How do I enable cas/status page with CAS 5.3.2?

[123 456]

Template:  https://github.com/apereo/cas-gradle-overlay-template

#=================

# cas.properties

#=================

server.port = ****

cas.server.name: https://{server}:****

cas.server.prefix: https://{server}:****/cas

cas.adminPagesSecurity.ip=127\.0\.0\.1

logging.config: file:/etc/cas/config/log4j2.xml

#cas.serviceRegistry.json.location: classpath:/etc/cas/services-repo

# SSL

server.ssl.enabled=true

server.ssl.keyStore=file:/etc/cas/thekeystore

server.ssl.keyStorePassword=changeit

server.ssl.keyPassword=changeit 

cas.authn.accept.users=

#========================================

# Service Registry

#========================================

cas.serviceRegistry.watcherEnabled=true

cas.serviceRegistry.initFromJson=true

cas.serviceRegistry.json.location=classpath:/etc/cas/services

#==================================

# Status

#==================================

cas.adminPagesSecurity.actuatorEndpointsEnabled=true

cas.monitor.endpoints.enabled=true

endpoints.enabled=true

cas.monitor.endpoints.sensitive=false

endpoints.sensitive=false

cas.monitor.endpoints.status.enabled=false

cas.monitor.endpoints.status.sensitive=true

cas.adminPagesSecurity.loginUrl=https://{server}/cas/login

cas.adminPagesSecurity.service=https://{server}/cas/status

cas.adminPagesSecurity.users=file:/etc/cas/config/admusers.properties 

cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN

***************************************

#========================

#  admnusers.properties

#========================

# This file lists the users who are allowed access to the CAS /status/*

# endpoints ("adminpages").

#

# The syntax for each line is:

#

# username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]

#

casuser=notused,ROLE_ADMIN

****************************************************************************

[David Curry]

Unless you really want it to only be accessible from the local host that the server is running on, you need to comment out this line:

cas.adminPagesSecurity.ip=127\.0\.0\.1 

Or more appropriately, set it to a value that matches the IPs you want to be able to reach the status page. It's a Java regex, so you can do just about anything.

 

--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david...@newschool.edu

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7330ab0c-ba94-4f6d-9926-18a3d8458311%40apereo.org.

[123 456]

I have commented out this line, but still doesn't work. I get the following error message when trying to access cas/status :

To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

[David Curry]

My apologies... I told you to comment it out, but that's the default value, so it's still picking it up from the default properties. You need to set it to a pattern that matches the host(s) you want to be able to access it from. See this page:

https://dacurry-tns.github.io/deploying-apereo-cas/building_server_dashboard_configure-admin-pages-properties.html 

for some more detail.  

--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david...@newschool.edu

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/293d4552-e7cb-4f8a-bfec-983919810979%40apereo.org.

[123 456]

Still not working ..

The used template is the right one? I used the following: https://github.com/apereo/cas-overlay-template

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/293d4552-e7cb-4f8a-bfec-983919810979%40apereo.org.

[David Curry]

I'm not running CAS 6, so I can't tell you specifically for that release; maybe someone else can.

--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david...@newschool.edu

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/61fc8cc0-a87c-41c9-872e-17b30b0a6403%40apereo.org.

[123 456]

Sorry, my mistake.. I'm running CAS 5.3 with the following release: https://github.com/apereo/cas-gradle-overlay-template.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/61fc8cc0-a87c-41c9-872e-17b30b0a6403%40apereo.org.

[David Curry]

The overlay template you're using shouldn't make any difference. It's all about configuration.

You need to set the cas.adminPagesSecurity.ip to a regex that matches where you want to access it from. For example:

cas.adminPagesSecurity.ip:              ^192\\.168\\.(50\\.[0-9]{1,3}|1\\.[12]0)$

This says allow anything on the 192.168.50.0/24 network, plus 192.168.1.10 and 192.168.1.20.

All the other items you had looked okay to me. I'm not aware that anything in this area changed between 5.2.x (what we're running) and 5.3.x, so that should do it. If not, up the logging level on CAS and see what it says...

--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david...@newschool.edu

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f74ec90c-06c9-40ca-b084-2ca6d9b90492%40apereo.org.

[AT]

cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false
cas.adminPagesSecurity.ip=^127\.(0|1)\.(0|1)\.(0|1)$

[123 456]

I've already installed version 5.2 and I'm still getting the same error page. I've changed the ip as well and doesn't work. 

[123 456]

{

        "services":[

                {

            "@class":"org.apereo.cas.services.RegexRegisteredService",

            "id":123456789,

            "serviceId":"https://localhost:****/cas/status/dashboard",

            "name":"cas_status",

            "description":"CAS dashboard and administrative endpoints"

                }

        ]

}

I get the following error as well:

ERROR [org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer] - <Cannot read/parse JSON [{"services":[{"@class":"org.apereo.cas.services.RegexRegisteredService","id":123456789,"serviceId":"https://localhost:****...] to deserialize into type [interface org.apereo.cas.services.RegisteredService]. This may be caused in the absence of a configuration/support module that knows how to interpret the JSON fragment, specially if the fragment describes a CAS registered service definition. Internal parsing error is [Missing type id when trying to resolve subtype of [simple type, class org.apereo.cas.services.RegisteredService]: missing type id property '@class'

 at [Source: (String)"{"services":[{"@class":"org.apereo.cas.services.RegexRegisteredService","id":123456789,"serviceId":"https://localhost:8443/cas/status/dashboard","name":"cas_status","description":"CAS dashboard and administrative endpoints"}]}"; line: 1, column: 226]]>

In which folder should I be making the changes to the default configurations? 

quarta-feira, 26 de Junho de 2019 às 17:09:20 UTC+1, 123 456 escreveu:

[David Curry]

Don't change the default configuration. Add the service to your service registry, wherever that is. If you don't have a service registry, you should set one of those up first. 

And unless the CAS server actually has an SSL certificate with localhost.**** as a valid CN, you should be using the actual hostname of the CAS server.

--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david...@newschool.edu

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9adce229-6461-4ad4-bd57-c6263915a4af%40apereo.org.