Re: [cas-user] Hazelcast-Ticket Registry config
Hi Dave , Thanks for your reply . - I have not done this with Tomcat 9 / Java 11 or CAS 6.x, but it seems to me you need to fix this: -- - * I just wanted to build my env with latest versions and patches . Cause my aim , i used ubuntu 1804 , tomcat 9.0.26 and CAS latest branch/master deployment. * - Also, are you sure the port 5701 is open in the firewall on both hosts? If it's not, the Hazelcasts can't talk to each other. - Yes , i am sure . I try to connect their ports ( casuno and casdos ) with port 5701 via telnet , both them connected. And they are in same subnet also , for ex ; - VIP : LB : casnlb : 172.16.100.100 ( casnlb..edu.tr --- telnet 5701 is unsuccessful . , is that normal , virtual ip should be listen port 5701 or not ? ) ( I understood that they dont need to communicate via LB ip or domain name , the just communicate each other via their cluster member name ) - casuno: first cas server : 172.16.100.110 ( casuno.edu.tr --- telnet 5701 is successful . from casdos to casuno and from casuno to casuno , they have proper dns A record and both sites telnet connections are successful ) - casdos: second cas server : 172.16.100.120 ( casdos.edu.tr --- telnet 5701 is successful . from casuno to casdos and from casdos to casdos , they have proper dns A record and both sites telnet connections are successful ) - Are the host names you're using to configure the Hazelcast members the actual names of the hosts that resolve to their direct IP addresses? ( Yes , servers are Ubuntu 1804 and their hostname are casuno and casdos , They have DNS A record in our DNS Server , and they are able to communicate each other via their's domain name . - Or do they resolve to the load balancer? ( LB also has DNS record . I mentioned about records above ) - You want them talking directly to each other, not through the load balancer (it's an entirely "back end" conversation that doesn't involve the client.) ( They are talking , communicate each other directly , not through LB , i tried telnet to LB domain name -- casnlb with port 5701 but it was unsuccessful ) Last ; --add-modules java.se --add-exports java.base/jdk.internal.ref=ALL-UNNAMED --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.nio=ALL-UNNAMED --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.management/sun.management=ALL-UNNAMED --add-opens jdk.management/com.sun.management.internal=ALL-UNNAMED Yes you are right , it is totatly about configuration of java ,, i search in google and it is redirected me stackoverflow and some other sites , i also try to add these modules to java but couldnt add. If it is possible could you please share your env details . For ex , what is your LB , which method do you use , which version CAS do you have , also Cas-management , how your cas hazelcast configured , and similar things? Thanks for everything . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3d44afe7-cc92-44ee-a1cc-c5a6ef560eb0%40apereo.org.
Re: [cas-user] Hazelcast-Ticket Registry config
Hi Andy , Thanks for your reply . - From your error logs seems like you are using 6.2.0-SNAPSHOT version of CAS. -- *Yes , u are right. I have changed my version 6.1.1 * - *With your advice ; i cloned and build cas with version 6.1.1 --- ( git clone -b 6.1 --single-branch https://github.com/apereo/cas-overlay-template.git , added dependincies , build ,etc.)* - Another thing is that for your latest properties file, you seems to remove the instanceName property --- *I hope i add this properties to right one ( cas.properties file ) , if not could you please warn / inform me ? * - *I add to cas.properties file --- cas.ticket.registry.hazelcast.cluster.instanceName: casuno.x.edu.tr , ( for second one , cas.ticket.registry.hazelcast.cluster.instanceName: casdos.xx.edu.tr ) * After that changes , i tested but it forced me login again , redirect to home page -- ( i mean that , i logon casuno successfully then stop its service from netscaler , i hope casdos - the second cas - will handle the request and not ask me credentials but it asked again) - I use hazelcast for our production deployment, and I configured instanceName property for it to work, so you should try adding back the instanceName. Of course, instanceName need to be different for each server, that part I think you already know. - I understood that you have a running HA configured CAS SSO enviroment for your company/university or where you work for . If it is possible could you please share your env details . For ex , what is your LB , which method do you use , which version CAS do you have , also Cas-management , how your cas hazelcast configured , and similar things? I just try to catch my fault/ mistake . I think i have some misconfigurations but i couldn be able to point what are theys . And it become as trouble for me . Many thanks for everyting , for you and Dave Curry. I will be waiting for your reply and i believe that at the end , i will solve ,catch my faults / mistakes. Thank you. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/73540485-587f-41a7-86f6-89c6ff4796fe%40apereo.org.
Re: [cas-user] Hazelcast-Ticket Registry config
Hi Dave ,
Thanks for your reply . I have tested if it works or not with as you
mentioned before , but it didnt work. Also i have newly errors about other
sites . Briefly explain my env. ;
- I have two CAS -- casuno.example.edu.tr and casdos.example.edu.tr and
one virtual ip behind netscaler LB - casnlb.x.edu.tr ( they have
proper DNS A records , they are all in same subnet/vlan ,their ufw has
disabled -- their OS Ubuntu 1804 ) ;
- Both they have openjdk 11.0.4 2019-07-16 and tomcat 9.0.26
, with https: - ssl 8443 and http : 8080
- Both they have ; nginx ; i use them as reverse proxy ;
casuno.example.edu.tr:8443 redirects https://casnlb.example.edu.tr (
casnlb has virtual ip behind netscaler LB , and roundrobin tcp 443 - )
- Both they have ; cas-overlay--- build.gradle --
- compile "org.apereo.cas:cas-server-support-ldap:${casServerVersion}"
- compile
"org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}"
- compile
"org.apereo.cas:cas-server-support-hazelcast-ticket-registry:${casServerVersion}
- Both they have ; cas-management-overlay--- build.gradle -- (
default )
*Below my cas.properties ; ( differences between are just crypto keys ! ) *
#
cas.server.name:https://casnlb..edu.tr
server.prefix=${server.name}/cas
logging.config: file:/etc/cas/config/log4j2.xml
cas.authn.accept.users=
##TGC-Secure###
cas.tgc.secure:true
cas.tgc.crypto.encryption.key:MXXs
cas.tgc.crypto.signing.key:BXXXQ
cas.webflow.crypto.encryption.key:j==
cas.webflow.crypto.signing.key:MXXXA
##LDAP#
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].principalAttributeList=cn,givenName,userPrincipalName,description
#cas.authn.ldap[0].bindDn=cn=Users,DC=example,DC=edu,DC=tr
cas.authn.ldap[0].ldapUrl=ldap://adc.example.edu.tr:389
#cas.authn.ldap[0].searchFilter=cn={user}
cas.authn.ldap[0].searchFilter=(userPrincipalName={user})
cas.authn.ldap[0].bindDn=cn=CAS ldap,cn=users,dc=,dc=edu,dc=tr
cas.authn.ldap[0].bindCredential=HHHH
cas.authn.ldap[0].baseDn=OU=Users,DC=x,DC=edu,DC=tr
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].useSsl=false
##Services##
cas.serviceRegistry.json.location=file:/etc/cas/services
##Hazelcast#
cas.ticket.registry.hazelcast.cluster.members:
casuno.x.edu.tr,casdos.x.edu.tr
cas.ticket.registry.hazelcast.cluster.asyncBackupCount: 1
cas.ticket.registry.hazelcast.cluster.backupCount: 0
cas.ticket.registry.hazelcast.cluster.port: 5701
cas.ticket.registry.hazelcast.cluster.portAutoIncrement:false
cas.ticket.registry.hazelcast.crypto.encryption.key:
KXxxXx==
cas.ticket.registry.hazelcast.crypto.signing.key:
oXXXXXXxfSkw
cas.ticket.registry.hazelcast.crypto.enabled: true
*Below management.properties; ( both same , casuno and casdos ) *
cas.server.name=https://casnlb..edu.tr
cas.server.prefix=${cas.server.name}:/cas
mgmt.serverName=https://casnlb.x.edu.tr/cas-management
mgmt.adminRoles[0]=ROLE_ADMIN
mgmt.userPropertiesFile=file:/etc/cas/config/users.json
logging.config=file:/etc/cas/config/log4j2-management.xml
*Below cas/services --- cas-management web app json --- ( both same casuno
and casdos , json names are different , their id s are different ) *
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://casnlb.x.edu.tr/cas-management/*";,
"name" : "CAS Services Management",
"id" : xxx,
"description" : "CAS Services Management Webapp",
"evaluationOrder" : 10
}
1. Start an incognito/private mode browser so there are no cookies (
Done )
2. Log in to Application 1 through CAS (Done )
3. Check the CAS logs to figure out which server handled my login ( --
casuno has grab/handle request and i successfully login via my domain
account ... https://casuno.xxx.edu.tr/cas --- login successfull )
4. Shut that CAS server down (Done)
5. Go back to the browser and access another CAS-protected service -- if
it lets me in without username/passwo
Re: [cas-user] Hazelcast-Ticket Registry config
Hi Dave , Thaks for your reply. I have configured my env. as you say and it works . But i have some warning messages , i dont know how to get rid of them. One more , how can i test it , it works properly or not ? It seems everything ok , but how can i test hazelcast , i dont know how hazelcast replicates tickets and how can i verify each node can has same ticket? Simply i want to test it by stopping one of the cas node's tomcat service ,then refresh the browser but other node couldnt send any reply, my session has end and it forced me login to active node again. You or someone could please help me about that? Thank you. -- 2019-10-16 09:19:50,525 INFO [org.apereo.cas.configuration.DefaultCasConfigurationPropertiesSourceLocator] - 2019-10-16 09:19:50,595 INFO [org.apereo.cas.web.CasWebApplicationServletInitializer] - 2019-10-16 09:19:56,393 INFO [org.apereo.cas.services.resource.AbstractResourceBasedServiceRegistry] - 2019-10-16 09:19:56,401 INFO [org.apereo.cas.util.io.PathWatcherService] - 2019-10-16 09:19:58,088 INFO [org.apereo.cas.config.LdapAuthenticationConfiguration] - 16-Oct-2019 09:19:58.727 WARNING [main] com.hazelcast.instance.HazelcastInstanceFactory.null Hazelcast is starting in a Java modular environment (Java 9 and newer) but without proper access to required Java packages. Use additional Java arguments to provide Hazelcast access to Java internal API. The internal API access is used to get the best performance results. Arguments to be used: --add-modules java.se --add-exports java.base/jdk.internal.ref=ALL-UNNAMED --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.nio=ALL-UNNAMED --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.management/sun.management=ALL-UNNAMED --add-opens jdk.management/com.sun.management.internal=ALL-UNNAMED 2019-10-16 09:19:58,818 WARN [com.hazelcast.instance.AddressPicker] - <[LOCAL] [dev] [3.12.3] You configured your member address as host name. Please be aware of that your dns can be spoofed. Make sure that your dns configurations are correct.> 2019-10-16 09:19:58,819 WARN [com.hazelcast.instance.AddressPicker] - <[LOCAL] [dev] [3.12.3] You configured your member address as host name. Please be aware of that your dns can be spoofed. Make sure that your dns configurations are correct.> WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.hazelcast.internal.networking.nio.SelectorOptimizer (file:/opt/tomcat/webapps/cas/WEB-INF/lib/hazelcast-3.12.3.jar) to field sun.nio.ch.SelectorImpl.selectedKeys WARNING: Please consider reporting this to the maintainers of com.hazelcast.internal.networking.nio.SelectorOptimizer WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release 2019-10-16 09:20:09,517 INFO [org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration] - < Using generated security password: 2ab6b74e-418b-4915-8094-82415aa231ca > 2019-10-16 09:20:09,672 INFO [org.springframework.security.web.access.channel.ChannelProcessingFilter] - 2019-10-16 09:20:09,691 INFO [org.springframework.security.web.DefaultSecurityFilterChain] - 2019-10-16 09:20:10,860 INFO [org.apereo.cas.web.CasWebApplicationServletInitializer] - 2019-10-16 09:20:10,873 INFO [org.apereo.cas.web.CasWebApplication] - <> 2019-10-16 09:20:10,876 INFO [org.apereo.cas.web.CasWebApplication] - < _ _ __ __ | _ \ | |/ \| _ \ \ \ / / | |_) | | _| / _ \ | | | | \ V / | _ < | |___ / ___ \ | |_| | | | |_| \_\ |_| /_/ \_\ |/|_| -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0858edd5-8f0b-4684-a56d-5f1462f8f7f2%40apereo.org.
Re: [cas-user] Hazelcast-Ticket Registry config
Hi Dave , Thaks for your reply. I have configured my env. as you say and it works . But i have some warning messages , i dont know how to get rid of them. One more , how can i test it , it works properly or not ? It seems everything ok , but how can i test hazelcast , i dont know how hazelcast replicates tickets and how can i verify each node can has same ticket? Simply i want to test it by stopping one of the cas node's tomcat service ,then refresh the browser but other node couldnt send any reply, my session has end and it forced me login to active node again. You or someone could please help me about that? Thank you. 15 Ekim 2019 Salı 15:00:56 UTC+3 tarihinde David Curry yazdı: > > Your properties should be named cas.ticket.registry.hazelcast.cluster. > **, not cas.cluster.**. See here: > > > https://apereo.github.io/cas/development/configuration/Configuration-Properties.html#hazelcast-ticket-registry > > > For example, this is what we're using in our three-server development > environment: > > cas.ticket.registry.hazelcast.cluster.members: > casdev-srv01.newschool.edu,casdev-srv02newschool.edu, > casdev-srv03.newschool.edu > cas.ticket.registry.hazelcast.cluster.asyncBackupCount: 2 > cas.ticket.registry.hazelcast.cluster.backupCount: 0 > cas.ticket.registry.hazelcast.cluster.port: 5701 > cas.ticket.registry.hazelcast.cluster.portAutoIncrement:false > cas.ticket.registry.hazelcast.crypto.encryption.key: > feAISBU5AVTKxx== > cas.ticket.registry.hazelcast.crypto.signing.key: > EHdmT_MXYLTeOakllY2VAHuhPdQxtTA3s8TUL9nY5RqcvA > cas.ticket.registry.hazelcast.crypto.enabled: true > > Our five-server production environment is exactly the same, except the > list of servers has 5 hosts in it and asyncBackupCount=4 (it should > always be N-1). And of course, different crypto keys. > > For initial testing, you can skip the crypto stuff ( > cas.ticket.registry.crypto.**); it's optional (but recommended > for production). > > The above is for CAS 5.2.x, but the settings should be the same for CAS > 5.3.x and CAS 6.x. > > --Dave > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR • INFORMATION SECURITY & PRIVACY* > THE NEW SCHOOL • INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 646 909-4728 • david...@newschool.edu > > > On Tue, Oct 15, 2019 at 7:44 AM M.Pedis > > wrote: > >> Hi Everyone , >> >> I have two nodes of CAS server . They have LDAP auth method . Seperately >> they work well. ( For both , i am able to login with our active directory >> accounts and cas-management sites also work properly . ) . I just want to >> take this two node behind HA - cluster. I add hazelcast-ticket-registry >> dependincie but could not configured it well. Could anyone share me or help >> me about configuration of hazelcast? What should be in cas.properties_? >> >> I just add that config as shown below but not worked . Could anyone can >> help? Thanks. >> >> - >> #For node1 >> #cas.cluster.members=cas01,cas02 >> #cas.cluster.instanceName=cas01..edu >> #cas.cluster.port=5701 >> >> #For node2 >> #cas.cluster.members=cas01,cas02 >> #cas.cluster.instanceName=cas02..edu >> #cas.cluster.port=5701 >> >> >> >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-...@apereo.org . >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e83f4a0d-3cc8-42d3-a5a0-c180c305a71c%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/e83f4a0d-3cc8-42d3-a5a0-c180c305a71c%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f7d1ae32-544c-42f0-a462-49ade3a79921%40apereo.org.
[cas-user] Hazelcast-Ticket Registry config
Hi Everyone , I have two nodes of CAS server . They have LDAP auth method . Seperately they work well. ( For both , i am able to login with our active directory accounts and cas-management sites also work properly . ) . I just want to take this two node behind HA - cluster. I add hazelcast-ticket-registry dependincie but could not configured it well. Could anyone share me or help me about configuration of hazelcast? What should be in cas.properties_? I just add that config as shown below but not worked . Could anyone can help? Thanks. - #For node1 #cas.cluster.members=cas01,cas02 #cas.cluster.instanceName=cas01..edu #cas.cluster.port=5701 #For node2 #cas.cluster.members=cas01,cas02 #cas.cluster.instanceName=cas02..edu #cas.cluster.port=5701 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e83f4a0d-3cc8-42d3-a5a0-c180c305a71c%40apereo.org.
Re: [cas-user] CAS 6.1.0-RC5-SNAPSHOT --- Management & Status Dashboard installition requirements
Could anyone can post here a running management.properties file ? ( My env
; CAS -- v. 6.0.4 , works with ldap ) ( ı just want to deploy
cas-management for my domain --- as we seen in demo -
http://casservermgmt.herokuapp.com/cas-management/ , i just want to reach
cas-management page for my domain .)
Thank you.
19 Temmuz 2019 Cuma 10:14:43 UTC+3 tarihinde M.Pedis yazdı:
>
> Hi ,
>
> I tried with this settings but still can not access both sites. ( status
> page and management ) . I comment out management settings and just
> configured with status page settings but again it could not access or view
> status page. Do you have any running configuration compatible with cas6.0.x
> ( cas-server and management ) , i will try to use it as sample.
> Thank you.
>
>
>
> 17 Temmuz 2019 Çarşamba 16:52:09 UTC+3 tarihinde abdelrahman halawa yazdı:
>>
>> Hi,
>> The JSON files are good.
>> Below, my suggestion configurations:
>> cas.properties-
>> management.contextPath=/status
>> management.security.enabled=true
>> management.security.roles=ACTUATOR,ADMIN
>> management.security.sessions=if-required
>> cas.adminPagesSecurity.actuatorEndpointsEnabled=true
>> cas.monitor.endpoints.enabled=true
>> endpoints.enabled=true
>> cas.adminPagesSecurity.ip=127\\.0\\.0\\.1
>> cas.monitor.endpoints.sensitive=false
>> endpoints.sensitive=false
>> cas.adminPagesSecurity.loginUrl=${cas.server.prefix}/login
>> cas.adminPagesSecurity.service=${cas.server.prefix}/status/dashboard
>> cas.adminPagesSecurity.users=file:etc/cas/config/adminusers.properties
>> //file contains the authorized users, who will uses CAS
>> cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
>>
>> --adminusers.properties--
>> casuser=notused,ROLE_ADMIN
>>
>> Management.properties---
>> cas.server.name=https://xxx
>> cas.server.prefix=${cas.server.name}/cas
>> mgmt.adminRoles[0]=ROLE_ADMIN
>> mgmt.userPropertiesFile= file:etc/cas/config/adminusers.properties
>>
>> mgmt.serverName=https://:8443
>> server.context-path=/cas-management
>> cas.serviceRegistry.json.location=file:xxx //path to the
>> folder, which contains JSON files
>> cas.serviceRegistry.initFromJson=true
>>
>>
>> On Wed, Jul 17, 2019 at 10:37 AM M.Pedis wrote:
>>
>>> Hi
>>>
>>> *Abdelrahman , *I followed every steps but it couldn work for me , i
>>> think i miss something or configure wrong. Could you please share an
>>> example configuration for admin-dashboard ( also json file ) and
>>> cas-management compatible with cas-server 6.1.0-RC5-SNAPSHOT version?
>>> I wrote my cas properties below and services file ;
>>>
>>> cas.properties ; (it properly works )
>>>
>>>
>>> cas.server.name:https://cas.xxx.edu.tr:8443
>>> server.prefix=${server.name}/cas
>>>
>>> cas.authn.accept.users=
>>>
>>> logging.config: file:/etc/cas/config/log4j2.xml
>>>
>>> cas.tgc.secure:true
>>> #
>>> cas.tgc.crypto.encryption.key:r88iOMdbRMLOkITV54kax4WgadTdzUYSBXNhOp_oqS0
>>>
>>> cas.tgc.crypto.signing.key:bMpP_eHgIsL1kz_cnxEqYo9Bb384V70eZIvWctQ5V6xTO4P6wsQjFlglD9OSQNlFdb0mT2Q1E3qXdo05_tzrjQ
>>> cas.webflow.crypto.encryption.key:Kmj1JJSPOTSiagI4gCxhUA==
>>>
>>> cas.webflow.crypto.signing.key:hGapVlP6pCzIUo_CCboRszQpvWFPazmyuWsBUOoWYqUQqMKw55al5c_EGH6VBtjpIVUqEAXcvLQjQ8HaVBEmDw
>>> #
>>> cas.authn.ldap[0].type=AUTHENTICATED
>>>
>>> cas.authn.ldap[0].principalAttributeList=cn,givenName,userPrincipalName,description
>>> cas.authn.ldap[0].bindDn=cn=Users,DC=xxx,DC=edu,DC=tr
>>> cas.authn.ldap[0].ldapUrl=ldap://192.168.98.60:389
>>> #cas.authn.ldap[0].searchFilter=cn={user}
>>> cas.authn.ldap[0].searchFilter=(userPrincipalName={user})
>>> cas.authn.ldap[0].bindDn=cn=CAS ldap,cn=users,dc=,dc=edu,dc=tr
>>> cas.authn.ldap[0].bindCredential=
>>> cas.authn.ldap[0].baseDn=OU=Domain Users,DC=xxx,DC=edu,DC=tr
>>> cas.authn.ldap[0].subtreeSearch=true
>>> cas.authn.ldap[0].useSsl=false
>>> #
>>> #cas.mgmt.serverName:${cas.server.name}
>>>
>>> /etc/cas/services--- =
>>>
>>> CASAdminDashboard-1563349460.json
>>> {
>>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>>> "serviceId" : "^
>>> https://cas.x.edu.
Re: [cas-user] CAS 6.1.0-RC5-SNAPSHOT --- Management & Status Dashboard installition requirements
Hi ,
I tried with this settings but still can not access both sites. ( status
page and management ) . I comment out management settings and just
configured with status page settings but again it could not access or view
status page. Do you have any running configuration compatible with cas6.0.x
( cas-server and management ) , i will try to use it as sample.
Thank you.
17 Temmuz 2019 Çarşamba 16:52:09 UTC+3 tarihinde abdelrahman halawa yazdı:
>
> Hi,
> The JSON files are good.
> Below, my suggestion configurations:
> cas.properties-
> management.contextPath=/status
> management.security.enabled=true
> management.security.roles=ACTUATOR,ADMIN
> management.security.sessions=if-required
> cas.adminPagesSecurity.actuatorEndpointsEnabled=true
> cas.monitor.endpoints.enabled=true
> endpoints.enabled=true
> cas.adminPagesSecurity.ip=127\\.0\\.0\\.1
> cas.monitor.endpoints.sensitive=false
> endpoints.sensitive=false
> cas.adminPagesSecurity.loginUrl=${cas.server.prefix}/login
> cas.adminPagesSecurity.service=${cas.server.prefix}/status/dashboard
> cas.adminPagesSecurity.users=file:etc/cas/config/adminusers.properties
> //file contains the authorized users, who will uses CAS
> cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
>
> --adminusers.properties--
> casuser=notused,ROLE_ADMIN
>
> Management.properties---
> cas.server.name=https://xxx
> cas.server.prefix=${cas.server.name}/cas
> mgmt.adminRoles[0]=ROLE_ADMIN
> mgmt.userPropertiesFile= file:etc/cas/config/adminusers.properties
>
> mgmt.serverName=https://:8443
> server.context-path=/cas-management
> cas.serviceRegistry.json.location=file:xxx //path to the
> folder, which contains JSON files
> cas.serviceRegistry.initFromJson=true
>
>
> On Wed, Jul 17, 2019 at 10:37 AM M.Pedis >
> wrote:
>
>> Hi
>>
>> *Abdelrahman , *I followed every steps but it couldn work for me , i
>> think i miss something or configure wrong. Could you please share an
>> example configuration for admin-dashboard ( also json file ) and
>> cas-management compatible with cas-server 6.1.0-RC5-SNAPSHOT version?
>> I wrote my cas properties below and services file ;
>>
>> cas.properties ; (it properly works )
>>
>>
>> cas.server.name:https://cas.xxx.edu.tr:8443
>> server.prefix=${server.name}/cas
>>
>> cas.authn.accept.users=
>>
>> logging.config: file:/etc/cas/config/log4j2.xml
>>
>> cas.tgc.secure:true
>> #
>> cas.tgc.crypto.encryption.key:r88iOMdbRMLOkITV54kax4WgadTdzUYSBXNhOp_oqS0
>>
>> cas.tgc.crypto.signing.key:bMpP_eHgIsL1kz_cnxEqYo9Bb384V70eZIvWctQ5V6xTO4P6wsQjFlglD9OSQNlFdb0mT2Q1E3qXdo05_tzrjQ
>> cas.webflow.crypto.encryption.key:Kmj1JJSPOTSiagI4gCxhUA==
>>
>> cas.webflow.crypto.signing.key:hGapVlP6pCzIUo_CCboRszQpvWFPazmyuWsBUOoWYqUQqMKw55al5c_EGH6VBtjpIVUqEAXcvLQjQ8HaVBEmDw
>> #
>> cas.authn.ldap[0].type=AUTHENTICATED
>>
>> cas.authn.ldap[0].principalAttributeList=cn,givenName,userPrincipalName,description
>> cas.authn.ldap[0].bindDn=cn=Users,DC=xxx,DC=edu,DC=tr
>> cas.authn.ldap[0].ldapUrl=ldap://192.168.98.60:389
>> #cas.authn.ldap[0].searchFilter=cn={user}
>> cas.authn.ldap[0].searchFilter=(userPrincipalName={user})
>> cas.authn.ldap[0].bindDn=cn=CAS ldap,cn=users,dc=,dc=edu,dc=tr
>> cas.authn.ldap[0].bindCredential=
>> cas.authn.ldap[0].baseDn=OU=Domain Users,DC=xxx,DC=edu,DC=tr
>> cas.authn.ldap[0].subtreeSearch=true
>> cas.authn.ldap[0].useSsl=false
>> #
>> #cas.mgmt.serverName:${cas.server.name}
>>
>> /etc/cas/services--- =
>>
>> CASAdminDashboard-1563349460.json
>> {
>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>> "serviceId" : "^
>> https://cas.x.edu.tr:8443/cas/status/dashboard(\\z|/.*)",
>> "name" : "CAS Admin Dashboard",
>> "id" : 1563349460,
>> "description" : "CAS dashboard and administrative endpoints",
>> "evaluationOrder" : 5000
>> }
>>
>> CASServiceManagement-1563352362.json
>> {
>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>> "serviceId" : "^https://cas.x.edu.tr:8443/cas-management(\\z|/.*)",
>> "name" : "CAS Services Management",
>> "id" : 1563352362,
>> "description" : "CAS services management webapp",
>> "evaluationOrder
Re: [cas-user] CAS 6.1.0-RC5-SNAPSHOT --- Management & Status Dashboard installition requirements
Hi
*Abdelrahman , *I followed every steps but it couldn work for me , i think
i miss something or configure wrong. Could you please share an example
configuration for admin-dashboard ( also json file ) and cas-management
compatible with cas-server 6.1.0-RC5-SNAPSHOT version?
I wrote my cas properties below and services file ;
cas.properties ; (it properly works )
cas.server.name:https://cas.xxx.edu.tr:8443
server.prefix=${server.name}/cas
cas.authn.accept.users=
logging.config: file:/etc/cas/config/log4j2.xml
cas.tgc.secure:true
#
cas.tgc.crypto.encryption.key:r88iOMdbRMLOkITV54kax4WgadTdzUYSBXNhOp_oqS0
cas.tgc.crypto.signing.key:bMpP_eHgIsL1kz_cnxEqYo9Bb384V70eZIvWctQ5V6xTO4P6wsQjFlglD9OSQNlFdb0mT2Q1E3qXdo05_tzrjQ
cas.webflow.crypto.encryption.key:Kmj1JJSPOTSiagI4gCxhUA==
cas.webflow.crypto.signing.key:hGapVlP6pCzIUo_CCboRszQpvWFPazmyuWsBUOoWYqUQqMKw55al5c_EGH6VBtjpIVUqEAXcvLQjQ8HaVBEmDw
#
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].principalAttributeList=cn,givenName,userPrincipalName,description
cas.authn.ldap[0].bindDn=cn=Users,DC=xxx,DC=edu,DC=tr
cas.authn.ldap[0].ldapUrl=ldap://192.168.98.60:389
#cas.authn.ldap[0].searchFilter=cn={user}
cas.authn.ldap[0].searchFilter=(userPrincipalName={user})
cas.authn.ldap[0].bindDn=cn=CAS ldap,cn=users,dc=,dc=edu,dc=tr
cas.authn.ldap[0].bindCredential=
cas.authn.ldap[0].baseDn=OU=Domain Users,DC=xxx,DC=edu,DC=tr
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].useSsl=false
#
#cas.mgmt.serverName:${cas.server.name}
/etc/cas/services--- =
CASAdminDashboard-1563349460.json
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" :
"^https://cas.x.edu.tr:8443/cas/status/dashboard(\\z|/.*)",
"name" : "CAS Admin Dashboard",
"id" : 1563349460,
"description" : "CAS dashboard and administrative endpoints",
"evaluationOrder" : 5000
}
CASServiceManagement-1563352362.json
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://cas.x.edu.tr:8443/cas-management(\\z|/.*)",
"name" : "CAS Services Management",
"id" : 1563352362,
"description" : "CAS services management webapp",
"evaluationOrder" : 5500
}
What do i need to add cas.properties , management.properties , users.json
.. _?
Thanks
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b896eef0-c675-459e-b940-ef765014757c%40apereo.org.
[cas-user] CAS 6.1.0-RC5-SNAPSHOT --- Management & Status Dashboard installition requirements
Hi Everyone ,
I successfully deployed CAS 6.1.0-RC5-SNAPSHOT and i am able to login with
ldap account. Everything works properly up to this point. I just want to
deploy cas management for manage json-services but i could not deploy
cas-management web ui.
I added ldap and service-registry dependincies to build.gradle file , then
it build cas-management.war successfully.
(https://github.com/apereo/cas-management-overlay)
build.gradle file ;
dependencies {
if (project.hasProperty("external"))
{
compile
"org.apereo.cas:cas-mgmt-webapp:${project.'casmgmt.version'}"
} else
{
compile
"org.apereo.cas:cas-mgmt-webapp${project.appServer}:${project.'casmgmt.version'}"
}
compile
"org.apereo.cas:cas-server-support-ldap:${project.'casmgmt.version'}"
compile
"org.apereo.cas:cas-server-support-json-service-registry:${project.'casmgmt.version'}"
}
Could someone help me about configuration of cas.properties and
cas.management properties? What should i write in it to gain access for
cas-management web page, and also cas-status dashboard?
Thanks for all your help and guidence...
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f997b827-43f4-4421-8246-b52749c7e90c%40apereo.org.
