Re: [cas-user] CAS 7.0.4 Can't get cas-management (7.0.0-SNAPSHOT) to authenticate to CAS

2024-05-14 Thread Ray Bon 
Tom,

I am experiencing the same problem (too many redirects).
I will be comparing the behaviour of cas-management 6.5 to 7-snapshot today.

Ray

On Tue, 2024-05-14 at 07:48 -0700, Tom Reijnders wrote:

You don't often get email from ajjreijnd...@gmail.com. Learn why this is 
important

I am trying to migrate from CAS 6.6.15 to CAS 7.04 (because I could not get 
Password reset working on 6.6.15).

Password reset is working fine, but if I try to login to cas-management I end 
up in a redirection loop.

I use the overlays generated by getcas.apereo.org/ui (CAS 7.0.4, cas-management 
7.0.0-SNAPSHOT) and deployed using tomcat11 (behind an apache reverse proxy).

If I browse to cas-management, it redirectts to cas (as expected). If I login 
as the user mentioned in the users.json file configured in 
management.properties I get redirected to

https://cas./cas-management/callback?client_name=CasClient=x

So far so good. But then I get redirected to cas again (that verifies the 
ticket) and redirects to cas-management, etc.

What am I doing wrong??

The service definition for cas-management is as follows:

{
  @class: org.apereo.cas.services.CasRegisteredService
  serviceId: ^https://cas.X/cas-management.*
  name: CAS Management
  id: 1001
  description: Management of CAS enabled services
  evaluationOrder: 5
  logoutUrl: https://cas.X/cas-management/logout
}

Regards,

Tom

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/52648d65b1a49df03c7ffbf19dd56fa9633268cc.camel%40uvic.ca.

Re: [cas-user] cas 7.1.0 disable slf4j and active groovy for auditing .Is it work ?

2024-05-14 Thread Ray Bon 
'customHttpRequestHeader' is only an example; you would have to define it as 
part of the groovy script (or add it to the headers somewhere else).

Ray


On Tue, 2024-05-14 at 04:57 -0700, artur mis wrote:

You don't often get email from artvr@gmail.com. Learn why this is 
important

cas.propierties
cas.audit.slf4j.enabled=false
cas.audit.groovy.template.location=file:/etc/cas/GroovyAuditor.groovy



cat GroovyAuditor.groovy
${logger.info("Hello, World")}
who: ${who}, what: ${what}, when: ${when}, ip: ${clientIpAddress}, trace: 
${customHttpRequestHeader}


logs:


2024-05-14 12:55:14,429 ERROR 
[org.apereo.cas.web.support.filters.AbstractSecurityFilter] - https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f6f94284050716535ba539e5144199e66971fcc5.camel%40uvic.ca.

[cas-user] CAS 7.0.4 Can't get cas-management (7.0.0-SNAPSHOT) to authenticate to CAS

2024-05-14 Thread Tom Reijnders 
I am trying to migrate from CAS 6.6.15 to CAS 7.04 (because I could not get 
Password reset working on 6.6.15).

Password reset is working fine, but if I try to login to cas-management I 
end up in a redirection loop.

I use the overlays generated by getcas.apereo.org/ui (CAS 7.0.4, 
cas-management 7.0.0-SNAPSHOT) and deployed using tomcat11 (behind an 
apache reverse proxy).

If I browse to cas-management, it redirectts to cas (as expected). If I 
login as the user mentioned in the users.json file configured in 
management.properties I get redirected to 

https://cas./cas-management/callback?client_name=CasClient=x

So far so good. But then I get redirected to cas again (that verifies the 
ticket) and redirects to cas-management, etc.

What am I doing wrong??

The service definition for cas-management is as follows:

{
  @class: org.apereo.cas.services.CasRegisteredService
  serviceId: ^https://cas.X/cas-management.*
  name: CAS Management
  id: 1001
  description: Management of CAS enabled services
  evaluationOrder: 5
  logoutUrl: https://cas.X/cas-management/logout
}

Regards,

Tom

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/486863b1-80de-4f25-9642-cab83b438cefn%40apereo.org.

[cas-user] Re: CAS 6.6.5 to 7.0.4 - customized css and js with prohibited access from html.

2024-05-14 Thread Meysam Shirazi 
Hi Leonardo

I guess the main cause is that the */ect  *is not in the list of secure 
path of the application. Spring Boot , by default, permit access to 
/css/**, /js/**, /images/**, and /**/favicon.ico. you can use custom theme 
for this purpose.

On Tuesday, May 14, 2024 at 3:39:50 PM UTC+3:30 Leonardo Ferreira wrote:

> Hi everyone!
>
> I'm migrating from version 6.6.15 to 7.0.4 and I'm facing a small problem.
> My customized html pages are unable to access the .css and .js files that 
> are also customized.
> It is important to comment that in version 6.6.15 everything works 
> perfectly.
>
> My files are in the following structure:
> src:
>  - main:
>- resources:
>   - templates:
>- fragments
>- login
>- logout 
>   * layout.html*
>   - static:
>- ect:
>   - css
>   - js
>   - img
>   * loginform.css*
>
> My *layout.html* file has the following references:
>  type="image/x-icon"/>
>  type="text/css">
>  type="text/css">
> 
>   ...
> 
> 
> 
>  th:src="@{#{webjars.jquery.js}}">
>
> The strange thing is that in the browser console I get 403 errors. Ex:
>
> GET http://localhost:8080/ect/css/bunker.css net::ERR_ABORTED 403 
> (Forbidden)
> GET http://localhost:8080/ect/js/alertaerro.js net::ERR_ABORTED 403 
> (Forbidden)
>
> Has anyone gone through something similar or could guide me on how to get 
> around this issue?
>
> Thank you for the help!
>
> Leonardo.
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0f9a9df9-c8bc-4d3f-b96b-d2a0a61557c6n%40apereo.org.

[cas-user] Re: Adding Header to the verification URI in REST Authentication

2024-05-14 Thread Meysam Shirazi 
Hi Reza

Please pay attention to this section in the Rest Auth documentation 

:
*"This allows the CAS server to reach to a remote REST endpoint via a POST 
for verification of credentials. Credentials are passed via an 
Authorization header whose value is Basic XYZ where XYZ is a Base64 encoded 
version of the credentials."*
So Authorization header is the actual credential that you pass to the rest 
endpoint.

On Sunday, May 12, 2024 at 12:36:23 PM UTC+3:30 reza z wrote:

> Hi everyone, In cas v6.6 Rest Auth documentation 
> , 
> It says that endpoint URI to use for verification of credentials can be set 
> by the following configuration: cas.authn.rest.uri= My question is How 
> can I set a header, actually an Authorization header, for this request?
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e4ae3c6a-3db9-419a-be70-e9a00f87b335n%40apereo.org.

[cas-user] Re: CAS 6.6.5 to 7.0.4 - customized css and js with prohibited access from html.

2024-05-14 Thread Leonardo Ferreira 
After researching a little, I discovered that in version 7.0.x a new class 
was added restricting access to the application directories. The class name 
is: CasWebSecurityConfigurerAdapter
After inspecting it, I changed the directory structure and it started 
working again.

src:
 - main:
   - resources:
  - templates:
   - fragments
   - login
   - logout 
  * layout.html*
  - static:
  - css
  - js
  - img
  * loginform.css*




Em terça-feira, 14 de maio de 2024 às 09:09:50 UTC-3, Leonardo Ferreira 
escreveu:

> Hi everyone!
>
> I'm migrating from version 6.6.15 to 7.0.4 and I'm facing a small problem.
> My customized html pages are unable to access the .css and .js files that 
> are also customized.
> It is important to comment that in version 6.6.15 everything works 
> perfectly.
>
> My files are in the following structure:
> src:
>  - main:
>- resources:
>   - templates:
>- fragments
>- login
>- logout 
>   * layout.html*
>   - static:
>- ect:
>   - css
>   - js
>   - img
>   * loginform.css*
>
> My *layout.html* file has the following references:
>  type="image/x-icon"/>
>  type="text/css">
>  type="text/css">
> 
>   ...
> 
> 
> 
>  th:src="@{#{webjars.jquery.js}}">
>
> The strange thing is that in the browser console I get 403 errors. Ex:
>
> GET http://localhost:8080/ect/css/bunker.css net::ERR_ABORTED 403 
> (Forbidden)
> GET http://localhost:8080/ect/js/alertaerro.js net::ERR_ABORTED 403 
> (Forbidden)
>
> Has anyone gone through something similar or could guide me on how to get 
> around this issue?
>
> Thank you for the help!
>
> Leonardo.
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4c5b4b8e-d9d7-4f60-88d2-20eeb1bf809fn%40apereo.org.

[cas-user] cas 7.1.0 disable slf4j and active groovy for auditing .Is it work ?

2024-05-14 Thread artur mis 
cas.propierties
cas.audit.slf4j.enabled=false
cas.audit.groovy.template.location=file:/etc/cas/GroovyAuditor.groovy



cat GroovyAuditor.groovy
${logger.info("Hello, World")}
who: ${who}, what: ${what}, when: ${when}, ip: ${clientIpAddress}, trace: 
${customHttpRequestHeader}


logs:


2024-05-14 12:55:14,429 ERROR 
[org.apereo.cas.web.support.filters.AbstractSecurityFilter] - https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a31fec7-4f49-4cd4-8e4a-cb773b453ba6n%40apereo.org.

[cas-user] CAS 6.6.5 to 7.0.4 - customized css and js with prohibited access from html.

2024-05-14 Thread Leonardo Ferreira 
Hi everyone!

I'm migrating from version 6.6.15 to 7.0.4 and I'm facing a small problem.
My customized html pages are unable to access the .css and .js files that 
are also customized.
It is important to comment that in version 6.6.15 everything works 
perfectly.

My files are in the following structure:
src:
 - main:
   - resources:
  - templates:
   - fragments
   - login
   - logout 
  * layout.html*
  - static:
   - ect:
  - css
  - js
  - img
  * loginform.css*

My *layout.html* file has the following references:




  ...





The strange thing is that in the browser console I get 403 errors. Ex:

GET http://localhost:8080/ect/css/bunker.css net::ERR_ABORTED 403 
(Forbidden)
GET http://localhost:8080/ect/js/alertaerro.js net::ERR_ABORTED 403 
(Forbidden)

Has anyone gone through something similar or could guide me on how to get 
around this issue?

Thank you for the help!

Leonardo.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/36c9d837-cc53-42b9-8de1-f328c1b76397n%40apereo.org.

[cas-user] Re: Audit logging in 7.0.x?

2024-05-14 Thread artur mis 
I seems that  cas.audit.engine.enabled: true (v7.1.0  is default so you 
don't need to set to true. 

On Tuesday, March 5, 2024 at 4:41:23 AM UTC+1 Baron Fujimoto wrote:

> With CAS v6.x, we used to get audit logs that looks something akin to:
>
> 2024-03-02 00:00:00,403 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: joeuser
> WHAT: {result=Service Access Granted, service=https:/example.edu/app, 
> requiredAttributes={}}
> ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
> APPLICATION: CAS
> WHEN: Sat Mar 02 00:00:00 HST 2024
> CLIENT IP ADDRESS: 192.0.0.192
> SERVER IP ADDRESS: 10.10.10.10
> =
>
> >
> (and similar others)
>
> And our configs would additionally log them to a separate audit log file. 
> However, since upgrading to cas v7, we are no longer generating these logs.
>
> I've tried explicitly enabling audit logging in our cas.,properties with:
>
> cas.audit.engine.enabled=true
>
> But still nothing. I also don't see a WAR overlay dependency for 
> build.gradle that looks appropriate?
>
> I think our audit log is also defined in log4j2.xml which contains:
> =
> 
>  fileName="${baseDir}/cas_audit.log" append="true"
> ...
> 
> 
> 
> ...
>  level="info">
> 
> 
> 
> 
> =
>
> Any ideas what we're missing to enable audit logging once again?
>
> Reference: 
> -- 
> Baron Fujimoto  ::: UH Information Technology Services
> minutas cantorum, minutas balorum, minutas carboratum descendus pantorum
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5f66c8dd-ace2-427a-abb9-1200041b3e75n%40apereo.org.