRET != secret?
>
> Ray
>
> On Thu, 2020-06-25 at 08:04 -0700, Paul Roemer wrote:
>
> Notice: This message was sent from outside the University of Victoria 
> email system. Please be cautious with links and sensitive information. 
>
>
> Hey guys,
>
> today we noticed that we are not able to override properties set in some 
> application properties file by environment variables. 
> For example, we have some property 'secrect' that we configure with value 
> 'unknown' in application-production.properties. Now, for the deployment we 
> want to override the property by setting the env variable SECRET=dontaskme. 
> But it fails and it's still 'unknown'. On the other hand after removing the 
> property 'secret' from the application-production.properties, the 
> environment variable is taken into account and the value is 'dontaskme'.
>
> So, does CAS not behave as normal Spring Boot applications when it comes 
> to property overrides?
>
> Cheers,
>   Paul
>
> -- 
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca
>
> I respectfully acknowledge that my place of work is located within the 
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
> WSÁNEĆ Nations.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1b75e162-e25a-4915-a62e-1bc8744cbe24n%40apereo.org.

Re: [cas-user] Configuration property overrides via environment variables does not work

[Ray Bon]

Paul,

Is the value in properties 'secrect' a typo?
What about case, SECRET != secret?

Ray

On Thu, 2020-06-25 at 08:04 -0700, Paul Roemer wrote:
Notice: This message was sent from outside the University of Victoria email 
system. Please be cautious with links and sensitive information.

Hey guys,

today we noticed that we are not able to override properties set in some 
application properties file by environment variables.
For example, we have some property 'secrect' that we configure with value 
'unknown' in application-production.properties. Now, for the deployment we want 
to override the property by setting the env variable SECRET=dontaskme. But it 
fails and it's still 'unknown'. On the other hand after removing the property 
'secret' from the application-production.properties, the environment variable 
is taken into account and the value is 'dontaskme'.

So, does CAS not behave as normal Spring Boot applications when it comes to 
property overrides?

Cheers,
  Paul

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

I respectfully acknowledge that my place of work is located within the 
ancestral, traditional and unceded territory of the Songhees, Esquimalt and 
WSÁNEĆ Nations.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a40220e9d3d58b0fa6f96832958f79d37b6ee716.camel%40uvic.ca.

[cas-user] Configuration property overrides via environment variables does not work

[Paul Roemer]

Hey guys,

today we noticed that we are not able to override properties set in some 
application properties file by environment variables. 
For example, we have some property 'secrect' that we configure with value 
'unknown' in application-production.properties. Now, for the deployment we 
want to override the property by setting the env variable SECRET=dontaskme. 
But it fails and it's still 'unknown'. On the other hand after removing the 
property 'secret' from the application-production.properties, the 
environment variable is taken into account and the value is 'dontaskme'.

So, does CAS not behave as normal Spring Boot applications when it comes to 
property overrides?

Cheers,
  Paul

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0e49b715-d2d6-49f4-b33e-01670375343cn%40apereo.org.

Re: [cas-user] Re: OpenID Connect CAS module does not display required attributes (as iss, sub, aud, exp) if claims are set.

[Stef]

you should remove the attributeReleasePolicy and replace it with

  "scopes" : [ "java.util.HashSet",
[ "openid", "profile", "email", "address" ]
  ]


Le jeu. 25 juin 2020 à 15:59, Jakub Fridrich <
jakub.fridr...@klikpojisteni.cz> a écrit :

> I tried adding to Release policy (to service), but sub is not showing
> still.
> "attributeReleasePolicy" : {
> "@class" :
> "org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy",
> "allowedAttributes" : [ "java.util.ArrayList", [ "sub", "first_name",
> "last_name", "email" ] ]
>   }
>
>
>
> Dne čtvrtek 25. června 2020 13:04:33 UTC+2 Jakub Fridrich napsal(a):
>>
>> info: CAS 6.2.0-RC5 builded from cas-overlay-template
>>
>> Problem:
>> OpenID Connect in userinfo endpoint does not display required
>> attributes (as iss, sub, aud, exp) if claims are set.
>>
>> Scopes requested by client: openid, profile, email, address, phone
>> Claims requested by client: {"userinfo":{ "sub":null, "iss": null,
>> "name": null, "email": null, "first_name": null, "last_name": null }} or 
>> {"userinfo":{"name":
>> null, "email": null, "first_name": null, "last_name": null }}
>>
>>
>>
>>
>>
>> Service configuration:
>> {
>>   "@class" : "org.apereo.cas.services.OidcRegisteredService",
>>   "clientId": "XXX",
>>   "clientSecret": "XXX",
>>   "serviceId": "^https://xwikl.xxxserver.*;,
>>   "name": "XTest",
>>   "id": 5,
>>
>>   "attributeReleasePolicy" : {
>>"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>>   }
>> }
>>
>>
>> Dears any sugestions how to get in userinfo endpoint required fields
>> (iss, sub, aud, exp) ?
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/4690ebe5-3250-4798-bd0c-9e0925526ebco%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAENLzaZbVoKvA-aqwG9njrOcXC8ae%2Bf7zXJ8MYOdP0g5BP%2BOTg%40mail.gmail.com.

[cas-user] Re: OpenID Connect CAS module does not display required attributes (as iss, sub, aud, exp) if claims are set.

[Jakub Fridrich]

I tried adding to Release policy (to service), but sub is not showing 
still. 
"attributeReleasePolicy" : {
"@class" : 
"org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "sub", "first_name", 
"last_name", "email" ] ]
  }



Dne čtvrtek 25. června 2020 13:04:33 UTC+2 Jakub Fridrich napsal(a):
>
> info: CAS 6.2.0-RC5 builded from cas-overlay-template
>
> Problem:
> OpenID Connect in userinfo endpoint does not display required 
> attributes (as iss, sub, aud, exp) if claims are set. 
>
> Scopes requested by client: openid, profile, email, address, phone
> Claims requested by client: {"userinfo":{ "sub":null, "iss": null, 
> "name": null, "email": null, "first_name": null, "last_name": null }} or 
> {"userinfo":{"name": 
> null, "email": null, "first_name": null, "last_name": null }}
>
>
>
>
>
> Service configuration:
> {
>   "@class" : "org.apereo.cas.services.OidcRegisteredService",
>   "clientId": "XXX",
>   "clientSecret": "XXX",
>   "serviceId": "^https://xwikl.xxxserver.*;,
>   "name": "XTest",
>   "id": 5,
>
>   "attributeReleasePolicy" : {
>"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>   }
> }
>
>
> Dears any sugestions how to get in userinfo endpoint required fields (iss, 
> sub, aud, exp) ?
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4690ebe5-3250-4798-bd0c-9e0925526ebco%40apereo.org.

[cas-user] Re: OpenID Connect CAS module does not display required attributes (as iss, sub, aud, exp) if claims are set.

[Stéphane Delcourt]

I think you have to list the scopes available in the service definition 
like described here:
https://apereo.github.io/cas/development/installation/OIDC-Authentication.html#scope-based-claims
  
Le jeudi 25 juin 2020 à 13:04:33 UTC+2, Jakub Fridrich a écrit :

> info: CAS 6.2.0-RC5 builded from cas-overlay-template
>
> Problem:
> OpenID Connect in userinfo endpoint does not display required 
> attributes (as iss, sub, aud, exp) if claims are set. 
>
> Scopes requested by client: openid, profile, email, address, phone
> Claims requested by client: {"userinfo":{ "sub":null, "iss": null, 
> "name": null, "email": null, "first_name": null, "last_name": null }} or 
> {"userinfo":{"name": 
> null, "email": null, "first_name": null, "last_name": null }}
>
>
>
>
>
> Service configuration:
> {
>   "@class" : "org.apereo.cas.services.OidcRegisteredService",
>   "clientId": "XXX",
>   "clientSecret": "XXX",
>   "serviceId": "^https://xwikl.xxxserver.*;,
>   "name": "XTest",
>   "id": 5,
>
>   "attributeReleasePolicy" : {
>"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>   }
> }
>
>
> Dears any sugestions how to get in userinfo endpoint required fields (iss, 
> sub, aud, exp) ?
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/735b40dc-ebfa-4ad2-89ba-65154e566b63n%40apereo.org.

[cas-user] OpenID Connect CAS module does not display required attributes (as iss, sub, aud, exp) if claims are set.

[Jakub Fridrich]

info: CAS 6.2.0-RC5 builded from cas-overlay-template

Problem:
OpenID Connect in userinfo endpoint does not display required 
attributes (as iss, sub, aud, exp) if claims are set. 

Scopes requested by client: openid, profile, email, address, phone
Claims requested by client: {"userinfo":{ "sub":null, "iss": null, "name": 
null, "email": null, "first_name": null, "last_name": null }} or 
{"userinfo":{"name": 
null, "email": null, "first_name": null, "last_name": null }}





Service configuration:
{
  "@class" : "org.apereo.cas.services.OidcRegisteredService",
  "clientId": "XXX",
  "clientSecret": "XXX",
  "serviceId": "^https://xwikl.xxxserver.*;,
  "name": "XTest",
  "id": 5,

  "attributeReleasePolicy" : {
   "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
  }
}


Dears any sugestions how to get in userinfo endpoint required fields (iss, 
sub, aud, exp) ?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/61533dc4-3b42-462f-a498-8183f87c60c8o%40apereo.org.