subject:"\[cas\-user\] Re\: Help CAS Management Error \(CAS Server returned 502 status code from endpoint https\:\/\/cas.example.com\/cas\/status\/discovery. Using default FormData values\)"

Re: [cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-11 Thread Fahmi L. Ramdhani

Thanks Julien for your reply.

It looks like it's a static attribute. I once configured:

> ... principalAttributeList = uid, displayName, phoneNumber, emailAddress

Then I added the homeAddress attribute to database, the homeAddress attribute 
is not registering (configured) to principalAttributeList, so that the option 
in the CAS Management dropdown (Return Allowed Attributes) does not shown.

Note: I use JDBC in Multi-Row mode. So the CAS administrator can add attributes 
to the database.

After you configure it, can you choose the attribute list in CAS Management 
(the Attribute Release Policy, Return Allowed tab)?

How do you make principalAttributeList based on JDBC Multi-Row?

Thanks
Sent from my iPhone

> On 11 Apr 2019, at 15.53, Julien Gribonvald  
> wrote:
> 
> Hi, 
> 
> I have yesterday the same problem on a delegated auth and I needed to watch 
> on cas properties (as it's not listed).
> 
> On my case users can come from several auth systems, one is local from my 
> LDAP, but users can use a delegated auth. So in my conf I have the basic auth 
> from my local LDAP defined with cas.authn.ldap[0].   and as example 
> for a delegated auth from a shibboleth IDP I defined 
> cas.authn.pac4j.saml[0].
> 
> But in the case of a delegated auth I need to chain this auth with a local 
> LDAP request to obtain user's attributes and so I need to define such 
> properties: cas.authn.attributeRepository.ldap[0].
> 
> But this doesn't permit to merge users attributes from my local LDAP, and 
> after search I've found this property that permit to share all attributes 
> retrieved : 
> cas.authn.attributeRepository.defaultAttributesToRelease=${cas.authn.ldap[0].principalAttributeList}
>  where cas.authn.ldap[0].principalAttributeList is my default local LDAP auth 
> user attributes list, and so I have the same list.
> 
> Hope this will help you !
> 
> Now on my case, as I have several delegated system, I'm looking for if it's 
> possible to set something that tell to use one specific attributeRepository 
> associated to a specific delegated auth (due to the LDAP filter won't be the 
> same) instead of chaining all attributeRepository.
> 
> Thanks
> 
> Julien
> 
> 
> 
>> Le 11/04/2019 à 02:58, Fahmi L. Ramdhani a écrit :
>> CAS Management can't retrieve the list of attributes available on CAS Server?
>> 
>> I have added configuration to management.properties, but it didn't work. CAS 
>> Management only contains the default attributes (uid, eppn, givenName).
>> 
>> I have tried adding the STUB configuration, unfortunately it is static.
>> 
>>> ... attributeRepository.stub.attributes.uid = uid
>>> .
>> 
>> I hope CAS Management can take available attributes based on the CAS Server 
>> configuration.
>> 
>> Can anyone give me a suggestion for what i want?
>> 
>> Sent from my iPhone
>> 
>> On 10 Apr 2019, at 23.03, Ray Bon  wrote:
>> 
>>> Fahmi,
>>> 
>>> Our management server is too old to have this feature.
>>> Start here, 
>>> https://apereo.github.io/cas/5.3.x/integration/Attribute-Release.html
>>> You probably have to add properties to management service properties file.
>>> 
>>> Ray
>>> 
 On Tue, 2019-04-09 at 17:57 -0700, Fahmi L. Ramdhani wrote:
 Thank you for the quick reply.

 First I accessed via the browser 
 https://cas.example.com/cas/status/discovery, then CAS directed to login. 
 After successfully logging in, the results are like this:
 {
   "@class": "java.util.LinkedHashMap",
   "profile": {
 "@class": "org.apereo.cas.discovery.CasServerProfile",
 "registeredServiceTypes": {
   "@class": "java.util.HashMap",
   "CAS Client": "org.apereo.cas.services.RegexRegisteredService"
 },
 "registeredServiceTypesSupported": {
   "@class": "java.util.HashMap",
   "SAML2 Service Provider": 
 "org.apereo.cas.support.saml.services.SamlRegisteredService",
   "WS Federation Relying Party": 
 "org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
   "OpenID Connect Relying Party": 
 "org.apereo.cas.services.OidcRegisteredService",
   "OAuth2 Client": 
 "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
   "CAS Client": "org.apereo.cas.services.RegexRegisteredService"
 },
 "multifactorAuthenticationProviderTypesSupported": {
   "@class": "java.util.HashMap",
   "mfa-gauth": "Google Authenticator",
   "mfa-swivel": "Swivel Secure",
   "mfa-authy": "Authy",
   "mfa-radius": "RADIUS (RSA,WiKID)",
   "mfa-u2f": "FIDO U2F",
   "mfa-azure": "Microsoft Azure",
   "mfa-duo": "Duo Security"
 },
 "delegatedClientTypesSupported": [
   "java.util.HashSet",
   [
 "OAuth20Client",
 "OAuth10Client",
 "TwitterClient",
 "FoursquareClient",
 "QQClient",

Re: [cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-11 Thread Julien Gribonvald


Hi,

I have yesterday the same problem on a delegated auth and I needed to 
watch on cas properties (as it's not listed).


On my case users can come from several auth systems, one is local from 
my LDAP, but users can use a delegated auth. So in my conf I have the 
basic auth from my local LDAP defined with *cas.authn.ldap[0]. *and 
as example for a delegated auth from a shibboleth IDP I defined 
*cas.authn.pac4j.saml[0].*


But in the case of a delegated auth I need to chain this auth with a 
local LDAP request to obtain user's attributes and so I need to define 
such properties: *cas.authn.attributeRepository.ldap[0].*


But this doesn't permit to merge users attributes from my local LDAP, 
and after search I've found this property that permit to share all 
attributes retrieved : 
*cas.authn.attributeRepository.defaultAttributesToRelease=${cas.authn.ldap[0].principalAttributeList}* 
where *cas.authn.ldap[0].principalAttributeList* is my default local 
LDAP auth user attributes list, and so I have the same list.


Hope this will help you !

Now on my case, as I have several delegated system, I'm looking for if 
it's possible to set something that tell to use one specific 
attributeRepository associated to a specific delegated auth (due to the 
LDAP filter won't be the same) instead of chaining all attributeRepository.


Thanks

Julien


Le 11/04/2019 à 02:58, Fahmi L. Ramdhani a écrit :
CAS Management can't retrieve the list of attributes available on CAS 
Server?


I have added configuration to management.properties, but it didn't 
work. CAS Management only contains the default attributes (uid, eppn, 
givenName).


I have tried adding the STUB configuration, unfortunately it is static.


... attributeRepository.stub.attributes.uid = uid
.


I hope CAS Management can take available attributes based on the CAS 
Server configuration.


Can anyone give me a suggestion for what i want?

Sent from my iPhone

On 10 Apr 2019, at 23.03, Ray Bon mailto:r...@uvic.ca>> 
wrote:



Fahmi,

Our management server is too old to have this feature.
Start here, 
https://apereo.github.io/cas/5.3.x/integration/Attribute-Release.html
You probably have to add properties to management service properties 
file.


Ray

On Tue, 2019-04-09 at 17:57 -0700, Fahmi L. Ramdhani wrote:

Thank you for the quick reply.

First I accessed via the browser 
https://cas.example.com/cas/status/discovery, then CAS directed to 
login. After successfully logging in, the results are like this:

{
  "@class": "java.util.LinkedHashMap",
  "profile": {
    "@class": "org.apereo.cas.discovery.CasServerProfile",
    "registeredServiceTypes": {
      "@class": "java.util.HashMap",
      "CAS Client": "org.apereo.cas.services.RegexRegisteredService"
    },
    "registeredServiceTypesSupported": {
      "@class": "java.util.HashMap",
      "SAML2 Service Provider": 
"org.apereo.cas.support.saml.services.SamlRegisteredService",
      "WS Federation Relying Party": 
"org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
      "OpenID Connect Relying Party": 
"org.apereo.cas.services.OidcRegisteredService",
      "OAuth2 Client": 
"org.apereo.cas.support.oauth.services.OAuthRegisteredService",

      "CAS Client": "org.apereo.cas.services.RegexRegisteredService"
    },
"multifactorAuthenticationProviderTypesSupported": {
      "@class": "java.util.HashMap",
      "mfa-gauth": "Google Authenticator",
      "mfa-swivel": "Swivel Secure",
      "mfa-authy": "Authy",
      "mfa-radius": "RADIUS (RSA,WiKID)",
      "mfa-u2f": "FIDO U2F",
      "mfa-azure": "Microsoft Azure",
      "mfa-duo": "Duo Security"
    },
    "delegatedClientTypesSupported": [
      "java.util.HashSet",
      [
        "OAuth20Client",
        "OAuth10Client",
        "TwitterClient",
        "FoursquareClient",
        "QQClient",
        "OrcidClient",
        "FacebookClient",
        "OkClient",
        "FormClient",
        "CasProxyReceptor",
        "GitHubClient",
        "KeycloakOidcClient",
        "BitbucketClient",
        "WordPressClient",
        "OidcClient",
        "WindowsLiveClient",
        "VkClient",
        "LinkedIn2Client",
        "YahooClient",
        "WechatClient",
        "Google2Client",
        "StravaClient",
        "GenericOAuth20Client",
        "AzureAdClient",
        "GoogleOidcClient",
        "CasOAuthWrapperClient",
        "PayPalClient",
        "WeiboClient",
        "DropBoxClient",
        "SAML2Client",
        "CasClient",
        "IndirectBasicAuthClient"
      ]
    ],
*"availableAttributes": [*
*"java.util.LinkedHashSet",*
*      [*
*        "mail",*
*        "eppn",*
*"displayName",*
*"givenName",*
*        "uid"*
*      ]*
*    ]*
  }
}

You can see the availableAttributes section? I need it to make it 
easier for CAS administrators to release attributes for each 
service. But when I access 
*/https://cas.example.com/cas-management/* and try to add services, 
the */"mail", "eppn", "displayName",

Re: [cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-10 Thread Fahmi L. Ramdhani

CAS Management can't retrieve the list of attributes available on CAS Server?

I have added configuration to management.properties, but it didn't work. CAS 
Management only contains the default attributes (uid, eppn, givenName).

I have tried adding the STUB configuration, unfortunately it is static.

> ... attributeRepository.stub.attributes.uid = uid
> .

I hope CAS Management can take available attributes based on the CAS Server 
configuration.

Can anyone give me a suggestion for what i want?

Sent from my iPhone

> On 10 Apr 2019, at 23.03, Ray Bon  wrote:
> 
> Fahmi,
> 
> Our management server is too old to have this feature.
> Start here, 
> https://apereo.github.io/cas/5.3.x/integration/Attribute-Release.html
> You probably have to add properties to management service properties file.
> 
> Ray
> 
>> On Tue, 2019-04-09 at 17:57 -0700, Fahmi L. Ramdhani wrote:
>> Thank you for the quick reply.
>> 
>> First I accessed via the browser 
>> https://cas.example.com/cas/status/discovery, then CAS directed to login. 
>> After successfully logging in, the results are like this:
>> {
>>   "@class": "java.util.LinkedHashMap",
>>   "profile": {
>> "@class": "org.apereo.cas.discovery.CasServerProfile",
>> "registeredServiceTypes": {
>>   "@class": "java.util.HashMap",
>>   "CAS Client": "org.apereo.cas.services.RegexRegisteredService"
>> },
>> "registeredServiceTypesSupported": {
>>   "@class": "java.util.HashMap",
>>   "SAML2 Service Provider": 
>> "org.apereo.cas.support.saml.services.SamlRegisteredService",
>>   "WS Federation Relying Party": 
>> "org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
>>   "OpenID Connect Relying Party": 
>> "org.apereo.cas.services.OidcRegisteredService",
>>   "OAuth2 Client": 
>> "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>>   "CAS Client": "org.apereo.cas.services.RegexRegisteredService"
>> },
>> "multifactorAuthenticationProviderTypesSupported": {
>>   "@class": "java.util.HashMap",
>>   "mfa-gauth": "Google Authenticator",
>>   "mfa-swivel": "Swivel Secure",
>>   "mfa-authy": "Authy",
>>   "mfa-radius": "RADIUS (RSA,WiKID)",
>>   "mfa-u2f": "FIDO U2F",
>>   "mfa-azure": "Microsoft Azure",
>>   "mfa-duo": "Duo Security"
>> },
>> "delegatedClientTypesSupported": [
>>   "java.util.HashSet",
>>   [
>> "OAuth20Client",
>> "OAuth10Client",
>> "TwitterClient",
>> "FoursquareClient",
>> "QQClient",
>> "OrcidClient",
>> "FacebookClient",
>> "OkClient",
>> "FormClient",
>> "CasProxyReceptor",
>> "GitHubClient",
>> "KeycloakOidcClient",
>> "BitbucketClient",
>> "WordPressClient",
>> "OidcClient",
>> "WindowsLiveClient",
>> "VkClient",
>> "LinkedIn2Client",
>> "YahooClient",
>> "WechatClient",
>> "Google2Client",
>> "StravaClient",
>> "GenericOAuth20Client",
>> "AzureAdClient",
>> "GoogleOidcClient",
>> "CasOAuthWrapperClient",
>> "PayPalClient",
>> "WeiboClient",
>> "DropBoxClient",
>> "SAML2Client",
>> "CasClient",
>> "IndirectBasicAuthClient"
>>   ]
>> ],
>> "availableAttributes": [
>>   "java.util.LinkedHashSet",
>>   [
>> "mail",
>> "eppn",
>> "displayName",
>> "givenName",
>> "uid"
>>   ]
>> ]
>>   }
>> }
>> 
>> You can see the availableAttributes section? I need it to make it easier for 
>> CAS administrators to release attributes for each service. But when I access 
>> https://cas.example.com/cas-management and try to add services, the "mail", 
>> "eppn", "displayName", "givenName", "uid" attributes not show in the 
>> dropdown option ( Attribute Release Policy). I hope the dropdown option 
>> contains dynamic based on the attributes in JDBC (Multi-Row), but I have not 
>> found a solution. How to solve this problem?
>> 
>> Thank you.
>> 
>> 
>> Pada Rabu, 10 April 2019 07.45.56 UTC+7, rbon menulis:
>>> 
>>> Fahmi,
>>> 
>>> I have not set up any of the status features for cas, so have no experience 
>>> here.
>>> Can you access it with a browser (that is, have you verified it is working 
>>> as expected)?
>>> 
>>> What is your reason for using curl?
>>> 
>>> Perhaps there is another alternative that others on the list have tried.
>>> 
>>> Ray
>>> 
 On Wed, 2019-04-10 at 07:34 +0700, Fahmi L. Ramdhani wrote:
 Please tell me how to unprotect? In cas.properties i have to set
 
 endpoints.status.discovery.enabled = true
 ..sensitive = false
 
 Sorry for my questions. Thank you Ray.
 Sent from my iPhone
 
 On 10 Apr 2019, at 07.05, Ray Bon  wrote:
 
> Fahmi,
> 
> It looks like /cas/status/discovery is protected by cas and it redirects 
> to cas/login (status code

Re: [cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-10 Thread Ray Bon

Fahmi,

Our management server is too old to have this feature.
Start here, 
https://apereo.github.io/cas/5.3.x/integration/Attribute-Release.html
You probably have to add properties to management service properties file.

Ray

On Tue, 2019-04-09 at 17:57 -0700, Fahmi L. Ramdhani wrote:
Thank you for the quick reply.

First I accessed via the browser https://cas.example.com/cas/status/discovery, 
then CAS directed to login. After successfully logging in, the results are like 
this:
{
  "@class": "java.util.LinkedHashMap",
  "profile": {
"@class": "org.apereo.cas.discovery.CasServerProfile",
"registeredServiceTypes": {
  "@class": "java.util.HashMap",
  "CAS Client": "org.apereo.cas.services.RegexRegisteredService"
},
"registeredServiceTypesSupported": {
  "@class": "java.util.HashMap",
  "SAML2 Service Provider": 
"org.apereo.cas.support.saml.services.SamlRegisteredService",
  "WS Federation Relying Party": 
"org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
  "OpenID Connect Relying Party": 
"org.apereo.cas.services.OidcRegisteredService",
  "OAuth2 Client": 
"org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "CAS Client": "org.apereo.cas.services.RegexRegisteredService"
},
"multifactorAuthenticationProviderTypesSupported": {
  "@class": "java.util.HashMap",
  "mfa-gauth": "Google Authenticator",
  "mfa-swivel": "Swivel Secure",
  "mfa-authy": "Authy",
  "mfa-radius": "RADIUS (RSA,WiKID)",
  "mfa-u2f": "FIDO U2F",
  "mfa-azure": "Microsoft Azure",
  "mfa-duo": "Duo Security"
},
"delegatedClientTypesSupported": [
  "java.util.HashSet",
  [
"OAuth20Client",
"OAuth10Client",
"TwitterClient",
"FoursquareClient",
"QQClient",
"OrcidClient",
"FacebookClient",
"OkClient",
"FormClient",
"CasProxyReceptor",
"GitHubClient",
"KeycloakOidcClient",
"BitbucketClient",
"WordPressClient",
"OidcClient",
"WindowsLiveClient",
"VkClient",
"LinkedIn2Client",
"YahooClient",
"WechatClient",
"Google2Client",
"StravaClient",
"GenericOAuth20Client",
"AzureAdClient",
"GoogleOidcClient",
"CasOAuthWrapperClient",
"PayPalClient",
"WeiboClient",
"DropBoxClient",
"SAML2Client",
"CasClient",
"IndirectBasicAuthClient"
  ]
],
"availableAttributes": [
  "java.util.LinkedHashSet",
  [
"mail",
"eppn",
"displayName",
"givenName",
"uid"
  ]
]
  }
}

You can see the availableAttributes section? I need it to make it easier for 
CAS administrators to release attributes for each service. But when I access 
https://cas.example.com/cas-management and try to add services, the "mail", 
"eppn", "displayName", "givenName", "uid" attributes not show in the dropdown 
option ( Attribute Release Policy). I hope the dropdown option contains dynamic 
based on the attributes in JDBC (Multi-Row), but I have not found a solution. 
How to solve this problem?

Thank you.


Pada Rabu, 10 April 2019 07.45.56 UTC+7, rbon menulis:
Fahmi,

I have not set up any of the status features for cas, so have no experience 
here.
Can you access it with a browser (that is, have you verified it is working as 
expected)?

What is your reason for using curl?

Perhaps there is another alternative that others on the list have tried.

Ray

On Wed, 2019-04-10 at 07:34 +0700, Fahmi L. Ramdhani wrote:
Please tell me how to unprotect? In cas.properties i have to set

endpoints.status.discovery.enabled = true
..sensitive = false

Sorry for my questions. Thank you Ray.
Sent from my iPhone

On 10 Apr 2019, at 07.05, Ray Bon > wrote:

Fahmi,

It looks like /cas/status/discovery is protected by cas and it redirects to 
cas/login (status code 302).
Should the discovery page be protected?

Ray

On Tue, 2019-04-09 at 16:43 -0700, Fahmi L. Ramdhani wrote:
I tried accessing the result curl like this:

curl -v 
https://cas.example.com:8443/cas/status/discovery
*   Trying 2xx.60.112.9...
* Connected to cas.example.com (2xx.60.112.9) port 8443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*server certificate verification OK
*server certificate status verification SKIPPED
*common name: cas.example.com (matched)
*server certificate expiration date OK
*server certificate activation date OK
*certificate public key: RSA
*certificate version: #3
*subject: CN=cas.example.com
*start date: Wed, 03 Apr 2019 09:32:48 GMT
*expire date: Tue, 02 Jul 2019 09:32:48 GMT
*issuer:

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-10 Thread Fahmi L. Ramdhani

*cas-management.log*
2019-04-10 06:01:07,068 INFO [org.apereo.cas.mgmt.web.
CasManagementWebApplicationServletInitializer] - The following profiles are 
active: standalone
2019-04-10 06:01:12,235 DEBUG [org.apereo.cas.config.
CasCoreUtilSerializationConfiguration] - Configuring component 
serialization plan [CasCoreUtilSerializationConfiguration]
2019-04-10 06:01:12,932 DEBUG [org.apereo.cas.mgmt.config.
CasManagementAuthenticationConfiguration] - Configuring an authentication 
strategy based on CAS running at [https://cas.example.com]
2019-04-10 06:01:12,948 INFO [org.apereo.cas.mgmt.config.
CasManagementAuthenticationConfiguration] - Configuring an authentication 
strategy based on authorized IP addresses matching [.+]
*2019-04-10 06:02:18,992 INFO 
[org.apereo.cas.mgmt.services.web.factory.FormDataFactory] - CAS Server 
returned 502 status code from endpoint 
https://cas.example.com/cas/status/discovery. Using default FormData 
values.*
2019-04-10 06:02:21,825 DEBUG [org.apereo.cas.config.
CasCoreServicesConfiguration] - Configuring service registry [
JpaServiceRegistryConfiguration]
2019-04-10 06:02:21,859 DEBUG [org.apereo.cas.services.
DefaultServiceRegistryExecutionPlan] - Registering service registry [
JpaServiceRegistry] into the execution plan
2019-04-10 06:02:21,819 DEBUG [org.apereo.cas.services.
AbstractServicesManager] - Registering service registry [JpaServiceRegistry] 
into the execution planorg.apereo.cas.services.
ChainingServiceRegistry@49652d83]
2019-04-10 06:02:22,209 DEBUG [org.apereo.cas.services.
AbstractServicesManager] - Adding registered service [^https:\/\/ekinerja.
example.com(|:8443)(\\z|\/.*)]
2019-04-10 06:02:22,209 DEBUG [org.apereo.cas.services.
AbstractServicesManager] - Adding registered service [^https:\/\/elakip.
example.com(|:8443)(\\z|\/.*)]
2019-04-10 06:02:22,209 DEBUG [org.apereo.cas.services.
AbstractServicesManager] - Adding registered service [^https:\/\/hibah.
example.com(|:8443)(\\z|\/.*)]
2019-04-10 06:02:22,209 DEBUG [org.apereo.cas.services.
AbstractServicesManager] - Adding registered service [^https:\/\/korelasi.
example.com(|:8443)(\\z|\/.*)]
2019-04-10 06:02:22,209 DEBUG [org.apereo.cas.services.
AbstractServicesManager] - Adding registered service [^https:\/\/cas.example
.com(|:8443)\/cas-management(|\\z|\/.*)]
2019-04-10 06:02:22,209 DEBUG [org.apereo.cas.services.
AbstractServicesManager] - Adding registered service [^https:\/\/cas.example
.com(|:8443)\/cas\/status(|\\z|\/.*)]
2019-04-10 06:02:22,209 DEBUG [org.apereo.cas.services.
AbstractServicesManager] - Adding registered service [^https:\/\/localhost:
8443(\\z|\/.*)]
2019-04-10 06:02:22,209 DEBUG [org.apereo.cas.services.
AbstractServicesManager] - Adding registered service [^https:\/\/local.
example.com:8443(\\z|\/.*)]
2019-04-10 06:02:22,215 INFO [org.apereo.cas.services.
AbstractServicesManager] - Loaded [8] service(s) from [JpaServiceRegistry].
2019-04-10 06:02:22,291 DEBUG [org.apereo.cas.util.io.PathWatcherService] - 
Created service registry watcher for events of type [ENTRY_CREATE]
2019-04-10 06:02:22,351 INFO [org.apereo.cas.mgmt.
DefaultCasManagementEventListener] - 
2019-04-10 06:02:22,354 INFO [org.apereo.cas.mgmt.
DefaultCasManagementEventListener] - 


  _  _     __   __
 |  _ \  | |/ \|  _ \  \ \ / /
 | |_) | |  _| / _ \   | | | |  \ V / 
 |  _ <  | |___   / ___ \  | |_| |   | |  
 |_| \_\ |_| /_/   \_\ |/|_|  
  


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9f46aab1-d1a0-4909-b6e7-7b827ce6c23b%40apereo.org.

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-10 Thread Fahmi L. Ramdhani

Anyone help please?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bc58a852-c472-48c2-92fc-5dd1fe126e23%40apereo.org.

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-09 Thread Fahmi L. Ramdhani

cas-management.log
2019-04-10 06:01:07,068 INFO 
[org.apereo.cas.mgmt.web.CasManagementWebApplicationServletInitializer] - 
The following profiles are active: standalone
2019-04-10 06:01:12,235 DEBUG 
[org.apereo.cas.config.CasCoreUtilSerializationConfiguration] - Configuring 
component serialization plan [CasCoreUtilSerializationConfiguration]
2019-04-10 06:01:12,932 DEBUG 
[org.apereo.cas.mgmt.config.CasManagementAuthenticationConfiguration] - 
Configuring an authentication strategy based on CAS running at 
[https://cas.example.com]
2019-04-10 06:01:12,948 INFO 
[org.apereo.cas.mgmt.config.CasManagementAuthenticationConfiguration] - 
Configuring an authentication strategy based on authorized IP addresses 
matching [.+]
*2019-04-10 06:02:18,992 INFO 
[org.apereo.cas.mgmt.services.web.factory.FormDataFactory] - CAS Server 
returned 502 status code from endpoint 
https://cas.example.com/cas/status/discovery. Using default FormData 
values.*
2019-04-10 06:02:21,825 DEBUG 
[org.apereo.cas.config.CasCoreServicesConfiguration] - Configuring service 
registry [JpaServiceRegistryConfiguration]
2019-04-10 06:02:21,859 DEBUG 
[org.apereo.cas.services.DefaultServiceRegistryExecutionPlan] - Registering 
service registry [JpaServiceRegistry] into the execution plan
2019-04-10 06:02:21,819 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - Registering service 
registry [JpaServiceRegistry] into the execution 
planorg.apereo.cas.services.ChainingServiceRegistry@49652d83]
2019-04-10 06:02:22,209 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - Adding registered 
service [^https:\/\/ekinerja.tasikmalayakab.go.id(|:8443)(\\z|\/.*)]
2019-04-10 06:02:22,209 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - Adding registered 
service [^https:\/\/elakip.tasikmalayakab.go.id(|:8443)(\\z|\/.*)]
2019-04-10 06:02:22,209 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - Adding registered 
service [^https:\/\/hibah.tasikmalayakab.go.id(|:8443)(\\z|\/.*)]
2019-04-10 06:02:22,209 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - Adding registered 
service [^https:\/\/korelasi.tasikmalayakab.go.id(|:8443)(\\z|\/.*)]
2019-04-10 06:02:22,209 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - Adding registered 
service [^https:\/\/cas.example.com(|:8443)\/cas-management(|\\z|\/.*)]
2019-04-10 06:02:22,209 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - Adding registered 
service [^https:\/\/cas.example.com(|:8443)\/cas\/status(|\\z|\/.*)]
2019-04-10 06:02:22,209 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - Adding registered 
service [^https:\/\/localhost:8443(\\z|\/.*)]
2019-04-10 06:02:22,209 DEBUG 
[org.apereo.cas.services.AbstractServicesManager] - Adding registered 
service [^https:\/\/local.asiagroup.co.id:8443(\\z|\/.*)]
2019-04-10 06:02:22,215 INFO 
[org.apereo.cas.services.AbstractServicesManager] - Loaded [8] service(s) 
from [JpaServiceRegistry].
2019-04-10 06:02:22,291 DEBUG [org.apereo.cas.util.io.PathWatcherService] - 
Created service registry watcher for events of type [ENTRY_CREATE]
2019-04-10 06:02:22,351 INFO 
[org.apereo.cas.mgmt.DefaultCasManagementEventListener] - 
2019-04-10 06:02:22,354 INFO 
[org.apereo.cas.mgmt.DefaultCasManagementEventListener] - 

  _  _     __   __
 |  _ \  | |/ \|  _ \  \ \ / /
 | |_) | |  _| / _ \   | | | |  \ V / 
 |  _ <  | |___   / ___ \  | |_| |   | |  
 |_| \_\ |_| /_/   \_\ |/|_|  
  

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9ee91026-07c8-4296-aae6-114d6d9cf411%40apereo.org.

Re: [cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-09 Thread Fahmi L. Ramdhani

Thank you for the quick reply.

First I accessed via the browser 
https://cas.example.com/cas/status/discovery, then CAS directed to login. 
After successfully logging in, the results are like this:
{
  "@class": "java.util.LinkedHashMap",
  "profile": {
"@class": "org.apereo.cas.discovery.CasServerProfile",
"registeredServiceTypes": {
  "@class": "java.util.HashMap",
  "CAS Client": "org.apereo.cas.services.RegexRegisteredService"
},
"registeredServiceTypesSupported": {
  "@class": "java.util.HashMap",
  "SAML2 Service Provider": 
"org.apereo.cas.support.saml.services.SamlRegisteredService",
  "WS Federation Relying Party": 
"org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
  "OpenID Connect Relying Party": 
"org.apereo.cas.services.OidcRegisteredService",
  "OAuth2 Client": 
"org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "CAS Client": "org.apereo.cas.services.RegexRegisteredService"
},
"multifactorAuthenticationProviderTypesSupported": {
  "@class": "java.util.HashMap",
  "mfa-gauth": "Google Authenticator",
  "mfa-swivel": "Swivel Secure",
  "mfa-authy": "Authy",
  "mfa-radius": "RADIUS (RSA,WiKID)",
  "mfa-u2f": "FIDO U2F",
  "mfa-azure": "Microsoft Azure",
  "mfa-duo": "Duo Security"
},
"delegatedClientTypesSupported": [
  "java.util.HashSet",
  [
"OAuth20Client",
"OAuth10Client",
"TwitterClient",
"FoursquareClient",
"QQClient",
"OrcidClient",
"FacebookClient",
"OkClient",
"FormClient",
"CasProxyReceptor",
"GitHubClient",
"KeycloakOidcClient",
"BitbucketClient",
"WordPressClient",
"OidcClient",
"WindowsLiveClient",
"VkClient",
"LinkedIn2Client",
"YahooClient",
"WechatClient",
"Google2Client",
"StravaClient",
"GenericOAuth20Client",
"AzureAdClient",
"GoogleOidcClient",
"CasOAuthWrapperClient",
"PayPalClient",
"WeiboClient",
"DropBoxClient",
"SAML2Client",
"CasClient",
"IndirectBasicAuthClient"
  ]
],
*"availableAttributes": [*
*  "java.util.LinkedHashSet",*
*  [*
*"mail",*
*"eppn",*
*"displayName",*
*"givenName",*
*"uid"*
*  ]*
*]*
  }
}

You can see the availableAttributes section? I need it to make it easier 
for CAS administrators to release attributes for each service. But when I 
access *https://cas.example.com/cas-management* and try to add services, 
the *"mail", "eppn", "displayName", "givenName", "uid"* attributes *not 
show in the dropdown option* ( Attribute Release Policy). I hope the 
dropdown option contains dynamic based on the attributes in JDBC 
(Multi-Row), but I have not found a solution. How to solve this problem?

Thank you.

Pada Rabu, 10 April 2019 07.45.56 UTC+7, rbon menulis:
>
> Fahmi,
>
> I have not set up any of the status features for cas, so have no 
> experience here.
> Can you access it with a browser (that is, have you verified it is working 
> as expected)?
>
> What is your reason for using curl?
>
> Perhaps there is another alternative that others on the list have tried.
>
> Ray
>
> On Wed, 2019-04-10 at 07:34 +0700, Fahmi L. Ramdhani wrote:
>
> Please tell me how to unprotect? In cas.properties i have to set 
>
> endpoints.status.discovery.enabled = true
> ..sensitive = false
>
> Sorry for my questions. Thank you Ray.
> Sent from my iPhone
>
> On 10 Apr 2019, at 07.05, Ray Bon > wrote:
>
> Fahmi,
>
> It looks like /cas/status/discovery is protected by cas and it redirects 
> to cas/login (status code 302).
> Should the discovery page be protected?
>
> Ray
>
> On Tue, 2019-04-09 at 16:43 -0700, Fahmi L. Ramdhani wrote:
>
> I tried accessing the result curl like this: 
>
> curl -v https://cas.example.com:8443/cas/status/discovery
> *   Trying 2xx.60.112.9...
> * Connected to cas.example.com (2xx.60.112.9) port 8443 (#0)
> * found 148 certificates in /etc/ssl/certs/ca-certificates.crt
> * found 592 certificates in /etc/ssl/certs
> * ALPN, offering http/1.1
> * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
> *server certificate verification OK
> *server certificate status verification SKIPPED
> *common name: cas.example.com (matched)
> *server certificate expiration date OK
> *server certificate activation date OK
> *certificate public key: RSA
> *certificate version: #3
> *subject: CN=cas.example.com
> *start date: Wed, 03 Apr 2019 09:32:48 GMT
> *expire date: Tue, 02 Jul 2019 09:32:48 GMT
> *issuer: C=US,O=XXX,CN=XX
> *compression: NULL
> * ALPN, server did not agree to a protocol
> > GET /cas/status/discovery HTTP/1.1
> > Host: cas.example.com:8443
> > User-Agent: curl/7.47.0
> > Accept:

Re: [cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-09 Thread Ray Bon

Fahmi,

I have not set up any of the status features for cas, so have no experience 
here.
Can you access it with a browser (that is, have you verified it is working as 
expected)?

What is your reason for using curl?

Perhaps there is another alternative that others on the list have tried.

Ray

On Wed, 2019-04-10 at 07:34 +0700, Fahmi L. Ramdhani wrote:
Please tell me how to unprotect? In cas.properties i have to set

endpoints.status.discovery.enabled = true
..sensitive = false

Sorry for my questions. Thank you Ray.
Sent from my iPhone

On 10 Apr 2019, at 07.05, Ray Bon mailto:r...@uvic.ca>> wrote:

Fahmi,

It looks like /cas/status/discovery is protected by cas and it redirects to 
cas/login (status code 302).
Should the discovery page be protected?

Ray

On Tue, 2019-04-09 at 16:43 -0700, Fahmi L. Ramdhani wrote:
I tried accessing the result curl like this:

curl -v 
https://cas.example.com:8443/cas/status/discovery
*   Trying 2xx.60.112.9...
* Connected to cas.example.com (2xx.60.112.9) port 8443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*server certificate verification OK
*server certificate status verification SKIPPED
*common name: cas.example.com (matched)
*server certificate expiration date OK
*server certificate activation date OK
*certificate public key: RSA
*certificate version: #3
*subject: CN=cas.example.com
*start date: Wed, 03 Apr 2019 09:32:48 GMT
*expire date: Tue, 02 Jul 2019 09:32:48 GMT
*issuer: C=US,O=XXX,CN=XX
*compression: NULL
* ALPN, server did not agree to a protocol
> GET /cas/status/discovery HTTP/1.1
> Host: cas.example.com:8443
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 302
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< Strict-Transport-Security: max-age=15768000 ; includeSubDomains
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-XSS-Protection: 1; mode=block
< Set-Cookie: JSESSIONID=AECBB7BF899FAFB0B707CE228ECC19EC; Path=/cas; Secure; 
HttpOnly
< Location: 
https://cas.example.com:8443/cas/login?service=https%3A%2F%2Fcas.example.com%3A8443%2Fcas%2Fstatus%2Fdiscovery
< Transfer-Encoding: chunked
< Date: Tue, 09 Apr 2019 23:34:01 GMT
<
* Connection #0 to host cas.example.com left intact


Can anyone help please?

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6865637d5002e54d38c2e2e619ff06ec63e45f0a.camel%40uvic.ca.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fdbfcf1ee8328921789d656bcd18c7cb3dc22547.camel%40uvic.ca.

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-09 Thread Fahmi L. Ramdhani

i have to configured like:

*cas.properties*
cas.adminPagesSecurity.ip = .*
cas.adminPagesSecurity.loginUrl = ${cas.server.prefix}/login
cas.adminPagesSecurity.service = ${cas.server.prefix}/status/dashboard
cas.adminPagesSecurity.users = file:/etc/cas/config/admusers.properties
cas.adminPagesSecurity.adminRoles[0] = ROLE_ADMIN
cas.adminPagesSecurity.actuatorEndpointsEnabled=true


cas.monitor.endpoints.enabled = true
cas.monitor.endpoints.sensitive = false
cas.monitor.endpoints.status.enabled = true
cas.monitor.endpoints.status.sensitive = false
cas.monitor.endpoints.discovery.enabled = true
cas.monitor.endpoints.discovery.sensitive = false


endpoints.enabled = true
endpoints.sensitive = true
endpoints.restart.enabled=true
endpoints.shutdown.enabled=true
endpoints.autoconfig.enabled=true
endpoints.beans.enabled=true
endpoints.bus.enabled=true
endpoints.configprops.enabled=true
endpoints.dump.enabled=true
endpoints.env.enabled=true
endpoints.health.enabled=true
endpoints.features.enabled=true
endpoints.info.enabled=true
endpoints.loggers.enabled=true
endpoints.logfile.enabled=true
endpoints.trace.enabled=true
endpoints.docs.enabled=true
endpoints.heapdump.enabled=true

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/32e03b50-783f-456a-983e-e8e43f316615%40apereo.org.

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-09 Thread Fahmi L. Ramdhani

i have to configured like:

*cas.properties*
cas.adminPagesSecurity.ip = .*
cas.adminPagesSecurity.loginUrl = ${cas.server.prefix}/login
cas.adminPagesSecurity.service = ${cas.server.prefix}/status/dashboard
cas.adminPagesSecurity.users = file:/etc/cas/config/admusers.properties
cas.adminPagesSecurity.adminRoles[0] = ROLE_ADMIN
cas.adminPagesSecurity.actuatorEndpointsEnabled=true


cas.monitor.endpoints.enabled = true
cas.monitor.endpoints.sensitive = false
cas.monitor.endpoints.status.enabled = true
cas.monitor.endpoints.status.sensitive = false
cas.monitor.endpoints.discovery.enabled = true
cas.monitor.endpoints.discovery.sensitive = false


endpoints.enabled = true
endpoints.sensitive = true
endpoints.restart.enabled=true
endpoints.shutdown.enabled=true
endpoints.autoconfig.enabled=true
endpoints.beans.enabled=true
endpoints.bus.enabled=true
endpoints.configprops.enabled=true
endpoints.dump.enabled=true
endpoints.env.enabled=true
endpoints.health.enabled=true
endpoints.features.enabled=true
endpoints.info.enabled=true
endpoints.loggers.enabled=true
endpoints.logfile.enabled=true
endpoints.trace.enabled=true
endpoints.docs.enabled=true
endpoints.heapdump.enabled=true


Pada Minggu, 07 April 2019 00.48.55 UTC+7, Fahmi L. Ramdhani menulis:
>
> Hello,
>
> Anyone, please help me to solve the Attribute problem in CAS Management. I 
> want the dropdown to list the available attributes (dynamically) based on 
> the attribute repository (JDBC), the dropdown in CAS Management service 
> settings.
>
> I added dependency to *pom.xml *(cas-server)
> 
>  org.apereo.cas
>  cas-server-support-discovery-profile
>  ${cas.version}
> 
>
>
> I access *https://cas.example.com/cas/status/discovery 
> * successfully displaying a 
> list of attributes that are ready to be released.
> {
>   "@class": "java.util.LinkedHashMap",
>   "profile": {
> "@class": "org.apereo.cas.discovery.CasServerProfile",
> "registeredServiceTypes": {
>   "@class": "java.util.HashMap",
>   "CAS Client": "org.apereo.cas.services.RegexRegisteredService"
> },
> "registeredServiceTypesSupported": {
>   "@class": "java.util.HashMap",
>   "SAML2 Service Provider": 
> "org.apereo.cas.support.saml.services.SamlRegisteredService",
>   "WS Federation Relying Party": 
> "org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
>   "OpenID Connect Relying Party": 
> "org.apereo.cas.services.OidcRegisteredService",
>   "OAuth2 Client": 
> "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>   "CAS Client": "org.apereo.cas.services.RegexRegisteredService"
> },
> "multifactorAuthenticationProviderTypesSupported": {
>   "@class": "java.util.HashMap",
>   "mfa-gauth": "Google Authenticator",
>   "mfa-swivel": "Swivel Secure",
>   "mfa-authy": "Authy",
>   "mfa-radius": "RADIUS (RSA,WiKID)",
>   "mfa-u2f": "FIDO U2F",
>   "mfa-duo": "Duo Security",
>   "mfa-azure": "Microsoft Azure"
> },
> "delegatedClientTypesSupported": [
>   "java.util.HashSet",
>   [
> "OAuth20Client",
> "OAuth10Client",
> "TwitterClient",
> "FoursquareClient",
> "QQClient",
> "OrcidClient",
> "FacebookClient",
> "OkClient",
> "FormClient",
> "CasProxyReceptor",
> "GitHubClient",
> "BitbucketClient",
> "KeycloakOidcClient",
> "WordPressClient",
> "WindowsLiveClient",
> "OidcClient",
> "VkClient",
> "LinkedIn2Client",
> "YahooClient",
> "WechatClient",
> "Google2Client",
> "StravaClient",
> "GenericOAuth20Client",
> "AzureAdClient",
> "GoogleOidcClient",
> "CasOAuthWrapperClient",
> "WeiboClient",
> "PayPalClient",
> "DropBoxClient",
> "SAML2Client",
> "IndirectBasicAuthClient",
> "CasClient"
>   ]
> ],
> 
>
>
>
>
>
>
>
> *"availableAttributes": [  "java.util.LinkedHashSet",  [
> "uid","username","name","phone"  ]]*
>   }
> }
>
>
> But the data is not loaded in CAS Management. I see at 
> *cas-management.log* it appears like this:
>
>> 019-04-07 00:32:01,567 INFO 
>> [org.apereo.cas.mgmt.web.CasManagementWebApplicationServletInitializer] - 
>> The following profiles are active: standalone
>> 2019-04-07 00:32:07,489 DEBUG 
>> [org.apereo.cas.config.CasCoreUtilSerializationConfiguration] - Configuring 
>> component serialization plan [CasCoreUtilSerializationConfiguration]
>> 2019-04-07 00:32:08,247 DEBUG 
>> [org.apereo.cas.mgmt.config.CasManagementAuthenticationConfiguration] - 
>> Configuring an authentication strategy based on CAS running at [
>> https://cas.example.com]
>> 2019-04-07 00:32:08,263 DEBUG 
>> [org.apereo.cas.mgmt.config.CasManagementAuthenticationConfiguration] - 
>> Skipping IP address authentication

Re: [cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-09 Thread Fahmi L. Ramdhani

Please tell me how to unprotect? In cas.properties i have to set

endpoints.status.discovery.enabled = true
..sensitive = false

Sorry for my questions. Thank you Ray.
Sent from my iPhone

> On 10 Apr 2019, at 07.05, Ray Bon  wrote:
> 
> Fahmi,
> 
> It looks like /cas/status/discovery is protected by cas and it redirects to 
> cas/login (status code 302).
> Should the discovery page be protected?
> 
> Ray
> 
>> On Tue, 2019-04-09 at 16:43 -0700, Fahmi L. Ramdhani wrote:
>> I tried accessing the result curl like this:
>> 
>> curl -v https://cas.example.com:8443/cas/status/discovery
>> *   Trying 2xx.60.112.9...
>> * Connected to cas.example.com (2xx.60.112.9) port 8443 (#0)
>> * found 148 certificates in /etc/ssl/certs/ca-certificates.crt
>> * found 592 certificates in /etc/ssl/certs
>> * ALPN, offering http/1.1
>> * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
>> *server certificate verification OK
>> *server certificate status verification SKIPPED
>> *common name: cas.example.com (matched)
>> *server certificate expiration date OK
>> *server certificate activation date OK
>> *certificate public key: RSA
>> *certificate version: #3
>> *subject: CN=cas.example.com
>> *start date: Wed, 03 Apr 2019 09:32:48 GMT
>> *expire date: Tue, 02 Jul 2019 09:32:48 GMT
>> *issuer: C=US,O=XXX,CN=XX
>> *compression: NULL
>> * ALPN, server did not agree to a protocol
>> > GET /cas/status/discovery HTTP/1.1
>> > Host: cas.example.com:8443
>> > User-Agent: curl/7.47.0
>> > Accept: */*
>> > 
>> < HTTP/1.1 302 
>> < Cache-Control: no-cache, no-store, max-age=0, must-revalidate
>> < Pragma: no-cache
>> < Expires: 0
>> < Strict-Transport-Security: max-age=15768000 ; includeSubDomains
>> < X-Content-Type-Options: nosniff
>> < X-Frame-Options: DENY
>> < X-XSS-Protection: 1; mode=block
>> < Set-Cookie: JSESSIONID=AECBB7BF899FAFB0B707CE228ECC19EC; Path=/cas; 
>> Secure; HttpOnly
>> < Location: 
>> https://cas.example.com:8443/cas/login?service=https%3A%2F%2Fcas.example.com%3A8443%2Fcas%2Fstatus%2Fdiscovery
>> < Transfer-Encoding: chunked
>> < Date: Tue, 09 Apr 2019 23:34:01 GMT
>> < 
>> * Connection #0 to host cas.example.com left intact
>> 
>>  Can anyone help please?
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6865637d5002e54d38c2e2e619ff06ec63e45f0a.camel%40uvic.ca.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/C1E5AECD-202E-4422-9637-76BC09FBC661%40gmail.com.

Re: [cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-09 Thread Ray Bon

Fahmi,

It looks like /cas/status/discovery is protected by cas and it redirects to 
cas/login (status code 302).
Should the discovery page be protected?

Ray

On Tue, 2019-04-09 at 16:43 -0700, Fahmi L. Ramdhani wrote:
I tried accessing the result curl like this:

curl -v https://cas.example.com:8443/cas/status/discovery
*   Trying 2xx.60.112.9...
* Connected to cas.example.com (2xx.60.112.9) port 8443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*server certificate verification OK
*server certificate status verification SKIPPED
*common name: cas.example.com (matched)
*server certificate expiration date OK
*server certificate activation date OK
*certificate public key: RSA
*certificate version: #3
*subject: CN=cas.example.com
*start date: Wed, 03 Apr 2019 09:32:48 GMT
*expire date: Tue, 02 Jul 2019 09:32:48 GMT
*issuer: C=US,O=XXX,CN=XX
*compression: NULL
* ALPN, server did not agree to a protocol
> GET /cas/status/discovery HTTP/1.1
> Host: cas.example.com:8443
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 302
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< Strict-Transport-Security: max-age=15768000 ; includeSubDomains
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-XSS-Protection: 1; mode=block
< Set-Cookie: JSESSIONID=AECBB7BF899FAFB0B707CE228ECC19EC; Path=/cas; Secure; 
HttpOnly
< Location: 
https://cas.example.com:8443/cas/login?service=https%3A%2F%2Fcas.example.com%3A8443%2Fcas%2Fstatus%2Fdiscovery
< Transfer-Encoding: chunked
< Date: Tue, 09 Apr 2019 23:34:01 GMT
<
* Connection #0 to host cas.example.com left intact


Can anyone help please?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6865637d5002e54d38c2e2e619ff06ec63e45f0a.camel%40uvic.ca.

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-09 Thread Fahmi L. Ramdhani

I tried accessing the result curl like this:

curl -v https://cas.example.com:8443/cas/status/discovery
*   Trying 2xx.60.112.9...
* Connected to cas.example.com (2xx.60.112.9) port 8443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*server certificate verification OK
*server certificate status verification SKIPPED
*common name: cas.example.com (matched)
*server certificate expiration date OK
*server certificate activation date OK
*certificate public key: RSA
*certificate version: #3
*subject: CN=cas.example.com
*start date: Wed, 03 Apr 2019 09:32:48 GMT
*expire date: Tue, 02 Jul 2019 09:32:48 GMT
*issuer: C=US,O=XXX,CN=XX
*compression: NULL
* ALPN, server did not agree to a protocol
> GET /cas/status/discovery HTTP/1.1
> Host: cas.example.com:8443
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 302 
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< Strict-Transport-Security: max-age=15768000 ; includeSubDomains
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-XSS-Protection: 1; mode=block
< Set-Cookie: JSESSIONID=AECBB7BF899FAFB0B707CE228ECC19EC; Path=/cas; 
Secure; HttpOnly
< Location: 
https://cas.example.com:8443/cas/login?service=https%3A%2F%2Fcas.example.com%3A8443%2Fcas%2Fstatus%2Fdiscovery
< Transfer-Encoding: chunked
< Date: Tue, 09 Apr 2019 23:34:01 GMT
< 
* Connection #0 to host cas.example.com left intact

Can anyone help please?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7a984890-2ceb-4557-a17b-8adfa65aa4b1%40apereo.org.

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-09 Thread Fahmi L. Ramdhani

I tried accessing the result curl like this:

curl -v https://cas.example.com:8443/cas/status/discovery
*   Trying 103.60.182.9...
* Connected to cas.example.com (103.60.182.9) port 8443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*server certificate verification OK
*server certificate status verification SKIPPED
*common name: cas.example.com (matched)
*server certificate expiration date OK
*server certificate activation date OK
*certificate public key: RSA
*certificate version: #3
*subject: CN=cas.example.com
*start date: Wed, 03 Apr 2019 09:32:48 GMT
*expire date: Tue, 02 Jul 2019 09:32:48 GMT
*issuer: C=US,O=XXX,CN=XX
*compression: NULL
* ALPN, server did not agree to a protocol
> GET /cas/status/discovery HTTP/1.1
> Host: cas.example.com:8443
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 302 
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< Strict-Transport-Security: max-age=15768000 ; includeSubDomains
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-XSS-Protection: 1; mode=block
< Set-Cookie: JSESSIONID=AECBB7BF899FAFB0B707CE228ECC19EC; Path=/cas; 
Secure; HttpOnly
< Location: 
https://cas.example.com:8443/cas/login?service=https%3A%2F%2Fcas.example.com%3A8443%2Fcas%2Fstatus%2Fdiscovery
< Transfer-Encoding: chunked
< Date: Tue, 09 Apr 2019 23:34:01 GMT
< 
* Connection #0 to host cas.example.com left intact

Can anyone help please?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/732296c2-e53a-40c8-aef7-4947b6ef1384%40apereo.org.

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-09 Thread Fahmi L. Ramdhani



I tried accessing the result curl like this


curl -v https://cas.example.com/cas/status/discovery * Trying 103.60.182.9... * 
Connected to cas.example.com (xx.60.xxx.2) port 8443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt * found 592 
certificates in /etc/ssl/certs * ALPN, offering http/1.1 * SSL connection using 
TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate verification OK * 
server certificate status verification SKIPPED * common name: cas.example.com 
(matched)
* server certificate expiration date OK * server certificate activation date OK 
* certificate public key: RSA * certificate version: #3 * subject: 
CN=cas.example.com * start date: Wed, 03 Apr 2019 09:32:48 GMT * expire date: 
Tue, 02 Jul 2019 09:32:48 GMT * issuer: C=US,O=X,CN=XXX * 
compression: NULL * ALPN, server did not agree to a protocol > GET 
/cas/status/discovery HTTP/1.1 > Host: cas.example.com > User-Agent: 
curl/7.47.0 > Accept: */* > < HTTP/1.1 302 < Cache-Control: no-cache, no-store, 
max-age=0, must-revalidate < Pragma: no-cache < Expires: 0 < 
Strict-Transport-Security: max-age=15768000 ; includeSubDomains < 
X-Content-Type-Options: nosniff < X-Frame-Options: DENY < X-XSS-Protection: 1; 
mode=block < Set-Cookie: JSESSIONID=AECBB7BF899FAFB0B707CE228ECC19EC; 
Path=/cas; Secure; HttpOnly < Location: 
https://cas.example.com/cas/login?service=https%3A%2F%2Fcas.example.com%3A8443%2Fcas%2Fstatus%2Fdiscovery
< Transfer-Encoding: chunked < Date: Tue, 09 Apr 2019 23:34:01 GMT < * 
Connection #0 to host cas.example.com left intact

Can anyone help please?

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8e14b1bb-0e7b-4eee-a614-60246aeabe91%40apereo.org.

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

2019-04-07 Thread melody

the management request discovery url was blocked by cas login page, I was 
the same problem.




在 2019年4月7日星期日 UTC+8上午1:48:55，Fahmi L. Ramdhani写道：
>
> Hello,
>
> Anyone, please help me to solve the Attribute problem in CAS Management. I 
> want the dropdown to list the available attributes (dynamically) based on 
> the attribute repository (JDBC), the dropdown in CAS Management service 
> settings.
>
> I added dependency to *pom.xml *(cas-server)
> 
>  org.apereo.cas
>  cas-server-support-discovery-profile
>  ${cas.version}
> 
>
>
> I access *https://cas.example.com/cas/status/discovery 
> * successfully displaying a 
> list of attributes that are ready to be released.
> {
>   "@class": "java.util.LinkedHashMap",
>   "profile": {
> "@class": "org.apereo.cas.discovery.CasServerProfile",
> "registeredServiceTypes": {
>   "@class": "java.util.HashMap",
>   "CAS Client": "org.apereo.cas.services.RegexRegisteredService"
> },
> "registeredServiceTypesSupported": {
>   "@class": "java.util.HashMap",
>   "SAML2 Service Provider": 
> "org.apereo.cas.support.saml.services.SamlRegisteredService",
>   "WS Federation Relying Party": 
> "org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
>   "OpenID Connect Relying Party": 
> "org.apereo.cas.services.OidcRegisteredService",
>   "OAuth2 Client": 
> "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>   "CAS Client": "org.apereo.cas.services.RegexRegisteredService"
> },
> "multifactorAuthenticationProviderTypesSupported": {
>   "@class": "java.util.HashMap",
>   "mfa-gauth": "Google Authenticator",
>   "mfa-swivel": "Swivel Secure",
>   "mfa-authy": "Authy",
>   "mfa-radius": "RADIUS (RSA,WiKID)",
>   "mfa-u2f": "FIDO U2F",
>   "mfa-duo": "Duo Security",
>   "mfa-azure": "Microsoft Azure"
> },
> "delegatedClientTypesSupported": [
>   "java.util.HashSet",
>   [
> "OAuth20Client",
> "OAuth10Client",
> "TwitterClient",
> "FoursquareClient",
> "QQClient",
> "OrcidClient",
> "FacebookClient",
> "OkClient",
> "FormClient",
> "CasProxyReceptor",
> "GitHubClient",
> "BitbucketClient",
> "KeycloakOidcClient",
> "WordPressClient",
> "WindowsLiveClient",
> "OidcClient",
> "VkClient",
> "LinkedIn2Client",
> "YahooClient",
> "WechatClient",
> "Google2Client",
> "StravaClient",
> "GenericOAuth20Client",
> "AzureAdClient",
> "GoogleOidcClient",
> "CasOAuthWrapperClient",
> "WeiboClient",
> "PayPalClient",
> "DropBoxClient",
> "SAML2Client",
> "IndirectBasicAuthClient",
> "CasClient"
>   ]
> ],
> 
>
>
>
>
>
>
>
> *"availableAttributes": [  "java.util.LinkedHashSet",  [
> "uid","username","name","phone"  ]]*
>   }
> }
>
>
> But the data is not loaded in CAS Management. I see at 
> *cas-management.log* it appears like this:
>
>> 019-04-07 00:32:01,567 INFO 
>> [org.apereo.cas.mgmt.web.CasManagementWebApplicationServletInitializer] - 
>> The following profiles are active: standalone
>> 2019-04-07 00:32:07,489 DEBUG 
>> [org.apereo.cas.config.CasCoreUtilSerializationConfiguration] - Configuring 
>> component serialization plan [CasCoreUtilSerializationConfiguration]
>> 2019-04-07 00:32:08,247 DEBUG 
>> [org.apereo.cas.mgmt.config.CasManagementAuthenticationConfiguration] - 
>> Configuring an authentication strategy based on CAS running at [
>> https://cas.example.com]
>> 2019-04-07 00:32:08,263 DEBUG 
>> [org.apereo.cas.mgmt.config.CasManagementAuthenticationConfiguration] - 
>> Skipping IP address authentication strategy configuration; no pattern is 
>> defined
>> 2019-04-07 00:33:14,297 INFO 
>> *[org.apereo.cas.mgmt.services.web.factory.FormDataFactory] 
>> - CAS Server returned 502 status code from endpoint *
>> https://cas.example.com/cas/status/discovery. Using default FormData 
>> values.
>> 2019-04-07 00:33:17,369 DEBUG 
>> [org.apereo.cas.config.CasCoreServicesConfiguration] - Configuring service 
>> registry [JpaServiceRegistryConfiguration]
>> 2019-04-07 00:33:17,402 DEBUG 
>> [org.apereo.cas.services.DefaultServiceRegistryExecutionPlan] - Registering 
>> service registry [JpaServiceRegistry] into the execution plan
>> 2019-04-07 00:33:17,362 DEBUG 
>> [org.apereo.cas.services.AbstractServicesManager] - Registering service 
>> registry [JpaServiceRegistry] into the execution 
>> planorg.apereo.cas.services.ChainingServiceRegistry@35554139]
>> 2019-04-07 00:33:17,807 DEBUG 
>> [org.apereo.cas.services.AbstractServicesManager] - Adding registered 
>> service [^https:\/\/app1.example.com(\\z|\/.*)]
>> 2019-04-07 00:33:17,807 DEBUG 
>> [org.apereo.cas.services.AbstractServicesManager] - Adding

Re: [cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

Re: [cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

Re: [cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

Re: [cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

Re: [cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

Re: [cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

Re: [cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

Re: [cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

[cas-user] Re: Help CAS Management Error (CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values)

17 matches

Site Navigation

Mail list logo

Footer information