cas.server.name=https://server_name.domain.prive.fr:8443
cas.server.prefix=https://server_name.domain.prive.fr:8443/cas
logging.config: file:/etc/cas/config/log4j2.xml
cas.serviceRegistry.config.location: file:/etc/cas/services
#========================================
# Authentication
#========================================
cas.authn.accept.users=
#========================================
## Embedded Tomcat HTTP/AJP
## Enable HTTP/AJP connections for the embedded Tomcat container.
#========================================
cas.server.http.enabled=false
#========================================
# LDAP : If AUP is controlled via LDAP, decide how choices should be remembered back inside the LDAP instance.
#========================================
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldap://domain.prive.fr
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].baseDn=dc=domain,dc=prive,dc=fr
cas.authn.ldap[0].userFilter=sAMAccountName={user}
cas.authn.ldap[0].bindDn=CN=BIND Ldap,OU=Tech,DC=domain,DC=prive,DC=fr
cas.authn.ldap[0].bindCredential=bindpwd
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].connectTimeout=5000
cas.authn.ldap[0].principalAttributeID=sAMAccountName
cas.authn.ldap[0].principalAttributeList=sAMAccountName,displayName,mail,altSecurityIdentities,memberOf,description:UDC_IDENTIFIER
cas.authn.ldap[0].userFilter=sAMAccountName={user}
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].minPoolSize=3
cas.authn.ldap[0].maxPoolSize=10
cas.authn.ldap[0].validateOnCheckout=true
cas.authn.ldap[0].validatePeriodically=true
cas.authn.ldap[0].validatePeriod=600
cas.authn.ldap[0].failFast=true
cas.authn.ldap[0].idleTime=500
cas.authn.ldap[0].prunePeriod=600
cas.authn.ldap[0].blockWaitTime=5000
#========================================
# Admin Status Endpoints
# The following properties describe access controls and settings for the /status endpoint of CAS which provides administrative functionality and oversight into the CAS software. To learn more about this topic, please review this guide.
#========================================
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false
cas.monitor.endpoints.dashboard.enabled=true
cas.monitor.endpoints.dashboard.sensitive=false
cas.monitor.endpoints.status.enabled=true
cas.monitor.endpoints.status.sensitive=false
# IP address may be enough to protect all endpoints.
# If you wish to protect the admin pages via CAS itself, configure the rest.
cas.adminPagesSecurity.ip=10\.10\.10\.10
<dependencies>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp${app.server}</artifactId>
<version>${cas.version}</version>
<type>war</type>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-ldap</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.ldaptive</groupId>
<artifactId>ldaptive-unboundid</artifactId>
<version>1.0</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-json-service-registry</artifactId>
<version>${cas.version}</version>
</dependency>
</dependencies>
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
"description" : "This service definition authorizes all application urls that support HTTPS and IMAPS protocols.",
"evaluationOrder" : 10000,
"accessStrategy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"sAMAccountName" : "principal",
"groupMembership" : "group"
}
}
}
# CAS server that management app will authenticate with
cas.server.name=https://server_name.chsjsl.prive.fr:8443
cas.server.prefix=https://server_name.domain.prive.fr:8443/cas
# Management
cas.mgmt.host=${cas.server.name}
cas.mgmt.adminRoles=ROLE_ADMIN
cas.mgmt.userPropertiesFile=file:/etc/cas/config/users.properties
# Update this URL to point at server running this management app
cas.mgmt.serverName=https://server_name.domain.prive.fr:8443
server.context-path=/cas-management
server.port=8443
spring.thymeleaf.mode=HTML
logging.config=file:/etc/cas/config/log4j2-management.xml
cas.serviceRegistry.config.location: file:/etc/cas/services
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldap://domain.prive.fr
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].baseDn=dc=domain,dc=prive,dc=fr
cas.authn.ldap[0].userFilter=sAMAccountName={user}
cas.authn.ldap[0].principalAttributeID=sAMAccountName
cas.authn.ldap[0].principalAttributeList=sAMAccountName,displayName,mail,memberOf,description:UDC_IDENTIFIER
cas.authn.ldap[0].userFilter=sAMAccountName={user}
cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
cas.authn.attributeRepository.defaultAttributesToRelease=sAMAccountName,displayName,mail
cas.mgmt.authzAttributes[0]=sAMAccountName
cas.mgmt.authzAttributes[1]=displayName
cas.mgmt.authzAttributes[3]=mail
cas.mgmt.ldap.ldapUrl=Ldap://domain.prive.fr
cas.mgmt.ldap.baseDn=dc=domain,dc=prive,dc=fr
cas.mgmt.ldap.userFilter=sAMAccountName={user}
cas.mgmt.ldap.bindDn=CN=BIND Ldap,OU=Tech,DC=domain,DC=prive,DC=fr
cas.mgmt.ldap.bindCredential=bindpwd
cas.mgmt.ldap.useSsl=false
<dependencies>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-management-webapp</artifactId>
<version>${cas.version}</version>
<type>war</type>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-management-webapp-support-ldap</artifactId>
<version>${cas.version}</version>
</dependency>
</dependencies>
Hello Julien,
In your management.properties there is a gap in cas.mgmt.authzAttributes list. Check if changing cas.mgmt.authzAttributes[3]=mail to cas.mgmt.authzAttributes[2]=mail fixes this issue.
Check also if this https://github.com/apereo/cas/pull/2775
applies also to your case