cas 3.5.2 not authorized service despite bean being present.
8 views
Skip to first unread message
Jennifer LaVoie
Apr 14, 2020, 2:09:28 PM4/14/20
to CAS Community
Hi everyone
Background:
I am running an old implementation of jasig cas (3.5.2) on redhat 5. We are working on going to our new Apero cas but we have one app that simply won't work in the new environment. So to try to get the rest of our apps over to the new cas, we decided to (vmware) CLONE the cas.production server to a new VMserver, so that just this ONE app can stay on the old version of cas until the app gets upgraded in July. I have been supporting cas for like 6 years, and I have added many apps into the deployerConfig file.
So...new clone...I update all the server and cas config files so that cas now knows it's cas-te.
I added the bean.
I get unauthorized server...
I can't figure out what I am doing wrong...
I copied the bean from our old cas-test server too...and the app works there...but not on this new cas-te.
I am so stuck
Here is my bean
WORKS IN 3.5.2 prod
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="5" />
<property name="name" value="Travel and Expense PROD" />
<property name="description" value="TE PROD" />
<property name="serviceId" value="https://xxx.uni.edu:4447/tvlexp/**" />
<property name="evaluationOrder" value="1" />
<property name="allowedAttributes">
<list>
<value>UDC_IDENTIFIER</value>
</list>
</property>
</bean>
WORKS IN 3.5.2 TEST BUT NOT 3.5.2 CAS-TE
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="48" />
<property name="name" value="T and E TEST" />
<property name="description" value="T and E TEST" />
<property name="serviceId" value="https://xxx.uni.bridgew.edu:4443/tvlexp/tvlexp-flex/index.jsp" />
<property name="evaluationOrder" value="1" />
<property name="allowedAttributes">
<list>
<value>UDC_IDENTIFIER</value>
</list>
</property>
</bean>
WORKS IN 3.5.2 TEST BUT NOT 3.5.2 CAS-TE
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="49" />
<property name="name" value="Travel and Expense CAS" />
<property name="description" value="Travel and Expense CAS SSO" />
<property name="serviceId" value="http://xxx.campus.uni.edu:7777/tvlexp/tvlexp-flex/index.jsp" />
<property name="evaluationOrder" value="1" />
<property name="allowedAttributes">
<list>
<value>UDC_IDENTIFIER</value>
</list>
</property>
When I try to log in to the service, I see this in my catalina.out
2020-04-14 11:14:37,007 WARN [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceManagement: Unauthorized Service Access. Service [https://xxx.uni.edu:4443/tvlexp/tvlexp-flex/index.jsp] not found in Service Registry.>
2020-04-14 11:14:37,008 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: JENNIFER.LAVOIE
ACTION: SERVICE_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Tue Apr 14 11:14:37 EDT 2020
CLIENT IP ADDRESS: xxx
SERVER IP ADDRESS: xxx
=============================================================
Ray Bon
Apr 14, 2020, 3:05:57 PM4/14/20
to cas-...@apereo.org
Jennifer,
Perhaps there are some typos in your examples.
The log is looking for https://xxx.uni.edu:4443 but your service is either xxx.uni.bridgew.edu:4443 or xxx.uni.edu:4447
and the third example is 'http://xxx'
Does 3.5.2 allow regular expressions for serviceId?
Otherwise, set serviceId to be what the service is sending.
Ray
On Tue, 2020-04-14 at 11:09 -0700, Jennifer LaVoie wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca
I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.
Reply all
Reply to author
Forward
0 new messages