[cas-user] CAS with LDAP / LDAP Scope
Hi all,
I'm working to authenticate users on a OpenLDAP server.
My cas.properties is like :
#
# Authentication
#
# Base DN of users to be authenticated
ldap.authn.baseDn=dc=domain,dc=local
# Manager DN for authenticated searches
ldap.authn.managerDN=cn=admin,dc=domain,dc=local
# Manager password for authenticated searches
ldap.authn.managerPassword=myadminpwd
# Search filter used for configurations that require searching for DNs
ldap.authn.searchFilter=(uid={user})
# Search filter used for configurations that require searching for DNs
ldap.authn.format=%s
ldap.baseDn=dc=domain,dc=local
ldap.trustedCert=/etc/pki/tls/certs/chain-24222-cas4.exemple.fr-3-AddTrust_External_CA_Root.pem
but, when I try to authenticate, it's not working.
1. Which encryption for password is waiting by CAS (default is md5 in OpenLDAP)
2. In debug log, I can see « searchScope=ONELEVEL » but some users are in sub
OU, so how can I change search scope ?
My log (catalina.out) :
2015-01-15 00:13:39,797 DEBUG [org.ldaptive.SearchOperation] - ldap://10.0.18.12,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@78864189::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-762247154::trustCertificates=/etc/pki/tls/certs/chain-24222-cas4.exemple.fr-3-AddTrust_External_CA_Root.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@879346250::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@189965096::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@5e559ce6]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@46aff06c]>
2015-01-15 00:13:39,800 DEBUG [org.ldaptive.SearchOperation] - ldap://10.0.18.12,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@78864189::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-762247154::trustCertificates=/etc/pki/tls/certs/chain-24222-cas4.exemple.fr-3-AddTrust_External_CA_Root.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@879346250::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@189965096::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@5e559ce6]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@46aff06c]>
2015-01-15 00:13:39,800 INFO [org.ldaptive.auth.PooledSearchDnResolver] -
2015-01-15 00:13:39,800 DEBUG [org.ldaptive.auth.PooledSearchDnResolver] -
2015-01-15 00:13:39,800 DEBUG [org.ldaptive.auth.Authenticator] -
2015-01-15 00:13:39,800 DEBUG
[org.jasig.cas.authentication.LdapAuthenticationHandler] -
2015-01-15 00:13:39,800 INFO
[org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
Thanks for help,
Yannick
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CAS with LDAP / LDAP Scope
Perfect. It’s working
Thanks a lot.
Yannick
CONFIDENTIALITE : Le message contenu dans cet email ainsi que dans tout fichier
attaché est destiné exclusivement aux destinataires mentionnés ci-dessus. Il
peut contenir des informations protégées par le secret professionnel et dont la
divulgation est strictement prohibée. Si vous avez reçu cet email par erreur,
détruisez-en le contenu. Vous n'êtes en effet pas autorisé, dans cette
hypothèse, à copier, distribuer ou conserver ce message. Merci.
CONFIDENTIALITY. This e-mail is intended only for the use of the individual to
whom or the entity to which it is addressed and may contain information which
is confidential and privileged. Confidentiality and privilege are not lost by
this e-mail having been sent to a wrong person. If you are not the intended
recipient or the person responsible for delivering it to the intended
recipient, please do not read, print, store and act in reliance on it or on any
attachments. Instead, please e-mail it back to the sender and then immediately
and permanently delete it.
De : Armando Martins [mailto:armando.mar...@gmail.com]
Envoyé : jeudi 15 janvier 2015 09:28
À : cas-user@lists.jasig.org
Objet : Re: [cas-user] CAS with LDAP / LDAP Scope
Hi, i think you have to turn on the subtreeSearch in your bean dnResolver like
this :
Hope this helps
2015-01-15 9:01 GMT+01:00 Yannick MOLINET
mailto:yannick.moli...@dixinfor.com>>:
Hi all,
I'm working to authenticate users on a OpenLDAP server.
My cas.properties is like :
#
# Authentication
#
# Base DN of users to be authenticated
ldap.authn.baseDn=dc=domain,dc=local
# Manager DN for authenticated searches
ldap.authn.managerDN=cn=admin,dc=domain,dc=local
# Manager password for authenticated searches
ldap.authn.managerPassword=myadminpwd
# Search filter used for configurations that require searching for DNs
ldap.authn.searchFilter=(uid={user})
# Search filter used for configurations that require searching for DNs
ldap.authn.format=%s
ldap.baseDn=dc=domain,dc=local
ldap.trustedCert=/etc/pki/tls/certs/chain-24222-cas4.exemple.fr-3-AddTrust_External_CA_Root.pem
but, when I try to authenticate, it's not working.
1. Which encryption for password is waiting by CAS (default is md5 in OpenLDAP)
2. In debug log, I can see « searchScope=ONELEVEL » but some users are in sub
OU, so how can I change search scope ?
My log (catalina.out) :
2015-01-15 00:13:39,797 DEBUG [org.ldaptive.SearchOperation] - mailto:yannick.moli...@dixinfor.com>}],
returnAttributes=[1.1], searchScope=ONELEVEL, timeLimit=0, sizeLimit=0,
derefAliases=null, typesOnly=false, binaryAttributes=null,
sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null,
controls=null, followReferrals=false, intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@78993229::config=[org.ldaptive.ConnectionConfig@1828438737::ldapUrl=ldap://10.0.18.12<http://10.0.18.12>,
connectTimeout=3000, responseTimeout=-1,
sslConfig=[org.ldaptive.ssl.SslConfig@78864189::credentialConfig=[org.ldaptive.ssl.X509CredentialConfig@-762247154::trustCertificates=/etc/pki/tls/certs/chain-24222-cas4.exemple.fr-3-AddTrust_External_CA_Root.pem,
authenticationCertificate=null, authenticationKey=null], trustManagers=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
connectionInitializer=null],
providerConnectionFactory=[org.ldaptive.provider.jndi.JndiConnectionFactory@879346250::connectionCount=1,
environment={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
com.sun.jndi.ldap.connect.timeout=3000, java.naming.ldap.version=3},
providerConfig=[org.ldaptive.provider.jndi.JndiProviderConfig@189965096::operationExceptionResultCodes=[PROTOCOL_ERROR,
SERVER_DOWN], properties={}, connectionStrategy=DEFAULT, environment=null,
tracePackets=null, removeDnUrls=true,
searchIgnoreResultCodes=[TIME_LIMIT_EXCEEDED, SIZE_LIMIT_EXCEEDED,
PARTIAL_RESULTS], sslSocketFactory=null, hostnameVerifier=null,
controlProcessor=org.ldaptive.provider.ControlProcessor@5e559ce6<mailto:controlProcessor=org.ldaptive.provider.ControlProcessor@5e559ce6>]],
providerConnection=org.ldaptive.provider.jndi.JndiConnection@46aff06c<mailto:providerConnection=org.ldaptive.provider.jndi.JndiConnection@46aff06c>]>
2015-01-15 00:13:39,800 DEBUG [org.ldaptive.SearchOperation] - mailto:yannick.moli...@dixinfor.com>}],
returnAttributes=[1.1], searchScope=ONELEVEL, timeLimit=0, sizeLimit=0,
derefAliases=null, typesOnly=false, binaryAttributes=null,
sortBehavior=UNORDERED, searchEntryHandlers=null, searchReferenceHandlers=null,
controls=null, followReferrals=false, intermediateResponseHandlers=null] with
connection=[org.ldaptive.DefaultConnectionFactory$DefaultConnection@78993229::
[cas-user] CAS Management files
Hi all, I'm using Maven Overlay to install CAS with Management webapp. I have added the dependency in pom.xml but I'm searching how I can move cas-management.properies in /etc/cas (same as cas.properties) and also change the log fil (cas-management.log) to a different path (as I do in log4j.xml for cas). Thanks for help, Yannick -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE:[cas-user] CAS Management files
I have : 1. Add in propertyFileConfigurer.xml so this file is like : 2. Adjust my params, in cas-management.properties log4j.config.location=/etc/cas/cas-management-log4j.xml (not simple log4j.xml to avoid conflict with cas version) log4j.refresh.interval=6 3. Adjust cas-management-log4j.xml But, when I do a « mvn clean package », I'm receiving no error or warning and I found another version of cas-management.properties in WEB-INF, and a log4j.xml in classes. Thanks for help, Yannick De : Yannick MOLINET [mailto:yannick.moli...@dixinfor.com] Envoyé : samedi 17 janvier 2015 11:44 À : cas-user@lists.jasig.org Objet : [cas-user] CAS Management files Hi all, I'm using Maven Overlay to install CAS with Management webapp. I have added the dependency in pom.xml but I'm searching how I can move cas-management.properies in /etc/cas (same as cas.properties) and also change the log fil (cas-management.log) to a different path (as I do in log4j.xml for cas). Thanks for help, Yannick -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: yannick.moli...@dixinfor.com<mailto:yannick.moli...@dixinfor.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: RE:[cas-user] CAS Management files
Seems not working. My log4j.xml for management is not used. When I launch tomcat I received an error about creating the log file (no path mentionned), but if it was the path mentionned in my log4j.xml, this could not be occur because tomcat have access to this folder (cas.log is correctly write inside). Yannick -Message d'origine- De : mepst...@gwork254.lis.illinois.edu [mailto:mepst...@gwork254.lis.illinois.edu] De la part de Milt Epstein Envoyé : lundi 19 janvier 2015 16:04 À : cas-user@lists.jasig.org Objet : RE:[cas-user] CAS Management files When I added a second properties file, I needed to add the ignore-unresolvable attribute to the context tag, a la: Maybe you need to do that as well. Milt Epstein Applications Developer Graduate School of Library and Information Science (GSLIS) University of Illinois at Urbana-Champaign (UIUC) mepst...@illinois.edu On Mon, 19 Jan 2015, Yannick MOLINET wrote: > I have : > > 1. Add location="file:/etc/cas/cas-management.properties"/> in > propertyFileConfigurer.xml > so this file is like : > location="file:/etc/cas/cas.properties"/> > location="file:/etc/cas/cas-management.properties"/> > > > 2. Adjust my params, in cas-management.properties > log4j.config.location=/etc/cas/cas-management-log4j.xml (not simple > log4j.xml to avoid conflict with cas version) > log4j.refresh.interval=6 > > > 3. Adjust cas-management-log4j.xml > > > But, when I do a « mvn clean package », I'm receiving no error or warning and > I found another version of cas-management.properties in WEB-INF, and a > log4j.xml in classes. > > Thanks for help, > > Yannick > > > De : Yannick MOLINET [mailto:yannick.moli...@dixinfor.com] > Envoyé : samedi 17 janvier 2015 11:44 > À : cas-user@lists.jasig.org > Objet : [cas-user] CAS Management files > > Hi all, > > I'm using Maven Overlay to install CAS with Management webapp. > I have added the dependency in pom.xml but I'm searching how I can move > cas-management.properies in /etc/cas (same as cas.properties) and also change > the log fil (cas-management.log) to a different path (as I do in log4j.xml > for cas). > > Thanks for help, > Yannick > > > > -- > > You are currently subscribed to > cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: > yannick.moli...@dixinfor.com<mailto:yannick.moli...@dixinfor.com> > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > mepst...@illinois.edu To unsubscribe, change settings or access > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: yannick.moli...@dixinfor.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: RE:[cas-user] CAS Management files
I have try also to set as But it's not working ... If someone have a solution to do this ... Thanks for help, Yannick -Message d'origine- De : Yannick MOLINET [mailto:yannick.moli...@dixinfor.com] Envoyé : lundi 19 janvier 2015 17:00 À : cas-user@lists.jasig.org Objet : RE: RE:[cas-user] CAS Management files Seems not working. My log4j.xml for management is not used. When I launch tomcat I received an error about creating the log file (no path mentionned), but if it was the path mentionned in my log4j.xml, this could not be occur because tomcat have access to this folder (cas.log is correctly write inside). Yannick -Message d'origine- De : mepst...@gwork254.lis.illinois.edu [mailto:mepst...@gwork254.lis.illinois.edu] De la part de Milt Epstein Envoyé : lundi 19 janvier 2015 16:04 À : cas-user@lists.jasig.org Objet : RE:[cas-user] CAS Management files When I added a second properties file, I needed to add the ignore-unresolvable attribute to the context tag, a la: Maybe you need to do that as well. Milt Epstein Applications Developer Graduate School of Library and Information Science (GSLIS) University of Illinois at Urbana-Champaign (UIUC) mepst...@illinois.edu On Mon, 19 Jan 2015, Yannick MOLINET wrote: > I have : > > 1. Add location="file:/etc/cas/cas-management.properties"/> in > propertyFileConfigurer.xml > so this file is like : > location="file:/etc/cas/cas.properties"/> > location="file:/etc/cas/cas-management.properties"/> > > > 2. Adjust my params, in cas-management.properties > log4j.config.location=/etc/cas/cas-management-log4j.xml (not simple > log4j.xml to avoid conflict with cas version) > log4j.refresh.interval=6 > > > 3. Adjust cas-management-log4j.xml > > > But, when I do a « mvn clean package », I'm receiving no error or warning and > I found another version of cas-management.properties in WEB-INF, and a > log4j.xml in classes. > > Thanks for help, > > Yannick > > > De : Yannick MOLINET [mailto:yannick.moli...@dixinfor.com] > Envoyé : samedi 17 janvier 2015 11:44 > À : cas-user@lists.jasig.org > Objet : [cas-user] CAS Management files > > Hi all, > > I'm using Maven Overlay to install CAS with Management webapp. > I have added the dependency in pom.xml but I'm searching how I can move > cas-management.properies in /etc/cas (same as cas.properties) and also change > the log fil (cas-management.log) to a different path (as I do in log4j.xml > for cas). > > Thanks for help, > Yannick > > > > -- > > You are currently subscribed to > cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: > yannick.moli...@dixinfor.com<mailto:yannick.moli...@dixinfor.com> > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > mepst...@illinois.edu To unsubscribe, change settings or access > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: yannick.moli...@dixinfor.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: yannick.moli...@dixinfor.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: RE:[cas-user] CAS Management files
If I understand, I could not add cas-management in dependency of my cas overlay, I’m need to create another overlay « project » as you done in your github ? De : Jérôme LELEU [mailto:lel...@gmail.com] Envoyé : mardi 20 janvier 2015 08:48 À : cas-user@lists.jasig.org Objet : Re: RE:[cas-user] CAS Management files Hi, In the management webapp, you don't need the cas.properties file, it's dedicated to the CAS server. I'm not surprised you have another cas-management.properties in WEB-INF/ and a log4.xml, they are copied fom the cas-management webapp, it's the principle of the overlay. But with the appropriate configuration, they will simply be ignored. With in propertyFileConfigurer.xml, you should load your properties which loads your log file. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com<http://www.casinthecloud.com> | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas<http://www.jasig.org/cas> | Creator of pac4j: www.pac4j.org<http://www.pac4j.org> 2015-01-19 22:30 GMT+01:00 Yannick MOLINET mailto:yannick.moli...@dixinfor.com>>: I have try also to set as But it's not working ... If someone have a solution to do this ... Thanks for help, Yannick -Message d'origine- De : Yannick MOLINET [mailto:yannick.moli...@dixinfor.com<mailto:yannick.moli...@dixinfor.com>] Envoyé : lundi 19 janvier 2015 17:00 À : cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Objet : RE: RE:[cas-user] CAS Management files Seems not working. My log4j.xml for management is not used. When I launch tomcat I received an error about creating the log file (no path mentionned), but if it was the path mentionned in my log4j.xml, this could not be occur because tomcat have access to this folder (cas.log is correctly write inside). Yannick -Message d'origine- De : mepst...@gwork254.lis.illinois.edu<mailto:mepst...@gwork254.lis.illinois.edu> [mailto:mepst...@gwork254.lis.illinois.edu<mailto:mepst...@gwork254.lis.illinois.edu>] De la part de Milt Epstein Envoyé : lundi 19 janvier 2015 16:04 À : cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Objet : RE:[cas-user] CAS Management files When I added a second properties file, I needed to add the ignore-unresolvable attribute to the context tag, a la: Maybe you need to do that as well. Milt Epstein Applications Developer Graduate School of Library and Information Science (GSLIS) University of Illinois at Urbana-Champaign (UIUC) mepst...@illinois.edu<mailto:mepst...@illinois.edu> On Mon, 19 Jan 2015, Yannick MOLINET wrote: > I have : > > 1. Add location="file:/etc/cas/cas-management.properties"/> in > propertyFileConfigurer.xml > so this file is like : > location="file:/etc/cas/cas.properties"/> > location="file:/etc/cas/cas-management.properties"/> > > > 2. Adjust my params, in cas-management.properties > log4j.config.location=/etc/cas/cas-management-log4j.xml (not simple > log4j.xml to avoid conflict with cas version) > log4j.refresh.interval=6 > > > 3. Adjust cas-management-log4j.xml > > > But, when I do a « mvn clean package », I'm receiving no error or warning and > I found another version of cas-management.properties in WEB-INF, and a > log4j.xml in classes. > > Thanks for help, > > Yannick > > > De : Yannick MOLINET > [mailto:yannick.moli...@dixinfor.com<mailto:yannick.moli...@dixinfor.com>] > Envoyé : samedi 17 janvier 2015 11:44 > À : cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> > Objet : [cas-user] CAS Management files > > Hi all, > > I'm using Maven Overlay to install CAS with Management webapp. > I have added the dependency in pom.xml but I'm searching how I can move > cas-management.properies in /etc/cas (same as cas.properties) and also change > the log fil (cas-management.log) to a different path (as I do in log4j.xml > for cas). > > Thanks for help, > Yannick > > > > -- > > You are currently subscribed to > cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org><mailto:cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>> > as: > yannick.moli...@dixinfor.com<mailto:yannick.moli...@dixinfor.com><mailto:yannick.moli...@dixinfor.com<mailto:yannick.moli...@dixinfor.com>> > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to > cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: > mepst...@illinois.edu<mailto:mepst...@illinois.edu> To
[cas-user] Service management
Hi all, I have successfully configured a CAS Server 4.0.1 with two LDAP sources (one AD, one LDAP), with mod_auth_cas, mod_jk. I want to authenticate my users on two different webapp. In my point of view, I think to allow access to a specific webapp if the user is in correct group (grp_webapp1 or/and grp_webapp2). The two apps are publish like http://server/webapp1 and http://server/webapp2. Is it possible to grant acces to a webapp throw the CAS is the user is in a correct group ? Sorry for my poor english, Thanks, Yannick -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] Service management
HI all, Sorry for the delay, I was in vacation. I'm new in CAS environnement, how can I add your addon in my installation (Maven Overlay) ? Thanks, Yannick De : Dmitriy Kopylenko [mailto:dkopyle...@unicon.net] Envoyé : vendredi 23 janvier 2015 18:04 À : cas-user@lists.jasig.org Objet : Re: [cas-user] Service management A new micro addon (same functionality as the current one from cas-addons) is available (1.0.0-RC2 is depends on CAS 4.1.0-SNAPSHOT at the moment as it uses some advanced features of Spring 4 for easy auto configuration facility): https://github.com/unicon-cas-addons/cas-addon-registered-services-authorization The documentation has not migrated yet (just need few adopters needing to use this library where there will be a demand for documentation) ;-) Cheers, Dmitriy. On Jan 23, 2015, at 11:41 AM, John Gasper mailto:jgas...@unicon.net>> wrote: Historically CAS does not focus on authorization, that is left to the client applications. Unicon has developed an add-on [1] that can do some basic checking, but I don't know if it has been migrated to support 4.0 yet. You might be able to use it as an outline to help you. [1] https://github.com/Unicon/cas-addons/wiki/Role-Based-Services-Authorization --- John Gasper IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef On 1/23/15 1:38 AM, Yannick MOLINET wrote: Hi all, I have successfully configured a CAS Server 4.0.1 with two LDAP sources (one AD, one LDAP), with mod_auth_cas, mod_jk. I want to authenticate my users on two different webapp. In my point of view, I think to allow access to a specific webapp if the user is in correct group (grp_webapp1 or/and grp_webapp2). The two apps are publish like http://server/webapp1 and http://server/webapp2. Is it possible to grant acces to a webapp throw the CAS is the user is in a correct group ? Sorry for my poor english, Thanks, Yannick -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: jgas...@unicon.net<mailto:jgas...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: dkopyle...@unicon.net<mailto:dkopyle...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: yannick.moli...@dixinfor.com<mailto:yannick.moli...@dixinfor.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] service url
HI all, I'm working to use CAS with a fronted apache2 as proxy (mod_auth_cas, mod_jk). When I call the url (https://mysite/share), CAS ask me for credential, but the service url is not correct (https://mysite/cas/login?service=https%3a%2f%2f127.0.0.1%2fshare). Service url is changed to localhost instead of the external url. My CAS server could answer on different url (subfolder of my web applications : https://mysite/cas and https://mysite2/cas is the same CAS server). CAS is installed on the same machine as apache2 (mod_auth_cas, mod_jk). Web apps are installed on separate computer. In mod_jk configuration, I'm calling IP Server instead of DNS Name. Thanks for help, Yannick -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] CAS 4.1
HI all, I know that CAS 4.1 is under developpement. I'm working on a new project where CAS is required with service that would be restrict by group memberof. I know that CAS 3.5 have a unicon plugin to do the job, and 4.1 have a < similar > feature. But 4.0.1 have no equivalent. My questions : - Have you a release date plan for CAS 4.1 ? - The service restrict by group is it working in the current state ? Thanks, Yannick -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE:[cas-user] CAS 4.1
It seems (from the roadmap) that the Role-Based Access Control is done in CAS 4.1 snapshot. I want to do some test, is it possible to have information how to configure it. De : Yannick MOLINET [mailto:yann...@adn-systemes.fr] Envoyé : mardi 10 février 2015 09:34 À : cas-user@lists.jasig.org Objet : [cas-user] CAS 4.1 HI all, I know that CAS 4.1 is under developpement. I'm working on a new project where CAS is required with service that would be restrict by group memberof. I know that CAS 3.5 have a unicon plugin to do the job, and 4.1 have a « similar » feature. But 4.0.1 have no equivalent. My questions : - Have you a release date plan for CAS 4.1 ? - The service restrict by group is it working in the current state ? Thanks, Yannick -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: yann...@adn-systemes.fr<mailto:yann...@adn-systemes.fr> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CAS 4.1
Thanks a lot. I'm working on ... De : Misagh Moayyed [mailto:mmoay...@unicon.net] Envoyé : mardi 10 février 2015 16:01 À : cas-user@lists.jasig.org Objet : Re: [cas-user] CAS 4.1 http://jasig.github.io/cas/development/installation/Service-Management.html#configure-service-access-strategy - Misagh On Feb 10, 2015, at 3:53 PM, Yannick MOLINET mailto:yann...@adn-systemes.fr>> wrote: It seems (from the roadmap) that the Role-Based Access Control is done in CAS 4.1 snapshot. I want to do some test, is it possible to have information how to configure it. De : Yannick MOLINET [mailto:yann...@adn-systemes.fr] Envoyé : mardi 10 février 2015 09:34 À : cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Objet : [cas-user] CAS 4.1 HI all, I know that CAS 4.1 is under developpement. I'm working on a new project where CAS is required with service that would be restrict by group memberof. I know that CAS 3.5 have a unicon plugin to do the job, and 4.1 have a « similar » feature. But 4.0.1 have no equivalent. My questions : - Have you a release date plan for CAS 4.1 ? - The service restrict by group is it working in the current state ? Thanks, Yannick -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: yann...@adn-systemes.fr<mailto:yann...@adn-systemes.fr> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: mmoay...@unicon.net<mailto:mmoay...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: yann...@adn-systemes.fr<mailto:yann...@adn-systemes.fr> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] CAS 4.1 - Maven Overlay
HI all, I'm trying to install CAS 4.1-SNAPSHOT following the maven overlay installation. I use a fresh overlay installation using this project : https://github.com/leleuj/cas-overlay-demo But when I deploy it on tomcat, I received error about creating log files, so I trying to move WEB-INF/cas.properties and WEB-INF/classes/log4j.xml in /etc/cas an set log to /var/lib/tomcat7/logs (as done in 4.0.1 with any problems). Even with this configuration (propertyFileConfigurer.xml in attachement) I always received error during tomcat startup about log file creation. Error message don't give any information about where it try to create the log file. In addition, I have exclude cas.properties and log4j.xml from pom.xml as org.apache.maven.plugins maven-war-plugin 2.6 cas org.jasig.cas cas-server-webapp WEB-INF/cas.properties WEB-INF/classes/log4j.xml But after mvn clean package, cas.properties is not present in WEB-INF but log4j.xml is present in WEB-INF/classes/log4j.xml If I manually remove this file, cas don't start So I understand that my propertyFileConfigurer.xml is not working... Could you help me to fix this issue ? Thanks, Yannick -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user propertyFileConfigurer.xml Description: propertyFileConfigurer.xml
RE:[cas-user] CAS 4.1 - Maven Overlay
file:// is missing in the path. Log file are created but tomcat could not write in. I receive permission denied. De : Yannick MOLINET [mailto:yann...@adn-systemes.fr] Envoyé : mercredi 11 février 2015 20:27 À : cas-user@lists.jasig.org Objet : [cas-user] CAS 4.1 - Maven Overlay HI all, I'm trying to install CAS 4.1-SNAPSHOT following the maven overlay installation. I use a fresh overlay installation using this project : https://github.com/leleuj/cas-overlay-demo But when I deploy it on tomcat, I received error about creating log files, so I trying to move WEB-INF/cas.properties and WEB-INF/classes/log4j.xml in /etc/cas an set log to /var/lib/tomcat7/logs (as done in 4.0.1 with any problems). Even with this configuration (propertyFileConfigurer.xml in attachement) I always received error during tomcat startup about log file creation. Error message don't give any information about where it try to create the log file. In addition, I have exclude cas.properties and log4j.xml from pom.xml as org.apache.maven.plugins maven-war-plugin 2.6 cas org.jasig.cas cas-server-webapp WEB-INF/cas.properties WEB-INF/classes/log4j.xml But after mvn clean package, cas.properties is not present in WEB-INF but log4j.xml is present in WEB-INF/classes/log4j.xml If I manually remove this file, cas don't start So I understand that my propertyFileConfigurer.xml is not working... Could you help me to fix this issue ? Thanks, Yannick -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: yann...@adn-systemes.fr<mailto:yann...@adn-systemes.fr> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE:[cas-user] CAS 4.1 - Maven Overlay
Ok ... I found that the WEB-INF\classes\log4j.xml is always present. If I remove it, it's working. I don't know why the file is not exclude. De : Yannick MOLINET [mailto:yann...@adn-systemes.fr] Envoyé : mercredi 11 février 2015 21:32 À : cas-user@lists.jasig.org Objet : RE:[cas-user] CAS 4.1 - Maven Overlay file:// is missing in the path. Log file are created but tomcat could not write in. I receive permission denied. De : Yannick MOLINET [mailto:yann...@adn-systemes.fr] Envoyé : mercredi 11 février 2015 20:27 À : cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Objet : [cas-user] CAS 4.1 - Maven Overlay HI all, I'm trying to install CAS 4.1-SNAPSHOT following the maven overlay installation. I use a fresh overlay installation using this project : https://github.com/leleuj/cas-overlay-demo But when I deploy it on tomcat, I received error about creating log files, so I trying to move WEB-INF/cas.properties and WEB-INF/classes/log4j.xml in /etc/cas an set log to /var/lib/tomcat7/logs (as done in 4.0.1 with any problems). Even with this configuration (propertyFileConfigurer.xml in attachement) I always received error during tomcat startup about log file creation. Error message don't give any information about where it try to create the log file. In addition, I have exclude cas.properties and log4j.xml from pom.xml as org.apache.maven.plugins maven-war-plugin 2.6 cas org.jasig.cas cas-server-webapp WEB-INF/cas.properties WEB-INF/classes/log4j.xml But after mvn clean package, cas.properties is not present in WEB-INF but log4j.xml is present in WEB-INF/classes/log4j.xml If I manually remove this file, cas don't start So I understand that my propertyFileConfigurer.xml is not working... Could you help me to fix this issue ? Thanks, Yannick -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: yann...@adn-systemes.fr<mailto:yann...@adn-systemes.fr> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: yann...@adn-systemes.fr<mailto:yann...@adn-systemes.fr> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] CAS 4.1-SNAPSHOT
HI all, I'm trying to install CAS 4.1-SNAPSHOT but I receive a lot of error when tomcat start (I have no customization in cas-servlet.xml) 2015-02-13 10:49:44,121 WARN [org.springframework.web.context.support.XmlWebApplicationContext] - (Unknown Source) at org.cryptacular.util.NonceUtil.newRBG(NonceUtil.java:168) at org.cryptacular.util.NonceUtil.newRBG(NonceUtil.java:153) at org.cryptacular.generator.sp80038a.RBGNonce.(RBGNonce.java:49) at org.cryptacular.generator.sp80038a.RBGNonce.(RBGNonce.java:34) at org.jasig.spring.webflow.plugin.EncryptedTranscoder.(EncryptedTranscoder.java:60) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:147) ... 79 more > 2015-02-13 10:49:44,127 ERROR [org.springframework.web.servlet.DispatcherServlet] - (Unknown Source) at org.cryptacular.util.NonceUtil.newRBG(NonceUtil.java:168) at org.cryptacular.util.NonceUtil.newRBG(NonceUtil.java:153) at org.cryptacular.generator.sp80038a.RBGNonce.(RBGNonce.java:49) at org.cryptacular.generator.sp80038a.RBGNonce.(RBGNonce.java:34) at org.jasig.spring.webflow.plugin.EncryptedTranscoder.(EncryptedTranscoder.java:60) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:147) ... 79 more Thanks for help Yannick -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CAS 4.1
Hi all,
I've an issue when I try to add Role Based Access Control with this error. The
line ref is for the « » keyword in my deployerConfigContext.xml
Caused by: org.xml.sax.SAXParseException; lineNumber: 391; columnNumber: 9;
cvc-complex-type.2.4.a : Contenu non valide trouvé à partir de l'élément 'map'.
L'une des valeurs '{"http://www.springframework.org/schema/beans":description,
"http://www.springframework.org/schema/beans":meta,
"http://www.springframework.org/schema/beans":constructor-arg,
"http://www.springframework.org/schema/beans":property,
"http://www.springframework.org/schema/beans":qualifier,
"http://www.springframework.org/schema/beans":lookup-method,
"http://www.springframework.org/schema/beans":replaced-method,
WC[##other:"http://www.springframework.org/schema/beans"]}' est attendue.
Any idea ?
Thanks,
Yannick
De : Yannick MOLINET [mailto:yann...@adn-systemes.fr]
Envoyé : mardi 10 février 2015 16:05
À : cas-user@lists.jasig.org
Objet : RE: [cas-user] CAS 4.1
Thanks a lot. I'm working on ...
De : Misagh Moayyed [mailto:mmoay...@unicon.net]
Envoyé : mardi 10 février 2015 16:01
À : cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>
Objet : Re: [cas-user] CAS 4.1
http://jasig.github.io/cas/development/installation/Service-Management.html#configure-service-access-strategy
- Misagh
On Feb 10, 2015, at 3:53 PM, Yannick MOLINET
mailto:yann...@adn-systemes.fr>> wrote:
It seems (from the roadmap) that the Role-Based Access Control is done in CAS
4.1 snapshot.
I want to do some test, is it possible to have information how to configure it.
De : Yannick MOLINET [mailto:yann...@adn-systemes.fr]
Envoyé : mardi 10 février 2015 09:34
À : cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>
Objet : [cas-user] CAS 4.1
HI all,
I know that CAS 4.1 is under developpement.
I'm working on a new project where CAS is required with service that would be
restrict by group memberof.
I know that CAS 3.5 have a unicon plugin to do the job, and 4.1 have a «
similar » feature. But 4.0.1 have no equivalent.
My questions :
- Have you a release date plan for CAS 4.1 ?
- The service restrict by group is it working in the current state ?
Thanks,
Yannick
--
You are currently subscribed to
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as:
yann...@adn-systemes.fr<mailto:yann...@adn-systemes.fr>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as:
mmoay...@unicon.net<mailto:mmoay...@unicon.net>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as:
yann...@adn-systemes.fr<mailto:yann...@adn-systemes.fr>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as:
yannick.moli...@dixinfor.com<mailto:yannick.moli...@dixinfor.com>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CAS 4.1-SNAPSHOT
I have found this post last night and do some test. I must add the exclusion for the X509 support. De : Denis BLED [mailto:denis.bled.m...@gmail.com] Envoyé : dimanche 15 février 2015 17:50 À : jasig-cas-u...@googlegroups.com Cc : cas-user@lists.jasig.org; cas-user@lists.jasig.org; Yannick MOLINET Objet : Re: [cas-user] CAS 4.1-SNAPSHOT Hi, I think you are in the same situation as I was few days ago... You must set up exclusion of "org.bouncycastle" in maven dependencies. Check detailed answer here this and tell me if it has worked: https://groups.google.com/forum/#!topic/jasig-cas-user/2OwRN9iTfio Denis Le vendredi 13 février 2015 11:07:41 UTC+1, Yannick MOLINET a écrit : HI all, I’m trying to install CAS 4.1-SNAPSHOT but I receive a lot of error when tomcat start (I have no customization in cas-servlet.xml) 2015-02-13 10:49:44,121 WARN [org.springframework.web.context.support.XmlWebApplicationContext] - (Unknown Source) at org.cryptacular.util.NonceUtil.newRBG(NonceUtil.java:168) at org.cryptacular.util.NonceUtil.newRBG(NonceUtil.java:153) at org.cryptacular.generator.sp80038a.RBGNonce.(RBGNonce.java:49) at org.cryptacular.generator.sp80038a.RBGNonce.(RBGNonce.java:34) at org.jasig.spring.webflow.plugin.EncryptedTranscoder.(EncryptedTranscoder.java:60) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:147) ... 79 more > 2015-02-13 10:49:44,127 ERROR [org.springframework.web.servlet.DispatcherServlet] - http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CAS 4.1
Could you help me to fix this issue ?
De : Yannick MOLINET [mailto:yann...@adn-systemes.fr]
Envoyé : vendredi 13 février 2015 18:59
À : cas-user@lists.jasig.org
Objet : RE: [cas-user] CAS 4.1
Hi all,
I've an issue when I try to add Role Based Access Control with this error. The
line ref is for the « » keyword in my deployerConfigContext.xml
Caused by: org.xml.sax.SAXParseException; lineNumber: 391; columnNumber: 9;
cvc-complex-type.2.4.a : Contenu non valide trouvé à partir de l'élément 'map'.
L'une des valeurs '{"http://www.springframework.org/schema/beans":description,
"http://www.springframework.org/schema/beans":meta,
"http://www.springframework.org/schema/beans":constructor-arg,
"http://www.springframework.org/schema/beans":property,
"http://www.springframework.org/schema/beans":qualifier,
"http://www.springframework.org/schema/beans":lookup-method,
"http://www.springframework.org/schema/beans":replaced-method,
WC[##other:"http://www.springframework.org/schema/beans"]}' est attendue.
Any idea ?
Thanks,
Yannick
De : Yannick MOLINET [mailto:yann...@adn-systemes.fr]
Envoyé : mardi 10 février 2015 16:05
À : cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>
Objet : RE: [cas-user] CAS 4.1
Thanks a lot. I'm working on ...
De : Misagh Moayyed [mailto:mmoay...@unicon.net]
Envoyé : mardi 10 février 2015 16:01
À : cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>
Objet : Re: [cas-user] CAS 4.1
http://jasig.github.io/cas/development/installation/Service-Management.html#configure-service-access-strategy
- Misagh
On Feb 10, 2015, at 3:53 PM, Yannick MOLINET
mailto:yann...@adn-systemes.fr>> wrote:
It seems (from the roadmap) that the Role-Based Access Control is done in CAS
4.1 snapshot.
I want to do some test, is it possible to have information how to configure it.
De : Yannick MOLINET [mailto:yann...@adn-systemes.fr]
Envoyé : mardi 10 février 2015 09:34
À : cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>
Objet : [cas-user] CAS 4.1
HI all,
I know that CAS 4.1 is under developpement.
I'm working on a new project where CAS is required with service that would be
restrict by group memberof.
I know that CAS 3.5 have a unicon plugin to do the job, and 4.1 have a «
similar » feature. But 4.0.1 have no equivalent.
My questions :
- Have you a release date plan for CAS 4.1 ?
- The service restrict by group is it working in the current state ?
Thanks,
Yannick
--
You are currently subscribed to
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as:
yann...@adn-systemes.fr<mailto:yann...@adn-systemes.fr>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as:
mmoay...@unicon.net<mailto:mmoay...@unicon.net>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as:
yann...@adn-systemes.fr<mailto:yann...@adn-systemes.fr>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as:
yannick.moli...@dixinfor.com<mailto:yannick.moli...@dixinfor.com>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as:
yannick.moli...@dixinfor.com<mailto:yannick.moli...@dixinfor.com>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CAS war overlay demo project fails to deploy on tomcat.
The /etc/cas/cas.properties refer in propertyFileConfigurer.xml is not found. Create a /etc/cas folder and copy the content of the etc folder from the overlay-demo Regards, Yannick De : chandrashekar singh [mailto:chandrashekar1...@yahoo.com] Envoyé : mercredi 25 février 2015 16:30 À : cas-user@lists.jasig.org Objet : [cas-user] CAS war overlay demo project fails to deploy on tomcat. Dear All, I am attempting to test CAS with an ldap server. We am currently testing the war overlay demo project available from this website on Ubuntu 14.04 https://github.com/UniconLabs/simple-cas4-overlay-template Running mvn clean package generates the target without error. However when attempting to deploy the resulting cas.war in tomcat we have the following in the catlina.out log file. Please let us know if there are any binary ldap capable cas war that we can try. Our aim is just to test cas on ldap as a proof of concept. INFO: Deploying web application archive /home/ubuntu/ldap/cas/tomcat/webapps/cas.war log4j:WARN No appenders could be found for logger (org.springframework.web.context.ContextLoader). log4j:WARN Please initialize the log4j system properly. SafeContextLoaderListener: The Spring ContextLoaderListener we wrap threw on contextInitialized. But for our having caught this error, the web application context would not have initialized. org.springframework.beans.factory.BeanInitializationException: Could not load properties; nested exception is java.io.FileNotFoundException: /etc/cas/cas.properties (No such file or directory) at org.springframework.context.support.PropertySourcesPlaceholderConfigurer.postProcessBeanFactory(PropertySourcesPlaceholderConfigurer.java:147) at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:681) at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:656) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:446) at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:385) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:284) at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111) at org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized_aroundBody0(SafeContextLoaderListener.java:75) at org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized_aroundBody1$advice(SafeContextLoaderListener.java:57) at org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized(SafeContextLoaderListener.java:1) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5016) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5524) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:649) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1081) at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1877) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) Caused by: java.io.FileNotFoundException: /etc/cas/cas.properties (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.(FileInputStream.java:146) at java.io.FileInputStream.(FileInputStream.java:101) at sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90) at sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188) at org.springframework.core.io.UrlResource.getInputStream(UrlResource.java:125) at org.springframework.core.io.support.PropertiesLoaderSupport.loadProperties(PropertiesLoaderSupport.java:181) at org.springframework.core.io.support.PropertiesLoaderSupport.mergeProperties(PropertiesLoaderSupport.java:161) at org.springframework.context.support.PropertySourcesPlaceholderConfigurer.postProcessBeanFactory(PropertySourcesPlaceholderConfigurer.java:138) ... 22 more Feb 25, 2015 11:17:13 AM org.apache.catalina.core.StandardContext startInternal SEVERE: Error fi
[cas-user] CAS 4.1 - ServiceID
Hi all, I'm working with CAS 4.1 and I have an issue with the serviceid declaration in deployerConfigContext.xml I added ServiceID like https://myserver.com/subscribe/user/* When I call my url https://myserver.com/subscribe/user/register.php, I received < Application Not Authorized to Use CAS > If I try to specify ServiceID with **, cas don't start. https://myserver.com/subscribe/user/*"; /> Thanks for your help, Yannick -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CAS 4.1 - ServiceID
Yes ok. It's working fine with .*
Thanks a lot.
Yannick
-Message d'origine-
De : Waldbieser, Carl [mailto:waldb...@lafayette.edu]
Envoyé : vendredi 6 mars 2015 14:57
À : cas-user@lists.jasig.org
Objet : Re: [cas-user] CAS 4.1 - ServiceID
If your are using a Regex matcher, you need to end in something like '.*' ('.'
means "any character", '*' means "zero or more times").
Thanks,
Carl Waldbieser
ITS System Programmer
Lafayette College
- Original Message -
From: "Yannick MOLINET"
To: cas-user@lists.jasig.org
Sent: Friday, March 6, 2015 5:53:55 AM
Subject: [cas-user] CAS 4.1 - ServiceID
Hi all,
I'm working with CAS 4.1 and I have an issue with the serviceid declaration in
deployerConfigContext.xml
I added ServiceID like https://myserver.com/subscribe/user/*
When I call my url https://myserver.com/subscribe/user/register.php, I received
< Application Not Authorized to Use CAS > If I try to specify ServiceID with
**, cas don't start.
https://myserver.com/subscribe/user/*"; />
Thanks for your help,
Yannick
--
You are currently subscribed to cas-user@lists.jasig.org as:
waldb...@lafayette.edu To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
yann...@adn-systemes.fr To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] CAS 4.1 - Role-based Access Control
Hi all,
I'm trying to configure Role based access control in CAS 4.1 but I received an
error when I to add map following
http://jasig.github.io/cas/development/installation/Service-Management.html#configure-service-access-strategy
ERROR 2015-03-09 22:08:36,052 localhost-startStop-1::ContextLoader - Context
initialization failed
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 390
in XML document from ServletContext resource
[/WEB-INF/deployerConfigContext.xml] is invalid; nested exception is
org.xml.sax.SAXParseException; lineNumber: 390; columnNumber: 11;
cvc-complex-type.2.4.a : Contenu non valide trouvé à partir de l'élément 'map'.
L'une des valeurs '{"http://www.springframework.org/schema/beans":description,
"http://www.springframework.org/schema/beans":meta,
"http://www.springframework.org/schema/beans":constructor-arg,
"http://www.springframework.org/schema/beans":property,
"http://www.springframework.org/schema/beans":qualifier,
"http://www.springframework.org/schema/beans":lookup-method,
"http://www.springframework.org/schema/beans":replaced-method,
WC[##other:"http://www.springframework.org/schema/beans"]}' est attendue.
at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:399)
at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:336)
at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:304)
at
org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:181)
at
org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:217)
at
org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:188)
at
org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:125)
at
org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:94)
at
org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:129)
at
org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:537)
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:452)
at
org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403)
at
org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
at
org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4790)
at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5284)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:618)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:963)
at
org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1600)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.xml.sax.SAXParseException; lineNumber: 390; columnNumber: 11;
cvc-complex-type.2.4.a : Contenu non valide trouvé à partir de l'élément 'map'.
L'une des valeurs '{"http://www.springframework.org/schema/beans":description,
"http://www.springframework.org/schema/beans":meta,
"http://www.springframework.org/schema/beans":constructor-arg,
"http://www.springframework.org/schema/beans":property,
"http://www.springframework.org/schema/beans":qualifier,
"http://www.springframework.org/schema/beans":lookup-method,
"http://www.springframework.org/schema/beans":replaced-method,
WC[##other:"http://www.springframework.org/schema/beans"]}' est attendue.
at
com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198)
at
com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.jav
RE:[cas-user] CAS 4.1 - Role-based Access Control
Please up !
De : Yannick MOLINET [mailto:yann...@adn-systemes.fr]
Envoyé : mardi 10 mars 2015 08:13
À : cas-user@lists.jasig.org
Objet : [cas-user] CAS 4.1 - Role-based Access Control
Hi all,
I'm trying to configure Role based access control in CAS 4.1 but I received an
error when I to add map following
http://jasig.github.io/cas/development/installation/Service-Management.html#configure-service-access-strategy
ERROR 2015-03-09 22:08:36,052 localhost-startStop-1::ContextLoader - Context
initialization failed
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 390
in XML document from ServletContext resource
[/WEB-INF/deployerConfigContext.xml] is invalid; nested exception is
org.xml.sax.SAXParseException; lineNumber: 390; columnNumber: 11;
cvc-complex-type.2.4.a : Contenu non valide trouvé à partir de l'élément 'map'.
L'une des valeurs '{"http://www.springframework.org/schema/beans":description,
"http://www.springframework.org/schema/beans":meta,
"http://www.springframework.org/schema/beans":constructor-arg,
"http://www.springframework.org/schema/beans":property,
"http://www.springframework.org/schema/beans":qualifier,
"http://www.springframework.org/schema/beans":lookup-method,
"http://www.springframework.org/schema/beans":replaced-method,
WC[##other:"http://www.springframework.org/schema/beans"]}' est attendue.
at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:399)
at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:336)
at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:304)
at
org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:181)
at
org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:217)
at
org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:188)
at
org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:125)
at
org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:94)
at
org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:129)
at
org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:537)
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:452)
at
org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403)
at
org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
at
org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4790)
at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5284)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:618)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:963)
at
org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1600)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.xml.sax.SAXParseException; lineNumber: 390; columnNumber: 11;
cvc-complex-type.2.4.a : Contenu non valide trouvé à partir de l'élément 'map'.
L'une des valeurs '{"http://www.springframework.org/schema/beans":description,
"http://www.springframework.org/schema/beans":meta,
"http://www.springframework.org/schema/beans":constructor-arg,
"http://www.springframework.org/schema/beans":property,
"http://www.springframework.org/schema/beans":qualifier,
"http://www.spr
