--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9d02240-df8e-4b39-80a6-3580cd380b36%40apereo.org.To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
CAS is an open-source project. It is not plug-and-play.
If you want a turnkey implementation, I'd recommend contacting Unicon (the principal architects) who offer it as a hosted solution, various support contracts, and implementation consulting.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
I was totally thinking about posting a complain about the doc. I spent hours a year ago to understand how to setup the soft. I am deploying the latest version now and while I forgot a lot about what I did and what I got, I also see that it grew.We can easily get "you want to do that, compile the module and add the settings". And I'd like to congratulate CAS developers to move from XML Land to a readable property file. But it's also true that the thousands lines long config page mixes everything in a messy way. You may not see the sentence with a link to extended explanations and get lost.You may use resources to make the project more attractive by giving a good doc. The payed solution should be an engeneering assistance, not a "hey we develop it for free but the doc is so odd that you may not successfully deploy it on your own". Look at Docker, opensource, easy, clear, and then they add paid improvments for enterprise class services. They a
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/10a8adf7-8beb-429a-8785-19b5791f2864%40apereo.org.
There are a lot of areas that it needs some serious improvement. I'm slowly writing a document on organizational issues related to the documentation, so that I can share it with everyone. The biggest issue is that it makes you jump around a lot. For example,
having one MASSIVE properties document isn't helpful. The properties related to a specific module that you must enable should be in the document for that module.
--I was totally thinking about posting a complain about the doc. I spent hours a year ago to understand how to setup the soft. I am deploying the latest version now and while I forgot a lot about what I did and what I got, I also see that it grew.
We can easily get "you want to do that, compile the module and add the settings". And I'd like to congratulate CAS developers to move from XML Land to a readable property file. But it's also true that the thousands lines long config page mixes everything in a messy way. You may not see the sentence with a link to extended explanations and get lost.
You may use resources to make the project more attractive by giving a good doc. The payed solution should be an engeneering assistance, not a "hey we develop it for free but the doc is so odd that you may not successfully deploy it on your own". Look at Docker, opensource, easy, clear, and then they add paid improvments for enterprise class services. They a
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/10a8adf7-8beb-429a-8785-19b5791f2864%40apereo.org.
-- Trenton D. Adams Senior Systems Analyst/Web Software Developer Applications Unit - ITS Athabasca University (780) 675-6195 It is only when you are surrounded by a supportive team, that you can achieve your best. Instead of tearing people down, try building them up!--
This communication is intended for the use of the recipient to whom it is addressed, and may contain confidential, personal, and or privileged information. Please contact us immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communications received in error, or subsequent reply, should be deleted or destroyed.---
I was totally thinking about posting a complain about the doc. I spent hours a year ago to understand how to setup the soft. I am deploying the latest version now and while I forgot a lot about what I did and what I got, I also see that it grew.We can easily get "you want to do that, compile the module and add the settings". And I'd like to congratulate CAS developers to move from XML Land to a readable property file. But it's also true that the thousands lines long config page mixes everything in a messy way. You may not see the sentence with a link to extended explanations and get lost.You may use resources to make the project more attractive by giving a good doc. The payed solution should be an engeneering assistance, not a "hey we develop it for free but the doc is so odd that you may not successfully deploy it on your own". Look at Docker, opensource, easy, clear, and then they add paid improvments for enterprise class services. They a
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
I'm not saying it is the way to go. I wanted to say that their online doc is pretty good and it did help to make the software widely used.
This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged.
If you are not one of the named recipients or have received this email in error,
(i) you should not read, disclose, or copy it,
(ii) please notify sender of your receipt by reply email and delete this email and all attachments,
(iii) Dassault Systemes does not accept or assume any liability or responsibility for any use of or reliance on this email.
For other languages, go to http://www.3ds.com/terms/email-disclaimer
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/FA88F021-6A5C-4828-8970-5B8E1FD94CDA%403ds.com.
Can you share that with me? I have yet to get the dashboard and /status urls working.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN6PR1301MB188958BE98603F0A5401E383D5560%40BN6PR1301MB1889.namprd13.prod.outlook.com.
This is still not working. Have you released some sort of attribute to the cas dashboard service that I'm not aware of?
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/EEB88048-0E9F-4EE0-9F2C-D50BB3F6421C%403ds.com.
-- Trenton D. Adams Senior Systems Analyst/Web Software Developer Applications Unit - ITS Athabasca University (780) 675-6195 It is only when you are surrounded by a supportive team, that you can achieve your best. Instead of tearing people down, try building them up!
You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/BwI6_qU612c/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6969fd14-fe90-a24c-e1d9-9055d14ba0e6%40athabascau.ca.
I believe the below matches your yaml perfectly. What about the contents of adminusers.properties?
/etc/cas/config/adminusers.properties
trenta=notused,ROLE_ADMIN
cas.monitor.endpoints.enable=true
cas.monitor.endpoints.sensitive=false
cas.adminPagesSecurity.ip=.*
cas.adminPagesSecurity.actuatorEndpointsEnabled=true
cas.adminPagesSecurity.loginUrl=https://cas.example.org:443/cas/login
cas.adminPagesSecurity.service=https://cas.example.org:443/cas/status/dashboard
cas.adminPagesSecurity.users=file:/etc/cas/config/adminusers.properties
cas.adminPagesSecurity.adminRoles=ROLE_ADMIN
endpoints.enabled=true
endpoints.sensitive=false
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMPwz84_JS2xay%2B%2B_BXajGPeUEw85Y8Z7_CjJo6huf3KRTkZDA%40mail.gmail.com.
cas.monitor.endpoints.enable=true
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f75e321f-d2ec-5c4e-dfa5-67cfb37065ec%40athabascau.ca.
Yes, it was the "enable(d)" that was the problem. The adminRoles does not need the "[0]" unless you need multiple, I've noticed that CAS supports arrays for properties, but if you don't need multiple values you can create an individual configuration property.
Thanks for the help David!
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAO7kvHyDNLy_yRO8B2K_57OhxjA8CfOWVUSAbn-D%3DkRZA%40mail.gmail.com.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b1f5e450-ab52-482d-8e19-944f656c71a3%40apereo.org.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c858a349-d322-4c5b-bb7d-93946e47d749%40apereo.org.
--
Hello rbon,I am already build, install, configured almost ALL variants from Github and around. My problem is - after "successfully" configured the CAS-server I have no glue about "what is the next step!?". The server works fine, but there are no one line description "how it is possible to integrate this server with my needs". I can read a lot of messages from Web-GUI, logs etc., but how to configure my HelloWorld-Tomcat-App to be able use controlled Auth-service from CAS - no idea. In most of cases - there are no way to use old documentation - old links already overwritten by "new releases".
The issue is that CAS is a complicated system solving complicated problems. The key is to start small and build. You likened some of this to Legos before. Well CAS can be the working Mindstorm roller coaster.
https://ideas.lego.com/projects/84c2ced1-52b6-4d8c-b26a-749e5e3984d0 There's several protocols and each of those has several options. In Java web applications alone I've used
the CAS servlet filter, Spring Security, Shiro, and Shibboleth SP. So it comes down to how you want to do it. What else are you using for authorization? The most easy to understand and follow simple test in my opinion is to do phpCAS. PHP is a pretty straightforward
language that isn't complicated by multiple layers or complicated security layers. As I spin up new releases of CAS or attempt to use new features of CAS, I test against phpCAS as it is pretty dead simple to get the first bit going.
The single "readable" (( from my view! )) documentation I found on http://hacsoc.org/wiki/technical/cas.html. But it is from September 6, 2005!!!OfCoz - nobody is able to reuse it - all important refs are already broken.
The latest "usable" public example for using CAS i found on https://github.com/casinthecloud/java-jasig-cas-client-demo. But it is :
- at least 4 years old- based on CAS 3.6.0-SNAPSHOT
- can make only login, NO logout
What? The project was updated 2 months ago. The basics on how it works hasn't change, which is why some of it is old. The version number there is based off of the CAS Java library, not the version of the CAS server. Grab the commit before the current one
if you want to use the latest release of 3.5.1. And I'm not sure what you mean by it can't logout. It does that in the application. With SSO, logout can mean at least three different things.
David Curry has described success story about his organization. But he has more luck as me- his team has access to original documentation with correct links and examples. Now it is not exist anymore. That, what exist now - just a lot of bytes without sense, copy-paste from many independent sources ( sorry for my extreme frustration! ).
So - the main question - what was done with this project last 3-4-5 years. I would name it "monetization". 8-)
The past 3-4-5 years has add an fantastic amount of new features. Those new features frequently require a decent amount of knowledge to implement, so don't worry about them. Things like the specific integration with G Suite are always appreciated. The project moves a pretty good pace.
...Hope - I am wrong! Otherwise it is the time to "fork" the state 5 years old and make it in the real "open-source-style" :((
Contribute.
@DavidI want use - just currently it is not usable!
My goal is really simple, and when I get the "help from community" like "goto ....", and it is get me back after 1-2 weeks to the same point, where I started - something is wrong.I will appreciate, when somebody can demonstrate how with help from actual version of documentation step-by-step ( or even better with 1-2-3 "git clone" ) I can build 3-user-2-roles-1-webapp secured application on the CAS-basis.
If it is not possible - it will be also THE answer....
Kindest regards to ALL.
Follow: https://github.com/casinthecloud/cas-overlay-demo to get a CAS server up and running quickly. If you are on Java 8, you'll need to checkout a revision from the 5.x line as I believe CAS 6 require Java 11.
Follow https://github.com/casinthecloud/java-jasig-cas-client-demo to get a CAS protected service in Java up and running. I had to back rev once to get back to something that would launch for me. It's on a different port and should work with the CAS running on 8080 from the server example before.
Start small. Try the CAS in the Cloud options above. Change it over to auth against your user source of LDAP / AD. Try simple protection of something like PHP pages, then from there worry about attribute release and using those attributes. After you get
that figured out, then decide how you plan to do authentication and authorization in your application. Spring Security and Apache Shiro work well for both of those in Java applications, and both integrate with CAS pretty nicely. So lean on your security library
to help out.