Re: [cas-user] How to Monitor Active SSO Sessions & Statistics
Moritz, thank you so much for helps. i ignored dependency name in your first answer(cas-server-support-reports), considering that i had already added it (but i had just added cas-server-support-metrics). when i add and configure like you, it works. thank you again. 1 Temmuz 2020 Çarşamba 15:46:06 UTC+3 tarihinde Moritz Mühlenhoff yazdı: > > Hi, > > > hey, thanks for response. i set up cas version to 6.1.0 . but still i > cannot access localhost:8443/cas/actuator/ssoSessions or > localhost.8443/cas/actuator/statistics. because it cannot be found. > > > > can you share your configurations please? > > Sure, see below for the relevant parts of our config: > > Cheers, > Moritz > > management.endpoints.web.exposure.include=prometheus,sso,ssoSessions > management.endpoint.sso.enabled=true > management.endpoint.ssoSessions.enabled=true > > # This only returns a result for a session of an authenticated > # users, so the lack of access control doesn't leak anything > # AUTHENTICATED would be better fit, but it seems broken; it > # redirects to a non-existing /adminlogin URL instead of the > # IDP login page > cas.monitor.endpoints.endpoint.sso.access=ANONYMOUS > > cas.monitor.endpoints.endpoint.ssoSessions.access=IP_ADDRESS > cas.monitor.endpoints.endpoint.ssoSessions.requiredIpAddresses=::1,127.0.0.1,208.80.153.23,208.80.154.26,2620::860:1:208:80:153:23,2620::861:1:208:80:154:26 > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/37ea08d6-e4d5-40d8-be5f-18086d58d0bfo%40apereo.org.
Re: [cas-user] How to Monitor Active SSO Sessions & Statistics
hey, thanks for response. i set up cas version to 6.1.0 . but still i cannot access localhost:8443/cas/actuator/ssoSessions or localhost.8443/cas/actuator/statistics. because it cannot be found. can you share your configurations please? 30 Haziran 2020 Salı 16:09:23 UTC+3 tarihinde Moritz Mühlenhoff yazdı: > > Hi, > > > i want to expose current active sso session number and staticstics by > actuator api. i have searched cas blog and page ( > https://apereo.github.io/cas/development/monitoring/Monitoring-Statistics.html, > > https://apereo.github.io/2018/11/06/cas6-admin-endpoints-security/), but > i couldnt find a way to do that. > > i just need like these apis; /actuator/ssoSessions, /actuator/statistics > > > > i have added this dependecy to build.gradle > > > > compile "org.apereo.cas:cas-server-support-metrics:${casServerVersion}" > > We're running a 6.1 setup with the ssoSessions actuator, try enabling > > compile > "org.apereo.cas:cas-server-support-reports:${project.'cas.version'}" > > in the Gradle build. > > Cheers, > Moritz > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f3ea39db-efe2-4a97-8431-75346a44003fo%40apereo.org.
[cas-user] How to Monitor Active SSO Sessions & Statistics
Hello, i am using 6.2.0 cas version. i want to expose current active sso session number and staticstics by actuator api. i have searched cas blog and page ( https://apereo.github.io/cas/development/monitoring/Monitoring-Statistics.html , https://apereo.github.io/2018/11/06/cas6-admin-endpoints-security/), but i couldnt find a way to do that. i just need like these apis; /actuator/ssoSessions, /actuator/statistics i have added this dependecy to build.gradle compile "org.apereo.cas:cas-server-support-metrics:${casServerVersion}" then, i have added these properties to cas.properties management.endpoints.web.exposure.include=* management.endpoints.enabled-by-default=true management.endpoint.ssoSessions.enabled=true management.endpoint.statistics.enabled=true management.endpoints.defaults.sensitive=false cas.monitor.endpoints.endpoint.defaults.access=ANONYMOUS where am i missing? thanks for helps. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ffc423f-ff83-4410-ad0e-00d0b6a2065do%40apereo.org.
[cas-user] Re: how to include authenticated user's roles in JWT?
hey, thank you so much for suggesting. i search your suggestion and i found solution and explain there https://stackoverflow.com/questions/62155196/how-to-include-authenticated-users-roles-in-jwt/62215364#62215364 1 Haziran 2020 Pazartesi 16:25:49 UTC+3 tarihinde dg yazdı: > > hello, > > i have configured cas as oauth2 server. after successfull login, it > returns JWT, but roles filed in jwt is always empty []. > > how can fetch and put authenticated user's role in JWT? > > thanks for helps. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7bc060cc-c7e0-4324-89ca-b0690c1854fao%40apereo.org.
[cas-user] Re: how to include authenticated user's roles in JWT?
hello, i am really stuck with it. anybody experiencing a similar issue? or suggesting a solution? 1 Haziran 2020 Pazartesi 16:25:49 UTC+3 tarihinde dg yazdı: > > hello, > > i have configured cas as oauth2 server. after successfull login, it > returns JWT, but roles filed in jwt is always empty []. > > how can fetch and put authenticated user's role in JWT? > > thanks for helps. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/db601ad7-3074-4d88-bb86-d3f90adc5181%40apereo.org.
[cas-user] how to include authenticated user's roles in JWT?
hello, i have configured cas as oauth2 server. after successfull login, it returns JWT, but roles filed in jwt is always empty []. how can fetch and put authenticated user's role in JWT? thanks for helps. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/94c29c93-7cd9-40cb-b427-bd8584e76a39%40apereo.org.
[cas-user] Re: JWT without encryption key
hello, is there anybody that verify jwt with spring resource server? i have configuration like this. when i use custom oauth2 server, it works well. but when i change to cas oauth2 server, it cannot verify jwt. cas oauth2 cas.authn.token.crypto.enabled=true cas.authn.token.crypto.signing-enabled=true cas.authn.oauth.crypto.signing.key=RwBkYP2TGd1qobBQnW0mraR1jJ5_uBT65LlnpP8xe_sy3IiNQ_6SnNUxagwcPxHUudONBN_hEPRRUHxaAsTzgQ cas.authn.token.crypto.encryption-enabled=false cas.authn.token.crypto.encryption.key= spring resource server config @Configuration @EnableResourceServer public class ResourceServerConfig extends ResourceServerConfigurerAdapter { private String signKey = "RwBkYP2TGd1qobBQnW0mraR1jJ5_uBT65LlnpP8xe_sy3IiNQ_6SnNUxagwcPxHUudONBN_hEPRRUHxaAsTzgQ"; @Bean public JwtAccessTokenConverter accessTokenConverter() { JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); converter.setSigningKey(signKey); return converter; } @Bean public TokenStore tokenStore() { return new JwtTokenStore(accessTokenConverter()); } @Bean @Primary public DefaultTokenServices tokenServices() { DefaultTokenServices defaultTokenServices = new DefaultTokenServices(); defaultTokenServices.setTokenStore(tokenStore()); return defaultTokenServices; } } -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/714914de-cba6-4428-a87e-51f51c94b25b%40apereo.org.
[cas-user] Re: What is sign key for JWT in CAS OAuth2?
hey, thanks for response. i have tried both cas.authn.token.crypto and cas.authn.oauth.accessToken.crypto prefixes, but still validation error. anybody knows where is the sign key or how can i set sign key? by the way, i dont need to encyprtion jwt, just signing it enough. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/99facf65-8c66-438e-a682-c23c82004399%40apereo.org.
[cas-user] Re: What is sign key for JWT in CAS OAuth2?
hi, thanks for response. i am little confused. does cas generate an sign key automatically even if I have set the sign key? here is my logs 2020-05-28 19:05:54,024 INFO [org.apereo.cas.util.CoreTicketUtils] - 2020-05-28 19:05:54,082 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 2020-05-28 19:05:54,082 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 2020-05-28 19:05:54,205 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 2020-05-28 19:05:54,221 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 2020-05-28 19:05:54,227 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 2020-05-28 19:05:54,228 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 2020-05-28 19:05:54,228 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - ** 2020-05-28 19:05:54,479 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 2020-05-28 19:05:54,479 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 2020-05-28 19:05:54,480 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 2020-05-28 19:05:54,480 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - 2020-05-28 19:05:54,657 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - 2020-05-28 19:05:54,657 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - 2020-05-28 19:05:54,658 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - 2020-05-28 19:05:54,660 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - 2020-05-28 19:05:57,693 INFO [org.apereo.cas.web.CasWebApplication] - 2020-05-28 19:05:57,701 INFO [org.apereo.cas.web.CasWebApplication] - <> 2020-05-28 19:05:57,701 INFO [org.apereo.cas.web.CasWebApplication] - < ____ __ | _ \| | / \ | _ \ \ / / | |_) | _| / _ \ | | | \ V / | _ <| |___ / ___ \| |_| || | |_| \_\_/_/ \_\/ |_| > i used this key in my resource server, but nothing changed, still validation error. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/88abbac6-db96-4460-9a16-b4e04d23ab1b%40apereo.org.
[cas-user] What is sign key for JWT in CAS OAuth2?
I have configured CAS with OAuth2 and JWT as access token like this; https://apereo.github.io/2019/02/19/cas61-as-oauth-authz-server/ it works well and it returns jwt, and also i decode it in jwt.io website and i can see payload. *but i cant validate JWT in resource server. i have same signing key in resource server.* my cas configs cas.authn.oauth.access-token.crypto.enabled=true cas.authn.oauth.access-token.crypto.signing-enabled=true cas.authn.oauth.access-token.crypto.encryption-enabled=false cas.authn.oauth.access-token.crypto.signing.key=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgYXF7qeNDWxzVVCkFaFwxGixkryifkDbu82n00fvT/ab2lx3KD3IxP9wqo3d3hUOZT7HeTlmvzJu2lZx0zLVnumz0m+Ksa5cuFyIEQ2nqkbi2bfD+moxEoCS6hXCvttihS8gyaJrHlHzvNugAGArSviNOJAdTrPJrIzcoqMxuC9UKoF8XJ6HirQOsR1+xSzqFeWxjCDe5IUJG0RA31rC7BbAJ148Ni8XUJm3UPB5+nfqGyOMYNBqiQ8OPD6D2kJKgQIy6pvSI/11bbFBL2ffWY257rh5gZJ+zQZ4cCCjDWsrWsA9okgPhPE2N/nKj1lcuqaWSj700uX0Ihxsp2l01QIDAQAB where am i wrong? don't apereo cas use cas.authn.oauth.access-token.crypto.signing.key? or maybe apereo cas does some additional encrpytion over sign key. could you provide some information? thanks for helps. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/302a2dcf-9df9-4f22-bc6c-8a5d4d01d60a%40apereo.org.
[cas-user] CAS and Spring OAuth2 not working behind Nginx Reverse Proxy
Hello, i have architecture like below. before going microservice, i have 3 seperate server; spring cloud gateway (8085), spring oauth2 (cas client, 8094), cas server client | gateway -- oauth2 server -- sso | microservices here is the request flow; - 302 http://gateway/oauth2/authorization/login-client - 401 http://authorization/oauth/authorize?response_type=... - 302 http://cas-server/cas/login?service=http://authorization - 302 http://authorization/cas/login?ticket=ST- - 302 http://authorization/oauth2/authorize?... - 302 http://gateway/login/oauth2/login-client... and take jwt from oauth2 server, and goes microservice with that jwt. everything works well, but *when i deploy gateway and oauth2 server behind nginx reverse proxy, the service ticket validation not working*, and i always need to relogin and relogin and ...at cas server client | nginx | (gateway -- oauth2 server )-- sso | microservices here is the request flow; - 302 http://gateway/oauth2/authorization/login-client - 401 http://authorization/oauth/authorize?response_type=... - 302 http://cas-server/cas/login?service=http://authorization - *401 http://authorization/cas/login?ticket=ST-* i am %100 sure that this problem is about nginx. it manipulates something i dont know behind the scene, but i couldnt find. server { listen 80; server_name localhost; root C:/nginx-1.18.0/sites-enabled; location /authz { proxy_set_header Host $host; proxy_pass http://localhost:8094; } location /gateway { proxy_set_header Host $host; proxy_pass http://localhost:8085; } location /oauth2 { proxy_set_header Host $host; proxy_pass http://localhost:8085; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } do you have ideas? thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/83e51119-dcda-45bf-b244-158afc110992%40apereo.org.
[cas-user] Re: CAS Client SSL Certificate Error (PKIX Path Building Failed)
i found solution. (JVM needs restart after importing certs to the keystore. https://stackoverflow.com/a/33397566/5079581) i was adding certificate by entering docker container, but i cannot restart java process because when i kill this entrpoint process to restart, the container was died. because no alive process left. so i added this certificate when image creation step in jenkins. the problem solved. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f8262382-ed9f-493d-a6ca-7c944e0c5063%40apereo.org.
[cas-user] CAS Client SSL Certificate Error (PKIX Path Building Failed)
hello, i enable ssl on cas server, but cas client gives "pkix path building failed. unable to find valid certifiaction path to requested target" error. i read documantation ( https://apereo.github.io/cas/6.1.x/installation/Troubleshooting-Guide.html#ssl--certificates). the recommended solution is to import certificate to client truststore. but it doesnt work for me. *how i create certificate?* keytool -genkey -keyalg RSA -alias thekeystore -keystore thekeystore -storepass changeit -validity 360 -keysize 2048 -ext san=ip:x.y.z.t *how i convert this certificate to .der format?* (documentation say "The certificate to be imported MUST be a DER-encoded file.") keytool -export -alias thekeystore -file thekeystore.der -keystore thekeystore *how i import certificate to client?* keytool -import -alias thekeystore -storepass changeit -file thekeystore.der -keystore $JAVA_HOME\jre\lib\security\cacerts (gives success message: certificate added.) can you help me what the problem can be? thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/75cd774c-355a-4362-8085-430a47204af6%40apereo.org.
[cas-user] Re: Cas server - 5.2.5 and Rest Authentication support
okey. i found the solution. in rest response, i provided "id" and "attributes". but when i add "@class" variable, it works. @Data private static class ResponseDTO { @JsonProperty("@class") private String clazz; private String id; private final Map attributes; ResponseDTO(String id) { this.id = id; clazz = "org.apereo.cas.authentication.principal.SimplePrincipal"; attributes = new HashMap<>(); } } -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/580d9bd0-fad1-4d6d-8f33-cd4dc2cdb60a%40apereo.org.
[cas-user] Re: Cas server - 5.2.5 and Rest Authentication support
i return id and attributes from rest endpoint as response. my cas config cas.authn.rest.uri=http://localhost:8082/validate cas.authn.rest.name=restauth cas.authn.rest.charset=UTF-8 cas.authn.rest.passwordEncoder.type=NONE here is the log. "dg" value is returned from endpoint. so successful authentication at rest side. but error in cas side. 2020-04-15 18:57:46,630 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 2020-04-15 18:57:46,630 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[restauth]: [Error while extracting response for type [class org.apereo.cas.authentication.principal.SimplePrincipal] and content type [application/json]; nested exception is org.springframework.http.converter.HttpMessageNotReadableException: JSON parse error: Missing type id when trying to resolve subtype of [simple type, class org.apereo.cas.authentication.principal.SimplePrincipal]: missing type id property '@class'; nested exception is com.fasterxml.jackson.databind.exc.InvalidTypeIdException: Missing type id when trying to resolve subtype of [simple type, class org.apereo.cas.authentication.principal.SimplePrincipal]: missing type id property '@class' at [Source: (PushbackInputStream); line: 1, column: 27] / JSON parse error: Missing type id when trying to resolve subtype of [simple type, class org.apereo.cas.authentication.principal.SimplePrincipal]: missing type id property '@class'; nested exception is com.fasterxml.jackson.databind.exc.InvalidTypeIdException: Missing type id when trying to resolve subtype of [simple type, class org.apereo.cas.authentication.principal.SimplePrincipal]: missing type id property '@class' at [Source: (PushbackInputStream); line: 1, column: 27]]> 2020-04-15 18:57:46,631 INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[Static Credentials] exception details: [dg not found in backing map.].> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4a96cd3f-608d-4e74-9d14-df8e31a39fe2%40apereo.org.
[cas-user] Re: Cas server - 5.2.5 and Rest Authentication support
hey, i got same issue. actually i dont understand solution. can you provide more information? 15 Haziran 2018 Cuma 20:33:54 UTC+3 tarihinde Raghavan TV yazdı: > > Hi, > > Am testing CAS against rest-authentication method. > > But am always receiving an error in the log that says > [1;31m2018-06-15 22:59:38,794 ERROR [org.apereo.cas.authentication. > PolicyBasedAuthenticationManager] - <[restauth]: [JSON parse error: > Missing type id when trying to resolve subtype of [simple type, class org. > apereo.cas.authentication.principal.SimplePrincipal]: missing type id > property '@class'; nested exception is com.fasterxml.jackson.databind.exc. > InvalidTypeIdException: Missing type id when trying to resolve subtype of > [simple type, class org.apereo.cas.authentication.principal. > SimplePrincipal]: missing type id property '@class' > at [Source: (PushbackInputStream); line: 1, column: 54] / Missing type > id when trying to resolve subtype of [simple type, class org.apereo.cas. > authentication.principal.SimplePrincipal]: missing type id property > '@class' > at [Source: (PushbackInputStream); line: 1, column: 54]]> [m > [1;31m2018-06-15 22:59:38,795 ERROR [org.apereo.cas.authentication. > PolicyBasedAuthenticationManager] - Credentials may be incorrect or CAS cannot find authentication handler > that supports [admin] of type [UsernamePasswordCredential]. Examine the > configuration to ensure a method of authentication is defined and analyze > CAS logs at DEBUG level to trace the authentication event.> [m > > > > Am I missing some configuration related to Policy ? > > > Environment > Windows 7 > JDK: 8 > Tomcat: 9.0.8 > > > > > Steps followed > > 1) Edited the pom.xml to add the rest-authentication overlay > > org.apereo.cas > cas-server-support-rest-authentication > ${cas.version} > > 2) Deployed a new REST (mock) service > > Note: > Checked the logs and the request from CAS server is fine and the response > is also a HTTP-200 with following response > {"@c":".SimplePrincipal","attributes":{},"id":"adminuser"} > > > 3) Edited application.properties with following configured > > cas.authn.accept.users= >> logging.level.org.apereo=TRACE >> logging.level.org.jasig=TRACE >> logging.level.org.apache=DEBUG >> >> cas.authn.rest.uri=http://localhost:9909/idp/authenticate >> cas.authn.rest.name=restauth >> cas.authn.rest.passwordEncoder.type=NONE >> >> > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/84b7a874-15af-4e65-b6e1-9c8b49e60ff2%40apereo.org.
[cas-user] Re: relative directory for config files
ok, that was simple as i said. i works as expected when i change to file:etc/cas/services. 14 Nisan 2020 Salı 11:25:57 UTC+3 tarihinde dg yazdı: > > hello, the question seems easy but how can we provide relative directory > for config files? > > for example, i want to setup up json location in cas.properties but i dont > want to give full path. > > cas.serviceRegistry.json.location=file:///etc/cas/services > > > i expect that get files from (project-root-directory/etc/cas/services), but > it works as C:/etc/cas/services > > > thanks > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f20c9566-a673-4748-84c3-569f111926d2%40apereo.org.
[cas-user] relative directory for config files
hello, the question seems easy but how can we provide relative directory for config files? for example, i want to setup up json location in cas.properties but i dont want to give full path. cas.serviceRegistry.json.location=file:///etc/cas/services i expect that get files from (project-root-directory/etc/cas/services), but it works as C:/etc/cas/services thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d8fa5db8-b53c-4bc8-8b08-642f734427f7%40apereo.org.
Re: [cas-user] cas single logout not working
hey, thanks for quick response. when i added this in log4j2.xml, i see that logout requests works. thanks. 9 Mart 2020 Pazartesi 19:20:02 UTC+3 tarihinde rbon yazdı: > > Try these log statements to see if CAS is sending your logout requests: > > > > > level="debug"> > > onMismatch="NEUTRAL" /> > onMismatch="DENY" /> > > > > name="org.apereo.cas.logout.DefaultSingleLogoutServiceLogoutUrlBuilder" > level="debug" /> > > name="org.apereo.cas.logout.DefaultSingleLogoutServiceMessageHandler" > level="debug" /> > > name="org.apereo.cas.logout.SamlCompliantLogoutMessageCreator" > level="debug" /> > > Check your application's access logs to see if the logout request was > received. > > If you are using self signed certificates, you may need to add them to > your application hosts. > > Ray > > On Mon, 2020-03-09 at 07:22 -0700, dg wrote: > > hello, > > i am using apereo cas (with https) and it works successfully single-sign > on feature with have two cas clients (with http). > > when i hit /cas/logout on browser, the cas server displays logout page > successfully but there is no requests to clients and i can still access > resources after logout. i configure back channel for logout. > > here is my one of cas client configuration. > > { > > > "@class" > > : > > "org.apereo.cas.services.RegexRegisteredService" > > , > > > "serviceId" > > : > > "http://localhost:8094/.*; > > , > > > "name" > > : > > "CAS Spring Secured App" > > , > > > "description" > > : > > "This is a Spring App that uses the CAS Server for it's authentication" > > , > > > "id" > > : > > 19991 > > , > > > "evaluationOrder" > > : > > 1 > > , > > > "logoutType" > > : > > "BACK_CHANNEL" > > , > > > "logoutUrl" > > : > > "http://localhost:8094/logout/custom; > > > } > > > my cas.properties file > > > cas.slo.disabled > > = > > false > > > cas.slo.asynchronous > > = > > true > > > do i need to add any configuration to enable single logout? because it cannot > works in this way. i couldnt find where the problem is. > > > thanks. > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | rb...@uvic.ca > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cbe3c63d-22c1-42bb-9598-41f37b5d88ad%40apereo.org.
[cas-user] cas single logout not working
hello, i am using apereo cas (with https) and it works successfully single-sign on feature with have two cas clients (with http). when i hit /cas/logout on browser, the cas server displays logout page successfully but there is no requests to clients and i can still access resources after logout. i configure back channel for logout. here is my one of cas client configuration. { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "http://localhost:8094/.*;, "name" : "CAS Spring Secured App", "description": "This is a Spring App that uses the CAS Server for it's authentication", "id" : 19991, "evaluationOrder" : 1, "logoutType" : "BACK_CHANNEL", "logoutUrl" : "http://localhost:8094/logout/custom; } my cas.properties file cas.slo.disabled=false cas.slo.asynchronous=true do i need to add any configuration to enable single logout? because it cannot works in this way. i couldnt find where the problem is. thanks. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cee7a968-4356-43eb-8084-cef8173f52dc%40apereo.org.