Re: [cas-user] /cas/status/dashboard
I don't believe so. You certainly don't have to do anything special to
include it.
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
[image: The New School]
On Tue, Feb 27, 2018 at 10:59 AM, Cheltenham, Chris <
ccheltenham-...@philasd.org> wrote:
> David,
>
>
>
> Do I need pacj4 for the service registry?
>
>
>
>
>
>
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *David
> Curry
> *Sent:* Tuesday, February 27, 2018 8:58 AM
> *To:* cas-user@apereo.org
> *Subject:* Re: [cas-user] /cas/status/dashboard
>
>
>
> If you use "config" then the property is being ignored because it doesn't
> do anything, and you are likely getting the wildcard service registry entry
> in the classpath.
>
>
>
> If you use "json" then you are most likely correctly getting your
> /etc/cas/services directory, and assuming you didn't copy the wildcard
> entry, you're not matching it any more. As to application not authorized,
> that means you don't have a correct entry.
>
>
>
> When you have it set to "json", what does the debug log tell you it's
> loading for services?
>
>
>
>
>
>
> --
>
> *DAVID A. CURRY, CISSP*
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003=gmail=g>
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
>
>
> On Tue, Feb 27, 2018 at 8:51 AM, Cheltenham, Chris <
> ccheltenham-...@philasd.org> wrote:
>
> Guys,
>
>
>
> When I changed config to json , I get Application Not Authorized to use
> CAS.
>
>
>
> I am not sure if that s good thing or not.
>
>
>
> If I change json back to config, the portal will open.
>
>
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of
> *Matthew
> Uribe
> *Sent:* Monday, February 26, 2018 3:35 PM
> *To:* CAS Community <cas-user@apereo.org>
> *Subject:* Re: [cas-user] /cas/status/dashboard
>
>
>
> Chris,
>
>
>
> I ran into the same problem. I added json files to /etc/cas/services but
> CAS was only reading those in the classpath/services directory.
>
> I found that my problem was in my cas.properties:
>
>
>
> Incorrect:
>
> cas.serviceRegistry.*config*.location: file:/etc/cas/services
>
> Correct:
>
> cas.serviceRegistry.*json*.location: file:/etc/cas/services
>
>
> On Monday, February 26, 2018 at 12:50:26 PM UTC-7, Chris Cheltenham wrote:
>
> David,
>
>
>
> The only thing I can tell is that CAS is not seeing the json file from
> /etc/cas/services.
>
> I created two and they never show up loaded in the logs.
>
>
>
> Only the two default ones, I guess they are, show up.
>
>
>
>
>
> 2018-02-26 14:42:49,710 DEBUG
> [org.apereo.cas.services.AbstractServicesManager]
> - https://www.apereo.org]>
>
> 2018-02-26 14:42:49,710 DEBUG
> [org.apereo.cas.services.AbstractServicesManager]
> -
>
> 2018-02-26 14:42:49,710 INFO [org.apereo.cas.services.AbstractServicesManager]
> -
>
>
>
> I have two json files.
>
>
>
>
>
> cas-services5.xml
>
>
>
> {
>
> @class: org.apereo.cas.services.RegexRegisteredService
>
> serviceId: https://devcas5\.philasd\.org/cas-services/.*
>
> name: HTTPS
>
> id: 101
>
> description: HTTPS protocol wildcard service.
>
> evaluationOrder: 1000
>
> }
>
>
>
>
>
>
>
> And
>
>
>
>
>
> cas-dashboard.xml
>
>
>
>
>
> {
>
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>
> "serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/
> .*)",
>
> "name" : "CAS Admin Dashboard",
>
> "id" : 12
>
> "description" : "CAS dashboard and administrative endpoints",
>
> "evaluationOrder" : 1001
>
> }
>
RE: [cas-user] /cas/status/dashboard
David,
Do I need pacj4 for the service registry?
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David
Curry
Sent: Tuesday, February 27, 2018 8:58 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] /cas/status/dashboard
If you use "config" then the property is being ignored because it doesn't do
anything, and you are likely getting the wildcard service registry entry in
the classpath.
If you use "json" then you are most likely correctly getting your
/etc/cas/services directory, and assuming you didn't copy the wildcard
entry, you're not matching it any more. As to application not authorized,
that means you don't have a correct entry.
When you have it set to "json", what does the debug log tell you it's
loading for services?
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • <mailto:david.cu...@newschool.edu>
david.cu...@newschool.edu
<http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>
On Tue, Feb 27, 2018 at 8:51 AM, Cheltenham, Chris
<ccheltenham-...@philasd.org <mailto:ccheltenham-...@philasd.org> > wrote:
Guys,
When I changed config to json , I get Application Not Authorized to use CAS.
I am not sure if that s good thing or not.
If I change json back to config, the portal will open.
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-user@apereo.org <mailto:cas-user@apereo.org>
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of
Matthew Uribe
Sent: Monday, February 26, 2018 3:35 PM
To: CAS Community <cas-user@apereo.org <mailto:cas-user@apereo.org> >
Subject: Re: [cas-user] /cas/status/dashboard
Chris,
I ran into the same problem. I added json files to /etc/cas/services but CAS
was only reading those in the classpath/services directory.
I found that my problem was in my cas.properties:
Incorrect:
cas.serviceRegistry.config.location: file:/etc/cas/services
Correct:
cas.serviceRegistry.json.location: file:/etc/cas/services
On Monday, February 26, 2018 at 12:50:26 PM UTC-7, Chris Cheltenham wrote:
David,
The only thing I can tell is that CAS is not seeing the json file from
/etc/cas/services.
I created two and they never show up loaded in the logs.
Only the two default ones, I guess they are, show up.
2018-02-26 14:42:49,710 DEBUG
[org.apereo.cas.services.AbstractServicesManager] - https://www.apereo.org]>
2018-02-26 14:42:49,710 DEBUG
[org.apereo.cas.services.AbstractServicesManager] -
2018-02-26 14:42:49,710 INFO
[org.apereo.cas.services.AbstractServicesManager] -
I have two json files.
cas-services5.xml
{
@class: org.apereo.cas.services.RegexRegisteredService
serviceId: https://devcas5\.philasd\.org/cas-services/.*
name: HTTPS
id: 101
description: HTTPS protocol wildcard service.
evaluationOrder: 1000
}
And
cas-dashboard.xml
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*)
<https://devcass5.philasd.org/cas/status/dashboard(%5C%5Cz%7C/.*)> ",
"name" : "CAS Admin Dashboard",
"id" : 12
"description" : "CAS dashboard and administrative endpoints",
"evaluationOrder" : 1001
}
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to cas-user+unsubscr...@apereo.org
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/082beb1a-0cfc-4066-8c2b-d6e97284709f%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/082beb1a-0cfc-4066-8c2b-d6e97284709f%40apereo.org?utm_medium=email_source=footer>
.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups
"CAS Community" group.
To unsubs
Re: [cas-user] /cas/status/dashboard
followed your instructions but i get this error.
Error: cannot validate CAS ticket:
ST-1-1PZyX9vP72grJtHEexSdwjVUEMo-CNFCC-CAS-Server
On Monday, February 26, 2018 at 9:29:05 PM UTC+2, David Curry wrote:
>
> I think we've been through most of these at one time or another, but to
> assemble them all in one place...
>
> 1. You have all of these:
>
> # The /status endpoint is protected by IP address only.
> cas.adminPagesSecurity.ip: ...a valid regex to match your
> authorized addresses...
>
> # The /status/whatever endpoints are protected by the CAS server, using a
> # list of admin users in "users.properties".
> cas.adminPagesSecurity.loginUrl:${cas.server.prefix}/login
> cas.adminPagesSecurity.service:
> ${cas.server.prefix}/status/dashboard
> cas.adminPagesSecurity.users:
> file:/etc/cas/config/users.properties
>
> # Define an administrator role. (This is the default; you probably don't
> need to set it explicitly.)
> cas.adminPagesSecurity.adminRoles[0]: ROLE_ADMIN
>
> # Enable the Spring Boot actuators as well as the CAS actuators.
> cas.adminPagesSecurity.actuatorEndpointsEnabled:true
> cas.monitor.endpoints.enabled: true
> endpoints.enabled: true
>
> # Marking the endpoints "sensitive" would protect them with Spring
> Security;
> # we want to protect them with the CAS server.
> cas.monitor.endpoints.sensitive:false
> endpoints.sensitive:false
>
>
> 2. You have a service definition that allows the dashboard to authenticate
> via CAS:
>
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "^
> https://your.cas.server.host.and.port.here/cas/status/dashboard(\\z|/.*)",
> "name" : "CAS Admin Dashboard",
> "id" : 123456789,
> "description" : "CAS dashboard and administrative endpoints",
> "evaluationOrder" : 1234
> }
>
>
> 3. You're sure that the "ccheltenham-ext" user can successfully
> authenticate via CAS. Go to https:/yourserver/cas/login to check. (Even
> if you're "sure," check it anyway, just to remove it from the equation.)
>
> 4. You're attempting to access the dashboard from an IP address that
> matches the pattern configured in cas.adminPagesSecurity.ip.
>
> All of that together ought to do it. If it doesn't, change the CAS logging
> level to "debug" and see what you get in cas.log
>
> --Dave
>
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Mon, Feb 26, 2018 at 2:04 PM, Cheltenham, Chris > wrote:
>
>> Hello,
>>
>>
>>
>> I have been stuggling with access denied on the dashboard
>>
>>
>>
>> - users.properties only has the following.
>>
>>
>>
>> ccheltenham-ext=passwordnotused,ROLE_ADMIN
>>
>>
>>
>> What else could I have misconfigured?
>>
>>
>>
>>
>>
>>
>>
>> ===
>>
>> Thank You;
>>
>> Chris Cheltenham
>> Technology Services
>> The School District of Philadelphia
>>
>> Work # 215-400-5025
>> Cell # 215-301-6571
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/00a001d3af34%24a1de58a0%24e59b09e0%24%40philasd.org
>>
>>
>> .
>>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ef0e350-dbb7-4c15-9ca8-609ef63af115%40apereo.org.
Re: [cas-user] /cas/status/dashboard
alUrl=https://devcas5.philasd.org/cas-management/manage.html,artifactId=,principal=,loggedOutAlready=false,format=XML]]
>>
>> or service access is disallowed. Using default theme [cas-theme-default]>
>>
>> 2018-02-27 09:38:16,236 DEBUG
>> [org.apereo.cas.services.web.ChainingThemeResolver] - > resolve theme via [FixedThemeResolver]>
>>
>> 2018-02-27 09:38:16,236 DEBUG
>> [org.apereo.cas.services.web.ChainingThemeResolver] - > could be found. Using default theme [cas-theme-default}>
>>
>> 2018-02-27 09:38:16,269 DEBUG
>> [org.apereo.cas.web.view.CasReloadableMessageBundle] - > found for [classpath:custom_messages_en] - neither plain properties nor XML>
>>
>> 2018-02-27 09:38:16,269 DEBUG
>> [org.apereo.cas.web.view.CasReloadableMessageBundle] - > found for [classpath:custom_messages] - neither plain properties nor XML>
>>
>> 2018-02-27 09:38:16,270 DEBUG
>> [org.apereo.cas.web.view.CasReloadableMessageBundle] - > found for [classpath:messages_en] - neither plain properties nor XML>
>>
>> 2018-02-27 09:38:16,270 DEBUG
>> [org.apereo.cas.web.view.CasReloadableMessageBundle] - > properties for filename [classpath:messages] - file hasn't been modified>
>>
>> 2018-02-27 09:38:16,271 DEBUG
>> [org.apereo.cas.services.web.ChainingThemeResolver] - > resolve theme via [CookieThemeResolver]>
>>
>> 2018-02-27 09:38:16,271 DEBUG
>> [org.apereo.cas.services.web.ChainingThemeResolver] - > resolve theme via [SessionThemeResolver]>
>>
>> 2018-02-27 09:38:16,271 DEBUG
>> [org.apereo.cas.services.web.ChainingThemeResolver] - > resolve theme via [RequestHeaderThemeResolver]>
>>
>> 2018-02-27 09:38:16,271 DEBUG
>> [org.apereo.cas.services.web.ChainingThemeResolver] - > resolve theme via [ServiceThemeResolver]>
>>
>> 2018-02-27 09:38:16,271 WARN
>> [org.apereo.cas.services.web.ServiceThemeResolver] - > is found to match
>> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@57dbcf68[id=
>> https://devcas5.philasd.org/cas-management/manage.html,originalUrl=https://devcas5.philasd.org/cas-management/manage.html,artifactId=,principal=,loggedOutAlready=false,format=XML]]
>>
>> or service access is disallowed. Using default theme [cas-theme-default]>
>>
>> 2018-02-27 09:38:16,271 DEBUG
>> [org.apereo.cas.services.web.ChainingThemeResolver] - > resolve theme via [FixedThemeResolver]>
>>
>> 2018-02-27 09:38:16,271 DEBUG
>> [org.apereo.cas.services.web.ChainingThemeResolver] - > could be found. Using default theme [cas-theme-default}>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> It consistently only loads the two defaults and never sees anything in
>> /etc/cas/services
>>
>> Its as if nothing is in there.
>>
>>
>>
>> 2018-02-27 09:36:57,741 DEBUG
>> [org.apereo.cas.services.AbstractServiceRegistryDao] - > [org.apereo.cas.support.events.service.CasRegisteredServiceLoadedEvent@2ee60375[registeredService=id=1001,name=HTTPS
>>
>> and IMAPS,description=This service definition authorized all application
>> urls that support HTTPS and IMAPS
>> protocols.,serviceId=^(https|imaps)://.*,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d,theme=,evaluationOrder=1,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy@18a9ad44[attributeFilter=,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@2fc33f97[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@70ecb45b[excludedAttributes=,includeOnlyAttributes=,enabled=true],allowedAttributes=[]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@6e8ffc98[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=,caseInsensitive=false,rejectedAttributes={}],publicKey=,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@60a66b66,logo=images/logo_cas.png,logoutUrl=,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@3b99bf80[multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=,principalAttributeValueToMatch=,bypassEnabled=false],informationUrl=,privacyUrl=,contacts=[],expirationPolicy=org.apereo.cas.services.Defaul
RE: [cas-user] /cas/status/dashboard
utes={}],publicKey=,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@60a66b66,logo=images/logo_cas.png,logoutUrl=,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@3b99bf80[multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=,principalAttributeValueToMatch=,bypassEnabled=false],informationUrl=,privacyUrl=,contacts=[],expirationPolicy=org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy@d9010e3[deleteWhenExpired=false,notifyWhenDeleted=false,expirationDate=],]]>
2018-02-27 09:36:57,741 DEBUG
[org.apereo.cas.services.AbstractServicesManager] - https://www.apereo.org]>
2018-02-27 09:36:57,741 DEBUG
[org.apereo.cas.services.AbstractServicesManager] -
2018-02-27 09:36:57,742 INFO
[org.apereo.cas.services.AbstractServicesManager] -
2018-02-27 09:37:14,507 DEBUG
[org.apereo.cas.services.AbstractServicesManager] -
2018-02-27 09:37:14,507 INFO
[org.apereo.cas.services.AbstractServicesManager] -
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David
Curry
Sent: Tuesday, February 27, 2018 8:58 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] /cas/status/dashboard
If you use "config" then the property is being ignored because it doesn't do
anything, and you are likely getting the wildcard service registry entry in
the classpath.
If you use "json" then you are most likely correctly getting your
/etc/cas/services directory, and assuming you didn't copy the wildcard
entry, you're not matching it any more. As to application not authorized,
that means you don't have a correct entry.
When you have it set to "json", what does the debug log tell you it's
loading for services?
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • <mailto:david.cu...@newschool.edu>
david.cu...@newschool.edu
<http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>
On Tue, Feb 27, 2018 at 8:51 AM, Cheltenham, Chris
<ccheltenham-...@philasd.org <mailto:ccheltenham-...@philasd.org> > wrote:
Guys,
When I changed config to json , I get Application Not Authorized to use CAS.
I am not sure if that s good thing or not.
If I change json back to config, the portal will open.
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-user@apereo.org <mailto:cas-user@apereo.org>
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of
Matthew Uribe
Sent: Monday, February 26, 2018 3:35 PM
To: CAS Community <cas-user@apereo.org <mailto:cas-user@apereo.org> >
Subject: Re: [cas-user] /cas/status/dashboard
Chris,
I ran into the same problem. I added json files to /etc/cas/services but CAS
was only reading those in the classpath/services directory.
I found that my problem was in my cas.properties:
Incorrect:
cas.serviceRegistry.config.location: file:/etc/cas/services
Correct:
cas.serviceRegistry.json.location: file:/etc/cas/services
On Monday, February 26, 2018 at 12:50:26 PM UTC-7, Chris Cheltenham wrote:
David,
The only thing I can tell is that CAS is not seeing the json file from
/etc/cas/services.
I created two and they never show up loaded in the logs.
Only the two default ones, I guess they are, show up.
2018-02-26 14:42:49,710 DEBUG
[org.apereo.cas.services.AbstractServicesManager] - https://www.apereo.org]>
2018-02-26 14:42:49,710 DEBUG
[org.apereo.cas.services.AbstractServicesManager] -
2018-02-26 14:42:49,710 INFO
[org.apereo.cas.services.AbstractServicesManager] -
I have two json files.
cas-services5.xml
{
@class: org.apereo.cas.services.RegexRegisteredService
serviceId: https://devcas5\.philasd\.org/cas-services/.*
name: HTTPS
id: 101
description: HTTPS protocol wildcard service.
evaluationOrder: 1000
}
And
cas-dashboard.xml
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*)
<https://devcass5.philasd.org/cas/status/dashboard(%5C%5Cz%7C/.*)> ",
"name" : "CAS Admin Dashboard",
"id" : 12
"description" : "CAS dashboard and administrative endpoints",
"evaluationOrder" : 1001
}
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom:
Re: [cas-user] /cas/status/dashboard
If you use "config" then the property is being ignored because it doesn't
do anything, and you are likely getting the wildcard service registry entry
in the classpath.
If you use "json" then you are most likely correctly getting your
/etc/cas/services directory, and assuming you didn't copy the wildcard
entry, you're not matching it any more. As to application not authorized,
that means you don't have a correct entry.
When you have it set to "json", what does the debug log tell you it's
loading for services?
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
[image: The New School]
On Tue, Feb 27, 2018 at 8:51 AM, Cheltenham, Chris <
ccheltenham-...@philasd.org> wrote:
> Guys,
>
>
>
> When I changed config to json , I get Application Not Authorized to use
> CAS.
>
>
>
> I am not sure if that s good thing or not.
>
>
>
> If I change json back to config, the portal will open.
>
>
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of
> *Matthew
> Uribe
> *Sent:* Monday, February 26, 2018 3:35 PM
> *To:* CAS Community <cas-user@apereo.org>
> *Subject:* Re: [cas-user] /cas/status/dashboard
>
>
>
> Chris,
>
>
>
> I ran into the same problem. I added json files to /etc/cas/services but
> CAS was only reading those in the classpath/services directory.
>
> I found that my problem was in my cas.properties:
>
>
>
> Incorrect:
>
> cas.serviceRegistry.*config*.location: file:/etc/cas/services
>
> Correct:
>
> cas.serviceRegistry.*json*.location: file:/etc/cas/services
>
>
> On Monday, February 26, 2018 at 12:50:26 PM UTC-7, Chris Cheltenham wrote:
>
> David,
>
>
>
> The only thing I can tell is that CAS is not seeing the json file from
> /etc/cas/services.
>
> I created two and they never show up loaded in the logs.
>
>
>
> Only the two default ones, I guess they are, show up.
>
>
>
>
>
> 2018-02-26 14:42:49,710 DEBUG
> [org.apereo.cas.services.AbstractServicesManager]
> - https://www.apereo.org]>
>
> 2018-02-26 14:42:49,710 DEBUG
> [org.apereo.cas.services.AbstractServicesManager]
> -
>
> 2018-02-26 14:42:49,710 INFO [org.apereo.cas.services.AbstractServicesManager]
> -
>
>
>
> I have two json files.
>
>
>
>
>
> cas-services5.xml
>
>
>
> {
>
> @class: org.apereo.cas.services.RegexRegisteredService
>
> serviceId: https://devcas5\.philasd\.org/cas-services/.*
>
> name: HTTPS
>
> id: 101
>
> description: HTTPS protocol wildcard service.
>
> evaluationOrder: 1000
>
> }
>
>
>
>
>
>
>
> And
>
>
>
>
>
> cas-dashboard.xml
>
>
>
>
>
> {
>
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>
> "serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/
> .*)",
>
> "name" : "CAS Admin Dashboard",
>
> "id" : 12
>
> "description" : "CAS dashboard and administrative endpoints",
>
> "evaluationOrder" : 1001
>
> }
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/082beb1a-0cfc-4066-8c2b-
> d6e97284709f%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/082beb1a-0cfc-4066-8c2b-d6e97284709f%40apereo.org?utm_medium=email_source=footer>
> .
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Grou
Re: [cas-user] /cas/status/dashboard
That might be a clue to a formatting problem, then. Like maybe an extra colon or a missing colon? Or something else mis-formatted? Because colons should work just fine. -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu [image: The New School] On Tue, Feb 27, 2018 at 8:42 AM, Cheltenham, Chris < ccheltenham-...@philasd.org> wrote: > David, > > > > Re: cas.properties > > > > I tried using the colon on every single line and I got all kinds of errors. > > Mainly ssl errors .. > > > > When I put the equals back in , it worked. > > > > I am NOT saying you’re wrong nanny nanny poo poo … > > I just saw a bunch of things break without the equals. > > > > > > > > === > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > > *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *David > Curry > *Sent:* Tuesday, February 27, 2018 8:36 AM > *To:* cas-user@apereo.org > *Subject:* Re: [cas-user] /cas/status/dashboard > > > > You can use colons or equals signs, it doesn't matter. And whitespace > between the property name and the property value is ignored (but whitespace > at the end of the line is not). > > > > https://docs.oracle.com/cd/E23095_01/Platform.93/ATGProgGuide/html/ > s0204propertiesfileformat01.html > > > > Personally I like colons and columns that line up for readability, but > that's me. The CAS team seems to like equals signs and no extra whitespace. > You can use whichever format you're comfortable with, although I might > suggest standardizing on one or the other just for sanity's sake. :-) > > > > --Dave > > > > > -- > > *DAVID A. CURRY, CISSP* > *DIRECTOR OF INFORMATION SECURITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003=gmail=g> > +1 212 229-5300 x4728 • david.cu...@newschool.edu > > [image: The New School] > > > > On Tue, Feb 27, 2018 at 8:11 AM, Cheltenham, Chris < > ccheltenham-...@philasd.org> wrote: > > Thanks guys, I have the json service resitry dependency in both cas and > cas-management pom.xml. > > > > One thing that might be tripping me up here is when to use an “=” or is it > a “:’ > > > > For example I have them mixed. > > > > i.e. > > > > cas.serviceRegistry.json.location:file:/etc/cas/services > > or is it > > cas.serviceRegistry.json.location = file:/etc/cas/services > > > > and I am assuming those long blank spaces don’t mean anything. > > > > I 95% am sure my problem is in the config files, I just not sure where. > > > > > > > > === > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > > *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *Kevin > Liu > *Sent:* Monday, February 26, 2018 3:56 PM > *To:* CAS Community <cas-user@apereo.org> > *Subject:* Re: [cas-user] /cas/status/dashboard > > > > I concur with Matthew. That was my issue too until I changed it. Then > services started picking up. > > On Monday, February 26, 2018 at 2:37:37 PM UTC-6, David Curry wrote: > > But think of all the experience you're getting! :-) > > > > Seriously, I know the feeling. I think we've all been there before. > > > > --Dave > > > > > -- > > *DAVID A. CURRY, CISSP* > *DIRECTOR OF INFORMATION SECURITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003=gmail=g> > +1 212 229-5300 x4728 • david.cu...@newschool.edu > > [image: The New School] > > > > On Mon, Feb 26, 2018 at 3:35 PM, Cheltenham, Chris <cchelte...@philasd.org> > wrote: > > I do , I will check everything again in the morning. > > > > Thanks for your help. > > > > It’s frustrating because I know it’s something stupid but I just don’t see > it yet. > > > > > > === > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > > *From:* cas-...@apereo.org [mailto:cas-...@apereo.org] *On Behalf Of
RE: [cas-user] /cas/status/dashboard
Guys,
When I changed config to json , I get Application Not Authorized to use CAS.
I am not sure if that s good thing or not.
If I change json back to config, the portal will open.
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Matthew
Uribe
Sent: Monday, February 26, 2018 3:35 PM
To: CAS Community <cas-user@apereo.org>
Subject: Re: [cas-user] /cas/status/dashboard
Chris,
I ran into the same problem. I added json files to /etc/cas/services but CAS
was only reading those in the classpath/services directory.
I found that my problem was in my cas.properties:
Incorrect:
cas.serviceRegistry.config.location: file:/etc/cas/services
Correct:
cas.serviceRegistry.json.location: file:/etc/cas/services
On Monday, February 26, 2018 at 12:50:26 PM UTC-7, Chris Cheltenham wrote:
David,
The only thing I can tell is that CAS is not seeing the json file from
/etc/cas/services.
I created two and they never show up loaded in the logs.
Only the two default ones, I guess they are, show up.
2018-02-26 14:42:49,710 DEBUG
[org.apereo.cas.services.AbstractServicesManager] - https://www.apereo.org]>
2018-02-26 14:42:49,710 DEBUG
[org.apereo.cas.services.AbstractServicesManager] -
2018-02-26 14:42:49,710 INFO
[org.apereo.cas.services.AbstractServicesManager] -
I have two json files.
cas-services5.xml
{
@class: org.apereo.cas.services.RegexRegisteredService
serviceId: https://devcas5\.philasd\.org/cas-services/.*
name: HTTPS
id: 101
description: HTTPS protocol wildcard service.
evaluationOrder: 1000
}
And
cas-dashboard.xml
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*)
<https://devcass5.philasd.org/cas/status/dashboard(%5C%5Cz%7C/.*)> ",
"name" : "CAS Admin Dashboard",
"id" : 12
"description" : "CAS dashboard and administrative endpoints",
"evaluationOrder" : 1001
}
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to cas-user+unsubscr...@apereo.org
<mailto:cas-user+unsubscr...@apereo.org> .
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/082beb1a-0cfc-4066-8c2b-d6e97284709f%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/082beb1a-0cfc-4066-8c2b-d6e97284709f%40apereo.org?utm_medium=email_source=footer>
.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/004701d3afd2%2407b4d1c0%24171e7540%24%40philasd.org.
RE: [cas-user] /cas/status/dashboard
David,
Re: cas.properties
I tried using the colon on every single line and I got all kinds of errors.
Mainly ssl errors ..
When I put the equals back in , it worked.
I am NOT saying you’re wrong nanny nanny poo poo …
I just saw a bunch of things break without the equals.
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David
Curry
Sent: Tuesday, February 27, 2018 8:36 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] /cas/status/dashboard
You can use colons or equals signs, it doesn't matter. And whitespace
between the property name and the property value is ignored (but whitespace
at the end of the line is not).
https://docs.oracle.com/cd/E23095_01/Platform.93/ATGProgGuide/html/s0204propertiesfileformat01.html
Personally I like colons and columns that line up for readability, but
that's me. The CAS team seems to like equals signs and no extra whitespace.
You can use whichever format you're comfortable with, although I might
suggest standardizing on one or the other just for sanity's sake. :-)
--Dave
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • <mailto:david.cu...@newschool.edu>
david.cu...@newschool.edu
<http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>
On Tue, Feb 27, 2018 at 8:11 AM, Cheltenham, Chris
<ccheltenham-...@philasd.org <mailto:ccheltenham-...@philasd.org> > wrote:
Thanks guys, I have the json service resitry dependency in both cas and
cas-management pom.xml.
One thing that might be tripping me up here is when to use an “=” or is it a
“:’
For example I have them mixed.
i.e.
cas.serviceRegistry.json.location:file:/etc/cas/services
or is it
cas.serviceRegistry.json.location = file:/etc/cas/services
and I am assuming those long blank spaces don’t mean anything.
I 95% am sure my problem is in the config files, I just not sure where.
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-user@apereo.org <mailto:cas-user@apereo.org>
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of
Kevin Liu
Sent: Monday, February 26, 2018 3:56 PM
To: CAS Community <cas-user@apereo.org <mailto:cas-user@apereo.org> >
Subject: Re: [cas-user] /cas/status/dashboard
I concur with Matthew. That was my issue too until I changed it. Then
services started picking up.
On Monday, February 26, 2018 at 2:37:37 PM UTC-6, David Curry wrote:
But think of all the experience you're getting! :-)
Seriously, I know the feeling. I think we've all been there before.
--Dave
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003=gmail=g>
+1 212 229-5300 x4728 • david.cu...@newschool.edu
<http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>
On Mon, Feb 26, 2018 at 3:35 PM, Cheltenham, Chris <cchelte...@philasd.org>
wrote:
I do , I will check everything again in the morning.
Thanks for your help.
It’s frustrating because I know it’s something stupid but I just don’t see
it yet.
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-...@apereo.org [mailto:cas-...@apereo.org] On Behalf Of David
Curry
Sent: Monday, February 26, 2018 3:22 PM
To: cas-...@apereo.org
Subject: Re: [cas-user] /cas/status/dashboard
Do you have
org.apereo.cas
cas-server-support-json-service-registry
${cas.version}
in pom.xml and
cas.serviceRegistry.json.location:file:/etc/cas/services
in cas.properties?
If not, you need them. If so, then dig through the archives of this group in
the last month or twol some other folks were having similar issues.
--Dave
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003=gmail=g>
+1 212 229-5300 x4728 • david.cu...@newschool.edu
<http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>
On Mon, Feb 26, 2018 at 2:50 PM, Cheltenham, Chris <cchelte...@philasd.org>
wrote:
David,
The only thing I can tell is that CAS is not seeing the json file from
/etc/cas/services.
I created two and they never show up loaded in the logs.
Only the two default ones, I guess they are, show up.
2018
Re: [cas-user] /cas/status/dashboard
You can use colons or equals signs, it doesn't matter. And whitespace
between the property name and the property value is ignored (but whitespace
at the end of the line is not).
https://docs.oracle.com/cd/E23095_01/Platform.93/ATGProgGuide/html/s0204propertiesfileformat01.html
Personally I like colons and columns that line up for readability, but
that's me. The CAS team seems to like equals signs and no extra whitespace.
You can use whichever format you're comfortable with, although I might
suggest standardizing on one or the other just for sanity's sake. :-)
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
[image: The New School]
On Tue, Feb 27, 2018 at 8:11 AM, Cheltenham, Chris <
ccheltenham-...@philasd.org> wrote:
> Thanks guys, I have the json service resitry dependency in both cas and
> cas-management pom.xml.
>
>
>
> One thing that might be tripping me up here is when to use an “=” or is it
> a “:’
>
>
>
> For example I have them mixed.
>
>
>
> i.e.
>
>
>
> cas.serviceRegistry.json.location:file:/etc/cas/services
>
> or is it
>
> cas.serviceRegistry.json.location = file:/etc/cas/services
>
>
>
> and I am assuming those long blank spaces don’t mean anything.
>
>
>
> I 95% am sure my problem is in the config files, I just not sure where.
>
>
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *Kevin
> Liu
> *Sent:* Monday, February 26, 2018 3:56 PM
> *To:* CAS Community <cas-user@apereo.org>
> *Subject:* Re: [cas-user] /cas/status/dashboard
>
>
>
> I concur with Matthew. That was my issue too until I changed it. Then
> services started picking up.
>
> On Monday, February 26, 2018 at 2:37:37 PM UTC-6, David Curry wrote:
>
> But think of all the experience you're getting! :-)
>
>
>
> Seriously, I know the feeling. I think we've all been there before.
>
>
>
> --Dave
>
>
>
>
> --
>
> *DAVID A. CURRY, CISSP*
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003=gmail=g>
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
>
>
> On Mon, Feb 26, 2018 at 3:35 PM, Cheltenham, Chris <cchelte...@philasd.org>
> wrote:
>
> I do , I will check everything again in the morning.
>
>
>
> Thanks for your help.
>
>
>
> It’s frustrating because I know it’s something stupid but I just don’t see
> it yet.
>
>
>
>
>
> ===================
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> *From:* cas-...@apereo.org [mailto:cas-...@apereo.org] *On Behalf Of *David
> Curry
> *Sent:* Monday, February 26, 2018 3:22 PM
>
>
> *To:* cas-...@apereo.org
> *Subject:* Re: [cas-user] /cas/status/dashboard
>
>
>
> Do you have
>
>
>
>
>
> org.apereo.cas
>
> cas-server-support-json-service-registry
>
> ${cas.version}
>
>
>
>
>
> in pom.xml and
>
>
>
> cas.serviceRegistry.json.location:file:/etc/cas/services
>
>
>
> in cas.properties?
>
>
>
> If not, you need them. If so, then dig through the archives of this group
> in the last month or twol some other folks were having similar issues.
>
>
>
> --Dave
>
>
>
>
> --
>
> *DAVID A. CURRY, CISSP*
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003=gmail=g>
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
>
>
> On Mon, Feb 26, 2018 at 2:50 PM, Cheltenham, Chris <cchelte...@philasd.org>
> wrote:
>
> David,
>
>
>
> The only thing I can tell is that CAS is not seeing the json file from
> /etc/cas/services.
>
> I created two and they never show up loaded in the logs.
>
>
>
> Only the two default ones, I guess they are, show up.
>
>
>
>
>
> 2018-02-26 14:42:49,710 DEBUG
> [org.apereo.cas.services.AbstractServicesManager]
> - https://www.apereo.org]>
>
> 2
RE: [cas-user] /cas/status/dashboard
Thanks guys, I have the json service resitry dependency in both cas and
cas-management pom.xml.
One thing that might be tripping me up here is when to use an “=” or is it a
“:’
For example I have them mixed.
i.e.
cas.serviceRegistry.json.location:file:/etc/cas/services
or is it
cas.serviceRegistry.json.location = file:/etc/cas/services
and I am assuming those long blank spaces don’t mean anything.
I 95% am sure my problem is in the config files, I just not sure where.
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Kevin
Liu
Sent: Monday, February 26, 2018 3:56 PM
To: CAS Community <cas-user@apereo.org>
Subject: Re: [cas-user] /cas/status/dashboard
I concur with Matthew. That was my issue too until I changed it. Then
services started picking up.
On Monday, February 26, 2018 at 2:37:37 PM UTC-6, David Curry wrote:
But think of all the experience you're getting! :-)
Seriously, I know the feeling. I think we've all been there before.
--Dave
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
<https://lh4.googleusercontent.com/proxy/kBxyNqPE_dwGnQ5_31vxODZ361V2PjQdxLgStd_Hjq6qhsUZ5Ls9wt8E7q_K2I1IH9Gl9beQOC7lRFhDZ6YS4RBwSzHk1J04dgKAuT9_k0gSpkU-gvRxyA=w5000-h5000>
On Mon, Feb 26, 2018 at 3:35 PM, Cheltenham, Chris <cchelte...@philasd.org
> wrote:
I do , I will check everything again in the morning.
Thanks for your help.
It’s frustrating because I know it’s something stupid but I just don’t see
it yet.
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-...@apereo.org [mailto:cas-...@apereo.org
] On Behalf Of David Curry
Sent: Monday, February 26, 2018 3:22 PM
To: cas-...@apereo.org
Subject: Re: [cas-user] /cas/status/dashboard
Do you have
org.apereo.cas
cas-server-support-json-service-registry
${cas.version}
in pom.xml and
cas.serviceRegistry.json.location:file:/etc/cas/services
in cas.properties?
If not, you need them. If so, then dig through the archives of this group in
the last month or twol some other folks were having similar issues.
--Dave
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
<https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003=gmail=g>
+1 212 229-5300 x4728 • david.cu...@newschool.edu
<https://lh4.googleusercontent.com/proxy/kBxyNqPE_dwGnQ5_31vxODZ361V2PjQdxLgStd_Hjq6qhsUZ5Ls9wt8E7q_K2I1IH9Gl9beQOC7lRFhDZ6YS4RBwSzHk1J04dgKAuT9_k0gSpkU-gvRxyA=w5000-h5000>
On Mon, Feb 26, 2018 at 2:50 PM, Cheltenham, Chris <cchelte...@philasd.org
> wrote:
David,
The only thing I can tell is that CAS is not seeing the json file from
/etc/cas/services.
I created two and they never show up loaded in the logs.
Only the two default ones, I guess they are, show up.
2018-02-26 14:42:49,710 DEBUG
[org.apereo.cas.services.AbstractServicesManager] - https://www.apereo.org]>
2018-02-26 14:42:49,710 DEBUG
[org.apereo.cas.services.AbstractServicesManager] -
2018-02-26 14:42:49,710 INFO
[org.apereo.cas.services.AbstractServicesManager] -
I have two json files.
cas-services5.xml
{
@class: org.apereo.cas.services.RegexRegisteredService
serviceId: https://devcas5\.philasd\.org/cas-services/.*
name: HTTPS
id: 101
description: HTTPS protocol wildcard service.
evaluationOrder: 1000
}
And
cas-dashboard.xml
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*)
<https://devcass5.philasd.org/cas/status/dashboard(%5C%5Cz%7C/.*)> ",
"name" : "CAS Admin Dashboard",
"id" : 12
"description" : "CAS dashboard and administrative endpoints",
"evaluationOrder" : 1001
}
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-...@apereo.org [mailto:cas-...@apereo.org
] On Behalf Of David Curry
Sent: Monday, February 26, 2018 2:29 PM
To: cas-...@apereo.org
Subject: Re: [cas-user] /cas/status/dashboard
I think we've been through most of these at one time or another, but to
assemble them all in one place...
1. You have all of these:
# The /status endpoint is protected by IP address only.
cas.adminPagesSecurity.ip: ...a
Re: [cas-user] /cas/status/dashboard
I concur with Matthew. That was my issue too until I changed it. Then
services started picking up.
On Monday, February 26, 2018 at 2:37:37 PM UTC-6, David Curry wrote:
>
> But think of all the experience you're getting! :-)
>
> Seriously, I know the feeling. I think we've all been there before.
>
> --Dave
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Mon, Feb 26, 2018 at 3:35 PM, Cheltenham, Chris <cchelte...@philasd.org
> > wrote:
>
>> I do , I will check everything again in the morning.
>>
>>
>>
>> Thanks for your help.
>>
>>
>>
>> It’s frustrating because I know it’s something stupid but I just don’t
>> see it yet.
>>
>>
>>
>>
>>
>> ===
>>
>> Thank You;
>>
>> Chris Cheltenham
>> Technology Services
>> The School District of Philadelphia
>>
>> Work # 215-400-5025
>> Cell # 215-301-6571
>>
>> *From:* cas-...@apereo.org [mailto:cas-...@apereo.org
>> ] *On Behalf Of *David Curry
>> *Sent:* Monday, February 26, 2018 3:22 PM
>>
>> *To:* cas-...@apereo.org
>> *Subject:* Re: [cas-user] /cas/status/dashboard
>>
>>
>>
>> Do you have
>>
>>
>>
>>
>>
>> org.apereo.cas
>>
>> cas-server-support-json-service-registry
>>
>> ${cas.version}
>>
>>
>>
>>
>>
>> in pom.xml and
>>
>>
>>
>> cas.serviceRegistry.json.location:file:/etc/cas/services
>>
>>
>>
>> in cas.properties?
>>
>>
>>
>> If not, you need them. If so, then dig through the archives of this group
>> in the last month or twol some other folks were having similar issues.
>>
>>
>>
>> --Dave
>>
>>
>>
>>
>> --
>>
>> *DAVID A. CURRY, CISSP*
>> *DIRECTOR OF INFORMATION SECURITY*
>> INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003=gmail=g>
>> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>>
>> [image: The New School]
>>
>>
>>
>> On Mon, Feb 26, 2018 at 2:50 PM, Cheltenham, Chris <
>> cchelte...@philasd.org > wrote:
>>
>> David,
>>
>>
>>
>> The only thing I can tell is that CAS is not seeing the json file from
>> /etc/cas/services.
>>
>> I created two and they never show up loaded in the logs.
>>
>>
>>
>> Only the two default ones, I guess they are, show up.
>>
>>
>>
>>
>>
>> 2018-02-26 14:42:49,710 DEBUG
>> [org.apereo.cas.services.AbstractServicesManager] - > service [^https://www.apereo.org]>
>>
>> 2018-02-26 14:42:49,710 DEBUG
>> [org.apereo.cas.services.AbstractServicesManager] - > service [^(https|imaps)://.*]>
>>
>> 2018-02-26 14:42:49,710 INFO
>> [org.apereo.cas.services.AbstractServicesManager] - > from [JsonServiceRegistryDao].>
>>
>>
>>
>> I have two json files.
>>
>>
>>
>>
>>
>> cas-services5.xml
>>
>>
>>
>> {
>>
>> @class: org.apereo.cas.services.RegexRegisteredService
>>
>> serviceId: https://devcas5\.philasd\.org/cas-services/.*
>>
>> name: HTTPS
>>
>> id: 1000001
>>
>> description: HTTPS protocol wildcard service.
>>
>> evaluationOrder: 1000
>>
>> }
>>
>>
>>
>>
>>
>>
>>
>> And
>>
>>
>>
>>
>>
>> cas-dashboard.xml
>>
>>
>>
>>
>>
>> {
>>
>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>>
>> "serviceId" : "^
>> https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*)",
>>
>> "name" : "CAS Admin Dashboard",
>>
>> "id" : 12
>>
>> "description" : "CAS dashboard and administrative endpoints",
>>
>> "evaluationOrder" : 1001
>>
>> }
>>
>>
>>
>>
>>
>> ===
>>
>> Thank You;
>&g
Re: [cas-user] /cas/status/dashboard
But think of all the experience you're getting! :-)
Seriously, I know the feeling. I think we've all been there before.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
[image: The New School]
On Mon, Feb 26, 2018 at 3:35 PM, Cheltenham, Chris <
ccheltenham-...@philasd.org> wrote:
> I do , I will check everything again in the morning.
>
>
>
> Thanks for your help.
>
>
>
> It’s frustrating because I know it’s something stupid but I just don’t see
> it yet.
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *David
> Curry
> *Sent:* Monday, February 26, 2018 3:22 PM
>
> *To:* cas-user@apereo.org
> *Subject:* Re: [cas-user] /cas/status/dashboard
>
>
>
> Do you have
>
>
>
>
>
> org.apereo.cas
>
> cas-server-support-json-service-registry
>
> ${cas.version}
>
>
>
>
>
> in pom.xml and
>
>
>
> cas.serviceRegistry.json.location:file:/etc/cas/services
>
>
>
> in cas.properties?
>
>
>
> If not, you need them. If so, then dig through the archives of this group
> in the last month or twol some other folks were having similar issues.
>
>
>
> --Dave
>
>
>
>
> --
>
> *DAVID A. CURRY, CISSP*
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003=gmail=g>
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
>
>
> On Mon, Feb 26, 2018 at 2:50 PM, Cheltenham, Chris <
> ccheltenham-...@philasd.org> wrote:
>
> David,
>
>
>
> The only thing I can tell is that CAS is not seeing the json file from
> /etc/cas/services.
>
> I created two and they never show up loaded in the logs.
>
>
>
> Only the two default ones, I guess they are, show up.
>
>
>
>
>
> 2018-02-26 14:42:49,710 DEBUG
> [org.apereo.cas.services.AbstractServicesManager]
> - https://www.apereo.org]>
>
> 2018-02-26 14:42:49,710 DEBUG
> [org.apereo.cas.services.AbstractServicesManager]
> -
>
> 2018-02-26 14:42:49,710 INFO [org.apereo.cas.services.AbstractServicesManager]
> -
>
>
>
> I have two json files.
>
>
>
>
>
> cas-services5.xml
>
>
>
> {
>
> @class: org.apereo.cas.services.RegexRegisteredService
>
> serviceId: https://devcas5\.philasd\.org/cas-services/.*
>
> name: HTTPS
>
> id: 101
>
> description: HTTPS protocol wildcard service.
>
> evaluationOrder: 1000
>
> }
>
>
>
>
>
>
>
> And
>
>
>
>
>
> cas-dashboard.xml
>
>
>
>
>
> {
>
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>
> "serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/
> .*)",
>
> "name" : "CAS Admin Dashboard",
>
> "id" : 12
>
> "description" : "CAS dashboard and administrative endpoints",
>
> "evaluationOrder" : 1001
>
> }
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *David
> Curry
> *Sent:* Monday, February 26, 2018 2:29 PM
> *To:* cas-user@apereo.org
> *Subject:* Re: [cas-user] /cas/status/dashboard
>
>
>
> I think we've been through most of these at one time or another, but to
> assemble them all in one place...
>
>
>
> 1. You have all of these:
>
>
>
> # The /status endpoint is protected by IP address only.
>
> cas.adminPagesSecurity.ip: ...a valid regex to match your
> authorized addresses...
>
>
>
> # The /status/whatever endpoints are protected by the CAS server, using a
>
> # list of admin users in "users.properties".
>
> cas.adminPagesSecurity.loginUrl:${cas.server.prefix}/login
>
> cas.adminPagesSecurity.service: ${cas.server.prefix}/status/
> dashboard
>
> cas.adminPagesSecurity.users: file:/etc/cas/config/users.
RE: [cas-user] /cas/status/dashboard
I do , I will check everything again in the morning.
Thanks for your help.
It’s frustrating because I know it’s something stupid but I just don’t see
it yet.
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David
Curry
Sent: Monday, February 26, 2018 3:22 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] /cas/status/dashboard
Do you have
org.apereo.cas
cas-server-support-json-service-registry
${cas.version}
in pom.xml and
cas.serviceRegistry.json.location:file:/etc/cas/services
in cas.properties?
If not, you need them. If so, then dig through the archives of this group in
the last month or twol some other folks were having similar issues.
--Dave
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • <mailto:david.cu...@newschool.edu>
david.cu...@newschool.edu
<http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>
On Mon, Feb 26, 2018 at 2:50 PM, Cheltenham, Chris
<ccheltenham-...@philasd.org <mailto:ccheltenham-...@philasd.org> > wrote:
David,
The only thing I can tell is that CAS is not seeing the json file from
/etc/cas/services.
I created two and they never show up loaded in the logs.
Only the two default ones, I guess they are, show up.
2018-02-26 14:42:49,710 DEBUG
[org.apereo.cas.services.AbstractServicesManager] - https://www.apereo.org]>
2018-02-26 14:42:49,710 DEBUG
[org.apereo.cas.services.AbstractServicesManager] -
2018-02-26 14:42:49,710 INFO
[org.apereo.cas.services.AbstractServicesManager] -
I have two json files.
cas-services5.xml
{
@class: org.apereo.cas.services.RegexRegisteredService
serviceId: https://devcas5\.philasd\.org/cas-services/.*
name: HTTPS
id: 101
description: HTTPS protocol wildcard service.
evaluationOrder: 1000
}
And
cas-dashboard.xml
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*)
<https://devcass5.philasd.org/cas/status/dashboard(%5C%5Cz%7C/.*)> ",
"name" : "CAS Admin Dashboard",
"id" : 12
"description" : "CAS dashboard and administrative endpoints",
"evaluationOrder" : 1001
}
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-user@apereo.org <mailto:cas-user@apereo.org>
[mailto:cas-user@apereo.org <mailto:cas-user@apereo.org> ] On Behalf Of
David Curry
Sent: Monday, February 26, 2018 2:29 PM
To: cas-user@apereo.org <mailto:cas-user@apereo.org>
Subject: Re: [cas-user] /cas/status/dashboard
I think we've been through most of these at one time or another, but to
assemble them all in one place...
1. You have all of these:
# The /status endpoint is protected by IP address only.
cas.adminPagesSecurity.ip: ...a valid regex to match your
authorized addresses...
# The /status/whatever endpoints are protected by the CAS server, using a
# list of admin users in "users.properties".
cas.adminPagesSecurity.loginUrl:${cas.server.prefix}/login
cas.adminPagesSecurity.service:
${cas.server.prefix}/status/dashboard
cas.adminPagesSecurity.users:
file:/etc/cas/config/users.properties
# Define an administrator role. (This is the default; you probably don't
need to set it explicitly.)
cas.adminPagesSecurity.adminRoles[0]: ROLE_ADMIN
# Enable the Spring Boot actuators as well as the CAS actuators.
cas.adminPagesSecurity.actuatorEndpointsEnabled:true
cas.monitor.endpoints.enabled: true
endpoints.enabled: true
# Marking the endpoints "sensitive" would protect them with Spring Security;
# we want to protect them with the CAS server.
cas.monitor.endpoints.sensitive:false
endpoints.sensitive:false
2. You have a service definition that allows the dashboard to authenticate
via CAS:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" :
"^https://your.cas.server.host.and.port.here/cas/status/dashboard(\\z|/.*)
<https://your.cas.server.host.and.port.here/cas/status/dashboard(/z%7C/.*)>
",
"name" : "CAS Admin Dashboard",
"id" : 123456789,
"description" : "CAS dashboard and administrative endpoints",
"evaluationOrder" : 1234
}
3. You're sure that the "cchelte
Re: [cas-user] /cas/status/dashboard
Chris,
I ran into the same problem. I added json files to /etc/cas/services but
CAS was only reading those in the classpath/services directory.
I found that my problem was in my cas.properties:
Incorrect:
cas.serviceRegistry.*config*.location: file:/etc/cas/services
Correct:
cas.serviceRegistry.*json*.location: file:/etc/cas/services
On Monday, February 26, 2018 at 12:50:26 PM UTC-7, Chris Cheltenham wrote:
>
> David,
>
>
>
> The only thing I can tell is that CAS is not seeing the json file from
> /etc/cas/services.
>
> I created two and they never show up loaded in the logs.
>
>
>
> Only the two default ones, I guess they are, show up.
>
>
>
>
>
> 2018-02-26 14:42:49,710 DEBUG
> [org.apereo.cas.services.AbstractServicesManager] - service [^https://www.apereo.org]>
>
> 2018-02-26 14:42:49,710 DEBUG
> [org.apereo.cas.services.AbstractServicesManager] - service [^(https|imaps)://.*]>
>
> 2018-02-26 14:42:49,710 INFO
> [org.apereo.cas.services.AbstractServicesManager] - from [JsonServiceRegistryDao].>
>
>
>
> I have two json files.
>
>
>
>
>
> cas-services5.xml
>
>
>
> {
>
> @class: org.apereo.cas.services.RegexRegisteredService
>
> serviceId: https://devcas5\.philasd\.org/cas-services/.*
>
> name: HTTPS
>
> id: 101
>
> description: HTTPS protocol wildcard service.
>
> evaluationOrder: 1000
>
> }
>
>
>
>
>
>
>
> And
>
>
>
>
>
> cas-dashboard.xml
>
>
>
>
>
> {
>
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>
> "serviceId" : "^
> https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*)",
>
> "name" : "CAS Admin Dashboard",
>
> "id" : 12
>
> "description" : "CAS dashboard and administrative endpoints",
>
> "evaluationOrder" : 1001
>
> }
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/082beb1a-0cfc-4066-8c2b-d6e97284709f%40apereo.org.
Re: [cas-user] /cas/status/dashboard
Do you have
org.apereo.cas
cas-server-support-json-service-registry
${cas.version}
in pom.xml and
cas.serviceRegistry.json.location:file:/etc/cas/services
in cas.properties?
If not, you need them. If so, then dig through the archives of this group
in the last month or twol some other folks were having similar issues.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
[image: The New School]
On Mon, Feb 26, 2018 at 2:50 PM, Cheltenham, Chris <
ccheltenham-...@philasd.org> wrote:
> David,
>
>
>
> The only thing I can tell is that CAS is not seeing the json file from
> /etc/cas/services.
>
> I created two and they never show up loaded in the logs.
>
>
>
> Only the two default ones, I guess they are, show up.
>
>
>
>
>
> 2018-02-26 14:42:49,710 DEBUG
> [org.apereo.cas.services.AbstractServicesManager]
> - https://www.apereo.org]>
>
> 2018-02-26 14:42:49,710 DEBUG
> [org.apereo.cas.services.AbstractServicesManager]
> -
>
> 2018-02-26 14:42:49,710 INFO [org.apereo.cas.services.AbstractServicesManager]
> -
>
>
>
> I have two json files.
>
>
>
>
>
> cas-services5.xml
>
>
>
> {
>
> @class: org.apereo.cas.services.RegexRegisteredService
>
> serviceId: https://devcas5\.philasd\.org/cas-services/.*
>
> name: HTTPS
>
> id: 101
>
> description: HTTPS protocol wildcard service.
>
> evaluationOrder: 1000
>
> }
>
>
>
>
>
>
>
> And
>
>
>
>
>
> cas-dashboard.xml
>
>
>
>
>
> {
>
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>
> "serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/
> .*)",
>
> "name" : "CAS Admin Dashboard",
>
> "id" : 12
>
> "description" : "CAS dashboard and administrative endpoints",
>
> "evaluationOrder" : 1001
>
> }
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *David
> Curry
> *Sent:* Monday, February 26, 2018 2:29 PM
> *To:* cas-user@apereo.org
> *Subject:* Re: [cas-user] /cas/status/dashboard
>
>
>
> I think we've been through most of these at one time or another, but to
> assemble them all in one place...
>
>
>
> 1. You have all of these:
>
>
>
> # The /status endpoint is protected by IP address only.
>
> cas.adminPagesSecurity.ip: ...a valid regex to match your
> authorized addresses...
>
>
>
> # The /status/whatever endpoints are protected by the CAS server, using a
>
> # list of admin users in "users.properties".
>
> cas.adminPagesSecurity.loginUrl:${cas.server.prefix}/login
>
> cas.adminPagesSecurity.service: ${cas.server.prefix}/status/
> dashboard
>
> cas.adminPagesSecurity.users: file:/etc/cas/config/users.
> properties
>
>
>
> # Define an administrator role. (This is the default; you probably don't
> need to set it explicitly.)
>
> cas.adminPagesSecurity.adminRoles[0]: ROLE_ADMIN
>
>
>
> # Enable the Spring Boot actuators as well as the CAS actuators.
>
> cas.adminPagesSecurity.actuatorEndpointsEnabled:true
>
> cas.monitor.endpoints.enabled: true
>
> endpoints.enabled: true
>
>
>
> # Marking the endpoints "sensitive" would protect them with Spring
> Security;
>
> # we want to protect them with the CAS server.
>
> cas.monitor.endpoints.sensitive:false
>
> endpoints.sensitive:false
>
>
>
> 2. You have a service definition that allows the dashboard to authenticate
> via CAS:
>
>
>
> {
>
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>
> "serviceId" : "^https://your.cas.server.host.and.port.here/cas/status/
> dashboard(\\z|/.*)
> <https://your.cas.server.host.and.port.here/cas/status/dashboard(/z%7C/.*)>
> ",
>
> "name" : "CAS Admin Dashboard",
>
> "id" : 123456789,
>
> "description" : "CAS dashboard and administrative endpoints",
>
> "evaluationOrder" : 1234
>
> }
>
>
>
> 3. You're
RE: [cas-user] /cas/status/dashboard
David,
The only thing I can tell is that CAS is not seeing the json file from
/etc/cas/services.
I created two and they never show up loaded in the logs.
Only the two default ones, I guess they are, show up.
2018-02-26 14:42:49,710 DEBUG
[org.apereo.cas.services.AbstractServicesManager] - https://www.apereo.org]>
2018-02-26 14:42:49,710 DEBUG
[org.apereo.cas.services.AbstractServicesManager] -
2018-02-26 14:42:49,710 INFO
[org.apereo.cas.services.AbstractServicesManager] -
I have two json files.
cas-services5.xml
{
@class: org.apereo.cas.services.RegexRegisteredService
serviceId: https://devcas5\.philasd\.org/cas-services/.*
name: HTTPS
id: 101
description: HTTPS protocol wildcard service.
evaluationOrder: 1000
}
And
cas-dashboard.xml
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" :
"^https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*)",
"name" : "CAS Admin Dashboard",
"id" : 12
"description" : "CAS dashboard and administrative endpoints",
"evaluationOrder" : 1001
}
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David
Curry
Sent: Monday, February 26, 2018 2:29 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] /cas/status/dashboard
I think we've been through most of these at one time or another, but to
assemble them all in one place...
1. You have all of these:
# The /status endpoint is protected by IP address only.
cas.adminPagesSecurity.ip: ...a valid regex to match your
authorized addresses...
# The /status/whatever endpoints are protected by the CAS server, using a
# list of admin users in "users.properties".
cas.adminPagesSecurity.loginUrl:${cas.server.prefix}/login
cas.adminPagesSecurity.service:
${cas.server.prefix}/status/dashboard
cas.adminPagesSecurity.users:
file:/etc/cas/config/users.properties
# Define an administrator role. (This is the default; you probably don't
need to set it explicitly.)
cas.adminPagesSecurity.adminRoles[0]: ROLE_ADMIN
# Enable the Spring Boot actuators as well as the CAS actuators.
cas.adminPagesSecurity.actuatorEndpointsEnabled:true
cas.monitor.endpoints.enabled: true
endpoints.enabled: true
# Marking the endpoints "sensitive" would protect them with Spring Security;
# we want to protect them with the CAS server.
cas.monitor.endpoints.sensitive:false
endpoints.sensitive:false
2. You have a service definition that allows the dashboard to authenticate
via CAS:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" :
"^https://your.cas.server.host.and.port.here/cas/status/dashboard(\\z|/.*)
<https://your.cas.server.host.and.port.here/cas/status/dashboard(/z|/.*)> ",
"name" : "CAS Admin Dashboard",
"id" : 123456789,
"description" : "CAS dashboard and administrative endpoints",
"evaluationOrder" : 1234
}
3. You're sure that the "ccheltenham-ext" user can successfully authenticate
via CAS. Go to https:/yourserver/cas/login to check. (Even if you're "sure,"
check it anyway, just to remove it from the equation.)
4. You're attempting to access the dashboard from an IP address that matches
the pattern configured in cas.adminPagesSecurity.ip.
All of that together ought to do it. If it doesn't, change the CAS logging
level to "debug" and see what you get in cas.log
--Dave
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • <mailto:david.cu...@newschool.edu>
david.cu...@newschool.edu
<http://www.newschool.edu/marketing-communication/img/tns-sig-logo.jpg>
On Mon, Feb 26, 2018 at 2:04 PM, Cheltenham, Chris
<ccheltenham-...@philasd.org <mailto:ccheltenham-...@philasd.org> > wrote:
Hello,
I have been stuggling with access denied on the dashboard
- users.properties only has the following.
ccheltenham-ext=passwordnotused,ROLE_ADMIN
What else could I have misconfigured?
===
Thank You;
Chris Cheltenham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Re: [cas-user] /cas/status/dashboard
I think we've been through most of these at one time or another, but to
assemble them all in one place...
1. You have all of these:
# The /status endpoint is protected by IP address only.
cas.adminPagesSecurity.ip: ...a valid regex to match your
authorized addresses...
# The /status/whatever endpoints are protected by the CAS server, using a
# list of admin users in "users.properties".
cas.adminPagesSecurity.loginUrl:${cas.server.prefix}/login
cas.adminPagesSecurity.service:
${cas.server.prefix}/status/dashboard
cas.adminPagesSecurity.users:
file:/etc/cas/config/users.properties
# Define an administrator role. (This is the default; you probably don't
need to set it explicitly.)
cas.adminPagesSecurity.adminRoles[0]: ROLE_ADMIN
# Enable the Spring Boot actuators as well as the CAS actuators.
cas.adminPagesSecurity.actuatorEndpointsEnabled:true
cas.monitor.endpoints.enabled: true
endpoints.enabled: true
# Marking the endpoints "sensitive" would protect them with Spring Security;
# we want to protect them with the CAS server.
cas.monitor.endpoints.sensitive:false
endpoints.sensitive:false
2. You have a service definition that allows the dashboard to authenticate
via CAS:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^
https://your.cas.server.host.and.port.here/cas/status/dashboard(\\z|/.*)",
"name" : "CAS Admin Dashboard",
"id" : 123456789,
"description" : "CAS dashboard and administrative endpoints",
"evaluationOrder" : 1234
}
3. You're sure that the "ccheltenham-ext" user can successfully
authenticate via CAS. Go to https:/yourserver/cas/login to check. (Even if
you're "sure," check it anyway, just to remove it from the equation.)
4. You're attempting to access the dashboard from an IP address that
matches the pattern configured in cas.adminPagesSecurity.ip.
All of that together ought to do it. If it doesn't, change the CAS logging
level to "debug" and see what you get in cas.log
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
[image: The New School]
On Mon, Feb 26, 2018 at 2:04 PM, Cheltenham, Chris <
ccheltenham-...@philasd.org> wrote:
> Hello,
>
>
>
> I have been stuggling with access denied on the dashboard
>
>
>
> - users.properties only has the following.
>
>
>
> ccheltenham-ext=passwordnotused,ROLE_ADMIN
>
>
>
> What else could I have misconfigured?
>
>
>
>
>
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/00a001d3af34%24a1de58a0%
> 24e59b09e0%24%40philasd.org
>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPG8nL99g6-zYfwWMCZBXQ2FhK6gR6UWatTYTGBK2fZqg%40mail.gmail.com.
