CAS documentation for a new user is terrible

[Jan]

Hello,

As a new user of CAS, I'd like to voice my opinion that the official documentation of how one can get started with CAS is just awful. By this I mean not the lack of it, but rather how indirect, not step-by-step it is. Clarity could often be improved too.

In the end I managed to do what I hoped for, ie investigate CAS locally as an SSO solution, for which I needed to (1) run CAS server locally, (2) connect and authenticate using a simple CAS client locally, (3) run the service management app. However, the difficulty I had at most steps of getting it all to work make me really want to use something else even if I have to implement parts of it from scratch..

Only now, when wanting to post this message, did I find this helpful guide: https://dacurry-tns.github.io/deploying-apereo-cas/ Could the CAS team incorporate some step-by-step tutorial like this into the official documentation?

These threads seem to voice a similar concern:

https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/documentation/cas-user/z3BLJ0IQwZ0/wRybEK1LAQAJ

https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/documentation/cas-user/qaAINooFi1s/D3k7Pr-7BQAJ

I'm also posting the notes I made for myself during the process. I wouldn't have written them if there was something like this available in official docs, or I had found the unofficial guide earlier. I'm adding **** to points that took me particularly long to figure out.

Building

- Described here: https://apereo.github.io/cas/developer/Build-Process.html

- git clone --depth=1 --single-branch --branch=master g...@github.com:apereo/cas.git cas-server

- cd cas-server

- git checkout master

- ./gradlew build install --parallel -x test -x javadoc -x check

Config

- Default config dir is /etc/cas/config (may need to be created, given permissions) If you create application.properties in there, CAS seems to pick them up. ****

- You can override in there any properties listed on https://apereo.github.io/cas/development/installation/Configuration-Properties.html

Keys

- keytool -genkey -alias cas -keyalg RSA -validity 999 -keystore /etc/cas/thekeystore -ext san=dns:cas-sso.local

- Add 127.0.0.1 cas-sso.local to /etc/hosts

- keytool -export -file /etc/cas/config/cas.crt -keystore /etc/cas/thekeystore -alias cas

- sudo keytool -import -file /etc/cas/config/cas.crt -alias cas -keystore $JAVA_HOME/jre/lib/security/cacerts (default password to cacerts is changeit)

- Add the following lines to application.properties in CAS config dir (with whatever password you set up for /etc/cas/thekeystore) ****

server.ssl.keyStorePassword=qwer1234

server.ssl.keyPassword=qwer1234

Adding JSON service registry (to get a sample client registered)

- Add line >>compile "org.apereo.cas:cas-server-support-json-service-registry:5.2.0-SNAPSHOT"<< to the file cas-server/webapp/cas-server-webapp-tomcat/build.gradle, replacing 5.2.0-SNAPSHOT with whatever version of CAS you have. The version can be figured out after starting CAS (is displayed). ****

- Recompile the whole thing as above.

- Add the following lines to application.properties in CAS config dir: ****

cas.serviceRegistry.watcherEnabled=true

cas.serviceRegistry.repeatInterval=10

cas.serviceRegistry.startDelay=1

cas.serviceRegistry.initFromJson=true

- Add json file with service defs in directory cas-server/webapp/resources/services (the server seems to display which directory it watches after start).

{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "http://localhost/.*", ****

  "name" : "testId",

  "id" : 1,

  "accessStrategy" : {

  "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",

  "enabled" : true,

  "ssoEnabled" : true

  }

}

Getting access to /status/dashboard endpoint ****

- Add the following lines to application.properties in CAS config dir:

cas.adminPagesSecurity.ip=127\.0\.0\.1

cas.monitor.endpoints.enabled=true

cas.monitor.endpoints.sensitive=false

Running

- cd webapp/cas-server-webapp-tomcat

- ../../gradlew build bootRun --parallel

Simple client

- git clone g...@github.com:apereo/phpCAS.git

- cd phpCAS

- Copy docs/examples/config.example.php to docs/examples/config.php and edit:

// Full Hostname of your CAS Server

$cas_host = 'cas-sso.local';

// Context of the CAS Server

$cas_context = '/cas';

// Port of your CAS server. Normally for a https server it's 443

$cas_port = 8443;

- Make the file docs/examples/example_simple.php accessible by www.

- Navigate to http://localhost/phpCAS/docs/examples/example_simple.php

Service management app

- Based on https://github.com/apereo/cas-services-management-overlay

- git clone g...@github.com:apereo/cas-services-management-overlay.git

- cd cas-services-management-overlay

- ./build.sh package

- This creates target/cas-management.war, which should be deployed to Tomcat. Make sure Tomcat uses the same Java as CAS server. Otherwise, it won't find the SSL keys in the Java truststore. ****

- On first run, it copies various files from cas/config into /etc/cas/config. You may want to update management.properties as follows, in particular:

# CAS server that management app will authenticate with

# This server will authenticate for any app (service) and you can login as casuser/Mellon

cas.server.name: https://cas-sso.local:8443/

cas.server.prefix: https://cas-sso.local:8443/cas

cas.mgmt.adminRoles[0]=ROLE_ADMIN

cas.mgmt.userPropertiesFile=file:/etc/cas/config/users.properties

# Update this URL to point at server running this management app

cas.mgmt.serverName=http://localhost:8080

server.context-path=/cas-management

server.port=8080

logging.config=file:/etc/cas/config/log4j2-management.xml

- http://localhost:8080/cas-management

Conclusions

- Really painful to set up.

- CAS documentation is very unclear, tons of linked documents, not sure where to find information.

- Wonder if better to do OAuth2 even if redirecting to Google / FB needs to be implemented from scratch.

---

With all that, thank you for writing and maintaining this software. It does seem like a good choice for SSO solutions - but the initial learning curve shouldn't be quite so sharp.

Jan

[Waldbieser, Carl]

Jan,

I think that part of the issue is that there are different types of documentation, and while the CAS project has good coverage for some types, it doesn't have spectacular coverage with other types.
One of the most interesting talks I heard on the subject of documentation was from the PyCon 2017 series:

https://www.youtube.com/watch?v=azf6yzuJt54

In summary, the speaker identifies 4 types of documentation:

* Tutorials
* HOWTOs
* Reference
* Discussion

I think the CAS project is pretty strong on Reference material, it is OK on HOWTOs, but it is somewhat lackluster with regards to tutorials and discussion. A great tutorial would be a real asset to getting newcomers over the initial CAS hurdle.

The project is more or less volunteer and sponsorship based. That means if no one volunteers to write documentation or pays someone else to write it, it isn't going to get done.

The good news is that the CAS project is very open to pull requests, so if you can write up a HOWTO or tutorial, you can probably get it included in the project documentation.

Thanks,
Carl Waldbieser
ITS Identity Management
Lafayette College

*Building*

- Described here: https://apereo.github.io/cas/developer/Build-Process.html
- git clone --depth=1 --single-branch --branch=master
g...@github.com:apereo/cas.git cas-server
- cd cas-server
- git checkout master
- ./gradlew build install --parallel -x test -x javadoc -x check

*Config*

- Default config dir is /etc/cas/config (may need to be created, given
permissions) If you create application.properties in there, CAS seems to
pick them up. ****
- You can override in there any properties listed on
https://apereo.github.io/cas/development/installation/Configuration-Properties.html

*Keys*

- keytool -genkey -alias cas -keyalg RSA -validity 999 -keystore
/etc/cas/thekeystore -ext san=dns:cas-sso.local
- Add 127.0.0.1 cas-sso.local to /etc/hosts
- keytool -export -file /etc/cas/config/cas.crt -keystore
/etc/cas/thekeystore -alias cas
- sudo keytool -import -file /etc/cas/config/cas.crt -alias cas -keystore
$JAVA_HOME/jre/lib/security/cacerts (default password to cacerts is
changeit)
- Add the following lines to application.properties in CAS config dir (with
whatever password you set up for /etc/cas/thekeystore) ****
server.ssl.keyStorePassword=qwer1234
server.ssl.keyPassword=qwer1234

*Adding JSON service registry (to get a sample client registered)*

- Add line >>compile
"org.apereo.cas:cas-server-support-json-service-registry:5.2.0-SNAPSHOT"<<
to the file cas-server/webapp/cas-server-webapp-tomcat/build.gradle,
replacing 5.2.0-SNAPSHOT with whatever version of CAS you have. The version
can be figured out after starting CAS (is displayed). ****
- Recompile the whole thing as above.
- Add the following lines to application.properties in CAS config dir: ****
cas.serviceRegistry.watcherEnabled=true
cas.serviceRegistry.repeatInterval=10
cas.serviceRegistry.startDelay=1
cas.serviceRegistry.initFromJson=true
- Add json file with service defs in directory
cas-server/webapp/resources/services (the server seems to display which
directory it watches after start).
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "http://localhost/.*", ****
"name" : "testId",
"id" : 1,
"accessStrategy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
}
}

*Getting access to /status/dashboard endpoint *****

- Add the following lines to application.properties in CAS config dir:
cas.adminPagesSecurity.ip=127\.0\.0\.1
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false

*Running*

- cd webapp/cas-server-webapp-tomcat
- ../../gradlew build bootRun --parallel

*Simple client*

- git clone g...@github.com:apereo/phpCAS.git
- cd phpCAS
- Copy docs/examples/config.example.php to docs/examples/config.php and
edit:
// Full Hostname of your CAS Server
$cas_host = 'cas-sso.local';
// Context of the CAS Server
$cas_context = '/cas';
// Port of your CAS server. Normally for a https server it's 443
$cas_port = 8443;
- Make the file docs/examples/example_simple.php accessible by www.
- Navigate to http://localhost/phpCAS/docs/examples/example_simple.php

*Service management app*

- Based on https://github.com/apereo/cas-services-management-overlay
- git clone g...@github.com:apereo/cas-services-management-overlay.git
- cd cas-services-management-overlay
- ./build.sh package
- This creates target/cas-management.war, which should be deployed to
Tomcat. Make sure Tomcat uses the same Java as CAS server. Otherwise, it
won't find the SSL keys in the Java truststore. ****
- On first run, it copies various files from cas/config into
/etc/cas/config. You may want to update management.properties as follows,
in particular:
# CAS server that management app will authenticate with
# This server will authenticate for any app (service) and you can login as
casuser/Mellon
cas.server.name: https://cas-sso.local:8443/
cas.server.prefix: https://cas-sso.local:8443/cas
cas.mgmt.adminRoles[0]=ROLE_ADMIN
cas.mgmt.userPropertiesFile=file:/etc/cas/config/users.properties
# Update this URL to point at server running this management app
cas.mgmt.serverName=http://localhost:8080
server.context-path=/cas-management
server.port=8080
logging.config=file:/etc/cas/config/log4j2-management.xml
- http://localhost:8080/cas-management

*Conclusions*

- Really painful to set up.
- CAS documentation is very unclear, tons of linked documents, not sure
where to find information.
- Wonder if better to do OAuth2 even if redirecting to Google / FB needs to
be implemented from scratch.

---

With all that, thank you for writing and maintaining this software. It does
seem like a good choice for SSO solutions - but the initial learning curve
shouldn't be quite so sharp.

Jan

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0d6365c9-ce06-496a-b53d-6702ec1f0551%40apereo.org.

[Matthew Uribe]

Jan,

I have to say, as another new arrival to the CAS world, that I agree with your statements, and wish I would have encountered your post several weeks ago. I appreciate the link to guide, and hope that others will find it earlier in their journey than I did. 

Also, I want to thank all who have contributed directly to the project, as well as here in the group. 

[David Curry]

For those of you who are new to CAS and looking for some help, in addition to Carl's task list (for lack of a better word), I have been making this available for anyone who wants it:

https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html

It's NOT official, and it's not the only way to do things, but it's pretty verbose and step-by-step.

I just updated it the other day with my initial work on doing some high availability stuff with MongoDb, so it's up-to-date with CAS 5.2.2-SNAPSHOT.

--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9d02240-df8e-4b39-80a6-3580cd380b36%40apereo.org.

[Michael O Holstein]

CAS is an open-source project. It is not plug-and-play.

If you want a turnkey implementation, I'd recommend contacting Unicon (the principal architects) who offer it as a hosted solution, various support contracts, and implementation consulting.

---

From: cas-...@apereo.org <cas-...@apereo.org> on behalf of David Curry <david...@newschool.edu>
Sent: Monday, January 29, 2018 2:52:29 PM
To: cas-...@apereo.org
Subject: Re: [cas-user] Re: CAS documentation for a new user is terrible

 

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMVOWv9QacdbOYDBb9QA9Q4wA7AqDJN%3DLDr0dfvGHGxDQ%40mail.gmail.com.

[Waldbieser, Carl]

While it is true that CAS is not a turnkey solution, and it is also true that the documentation has vastly improved since the early days of CAS, I think it is fair to say there is room for improvement in the CAS documentation.

The criticism that the documentation is somewhat lacking in terms of reliable tutorials seems to be fairly accurate. The documentation is mainly organized as reference material, with a bit of HOWTO documentation mixed in.

Daniele Procida (of the Django project) gave a really great discussion on what makes documentation successful[1], and why people won't use your project if you don't have good documentation. Based on his categorizations, I'd conclude that CAS documentation would benefit most from improvements to its tutorial and discussion documentation, followed by beefing up its HOWTO documentation.

While I think the subject "CAS documentation for a new user is terrible" may be somewhat provocative, I believe the message that CAS documentation could be improved to help new users come to grips with it more easily is a valid criticism. I can think of another open source project in the web SSO space that has essentially rejected this kind of criticism entirely much to the detriment of its community. I believe the CAS community can do better in this area.

Thanks,
Carl Waldbieser
ITS Identity Management
Lafayette College

[1] https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwi4tryv7v_YAhVB21MKHarEB14QtwIIJzAA&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dazf6yzuJt54&usg=AOvVaw2GPsIKe4Ur91Zx9ASL2rsu

----- Original Message -----
From: "Michael O Holstein" <michael....@csuohio.edu>
To: "cas-user" <cas-...@apereo.org>
Sent: Monday, January 29, 2018 4:18:32 PM
Subject: Re: [cas-user] Re: CAS documentation for a new user is terrible

CAS is an open-source project. It is not plug-and-play.


If you want a turnkey implementation, I'd recommend contacting Unicon (the principal architects) who offer it as a hosted solution, various support contracts, and implementation consulting.

________________________________
From: cas-...@apereo.org <cas-...@apereo.org> on behalf of David Curry <david...@newschool.edu>
Sent: Monday, January 29, 2018 2:52:29 PM
To: cas-...@apereo.org
Subject: Re: [cas-user] Re: CAS documentation for a new user is terrible

For those of you who are new to CAS and looking for some help, in addition to Carl's task list (for lack of a better word), I have been making this available for anyone who wants it:

https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html

It's NOT official, and it's not the only way to do things, but it's pretty verbose and step-by-step.

I just updated it the other day with my initial work on doing some high availability stuff with MongoDb, so it's up-to-date with CAS 5.2.2-SNAPSHOT.

--Dave



--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003

+1 212 229-5300 x4728 • david...@newschool.edu<mailto:david...@newschool.edu>

[The New School]

cas.server.name<http://cas.server.name>: https://cas-sso.local:8443/

cas.server.prefix: https://cas-sso.local:8443/cas
cas.mgmt.adminRoles[0]=ROLE_ADMIN
cas.mgmt.userPropertiesFile=file:/etc/cas/config/users.properties
# Update this URL to point at server running this management app
cas.mgmt.serverName=http://localhost:8080
server.context-path=/cas-management
server.port=8080
logging.config=file:/etc/cas/config/log4j2-management.xml
- http://localhost:8080/cas-management

Conclusions
- Really painful to set up.
- CAS documentation is very unclear, tons of linked documents, not sure where to find information.
- Wonder if better to do OAuth2 even if redirecting to Google / FB needs to be implemented from scratch.

---

With all that, thank you for writing and maintaining this software. It does seem like a good choice for SSO solutions - but the initial learning curve shouldn't be quite so sharp.

Jan

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org<mailto:cas-user+u...@apereo.org>.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9d02240-df8e-4b39-80a6-3580cd380b36%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9d02240-df8e-4b39-80a6-3580cd380b36%40apereo.org?utm_medium=email&utm_source=footer>.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org<mailto:cas-user+u...@apereo.org>.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMVOWv9QacdbOYDBb9QA9Q4wA7AqDJN%3DLDr0dfvGHGxDQ%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMVOWv9QacdbOYDBb9QA9Q4wA7AqDJN%3DLDr0dfvGHGxDQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CO2PR0801MB6474E5AEDD311854873107383E50%40CO2PR0801MB647.namprd08.prod.outlook.com.

[David Curry]

Yesterday, I said: "...in addition to Carl's task list (for lack of a better word)..."

My mistake, it was Jan's task list; I didn't scroll back far enough in the thread.

--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

[Martin Bohun]

“And so, my fellow cas-user-s: ask not what your cas can do for you—ask what you can do for your cas.”

martin

[Garf Watkins]

Yes.. but in order to get to that point you need good documentation.

[David Curry]

I'm sure the development team would gladly accept any documentation you'd care to contribute and maintain.

In the meantime, perhaps this may be helpful to you: https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html

David A. Curry,  CISSP
Director of Information Security
The New School - Information Technology
71 Fifth Ave., 9th Fl. ~ New York, NY 10003
+1 212 229-5300 x4728 ~ david...@newschool.edu
Sent from my phone; please excuse typos and inane auto-corrections.
   

On Fri, Jul 20, 2018, 20:45 Elendrys Yagami <elen...@gmail.com> wrote:

I was totally thinking about posting a complain about the doc. I spent hours a year ago to understand how to setup the soft. I am deploying the latest version now and while I forgot a lot about what I did and what I got, I also see that it grew.

We can easily get "you want to do that, compile the module and add the settings". And I'd like to congratulate CAS developers to move from XML Land to a readable property file. But it's also true that the thousands lines long config page mixes everything in a messy way. You may not see the sentence with a link to extended explanations and get lost.

You may use resources to make the project more attractive by giving a good doc. The payed solution should be an engeneering assistance, not a "hey we develop it for free but the doc is so odd that you may not successfully deploy it on your own". Look at Docker, opensource, easy, clear, and then they add paid improvments for enterprise class services. They a

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/10a8adf7-8beb-429a-8785-19b5791f2864%40apereo.org.

[Trenton D. Adams]

There are a lot of areas that it needs some serious improvement.  I'm slowly writing a document on organizational issues related to the documentation, so that I can share it with everyone.  The biggest issue is that it makes you jump around a lot.  For example, having one MASSIVE properties document isn't helpful.  The properties related to a specific module that you must enable should be in the document for that module.

For example, the following document has documentation on enabling LDAP authentication, yet no information on how to configure it, it forces you to click out to the properties document for that.
https://apereo.github.io/cas/5.2.x/installation/LDAP-Authentication.html

Furthermore, ldap password management is a separate topic from authentication, and should be in it's own document entirely.

At some point, I could probably take some time to adjust some docs, but I'd need to be assured they will be the way that the devs find acceptable, or I'd just be wasting my time. :D  Plus, I'm not sure how everything would conflict with the master branch.

Anyhow, I found the docs to be "mostly" complete, just very disconnected.  If all individual components had their own documentation page, with everything needed to get that one single piece working, life would be beautiful. :D  Not only would that be nice, but it would also end up being a printable document.

On 2018-07-20 06:44 PM, Elendrys Yagami wrote:

I was totally thinking about posting a complain about the doc. I spent hours a year ago to understand how to setup the soft. I am deploying the latest version now and while I forgot a lot about what I did and what I got, I also see that it grew.

We can easily get "you want to do that, compile the module and add the settings". And I'd like to congratulate CAS developers to move from XML Land to a readable property file. But it's also true that the thousands lines long config page mixes everything in a messy way. You may not see the sentence with a link to extended explanations and get lost.

You may use resources to make the project more attractive by giving a good doc. The payed solution should be an engeneering assistance, not a "hey we develop it for free but the doc is so odd that you may not successfully deploy it on your own". Look at Docker, opensource, easy, clear, and then they add paid improvments for enterprise class services. They a

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/10a8adf7-8beb-429a-8785-19b5791f2864%40apereo.org.

-- 
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Applications Unit - ITS
Athabasca University
(780) 675-6195

It is only when you are surrounded by a supportive team, that you can achieve 
your best.  Instead of tearing people down, try building them up!

--

This communication is intended for the use of the recipient to whom it is addressed, and may contain confidential, personal, and or privileged information. Please contact us immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communications received in error, or subsequent reply, should be deleted or destroyed.

---

[Bryan Wooten]

 agree.

But in all honesty commercial software is not really better… 

As a community there are limited resources that can be dedicated to docs, it certainly will not gain me or you any points ($) at our org.

Just as a member of this community I sincerely appreciate any docs /experiences/config you share.

And feel free to reach out to me personally, I will share anything I can.

-Bryan

On Fri, Jul 20, 2018 at 6:44 PM, Elendrys Yagami <elen...@gmail.com> wrote:

I was totally thinking about posting a complain about the doc. I spent hours a year ago to understand how to setup the soft. I am deploying the latest version now and while I forgot a lot about what I did and what I got, I also see that it grew.

We can easily get "you want to do that, compile the module and add the settings". And I'd like to congratulate CAS developers to move from XML Land to a readable property file. But it's also true that the thousands lines long config page mixes everything in a messy way. You may not see the sentence with a link to extended explanations and get lost.

You may use resources to make the project more attractive by giving a good doc. The payed solution should be an engeneering assistance, not a "hey we develop it for free but the doc is so odd that you may not successfully deploy it on your own". Look at Docker, opensource, easy, clear, and then they add paid improvments for enterprise class services. They a

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

[Elendrys Yagami]

I'm not saying it is the way to go. I wanted to say that their online doc is pretty good and it did help to make the software widely used.

Cas has become over the years really easier to configure in the end, with a lot of good features. It is just largely minored by struggles finding the good info in the doc.

I have just spent many hours and finally found the answer in the list for making dashboard accessible. The doc is chinease about security.

I'd prefer have spent lost time in the doc to contribute.

[BACCHELLA Fabrice]

And adding insult to injury, as one can't open issues on github, all the many deficiencies of the documentation are not centralised. Either you do a pull request right when you find it, or the problem is forgotten for ever.

This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged.

If you are not one of the named recipients or have received this email in error,

(i) you should not read, disclose, or copy it,

(ii) please notify sender of your receipt by reply email and delete this email and all attachments,

(iii) Dassault Systemes does not accept or assume any liability or responsibility for any use of or reliance on this email.

For other languages, go to http://www.3ds.com/terms/email-disclaimer

[Uxío Prego]

I'm sure most active maintainers read this list.

I don't recall any prominent announcement about it, hopefully it was just me who missed it, but I take that as "this list is the current issue tracker". If the team considers that the best way to go, I'm sure it probably is.

Uxío Prego

             

Madiva Soluciones
CL / SERRANO GALVACHE 56
BLOQUE ABEDUL PLANTA 4
28033 MADRID
+34 917 56 84 94
www.madiva.com

www.bbva.com

La informacion transportada en este medio desde este buzon es confidencial (salvo indicacion explicita en el propio mensaje) con efectos retroactivos.

The information conveyed in this medium from this sender is by all means confidential (unless otherwise specified) with retroactive effect.

The activity of email inboxes can be systematically tracked by colleagues, business partners and third parties. Turn off automatic loading of images to hamper it.

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/FA88F021-6A5C-4828-8970-5B8E1FD94CDA%403ds.com.

[Trenton Adams]

Can you share that with me?  I have yet to get the dashboard and /status urls working.

---

From: cas-...@apereo.org <cas-...@apereo.org> on behalf of Elendrys Yagami <elen...@gmail.com>
Sent: July 21, 2018 2:29 AM

To: cas-...@apereo.org
Subject: Re: [cas-user] Re: CAS documentation for a new user is terrible

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMPwz85_Xe0pRBge%2Bt3qZjbqGpVMOvtTCQXnLut0tmSJvapDLw%40mail.gmail.com.

[BACCHELLA Fabrice]

Using a yaml format:

cas:

    monitor:

        endpoints:

            enabled: true

            sensitive: false

    adminPagesSecurity:

        ip: .*

        actuatorEndpointsEnabled: true

        # To have CAS handle access to admin pages

        loginUrl: https://XXXX/login

        service: https://XXXXX/status/dashboard

        users: file:/data/cas/conf/adminusers.properties

        adminRoles:

            - ROLE_ADMIN

endpoints:

    enabled: true

    sensitive: false

And of course, you need a service for that, in yaml again:

--- !<org.apereo.cas.services.RegexRegisteredService>

serviceId: "https://XXXX/status/.*"

name: "Status"

id: 1001

description: "CAS dashboard"

attributeReleasePolicy: !<org.apereo.cas.services.ReturnAllAttributeReleasePolicy> {}

accessStrategy: !<org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy>

  enabled: true

  ssoEnabled: true

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN6PR1301MB188958BE98603F0A5401E383D5560%40BN6PR1301MB1889.namprd13.prod.outlook.com.

[Trenton D. Adams]

This is still not working.  Have you released some sort of attribute to the cas dashboard service that I'm not aware of?

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/EEB88048-0E9F-4EE0-9F2C-D50BB3F6421C%403ds.com.

-- 
Trenton D. Adams
Senior Systems Analyst/Web Software Developer
Applications Unit - ITS
Athabasca University
(780) 675-6195

It is only when you are surrounded by a supportive team, that you can achieve 
your best.  Instead of tearing people down, try building them up!

--

[Elendrys Yagami]

Parameters given in th previous mail are working for me.

You need all the things in the cas.properties file (or application.yml if you stick to yaml format). Urls must be filled with correct informations. The ip filter allows all.

You need to check that the service registry allows it. The default one (imaps and https) is enough.

You also need to completly restart the app.

A good test is with the defaults (using casuser default user and the default adminusers.properties file):

Go the the cas/login page

Click on the dashboard link. It should send you back to the login?service=https://you.cad.url/cas/status/dashboard

Login with casuser.

If you make it work the customize the app.

You can try cas/status too which is I think not filtered by ip.

Good luck.

You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/BwI6_qU612c/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6969fd14-fe90-a24c-e1d9-9055d14ba0e6%40athabascau.ca.

[Trenton D. Adams]

I believe the below matches your yaml perfectly.  What about the contents of adminusers.properties?

/etc/cas/config/adminusers.properties
trenta=notused,ROLE_ADMIN

cas.monitor.endpoints.enable=true
cas.monitor.endpoints.sensitive=false
cas.adminPagesSecurity.ip=.*
cas.adminPagesSecurity.actuatorEndpointsEnabled=true
cas.adminPagesSecurity.loginUrl=https://cas.example.org:443/cas/login
cas.adminPagesSecurity.service=https://cas.example.org:443/cas/status/dashboard
cas.adminPagesSecurity.users=file:/etc/cas/config/adminusers.properties
cas.adminPagesSecurity.adminRoles=ROLE_ADMIN
endpoints.enabled=true
endpoints.sensitive=false

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMPwz84_JS2xay%2B%2B_BXajGPeUEw85Y8Z7_CjJo6huf3KRTkZDA%40mail.gmail.com.

[David Curry]

If you cut-and-pasted these, then I see two problems.

First:

cas.monitor.endpoints.enable=true 

That should be "enabled".

Second:

cas.adminPagesSecurity.adminRoles=ROLE_ADMIN

that should be "adminRoles[0]".

  

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f75e321f-d2ec-5c4e-dfa5-67cfb37065ec%40athabascau.ca.

[Trenton D. Adams]

Yes, it was the "enable(d)" that was the problem.  The adminRoles does not need the "[0]" unless you need multiple, I've noticed that CAS supports arrays for properties, but if you don't need multiple values you can create an individual configuration property.

Thanks for the help David! 

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAO7kvHyDNLy_yRO8B2K_57OhxjA8CfOWVUSAbn-D%3DkRZA%40mail.gmail.com.

[Va Sja]

As I see after almost 2 years documentation still don't getted better ...

... there are no some 1-2-3-Specs to finish even HelloWorld with CAS. But the release number grows extremely. 3.6, 4.0-1-2-3, 5.0-1-2-3, 6.0. 

So - looks like the developers stacked in the similar way as users :)   

I would wait till first release with suffix "STABLE", before start to use IT. After a week of rolling over LinkDoc-to-LinkDoc-to-LinkDoc-to-LinkDoc I give Up. Jan has created ___THE_BEST_MANUAL_EVER__ , but currently on my side I reach the pont, that I can logIn, but LogOut not works as expected...

Hope somebody from DigitalOcean can repeat success from already thousand of HOW_TO like that : how-to-install-mysql-on-ubuntu-18-04 . It should be not harder as 10 mins, isn't- it?

[Matthew Uribe]

Va,

I would like to mention that your complaint is about a product that you get to use *for free*. I support some paid software with worse documentation. I do understand the frustration, as the learning curve is steep, but that's where this community comes in. Everyone here tries to be very helpful, giving one another their time *for free*. I've been supporting CAS 5 in my organization now for just over a year, and I find that the documentation does in fact tell me what I need to know. It's just that getting started can be tough.

Yet another free resource you may find helpful: David Curry, one of our community members, created a very easy to follow guide to implementing CAS 5. Check it out here:  https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html

Matt

[Va Sja]

Matthew, you are fully right - there are a lot of much worse software as well as documentation. And in case, when is the goal "getting as much as more money for support" - it is exactly the right tactic -  to make documentation unusable, and release as often as possible new releases with more and more features, that will be selled as a next. But it is not really the main vector for open-source, when you need weeks and some hundred gurus for install at least "HelloWorld".  And you point me again to some " very easy to follow guide " may be very informative but for my case unusable documentation, when I need really to jumping over hundreds links just to getting again the understanding - IT IS TOO COMPLEX TO UNDERSTAND. It is exactly " very easy to follow " with a lot of links , but "absolutely not possible to understand what this manual about. Sorry that I am scream - otherwise I have to cry :)  

May be we understand the words "follow", "understand", "jump", "start", "finish", "result", "productivity" different? 

The documentation should help to focus to the problem, and your link make exactly opposite: it point me in next 2-3 sentences to jump to some another Web Page. Nothing more. But I need to know steps to success: 1-2-3-FINISH. And there are no complete story about "how to do install HelloWorld?". U cannot push all of it into your brain in  1 hour, 1 day, 1 week, but you need much more! 

May be U are absolutely right: "  the documentation does in fact tell me what I need to know ". And you a able to "getting started"! But it not help to finish some minimal positive result.

Alternatively you have to pay for somebody else who know this software - that is the only one Idea, what you have to get from such documentation. Unfortunately...

...and it is not only my view. Fortunately! 8-)

[David Curry]

Va,

If you want 1-2-3 FINISH then perhaps, as Matthew already suggested, this is what you're looking for:

https://dacurry-tns.github.io/deploying-apereo-cas/ 

It starts from zero knowledge of CAS and goes step-by-step to an installation that is running in production today. And it does it in increments, so you can check that things are working along the way. The initial "Building the CAS server" section will in fact get you a running server in 1-2-3-4-FINISH (create an overlay project, build the default server, edit a couple of config files, install and test).

But just as "Hello World" is a pretty useless program, the CAS server you're going to get in 4 steps is a pretty useless server. If you want to use it to do any real work, you're going to have to configure it to talk to your user directories, define the services you want it to manage, figure out the attributes you need to release, perhaps enable multifactor authentication, customize the user interface to meet your corporate branding standards, perhaps enable other protocols like SAML2 or OAuth, perhaps add in support for high availability, etc. Every one of those things is supported by CAS, most of them in multiple flavors. But to use them, you're going to have to learn how to add them to the server and configure them. The above guide shows how to do that for one set (sometimes two) of choices; they may not be the choices you want, but it should be easy to extrapolate from one to another once you see how the basic setup works.

If you don't want to exert the effort to learn how the software works, or don't have the patience to start a project that's going to take more than 20 minutes to complete, then perhaps doing it yourself isn't the right answer. There are  several third party service providers that will provide consulting expertise to help you configure and support it; some of them will even host and operate it for you.

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY

THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b1f5e450-ab52-482d-8e19-944f656c71a3%40apereo.org.

[Va Sja]

Hello David,

many thanks for your explanation. I am sure - CAS  works on many productions environments, and support a lot of possible protocols and standarts. But...
...did  You played with Lego? There you can be successful already in 20 minutes. Then you just increase your success step-by-step. Did you install some server from latest past? MySQL, Tomcat, Cassandra? How many steps you need to "read-download-install-configure-start-check"? Is it oft takes more then 20 min to understand what you really do ?

As I and many other peoples has already explained : for CAS there are no way to do it from read-2-check in 10 mins, 10 hours, and even in 10 days!

...the latests readable documentation is minimum 2-3 years old. Then we have a lot of linked and not readable pages. 

  You can check yourself the link, what you sendet to me and try to answer for

a)  who need to know as first page about for ex ?:
   - Support for many SPs built in: Adobe Creative Cloud, Google Apps, Office 365, 

b) what version is possible to start when on the same page are: 

   - .. CAS 6._ , CAS 5., CAS 3.5 , CAS 5.2.7,  CAS 5.3.x .,CAS 4 ...

c) where is the start ?

d) what should I DO ? 

e) am I really need so complex solution, when it is not possible to setup even Plain-User-Password-Auth for 1 web-site in weeks?

f) there are a lot of left-menu-Items, but is all I need to read and understand for very first installation? Create? Build? Configure? Install? Commit? Add?

 ( BTW even on Intro-page there are no explanation WHAT IS CAS!!!  You have to search it somewhere else over Google? )

i will appreciate your answers and constructive feedback without links this time  !  We can then "attach it" to already existing Documentation portals as only one new page like "CAS for Dummy" , "CAS for lazy admin" or "CAS in 20 minutes" :) 

Kindest regards

To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

[David Curry]

Va,

The link I gave you was to documentation that I developed for use in my organization. It was produced to meet our needs (not yours) and it does that quite well. We contributed it to the community in the hopes that others might find it useful, too. Apparently at least a few people have, because they have let me know it was helpful to them. But we never advertised it as being the perfect answer for everybody.

So if you don't like it or don't find it helpful, that's fine, nobody's forcing you to use it.

Good luck with your project.

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c858a349-d322-4c5b-bb7d-93946e47d749%40apereo.org.

[Ray Bon]

Va,

I understand your frustration. It took me quite some time to learn and understand what goes on with CAS.

But, it solves a complex problem in a flexible way. Out of all the authentication mechanisms, you probably only need one. Which one is up to you.

You should be able to get the code from, https://github.com/apereo/cas-overlay-template and run the docker or embedded tomcat within a few minutes. https://apereo.github.io/cas/6.0.x/installation/WAR-Overlay-Installation.html

You can also pay for support. We used Unicon, https://www.unicon.net/. (I am not affiliated with them.)

Ray

-- 

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

[jm]

If you want to set up a usable CAS server and you are sure you will not need some extra features provided by apereo CAS, just take a look at CASino. It is written in Ruby, supports Database credential, or LDAP credential. It runs well before we migrate to apereo CAS, they set up it within 1 hour and migrate all web sites to CAS --- that's why we use apereo CAS now.

在 2019年5月16日星期四 UTC+8下午8:54:10，Va Sja写道：

[Va Sja]

Hello rbon,

I am already build, install, configured almost ALL variants from Github and around. My problem is - after "successfully" configured the CAS-server I have no glue about "what is the next step!?". The server works fine, but there are no one line description "how it is possible to integrate this server with my needs". I can read a lot of messages from Web-GUI, logs etc., but how to configure my HelloWorld-Tomcat-App to be able use controlled Auth-service from CAS - no idea. In most of cases - there are no way to use old documentation - old links already overwritten by "new  releases". 

The single "readable" (( from my view! )) documentation I found on http://hacsoc.org/wiki/technical/cas.html. But it is from September 6, 2005!!!

OfCoz - nobody is able to reuse it - all important refs are already broken. 

The latest "usable" public example for using CAS i found on https://github.com/casinthecloud/java-jasig-cas-client-demo. But it is :
- at least 4 years old

- based on CAS 3.6.0-SNAPSHOT
- can make only login, NO logout

David Curry has described success story about his organization. But he has more luck as me-  his team has access to original documentation with correct links and examples. Now it is not exist anymore. That, what exist now  - just a lot of bytes without sense, copy-paste from many independent sources ( sorry for my extreme frustration! ).

So  - the main question - what was done with this project last 3-4-5 years. I would name it "monetization". 8-)

...Hope - I am wrong! Otherwise it is the time to "fork" the state 5 years old and make it in the real "open-source-style" :((

@David

I want use  - just currently it is not usable!

My goal is really simple, and when I get the "help from community" like "goto ....", and it is get me back after 1-2 weeks to the same point, where I started - something is wrong.

I will appreciate, when somebody can demonstrate how with help from actual version of documentation step-by-step ( or even better with 1-2-3 "git clone" )  I can build 3-user-2-roles-1-webapp secured application on the CAS-basis. 

If it is not possible  - it will be also THE answer....

Kindest regards to ALL.

[Alberto Cabello Sánchez]

On Thu, 16 May 2019 09:35:21 -0400
David Curry <david...@newschool.edu> wrote:

> Va,
>
> The link I gave you was to documentation that I developed for use in my
> organization. It was produced to meet our needs (not yours) and it does
> that quite well. We contributed it to the community in the hopes that
> others might find it useful, too.

Among others, the original poster of this thread, who wrote:

> Only now, when wanting to post this message, did I find this helpful
> guide: https://dacurry-tns.github.io/deploying-apereo-cas/ Could the
> CAS team incorporate some step-by-step tutorial like this into the
> official documentation?

I think a lot of people would benefit from some posts like the ones we
can find in Apereo Community Blog (https://apereo.github.io/) focused
on more basic tasks.

Finally: it is too easy to forget that people only tell what is missing, so
even if official documentation is hard to follow (indeed, it is), I'd like
to thank both the developers and the helpful community that make CAS.

Best regards,

--
Alberto Cabello Sánchez
Servicio de Informática
Universidad de Extremadura

[Ray Bon]

Va,

It sounds like you are trying to build a client application.

https://github.com/apereo/java-cas-client

If you are using spring, https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/cas.html

Here is a tutorial, https://www.baeldung.com/spring-security-cas-sso

There are other languages as well, https://apereo.github.io/cas/6.0.x/integration/CAS-Clients.html

Ray

[Richard Frovarp]

On 5/17/19 2:44 AM, Va Sja wrote:

Hello rbon,

I am already build, install, configured almost ALL variants from Github and around. My problem is - after "successfully" configured the CAS-server I have no glue about "what is the next step!?". The server works fine, but there are no one line description "how it is possible to integrate this server with my needs". I can read a lot of messages from Web-GUI, logs etc., but how to configure my HelloWorld-Tomcat-App to be able use controlled Auth-service from CAS - no idea. In most of cases - there are no way to use old documentation - old links already overwritten by "new  releases".

The issue is that CAS is a complicated system solving complicated problems. The key is to start small and build. You likened some of this to Legos before. Well CAS can be the working Mindstorm roller coaster. https://ideas.lego.com/projects/84c2ced1-52b6-4d8c-b26a-749e5e3984d0 There's several protocols and each of those has several options. In Java web applications alone I've used the CAS servlet filter, Spring Security, Shiro, and Shibboleth SP. So it comes down to how you want to do it. What else are you using for authorization? The most easy to understand and follow simple test in my opinion is to do phpCAS. PHP is a pretty straightforward language that isn't complicated by multiple layers or complicated security layers. As I spin up new releases of CAS or attempt to use new features of CAS, I test against phpCAS as it is pretty dead simple to get the first bit going.

The single "readable" (( from my view! )) documentation I found on http://hacsoc.org/wiki/technical/cas.html. But it is from September 6, 2005!!!

OfCoz - nobody is able to reuse it - all important refs are already broken. 

The latest "usable" public example for using CAS i found on https://github.com/casinthecloud/java-jasig-cas-client-demo. But it is :
- at least 4 years old

- based on CAS 3.6.0-SNAPSHOT
- can make only login, NO logout

What? The project was updated 2 months ago. The basics on how it works hasn't change, which is why some of it is old. The version number there is based off of the CAS Java library, not the version of the CAS server. Grab the commit before the current one if you want to use the latest release of 3.5.1. And I'm not sure what you mean by it can't logout. It does that in the application. With SSO, logout can mean at least three different things.

David Curry has described success story about his organization. But he has more luck as me-  his team has access to original documentation with correct links and examples. Now it is not exist anymore. That, what exist now  - just a lot of bytes without sense, copy-paste from many independent sources ( sorry for my extreme frustration! ).

So  - the main question - what was done with this project last 3-4-5 years. I would name it "monetization". 8-)

The past 3-4-5 years has add an fantastic amount of new features. Those new features frequently require a decent amount of knowledge to implement, so don't worry about them. Things like the specific integration with G Suite are always appreciated. The project moves a pretty good pace.

...Hope - I am wrong! Otherwise it is the time to "fork" the state 5 years old and make it in the real "open-source-style" :((

Contribute.

@David

I want use  - just currently it is not usable!

My goal is really simple, and when I get the "help from community" like "goto ....", and it is get me back after 1-2 weeks to the same point, where I started - something is wrong.

I will appreciate, when somebody can demonstrate how with help from actual version of documentation step-by-step ( or even better with 1-2-3 "git clone" )  I can build 3-user-2-roles-1-webapp secured application on the CAS-basis. 

If it is not possible  - it will be also THE answer....

Kindest regards to ALL.

Follow: https://github.com/casinthecloud/cas-overlay-demo to get a CAS server up and running quickly. If you are on Java 8, you'll need to checkout a revision from the 5.x line as I believe CAS 6 require Java 11.

Follow https://github.com/casinthecloud/java-jasig-cas-client-demo to get a CAS protected service in Java up and running. I had to back rev once to get back to something that would launch for me. It's on a different port and should work with the CAS running on 8080 from the server example before.

Start small. Try the CAS in the Cloud options above. Change it over to auth against your user source of LDAP / AD. Try simple protection of something like PHP pages, then from there worry about attribute release and using those attributes. After you get that figured out, then decide how you plan to do authentication and authorization in your application. Spring Security and Apache Shiro work well for both of those in Java applications, and both integrate with CAS pretty nicely. So lean on your security library to help out.