cas-management question

Jennifer LaVoie

unread,

May 17, 2018, 3:18:42 PM5/17/18

to CAS Community

So I have followed all the steps here

https://dacurry-tns.github.io/deploying-apereo-cas/building_svcmgmt_configure-webapp-properties.html

(awesome site)

And when I try to go to

https://cashost:8443/cas-management

I am redirected to here

https://casserver.herokuapp.com/cas/login?service=https%3A%2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html

I have already logged into my cas.

What config file have I forgotten to change?

Jen

Jennifer LaVoie

unread,

May 17, 2018, 3:23:28 PM5/17/18

to CAS Community

Here is my management.properties file

# CAS server that management app will authenticate with

# This server will authenticate for any app (service) and you can login as casuser/Mellon

server.name: https://cashost

cas.server.prefix: ${cas.server.name}/cas

cas.mgmt.adminRoles[0]=ROLE_ADMIN

cas.mgmt.userPropertiesFile=file:/etc/cas/config/admusers.properties

# Update this URL to point at server running this management app

cas.mgmt.serverName=${cas.server.name}:8443

#server.context-path=/cas-management

#server.port=8443

cas.serviceRegistry.json.location: file:/etc/cas/services

logging.config=file:/etc/cas/config/log4j2-management.xml

David Curry

unread,

May 17, 2018, 3:23:37 PM5/17/18

to cas-...@apereo.org

etc/cas/config/management.properties

--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6c39a6d0-3e29-48a8-8282-e57c7ab785c9%40apereo.org.

David Curry

unread,

May 17, 2018, 3:24:24 PM5/17/18

to cas-...@apereo.org

You have "server.name" instead of "cas.server.name" (oops)

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00b98d20-6f6d-4af3-8b74-cef6a55fcaef%40apereo.org.

Matthew Uribe

unread,

May 17, 2018, 3:28:06 PM5/17/18

to cas-...@apereo.org

What's the cas.server.name in your management.properties?

Matt Uribe

Programmer Analyst II

Information Technology
Aims Community College
970.339.6375
matthe...@aims.edu

5401 W. 20th Street
Greeley, CO, 80634

www.aims.edu

IT staff will never ask you for your username and password.

Always decline to provide the information and report such 
attempts to the Help Desk (x6380).

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6c39a6d0-3e29-48a8-8282-e57c7ab785c9%40apereo.org.

Matthew Uribe

unread,

May 17, 2018, 3:31:03 PM5/17/18

to CAS Community

Sorry, after sending this response, my email refreshed and I saw the other helpful posts. Disregard.

Jennifer LaVoie

unread,

May 17, 2018, 3:32:12 PM5/17/18

to cas-...@apereo.org

Thanks Matt and Dave

Ok, so once I fixed my stupid typo, I get the correct url

https://cashost/cas/login?service=https%3A%2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html

But i also get ERR_Connection_refused.

not sure why

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6c39a6d0-3e29-48a8-8282-e57c7ab785c9%40apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bda0d3a1-19ae-40b4-881a-92bd471fa2b5%40apereo.org.

--

"Confusion is a word we have invented for an order which is not understood." ~Henry Miller

David Curry

unread,

May 17, 2018, 3:38:22 PM5/17/18

to cas-...@apereo.org

Not sure if you copy-n-pasted this:

https://cashost/cas/login?service=https%3A%2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html

or typed it by hand, but I see both "cashost" and "cashost:8443". Normally they'd both be the same (since Tomcat is usually only listening on the one port).

--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bda0d3a1-19ae-40b4-881a-92bd471fa2b5%40apereo.org.

--
"Confusion is a word we have invented for an order which is not understood." ~Henry Miller

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vH%2B%3Dz6geejRjCixo9B0UEp2GUOa4AjW93E61C4QKPO_NA%40mail.gmail.com.

Jennifer LaVoie

unread,

May 17, 2018, 3:40:53 PM5/17/18

to CAS Community

I updated the management.properties file with some ports specifically defined. And that is now working as expected...

However, I get this

The CAS management webapp is unavailable.

There was an error trying to complete your request. Please notify your support desk or try again.

On Thursday, May 17, 2018 at 3:18:42 PM UTC-4, Jennifer LaVoie wrote:

David Curry

unread,

May 17, 2018, 3:44:27 PM5/17/18

to cas-...@apereo.org

Haven't seen that one, that I can recall.

Is that a CAS error (shows in a CAS-branded web page) or a Tomcat error?

Do the logs (cas.log and/or catalina.out) say anything helpful?

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/53c3f120-14ec-41af-8447-1db0e370795e%40apereo.org.

Jennifer LaVoie

unread,

May 17, 2018, 3:55:43 PM5/17/18

to CAS Community

nothing helpful in cas.log or catalina.out that I can see

it seems to be CAS error because the leaf is on the tab and above the error that I posted it says

Cas Service Management

Jen

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

David Curry

unread,

May 17, 2018, 4:00:37 PM5/17/18

to cas-...@apereo.org

Sorry, not cas.log.... cas-management.log.

If still nothing, try setting cas.log.level to debug in log4j2-management.xml.

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00b98d20-6f6d-4af3-8b74-cef6a55fcaef%40apereo.org.

Ray Bon

unread,

May 17, 2018, 4:16:06 PM5/17/18

to cas-...@apereo.org

Jen,

I think you mean a cas-management error and not 'CAS error'.

Are CAS and cas-management running on the same tomcat?

Logging config for cas-management is in log4j2-management.xml which also introduces cas-management.log.

Ray

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

Jennifer LaVoie

unread,

May 18, 2018, 11:20:56 AM5/18/18

to CAS Community

Yes. I understand the distinction...I was typing quickly :)

I do get an error in my cas-management log about ssl - but my regular /cas/login link loads just fine (self signed cert on this particular server)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[?:1.8.0_171]

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[?:1.8.0_171]

at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_171]

at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_171]

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[?:1.8.0_171]

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[?:1.8.0_171]

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596) ~[?:1.8.0_171]

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_171]

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) ~[?:1.8.0_171]

at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) ~[?:1.8.0_171]

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) ~[?:1.8.0_171]

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) ~[?:1.8.0_171]

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) ~[?:1.8.0_171]

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) ~[?:1.8.0_171]

at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) ~[?:1.8.0_171]

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) ~[?:1.8.0_171]

at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564) ~[?:1.8.0_171]

at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492) ~[?:1.8.0_171]

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263) ~[?:1.8.0_171]

at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:431) ~[cas-client-core-3.4.1.jar:3.4.1]

at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) ~[cas-client-core-3.4.1.jar:3.4.1]

at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) ~[cas-client-core-3.4.1.jar:3.4.1]

at org.pac4j.cas.credentials.authenticator.CasAuthenticator.validate(CasAuthenticator.java:61) ~[pac4j-cas-2.2.0.jar:?]

at org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:68) ~[pac4j-cas-2.2.0.jar:?]

at org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:37) ~[pac4j-cas-2.2.0.jar:?]

at org.pac4j.core.client.DirectClient.getCredentials(DirectClient.java:44) ~[pac4j-core-2.2.0.jar:?]

at org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:113) ~[pac4j-core-2.2.0.jar:?]

... 72 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:1.8.0_171]

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:1.8.0_171]

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_171]

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ~[?:1.8.0_171]