Re: [cas-user] shib-cas-authenticator
Yeah we're having the same problem here with dev and production using the same war. Using two different wars would easily lead to configuration drift. On 22 Jan 2014 01:06, "Paul B. Henson" wrote: We are looking at using unicon's shib-cas-authenticator package to integrate our existing shibboleth deployment into our new CAS deployment. Reviewing the documentation at: https://github.com/Unicon/shib-cas-authenticator it seems it wants to embed configuration into the WAR file. I've never really understood the fascination in the Java community with embedding configuration into binaries 8-/, it makes it rather difficult to package and deploy at scale :(. I have production, dev, and test CAS servers, as well as corresponding shibboleth servers, and I'd really like to build *one* WAR file to deploy on all of them, and have the specifics of the configuration maintained in external configuration files. Is there any easy way to externalize the configuration the documentation says to embed in cas-authentication-facade/src/main/webapp/WEB-INF/web.xml and $CATALINA_HOME/webapps/idp/WEB-INF/web.xml? One thing that's nice about shibboleth is that the default configuration does externalize configuration into the filesystem rather than try to embed it in the WAR file... Thanks... -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | hen...@csupomona.edu California State Polytechnic University | Pomona CA 91768 -- You are currently subscribed to cas-user@lists.jasig.org as: d.w...@derby.ac.uk To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user The University of Derby has a published policy regarding email and reserves the right to monitor email traffic. If you believe this was sent to you in error, please select unsubscribe. Unsubscribe and Security information contact: info...@derby.ac.uk For all FOI requests please contact: f...@derby.ac.uk All other Contacts are at http://www.derby.ac.uk/its/contacts/ -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] shib-cas-authenticator
> From: Dan Webb [mailto:d.w...@derby.ac.uk] > Sent: Wednesday, January 22, 2014 12:21 AM > > Yeah we're having the same problem here with dev and production using the > same war. Using two different wars would easily lead to configuration drift. Typically in an enterprise deployment, you have a package management system, and a configuration management system. With almost everything else I work with, I can easily create a binary package of an application, which can then be automatically installed anywhere it needs to be, and configure it as necessary automatically through our configuration management system. But anytime I have to touch anything involving enterprise JavaBeans, it seems to involve bending over backwards and jumping through hoops to try to avoid having to compile a specific binary for each and every single system on which it needs to be deployed :(. For our CAS servers I ended up having to have a custom post install for the package that swaps out config files in the WAR with ones from the file system before copying it into the webapps directory . Maybe I'll have to do the same thing here. It would make things so much easier if the WAR file simply referenced an external configuration file... I'm sure I'm not exactly winning friends and influencing people with Java rants in what's likely a Java friendly forum ;), but as long as I've got my grumpy old man hat on, what's with all the different build utilities? This one uses ant, that one uses maven, hey, look, gradle! On top of trying to fit a square self-contained java app peg into my round enterprise systems management hole, I've got to set up and figure out a completely new build environment every time... -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] shib-cas-authenticator
On 01/22/2014 12:03 PM, Paul B. Henson wrote:
>> From: Dan Webb [mailto:d.w...@derby.ac.uk]
>> Sent: Wednesday, January 22, 2014 12:21 AM
>>
>> Yeah we're having the same problem here with dev and production using the
>> same war. Using two different wars would easily lead to configuration drift.
>
> Typically in an enterprise deployment, you have a package management system,
> and a configuration management system. With almost everything else I work
> with, I can easily create a binary package of an application, which can then
> be automatically installed anywhere it needs to be, and configure it as
> necessary automatically through our configuration management system.
>
> But anytime I have to touch anything involving enterprise JavaBeans, it seems
> to involve bending over backwards and jumping through hoops to try to avoid
> having to compile a specific binary for each and every single system on which
> it needs to be deployed :(. For our CAS servers I ended up having to have a
> custom post install for the package that swaps out config files in the WAR
> with ones from the file system before copying it into the webapps directory
> . Maybe I'll have to do the same thing here. It would make things so
> much easier if the WAR file simply referenced an external configuration
> file...
>
> I'm sure I'm not exactly winning friends and influencing people with Java
> rants in what's likely a Java friendly forum ;), but as long as I've got my
> grumpy old man hat on, what's with all the different build utilities? This
> one uses ant, that one uses maven, hey, look, gradle! On top of trying to fit
> a square self-contained java app peg into my round enterprise systems
> management hole, I've got to set up and figure out a completely new build
> environment every time...
>
Maybe not the prettiest/correct/... way, but one thing we did was to
allow overriding Spring configuration in the file system, using a
parallel directory structure analogous to that in the war, and setting a
configuration 'home' directory in the application container. The war
contains reasonable defaults, and the file system overrides, with a
small addition to web.xml:
>
> contextConfigLocation
>
> /WEB-INF/spring-configuration/*.xml
> /WEB-INF/deployerConfigContext.xml
> file:${cas.home:/etc/cas}/spring-configuration/*.xml
>
>
Then ${cas.home} contains e.g. directories 'classes' and
'spring-configuration' (my understanding with Spring is "last one wins").
Tom.
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] shib-cas-authenticator
> From: Tom Poage [mailto:tfpo...@ucdavis.edu]
> Sent: Wednesday, January 22, 2014 1:17 PM
>
> Maybe not the prettiest/correct/... way, but one thing we did was to
> allow overriding Spring configuration in the file system, using a
> parallel directory structure analogous to that in the war, and setting a
Hmm, that looks promising, the three files I am overriding are
WEB-INF/spring-configuration/propertyFileConfigurer.xml
WEB-INF/spring-configuration/ticketRegistry.xml
WEB-INF/deployerConfigContext.xml
So what would happen if you put a copy of deployerConfigContext.xml in
:${cas.home:/etc/cas}/spring-configuration/? Or added
:${cas.home:/etc/cas}/spring-configuration/deployerConfigContext.xml to the
param list? Could you use an external file system source to override that too?
Thanks for the tip...
> >
> > contextConfigLocation
> >
> > /WEB-INF/spring-configuration/*.xml
> > /WEB-INF/deployerConfigContext.xml
> :${cas.home:/etc/cas}/spring-configuration/spring-configuration/*.xml
> >
> >
>
> Then ${cas.home} contains e.g. directories 'classes' and
> 'spring-configuration' (my understanding with Spring is "last one wins").
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] shib-cas-authenticator gone?
Eric, The repo has been made private to address a security issue. I'll have more to say about this soon. If you have shib-cas-authenticator deployed, I would encourage you to contact me privately. Best, Bill On Fri, Sep 13, 2013 at 11:12 AM, Eric Stein wrote: > We're using shib-cas-authenticator version 1.3. A coworker of mine just tried > to grab it from https://github.com/Unicon/shib-cas-authenticator/ and got a > 404. It looks like the whole project is just gone. Does anybody know where it > went? > > Thanks, > Eric > > -- > You are currently subscribed to cas-user@lists.jasig.org as: wgt...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] shib-cas-authenticator gone?
Hi We'd be interested in looking at using shib-cas-authenticator at our institution so would be intrested to know when it is available again? Cheers On Friday, 13 September 2013 16:59:50 UTC+1, William G. Thompson, Jr. wrote: > > Eric, > > The repo has been made private to address a security issue. I'll have > more to say about this soon. If you have shib-cas-authenticator > deployed, I would encourage you to contact me privately. > > Best, > Bill > > > On Fri, Sep 13, 2013 at 11:12 AM, Eric Stein > > > wrote: > > We're using shib-cas-authenticator version 1.3. A coworker of mine just > tried to grab it from https://github.com/Unicon/shib-cas-authenticator/and > got a 404. It looks like the whole project is just gone. Does anybody > know where it went? > > > > Thanks, > > Eric > > > > -- > > You are currently subscribed to cas-...@lists.jasig.org as: > wgt...@gmail.com > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to cas-...@lists.jasig.org as: > jasig-cas-user...@googlegroups.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] shib-cas-authenticator gone?
Yes, the repo along with a critical security fix is now available: https://github.com/Unicon/shib-cas-authenticator/ Best, Bill On Mon, Sep 30, 2013 at 6:02 PM, Steve Podell wrote: > I'd also like to consider it for a few months in the future. Is this > authenticator coming back? > Thanks, > Steve > > > On Friday, September 13, 2013 8:59:50 AM UTC-7, William G. Thompson, Jr. > wrote: >> >> Eric, >> >> The repo has been made private to address a security issue. I'll have >> more to say about this soon. If you have shib-cas-authenticator >> deployed, I would encourage you to contact me privately. >> >> Best, >> Bill >> >> >> On Fri, Sep 13, 2013 at 11:12 AM, Eric Stein wrote: >> > We're using shib-cas-authenticator version 1.3. A coworker of mine just >> > tried to grab it from https://github.com/Unicon/shib-cas-authenticator/ and >> > got a 404. It looks like the whole project is just gone. Does anybody know >> > where it went? >> > >> > Thanks, >> > Eric >> > >> > -- >> > You are currently subscribed to cas-...@lists.jasig.org as: >> > wgt...@gmail.com >> > To unsubscribe, change settings or access archives, see >> > http://www.ja-sig.org/wiki/display/JSG/cas-user >> > >> >> -- >> You are currently subscribed to cas-...@lists.jasig.org as: >> jasig-cas-user...@googlegroups.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
