/cas/status/dashboard

938 views
Skip to first unread message

Cheltenham, Chris

unread,
Feb 26, 2018, 2:04:37 PM2/26/18
to cas-...@apereo.org

Hello,

 

I have been stuggling with access denied on the dashboard

 

-      users.properties only has the following.

 

ccheltenham-ext=passwordnotused,ROLE_ADMIN

 

What else could I have misconfigured?

 

 

 

===========================

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

image001.gif

David Curry

unread,
Feb 26, 2018, 2:29:05 PM2/26/18
to cas-...@apereo.org
I think we've been through most of these at one time or another, but to assemble them all in one place...

1. You have all of these:

# The /status endpoint is protected by IP address only.
cas.adminPagesSecurity.ip:              ...a valid regex to match your authorized addresses...

# The /status/whatever endpoints are protected by the CAS server, using a
# list of admin users in "users.properties".
cas.adminPagesSecurity.loginUrl:        ${cas.server.prefix}/login
cas.adminPagesSecurity.service:         ${cas.server.prefix}/status/dashboard
cas.adminPagesSecurity.users:           file:/etc/cas/config/users.properties

# Define an administrator role. (This is the default; you probably don't need to set it explicitly.)
cas.adminPagesSecurity.adminRoles[0]:   ROLE_ADMIN

# Enable the Spring Boot actuators as well as the CAS actuators.
cas.adminPagesSecurity.actuatorEndpointsEnabled:        true
cas.monitor.endpoints.enabled:          true
endpoints.enabled:                      true

# Marking the endpoints "sensitive" would protect them with Spring Security;
# we want to protect them with the CAS server.
cas.monitor.endpoints.sensitive:        false
endpoints.sensitive:                    false

2. You have a service definition that allows the dashboard to authenticate via CAS:

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "name" : "CAS Admin Dashboard",
  "id" : 123456789,
  "description" : "CAS dashboard and administrative endpoints",
  "evaluationOrder" : 1234
}

3. You're sure that the "ccheltenham-ext" user can successfully authenticate via CAS. Go to https:/yourserver/cas/login to check. (Even if you're "sure," check it anyway, just to remove it from the equation.)

4. You're attempting to access the dashboard from an IP address that matches the pattern configured in cas.adminPagesSecurity.ip.

All of that together ought to do it. If it doesn't, change the CAS logging level to "debug" and see what you get in cas.log....

--Dave



--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00a001d3af34%24a1de58a0%24e59b09e0%24%40philasd.org.

Cheltenham, Chris

unread,
Feb 26, 2018, 2:50:26 PM2/26/18
to cas-...@apereo.org

David,

 

The only thing I can tell is that CAS is not seeing the json file from /etc/cas/services.

I created two and they never show up loaded in the logs.

 

Only the two default ones, I guess they are, show up.

 

 

2018-02-26 14:42:49,710 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Adding registered service [^https://www.apereo.org]>

2018-02-26 14:42:49,710 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Adding registered service [^(https|imaps)://.*]>

2018-02-26 14:42:49,710 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [2] service(s) from [JsonServiceRegistryDao].>

 

I have two json files.

 

 

cas-services5.xml

 

{

  @class: org.apereo.cas.services.RegexRegisteredService

  serviceId: https://devcas5\.philasd\.org/cas-services/.*

  name: HTTPS

  id: 10000000001

  description: HTTPS protocol wildcard service.

  evaluationOrder: 1000

}

 

 

 

And

 

 

cas-dashboard.xml

 

 

{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https://devcass5.philasd.org/cas/status/dashboard(\\z|/.*)",

  "name" : "CAS Admin Dashboard",

  "id" : 1000000002

  "description" : "CAS dashboard and administrative endpoints",

  "evaluationOrder" : 1001

}

 

 

===========================

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

 

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPG8nL99g6-zYfwWMCZBXQ2FhK6gR6UWatTYTGBK2fZqg%40mail.gmail.com.

image001.gif

David Curry

unread,
Feb 26, 2018, 3:22:26 PM2/26/18
to cas-...@apereo.org
Do you have

    <dependency>
        <groupId>org.apereo.cas</groupId>
        <artifactId>cas-server-support-json-service-registry</artifactId>
        <version>${cas.version}</version>
    </dependency>

in pom.xml and 

cas.serviceRegistry.json.location:    file:/etc/cas/services

in cas.properties?

If not, you need them. If so, then dig through the archives of this group in the last month or twol some other folks were having similar issues.

--Dave


--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
 To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00cc01d3af3b%2408b4e340%241a1ea9c0%24%40philasd.org.

Matthew Uribe

unread,
Feb 26, 2018, 3:34:58 PM2/26/18
to CAS Community
Chris,

I ran into the same problem. I added json files to /etc/cas/services but CAS was only reading those in the classpath/services directory.
I found that my problem was in my cas.properties:

Incorrect: 
cas.serviceRegistry.config.location:   file:/etc/cas/services
Correct:
cas.serviceRegistry.json.location:     file:/etc/cas/services

Cheltenham, Chris

unread,
Feb 26, 2018, 3:35:14 PM2/26/18
to cas-...@apereo.org

I do , I will check everything again in the morning.

 

Thanks for your help.

 

It’s frustrating because I know it’s something stupid but I just don’t see it yet.

--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

 

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOB%3DdrdSTwzr5d%2BFk5K-VPjjkGntE0cHSQozJb_9gk-Lg%40mail.gmail.com.

image001.gif

David Curry

unread,
Feb 26, 2018, 3:37:37 PM2/26/18
to cas-...@apereo.org
But think of all the experience you're getting! :-)

Seriously, I know the feeling. I think we've all been there before.

--Dave


--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
 To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00e301d3af41%244a9c5210%24dfd4f630%24%40philasd.org.

Kevin Liu

unread,
Feb 26, 2018, 3:55:43 PM2/26/18
to CAS Community
I concur with Matthew. That was my issue too until I changed it. Then services started picking up.

--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

Cheltenham, Chris

unread,
Feb 27, 2018, 8:11:56 AM2/27/18
to cas-...@apereo.org

Thanks guys, I have the json service resitry dependency in both cas and cas-management pom.xml.

 

One thing that might be tripping me up here is when to use an “=” or is it a “:’

 

For example I have them mixed.

 

i.e.

 

cas.serviceRegistry.json.location:    file:/etc/cas/services

or is it

cas.serviceRegistry.json.location = file:/etc/cas/services

 

and I am assuming those long blank spaces don’t mean anything.

 

I 95% am sure my problem is in the config files, I just not sure where.

 

 

 

===========================

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

David Curry

unread,
Feb 27, 2018, 8:36:25 AM2/27/18
to cas-...@apereo.org
You can use colons or equals signs, it doesn't matter. And whitespace between the property name and the property value is ignored (but whitespace at the end of the line is not).


Personally I like colons and columns that line up for readability, but that's me. The CAS team seems to like equals signs and no extra whitespace. You can use whichever format you're comfortable with, although I might suggest standardizing on one or the other just for sanity's sake. :-)

--Dave


--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/002d01d3afcc%24876fb2f0%24964f18d0%24%40philasd.org.

Cheltenham, Chris

unread,
Feb 27, 2018, 8:42:25 AM2/27/18
to cas-...@apereo.org

David,

 

Re: cas.properties

 

I tried using the colon on every single line and I got all kinds of errors.

Mainly ssl errors ..

 

When I put the equals back in , it worked.

 

I am NOT saying you’re wrong nanny nanny poo poo …

I just saw a bunch of things break without the equals.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

Cheltenham, Chris

unread,
Feb 27, 2018, 8:51:17 AM2/27/18
to cas-...@apereo.org

Guys,

 

When I changed config to json , I get Application Not Authorized to use CAS.

 

I am not sure if that s good thing or not.

 

If I change json back to config, the portal will open.

 

 

 

===========================

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

From: cas-...@apereo.org [mailto:cas-...@apereo.org] On Behalf Of Matthew Uribe
Sent: Monday, February 26, 2018 3:35 PM
To: CAS Community <cas-...@apereo.org>
Subject: Re: [cas-user] /cas/status/dashboard

 

Chris,

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

David Curry

unread,
Feb 27, 2018, 8:52:41 AM2/27/18
to cas-...@apereo.org
That might be a clue to a formatting problem, then. Like maybe an extra colon or a missing colon? Or something else mis-formatted?

Because colons should work just fine.






--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
 To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/003b01d3afd0%24c86d48e0%245947daa0%24%40philasd.org.

David Curry

unread,
Feb 27, 2018, 8:58:14 AM2/27/18
to cas-...@apereo.org
If you use "config" then the property is being ignored because it doesn't do anything, and you are likely getting the wildcard service registry entry in the classpath.

If you use "json" then you are most likely correctly getting your /etc/cas/services directory, and assuming you didn't copy the wildcard entry, you're not matching it any more. As to application not authorized, that means you don't have a correct entry.

When you have it set to "json", what does the debug log tell you it's loading for services?



--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/004701d3afd2%2407b4d1c0%24171e7540%24%40philasd.org.

Cheltenham, Chris

unread,
Feb 27, 2018, 9:41:22 AM2/27/18
to cas-...@apereo.org

David,

 

Is this what you are looking for?

This is with the cas.properties entry of – “cas.serviceRegistry.json.location=file:/etc/cas/services”

If I change json back to config, I can log into the management portal but still do not see the services I put in there.

 

 

[root@devcas5 logs]# cat catalina.out

2018-02-27 09:38:14,507 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Loading services from [JsonServiceRegistryDao]>

2018-02-27 09:38:14,507 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [JsonServiceRegistryDao].>

2018-02-27 09:38:16,232 DEBUG [org.apereo.cas.web.flow.InitialFlowSetupAction] - <Warning cookie path is set to [null] and path [/cas/]>

2018-02-27 09:38:16,233 DEBUG [org.apereo.cas.web.flow.InitialFlowSetupAction] - <TGC cookie path is set to [null] and path [/cas/]>

2018-02-27 09:38:16,233 DEBUG [org.apereo.cas.web.support.DefaultArgumentExtractor] - <Created [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@57dbcf68[id=https://devcas5.philasd.org/cas-management/manage.html,originalUrl=https://devcas5.philasd.org/cas-management/manage.html,artifactId=<null>,principal=<null>,loggedOutAlready=false,format=XML]] based on [org.apereo.cas.authentication.principal.WebApplicationServiceFactory@46439d55[]]>

2018-02-27 09:38:16,233 DEBUG [org.apereo.cas.web.support.AbstractArgumentExtractor] - <Extractor generated service type [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl] for: [https://devcas5.philasd.org/cas-management/manage.html]>

2018-02-27 09:38:16,233 DEBUG [org.apereo.cas.web.flow.InitialFlowSetupAction] - <Placing service in context scope: [https://devcas5.philasd.org/cas-management/manage.html]>

2018-02-27 09:38:16,234 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>

2018-02-27 09:38:16,235 DEBUG [org.apereo.cas.web.flow.resolver.impl.RankedAuthenticationProviderWebflowEventResolver] - <No service is available to determine event for principal>

2018-02-27 09:38:16,235 DEBUG [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - <Resolved single event [success] via [org.apereo.cas.web.flow.resolver.impl.RankedAuthenticationProviderWebflowEventResolver] for this context>

2018-02-27 09:38:16,236 WARN [org.apereo.cas.web.flow.ServiceAuthorizationCheck] - <No service definitions are found in the service manager. Service [https://devcas5.philasd.org/cas-management/manage.html] will not be automatically authorized to request authentication.>

2018-02-27 09:38:16,236 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]>

2018-02-27 09:38:16,236 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]>

2018-02-27 09:38:16,236 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]>

2018-02-27 09:38:16,236 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]>

2018-02-27 09:38:16,236 WARN [org.apereo.cas.services.web.ServiceThemeResolver] - <No registered service is found to match [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@57dbcf68[id=https://devcas5.philasd.org/cas-management/manage.html,originalUrl=https://devcas5.philasd.org/cas-management/manage.html,artifactId=<null>,principal=<null>,loggedOutAlready=false,format=XML]] or service access is disallowed. Using default theme [cas-theme-default]>

2018-02-27 09:38:16,236 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]>

2018-02-27 09:38:16,236 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}>

2018-02-27 09:38:16,269 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages_en] - neither plain properties nor XML>

2018-02-27 09:38:16,269 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages] - neither plain properties nor XML>

2018-02-27 09:38:16,270 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:messages_en] - neither plain properties nor XML>

2018-02-27 09:38:16,270 DEBUG [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Re-caching properties for filename [classpath:messages] - file hasn't been modified>

2018-02-27 09:38:16,271 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [CookieThemeResolver]>

2018-02-27 09:38:16,271 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [SessionThemeResolver]>

2018-02-27 09:38:16,271 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [RequestHeaderThemeResolver]>

2018-02-27 09:38:16,271 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [ServiceThemeResolver]>

2018-02-27 09:38:16,271 WARN [org.apereo.cas.services.web.ServiceThemeResolver] - <No registered service is found to match [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@57dbcf68[id=https://devcas5.philasd.org/cas-management/manage.html,originalUrl=https://devcas5.philasd.org/cas-management/manage.html,artifactId=<null>,principal=<null>,loggedOutAlready=false,format=XML]] or service access is disallowed. Using default theme [cas-theme-default]>

2018-02-27 09:38:16,271 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <Attempting to resolve theme via [FixedThemeResolver]>

2018-02-27 09:38:16,271 DEBUG [org.apereo.cas.services.web.ChainingThemeResolver] - <No specific theme could be found. Using default theme [cas-theme-default}>

 

 

 

 

It consistently only loads the two defaults and never sees anything in /etc/cas/services

Its as if nothing is in there.

 

2018-02-27 09:36:57,741 DEBUG [org.apereo.cas.services.AbstractServiceRegistryDao] - <Publishing event [org.apereo.cas.support.events.service.CasRegisteredServiceLoadedEvent@2ee60375[registeredService=id=10000001,name=HTTPS and IMAPS,description=This service definition authorized all application urls that support HTTPS and IMAPS protocols.,serviceId=^(https|imaps)://.*,usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@d,theme=<null>,evaluationOrder=10000,logoutType=BACK_CHANNEL,attributeReleasePolicy=org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy@18a9ad44[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@2fc33f97[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=<null>,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@70ecb45b[excludedAttributes=<null>,includeOnlyAttributes=<null>,enabled=true],allowedAttributes=[]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@6e8ffc98[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@60a66b66,logo=images/logo_cas.png,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@3b99bf80[multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,bypassEnabled=false],informationUrl=<null>,privacyUrl=<null>,contacts=[],expirationPolicy=org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy@d9010e3[deleteWhenExpired=false,notifyWhenDeleted=false,expirationDate=<null>],<null>]]>

2018-02-27 09:36:57,741 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Adding registered service [^https://www.apereo.org]>

2018-02-27 09:36:57,741 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Adding registered service [^(https|imaps)://.*]>

2018-02-27 09:36:57,742 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [2] service(s) from [JsonServiceRegistryDao].>

2018-02-27 09:37:14,507 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Loading services from [JsonServiceRegistryDao]>

2018-02-27 09:37:14,507 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [JsonServiceRegistryDao].>

 

===========================

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

 

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPAPhC3LpX0vQ%2BDskRdEKngK1qynbAGRQmAKR8eY09yTg%40mail.gmail.com.

David Curry

unread,
Feb 27, 2018, 9:51:11 AM2/27/18
to cas-...@apereo.org
Well, without digging into the code to see exactly who's logging what, this looks like the important line:

2018-02-27 09:38:14,507 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [JsonServiceRegistryDao].>

Which I interpret to mean that it looked in /etc/cas/services and didn't find anything it wanted.

So... is /etc/cas/services accessible to tomcat (ownership, permissions, etc.)? Are the files? What are the files called? What do they hold?


--Dave


--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
 To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/008401d3afd9%2405391f30%240fab5d90%24%40philasd.org.

Kevin Liu

unread,
Feb 27, 2018, 10:05:09 AM2/27/18
to CAS Community
I would check to make sure you have an absolute path for your service directory.

Also, can confirm that : or = does not matter. Works for me either ways.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

Vaggelis Kasapis

unread,
Feb 27, 2018, 10:39:02 AM2/27/18
to CAS Community
followed your instructions but i get this error.
Error: cannot validate CAS ticket: ST-1-1PZyX9vP72grJtHEexSdwjVUEMo-CNFCC-CAS-Server
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

Cheltenham, Chris

unread,
Feb 27, 2018, 11:00:44 AM2/27/18
to cas-...@apereo.org

David,

 

Do I need pacj4 for the service registry?

 

 

 

 

 

===========================

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-...@apereo.org [mailto:cas-...@apereo.org] On Behalf Of David Curry


Sent: Tuesday, February 27, 2018 8:58 AM

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

 

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPAPhC3LpX0vQ%2BDskRdEKngK1qynbAGRQmAKR8eY09yTg%40mail.gmail.com.

David Curry

unread,
Feb 27, 2018, 11:03:03 AM2/27/18
to cas-...@apereo.org
I don't believe so. You certainly don't have to do anything special to include it.


--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
 To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/000701d3afe4%2402b1b000%2408151000%24%40philasd.org.

Reply all
Reply to author
Forward
0 new messages