CAS-Management App
134 views
Skip to first unread message
Bartosz Nitkiewicz
Mar 10, 2021, 6:18:37 AM3/10/21
to CAS Community
Hi,
After successful CAS Server installation I have problem with CAS-Management APP
I can't build it with some dependencies placed in build.gradle:
compile "org.apereo.cas:cas-server-support-jdbc-drivers:${casMgmtServerVersion}"
compile "org.apereo.cas:cas-server-support-jpa-service-registry:${casMgmtServerVersion}"
compile "org.apereo.cas:cas-server-support-ldap:${casMgmtServerVersion}"
compile "org.apereo.cas:cas-server-support-jpa-service-registry:${casMgmtServerVersion}"
compile "org.apereo.cas:cas-server-support-ldap:${casMgmtServerVersion}"
Here is output of tomcat log.
Could You please help me.
Thanks
Ray Bon
Mar 10, 2021, 5:00:47 PM3/10/21
to cas-...@apereo.org
Bartosz,
I assume you are using a recent version of cas-management.
The log message says that you are trying to set a property but cas-management does not know how to set it.
I think the properties are being changed to use the same values as cas (it uses the same config libraries).
Properties will have the same name as in cas.
I have this in my management config:
# org.ldaptive.provider.unboundid.UnboundIDProvider is default
# cas.serviceRegistry.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
It has been months since I worked on this but you may not need to set this particular field.
Some properties will be mgmt.something... and some will be cas.something...
If you can find the property in the cas docs, https://apereo.github.io/cas/6.3.x/configuration/Configuration-Properties.html, try the cas.something first.
Ray
On Wed, 2021-03-10 at 03:18 -0800, Bartosz Nitkiewicz wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca
I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.
Bartosz Nitkiewicz
Mar 11, 2021, 2:05:43 AM3/11/21
to CAS Community, Ray Bon
Ray,
Thank you for replay. But what do you mean my management config? Which file it is?
So if I want to authorize access to cas-management through LDAP I should built this dependency?
I have placed
dependencies {
// Other CAS Management dependencies/modules may be listed here...
implementation "org.apereo.cas:cas-server-support-ldap:${casMgmtServerVersion}"
implementation "org.apereo.cas:cas-server-support-json-service-registry:${casMgmtServerVersion}"
implementation "org.apereo.cas:cas-mgmt-config-authz-ldap:${casMgmtServerVersion}"
}
// Other CAS Management dependencies/modules may be listed here...
implementation "org.apereo.cas:cas-server-support-ldap:${casMgmtServerVersion}"
implementation "org.apereo.cas:cas-server-support-json-service-registry:${casMgmtServerVersion}"
implementation "org.apereo.cas:cas-mgmt-config-authz-ldap:${casMgmtServerVersion}"
}
in build.gradle, is it ok?
Bartosz Nitkiewicz
Mar 11, 2021, 3:01:26 AM3/11/21
to CAS Community, Ray Bon
I have fixed mgmt.xxx to cas.mgmt.xxx but now I have other error.
My config entries in management.properties looks like this:
....
# Enable authorization based on groups
cas.mgmt.ldap.ldapAuthz.groupAttribute=memberOf
cas.mgmt.ldap.ldapAuthz.groupPrefix=
cas.mgmt.ldap.ldapAuthz.groupFilter=
cas.mgmt.ldap.ldapAuthz.groupBaseDn=OU=xxx,dc=xxx,dc=xxx,dc=xxx,dc=xxx
# Enable authorization based on attributes and roles
cas.mgmt.ldap.ldapAuthz.rolePrefix=ROLE_
cas.mgmt.ldap.ldapAuthz.roleAttribute=extensionAttribute9
cas.mgmt.ldap.ldapAuthz.searchFilter=sAMAccountName={user}
cas.mgmt.ldap.ldapAuthz.baseDn=OU=xxx,dc=xxx,dc=xxx,dc=xxx,dc=pl
cas.mgmt.ldap.ldapUrl=ldaps://ldapserver.name
cas.mgmt.ldap.connectionStrategy=
#mgmt.ldap.userFilter=sAMAccountName={user}
cas.mgmt.ldap.bindDn=cn=xxxr,cn=xxx,dc=xxx,dc=xx,dc=xxx,dc=xxx
#cas.mgmt.ldap.bindDn=cn=xxx,cn=xxx,dc=xxx,dc=xxx,dc=xxx,dc=xxxx
cas.mgmt.ldap.bindCredential=xxxxxxxx
cas.mgmt.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
cas.mgmt.ldap.connectTimeout=5000
cas.mgmt.ldap.ldapAuthz.groupAttribute=memberOf
cas.mgmt.ldap.ldapAuthz.groupPrefix=
cas.mgmt.ldap.ldapAuthz.groupFilter=
cas.mgmt.ldap.ldapAuthz.groupBaseDn=OU=xxx,dc=xxx,dc=xxx,dc=xxx,dc=xxx
# Enable authorization based on attributes and roles
cas.mgmt.ldap.ldapAuthz.rolePrefix=ROLE_
cas.mgmt.ldap.ldapAuthz.roleAttribute=extensionAttribute9
cas.mgmt.ldap.ldapAuthz.searchFilter=sAMAccountName={user}
cas.mgmt.ldap.ldapAuthz.baseDn=OU=xxx,dc=xxx,dc=xxx,dc=xxx,dc=pl
cas.mgmt.ldap.ldapUrl=ldaps://ldapserver.name
cas.mgmt.ldap.connectionStrategy=
#mgmt.ldap.userFilter=sAMAccountName={user}
cas.mgmt.ldap.bindDn=cn=xxxr,cn=xxx,dc=xxx,dc=xx,dc=xxx,dc=xxx
#cas.mgmt.ldap.bindDn=cn=xxx,cn=xxx,dc=xxx,dc=xxx,dc=xxx,dc=xxxx
cas.mgmt.ldap.bindCredential=xxxxxxxx
cas.mgmt.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
cas.mgmt.ldap.connectTimeout=5000
.....
środa, 10 marca 2021 o 23:00:47 UTC+1 Ray Bon napisał(a):
Ray Bon
Mar 11, 2021, 10:50:15 AM3/11/21
to cas-...@apereo.org, bar...@nitkiewicz.eu
Bartosz,
Are you using the overlay, https://github.com/apereo/cas-management-overlay?
The properties file is etc/cas/config/management.properties.
Start with cas as the auth source. This way you can log in without any other configuration.
Then copy the properties for the service registry from cas.properties to the above management.properties. No need to change any properties.
Ray
Bartosz Nitkiewicz
Mar 12, 2021, 5:40:01 AM3/12/21
to CAS Community, Ray Bon, Bartosz Nitkiewicz
I've done it. But now I have
[2021-03-12 11:38:12] [info] 2021-03-12 11:38:12,028 WARN [org.apereo.cas.mgmt.authz.CasRoleBasedAuthorizer] - <Unable to authorize access, since the authenticated profile [#CasProfile# | id: 11111 | attributes: {credentialType=UsernamePasswordCredential, isFromNewLogin=true, authenticationDate=2021-03-12T10:38:08.587639Z, authenticationMethod=test, successfulAuthenticationHandlers=test, longTermAuthenticationRequestTokenUsed=false} | roles: [] | permissions: [] | isRemembered: false | clientName: CasClient | linkedId: null |] does not contain any required roles>
Should cas-management app be built with ldap dependency?
Ray Bon
Mar 12, 2021, 11:26:06 AM3/12/21
to cas-...@apereo.org
Bartosz,
There is a file etc/cas/config/users.json to which you add authorized users.
You would only need to include ldap dependency if you wanted to look up your authorized users there, instead of the json file. We use the file, so I do not know how to set up an ldap lookup.
Ray
Bartosz Nitkiewicz
Mar 12, 2021, 11:54:41 AM3/12/21
to Ray Bon
Thank You Ray,
I've managed to make it work finally. Now I need to set up cas-management to write json services.
A long way ahead of me, still a lot of work to do.
I've managed to make it work finally. Now I need to set up cas-management to write json services.
A long way ahead of me, still a lot of work to do.
Bartosz Nitkiewicz
12 mar 2021 17:26:19 Ray Bon <rb...@uvic.ca>:
………
--
Ray BonProgrammer AnalystDevelopment Services, University Systems2507218831 | CLE 019 | rb...@uvic.ca
I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.
--
Ray BonProgrammer AnalystDevelopment Services, University Systems2507218831 | CLE 019 | rb...@uvic.ca
I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.
--Ray BonProgrammer AnalystDevelopment Services, University Systems2507218831 | CLE 019 | rb...@uvic.ca
I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a967502d6637daef6f7e0d087c85e519a17c55d4.camel%40uvic.ca.
Reply all
Reply to author
Forward
0 new messages