CAS5 management

215 views
Skip to first unread message

Cheltenham, Chris

unread,
Feb 23, 2018, 10:28:30 AM2/23/18
to cas-...@apereo.org

Hello Everyone,

 

Still having problems with access denied on /cas-management

 

I turned on DEBUG and I see this in the logs.

 

22T13:22:12.379-05:00[America/New_York], authenticationMethod=Employee-LDAP, successfulAuthenticationHandlers=Employee-LDAP,

longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: [] | isRemembered: false | clientName: CasClient |

linkedId: null |] does not contain the required role [ROLE_ADMIN]

 

 

My users.properties files look thusly –

     casuser=ROLE_ADMIN,<myid>

 

and yes ROLE_ADMIN is stated in the management.properties file.

     cas.mgmt.adminRoles[0]=ROLE_ADMIN

 

There is a Json file in /etc/cas/services or the users.properties file.

 

That is stated in cas.properties

   cas.serviceRegistry.config.location=file:/etc/cas/services

 

Is there a way to format the users. Properties file so anyone can use the management portal?

 

 

 

===========================

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

image001.gif

David Curry

unread,
Feb 23, 2018, 10:32:42 AM2/23/18
to cas-...@apereo.org
Your users.properties file is not formatted correctly. It's the same format (and in fact can be the same file) as the one for the admin pages:

# The syntax for each line is:
#
# username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]
#
gnarls=passwordnotused,ROLE_ADMIN

The above allows a user named "gnarls" to have access.

--Dave


--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/008301d3acba%24f0e4fe30%24d2aefa90%24%40philasd.org.

Cheltenham, Chris

unread,
Feb 23, 2018, 10:42:34 AM2/23/18
to cas-...@apereo.org

Thanks David,

 

What is gnarls?

 

 

 

===========================

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

 

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOZfm-azTX0TzCFs7AYmY2DkvNLF%2Bv82mJqicSZntatMA%40mail.gmail.com.

image001.gif

Cheltenham, Chris

unread,
Feb 23, 2018, 10:47:22 AM2/23/18
to cas-...@apereo.org

David,

 

I honestly don’t know what you mean.

 

What admin pages?

 

And how should this be formatted?

 

casuser=ROLE_ADMIN,enabled

 

 

 

===========================

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

From: cas-...@apereo.org [mailto:cas-...@apereo.org] On Behalf Of David Curry


Sent: Friday, February 23, 2018 10:33 AM
To: cas-...@apereo.org
Subject: Re: [cas-user] CAS5 management

 

Your users.properties file is not formatted correctly. It's the same format (and in fact can be the same file) as the one for the admin pages:

--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

 

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOZfm-azTX0TzCFs7AYmY2DkvNLF%2Bv82mJqicSZntatMA%40mail.gmail.com.

image001.gif

David Curry

unread,
Feb 23, 2018, 10:48:02 AM2/23/18
to cas-...@apereo.org
Gnarls the Narwhal is The New School's mascot.


I wanted a "dummy" account to use in my CAS testing and documentation, and "casuser" was already taken, so... :-)

--Dave


--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/009501d3acbc%24e8d7c400%24ba874c00%24%40philasd.org.

Cheltenham, Chris

unread,
Feb 23, 2018, 10:51:25 AM2/23/18
to cas-...@apereo.org

Ok I see David,

 

So I tried this and still doesn’t work.

 

ccheltenham-ext=ROLE_ADMIN,enabled

 

I gotta say this is a really stupid and cheesy way to do this.

--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

 

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPsxTh%3D1Szic2XDDQtjgpOyP2Mf3k_CHObmFbd2bOPhKg%40mail.gmail.com.

image001.gif

David Curry

unread,
Feb 23, 2018, 10:51:53 AM2/23/18
to cas-...@apereo.org
Admin pages is the /status/dashboard stuff (and all the things underneath). The access to that is controlled with a user.properties file as well.

The format is what I gave you in the earlier email. So for casuser, it would be

casuser=passwordnotused,ROLE_ADMIN

or equivalently,

casuser=empty,ROLE_ADMIN

I should note that the password field (the first field after the "=") is only "not used" if you're using CAS to authenticate access to the management webapp (which I assume you are).

--Dave


--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00a301d3acbd%249552e2f0%24bff8a8d0%24%40philasd.org.

David Curry

unread,
Feb 23, 2018, 10:53:57 AM2/23/18
to cas-...@apereo.org
You still need the (unused) password in there, like this:

ccheltenham-ext=notused,ROLE_ADMIN,enabled

(and you don't really need the "enabled"). Note that "ccheltenham-ext" should then be a user that can authenticate via CAS, since you're protecting the management webapp with CAS.

--Dave


--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00b301d3acbe%2425967f20%2470c37d60%24%40philasd.org.

David Curry

unread,
Feb 23, 2018, 10:58:10 AM2/23/18
to cas-...@apereo.org
As for the cheesiness of it, I believe it's inherited from Spring Security (which is an alternative way you can protect the management webapp):


So blame them, not the CAS project. :-)

--Dave


--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


--

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

Cheltenham, Chris

unread,
Feb 23, 2018, 11:03:48 AM2/23/18
to cas-...@apereo.org

Thanks again  David,

 

Yeah I am sure its spring.

I wasn’t; beating up anyone in particular.

 

Mostly out of frustration that switching a few words around makes all the difference and I have no clue what the combination is.

image001.gif

Cheltenham, Chris

unread,
Feb 23, 2018, 11:06:49 AM2/23/18
to cas-...@apereo.org

Perfect David,

 

I cannot tell you how many different combination of that user.properties files I tried to no avail.

 

Thanks again

image001.gif

Cheltenham, Chris

unread,
Feb 23, 2018, 12:33:42 PM2/23/18
to cas-...@apereo.org

David,

 

Along the same lines,

 

/cas/status says access denied.

 

Is a different file?

cid:image001.gif@01D3ACA2.4C937D10

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

 

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAORN6K6VTdPmUCz_RAtO6%2BsPXoib9gTtFVFMF6W0n5ONQ%40mail.gmail.com.

image001.gif

Ray Bon

unread,
Feb 23, 2018, 12:48:49 PM2/23/18
to cas-...@apereo.org
Chris,

Check your service registry entry.

Ray
-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

Cheltenham, Chris

unread,
Feb 23, 2018, 1:29:12 PM2/23/18
to cas-...@apereo.org

Oh ok , this is CentOs.

 

 

===========================

Thank You;

Chris Cheltenham
Technology Services
The School District of Philadelphia

Work # 215-400-5025
Cell # 215-301-6571

image001.gif

David Curry

unread,
Feb 23, 2018, 1:47:52 PM2/23/18
to cas-...@apereo.org

The /status endpoint (but not the endpoints underneath it) is only protected by an IP address pattern. You need to set the cas.adminPagesSecurity.ip property to a regular expression that matches the IP address(es) you want to allow access from.


--Dave


--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00ed01d3accc%246e1b38e0%244a51aaa0%24%40philasd.org.

Cheltenham, Chris

unread,
Feb 23, 2018, 2:30:34 PM2/23/18
to cas-...@apereo.org

Oh right , you do have good docs.

 

Thanks

 

Someone should pay you for them.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

 

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XANb3HKi%3DRsMjsz-cHqk9StXT2%2BiAvKZy9g2_3Zv0HNO-w%40mail.gmail.com.

image001.gif

David Curry

unread,
Feb 23, 2018, 2:48:32 PM2/23/18
to cas-...@apereo.org
Someone should pay you for them.

Well, I have to write it up as part of my job anyway; I just decided to go a little further and make it available to world+dog. So I do get paid for the work. Glad you (and others) are finding them helpful.



--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728david...@newschool.edu

The New School


To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/014801d3acdc%24c0a41e00%2441ec5a00%24%40philasd.org.

Anil Kumar Reddy gajulapalli

unread,
Jul 19, 2019, 3:05:09 PM7/19/19
to CAS Community
Hello David,

I am trying to resolve this issue from the last 3 days, nevertheless, I am lost with no hope. 

2019-07-19 18:46:47,815 WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - <Unable to authorize access, since the authenticated profile [#CasProfile# | id: anil....@socalled.com | attributes: {credentialType=UsernamePasswordCredential, samlAuthenticationStatementAuthMethod=urn:oasis:names:tc:SAML:1.0:am:password, isFromNewLogin=true, mail=anil....@socalled.com, authenticationDate=2019-07-19T18:46:45.197052Z[UTC], authenticationMethod=Open DJ, givenName=Anil, successfulAuthenticationHandlers=Open DJ, longTermAuthenticationRequestTokenUsed=false, cn=anil....@socalled.com, title=devOps Engineer} | roles: [] | permissions: [] | isRemembered: false | clientName: CasClient | linkedId: null |] does not contain any required roles>

CAS-Management is taking me to CAS server for Authentication. Once the Authentication is validated while coming back to Management App, I see the above error in the Management logs.

I have adminusers.properties as below:

anil.kumar@socalled.com=notused,ROLE_ADMIN,enabled
Anil=notused,ROLE_ADMIN,enabled

and management.properties have below details:

cas.mgmt.adminRoles[0]=ROLE_ADMIN
cas.mgmt.userPropertiesFile=file:./adminusers.properties


Can you guide me where am making a mistake? I have referred docs at: https://dacurry-tns.github.io/deploying-apereo-cas/building_svcmgmt_configure-webapp-properties.html too.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

David Curry

unread,
Jul 23, 2019, 9:28:27 AM7/23/19
to cas-...@apereo.org
Have you tried setting logging to DEBUG and tracing what's happening? My initial suspects would be that either (a) CAS is not reading your adminusers.properties file ("./" makes me nervous, since you don't necessarily know where "." is) or (b) it's not matching your username correctly.

--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL  INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003


To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2a18af49-deb6-40d7-92dd-cebfe49bbdb2%40apereo.org.
Reply all
Reply to author
Forward
0 new messages