CAS 6.4.2 cas.google-apps.*key-* unspoorted?

109 views
Skip to first unread message

Rod B

unread,
Nov 23, 2021, 7:49:30 PM11/23/21
to CAS Community
Hello,
I mostly have CAS 6.4.2 up and running (I told you we'd get there), but I'm seeing in the Catalina.out log a concerning error:

The use of configuration keys that are no longer supported was found in the environment:


Property source 'bootstrapProperties-applicationProfilesCompositeProperties':

        Key: cas.google-apps.key-algorithm
                 Reason: none

        Key: cas.google-apps.private-key-location
                Reason: none

        Key: cas.google-apps.public-key-location
                 Reason: none

I checked the guide and it's different from 6.1 but you use an implementation statement in build.gradle:
 implementation "org.apereo.cas:cas-server-support-saml-googleapps:${project.'cas.version'}"

And I'm supposing that the error is complaining about what's in cas.properties:

cas.googleApps.publicKeyLocation=file:/etc/cas/keys/public.key

cas.googleApps.keyAlgorithm=RSA

cas.googleApps.privateKeyLocation=file:/etc/cas/keys/private.key 

What is the proper way to provide this information to CAS?

Thanks for any help!

Rod

Mike Osterman

unread,
Nov 23, 2021, 9:46:19 PM11/23/21
to cas-...@apereo.org
Hi Rod,

I believe that this functionality has been removed from CAS in 6.x forward, and the only way to achieve SSO with Google Apps is via the CAS SAML2 IdP feature. Richard Frovarp wrote an excellent blog post on how to accomplish this: 

-Mike

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/85b15e11-8801-4b41-ae86-d9c87e535ec9n%40apereo.org.

Rod

unread,
Nov 24, 2021, 11:42:08 AM11/24/21
to cas-...@apereo.org
Thanks Mike!

I was hoping we would have a little more time with this feature.

I appreciate the link to the blog post!

Regards,

Rod

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEdMQHU8iHkjyaqy%2BvnwZPZ4LN_JGdEAvK_xPSw-b8iKuv5T6A%40mail.gmail.com.

Misagh

unread,
Nov 24, 2021, 11:45:04 AM11/24/21
to CAS Community
On Wed, Nov 24, 2021 at 8:42 PM Rod <rodbal...@gmail.com> wrote:
Thanks Mike!

I was hoping we would have a little more time with this feature.

Mike Osterman

unread,
Nov 24, 2021, 11:48:13 AM11/24/21
to CAS Community
Oh! Apologies for misrepresenting that, Misagh. Thanks for chiming in!

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGSBKkc9_1%3DKq%2B6ULj-cM1wFkFQgA6sKgDpEQUeV7keTWh46iQ%40mail.gmail.com.

Rod

unread,
Nov 24, 2021, 1:14:02 PM11/24/21
to cas-...@apereo.org
That's great news, Misagh!

So, does this mean it will error but still work? I noticed a new file in /etc/cas/config, all-cas-properties.ref and it has the following:

# Required: false

# Type: java.lang.String

# Owner: org.apereo.cas.configuration.model.support.saml.googleapps.GoogleAppsProperties

# Module: cas-server-support-saml-googleapps

# Signature algorithm used to generate keys. @deprecated Since 6.2

# cas.google-apps.key-algorithm: RSA

# Deprecation Level: ERROR


# Required: false

# Type: java.lang.String

# Owner: org.apereo.cas.configuration.model.support.saml.googleapps.GoogleAppsProperties

# Module: cas-server-support-saml-googleapps

# The private key location that is used to sign responses, etc. @deprecated Since 6.2

# cas.google-apps.private-key-location: file:/etc/cas/private.key

# Deprecation Level: ERROR


# Required: false

# Type: java.lang.String

# Owner: org.apereo.cas.configuration.model.support.saml.googleapps.GoogleAppsProperties

# Module: cas-server-support-saml-googleapps

# The public key location that is also shared with google apps. @deprecated Since 6.2

# cas.google-apps.public-key-location: file:/etc/cas/public.key

# Deprecation Level: ERROR

Or is this a case of the docs not matching the reality and the method I'm using is in fact, gone?

Thanks for your help!

Rod


To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEdMQHWhv3%3DpHwFTziSHtyma3F--RZHD6JuLjWwp7m%2BUny3T5A%40mail.gmail.com.

Rod

unread,
Nov 24, 2021, 2:33:27 PM11/24/21
to cas-...@apereo.org
Just to add to my post, this is in the catalina.out log file that gives me *some* hope that google apps support the 'old' way is still supported.

Ray, could you weigh in?

Thank you,

Rod

2021-11-24 09:54:38,090 WARN [org.apereo.cas.support.saml.config.SamlGoogleAppsConfiguration] - <>

2021-11-24 09:54:38,090 WARN [org.apereo.cas.support.saml.config.SamlGoogleAppsConfiguration] - <



  ____ _____ ___  ____  _ 

 / ___|_   _/ _ \|  _ \| |

 \___ \ | || | | | |_) | |

  ___) || || |_| |  __/|_|

 |____/ |_| \___/|_|   (_)

                          

CAS integration with Google Apps is now deprecated and scheduled to be removed in the future. The functionality is now redundant and unnecessary with CAS able to provide SAML2 identity provider features.To handle the integration, you should configure CAS to act as a SAML2 identity provider and remove this integration from your deployment to protected against future removals and surprises.>

2021-11-24 09:54:38,090 WARN [org.apereo.cas.support.saml.config.SamlGoogleAppsConfiguration] - <>

Ray Bon

unread,
Nov 30, 2021, 11:50:07 AM11/30/21
to cas-...@apereo.org
Rod,

I have not used google apps so unable to provide any insight.

Ray

On Wed, 2021-11-24 at 11:33 -0800, Rod wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. 
--
Ray Bon
Programmer Analyst
Development Services, University Systems

I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day.

Rod

unread,
Dec 1, 2021, 1:10:27 PM12/1/21
to cas-...@apereo.org
Thanks Ray.

I think it's kind of a documentation bug. It gives the impression there is still built in support for Google Apps/Suite for 6.2 to 6.4.2 but based on the error in catalina.out the support has been removed.

I went through the 5 stages of grief and used the excellent documentation of adding SAML2 support to CAS by Doug Campbell to get it working.

Here's a link to the thread where Doug provides step by step instructions.


He made a typo in one of the lines referencing /etc/cas/saml and as he notes you need to delete in the sp-metadata.xml the validUntil string.

Other than that,  perfect instructions- thanks Doug!

Best,

Rod



To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a7456fb0c7cb61371c1cbeab44a95e106b9980c5.camel%40uvic.ca.
Reply all
Reply to author
Forward
0 new messages