Access Strategy not working???

[Tim Tyler]

CAS users,

  Ok, I am on CAS 5.2 on Redhat 7. 

 

I have created a number of services stored in json files in /etc/cas/services.   But I don’t think any of them are getting read by CAS.   The CAS-Management creates them and puts them there.  But I am not sure CAS is reading them there.  My goal was to create a service for one of our Moodle development servers where only staff could access it, not students.  I simply added an ldap attribute which contains the value of Staff.  CAS-Management seems to create it properly.   But CAS ignores it.

 

Instead I get the following results from the CAS Dashboard from the “Attribute Release” interface (see picture below):  The result is https|imap which I never created a service for.  I had to hunt for where this was coming from and found it in /usr/local/cas/target/cas/WEB-INF/classes/services/HTTPSandIMAPS-10000001.json

 

I tried removing it but it restored itself when I restarted the server.  I don’t understand what is going on here.  I have the following setting in cas:

cas.serviceRegistry.config.location: file:/etc/cas/services

 

So why is CAS finding json services from /usr/local/cas/target/cas/WEB-INF/classes/services instead of /etc/cas/services  {or at least the dashboard anyways}?   Shouldn’t the “cas.serviceRegistry.config.location: entry be pointing in to /etc/cas/services”???  I think I got this from the documentation.

 

In case this helps, this is in the DevMoodle service registration json file:

@class: org.apereo.cas.services.RegexRegisteredService

  serviceId: https://devmoodle.beloit.edu.*

  name: Dev Moodle

  id: 1519398393836  

…..and much more

 

 

 

 

Tim Tyler

Network Engineer

Beloit College

 

[Travis Schmidt]

The property was changed in 5.2 to cas.serviceRegistry.json.location.  5.2 currently ignores unknown properties and falls back to default on this.  I got bit by this on a deployment two weeks ago.  Also the property names for webflow and tgc encryption were changed, so check those as well.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/03d58f91ff6f2a6b1fc06d57f6946e3b%40mail.gmail.com.

[Tim Tyler]

Travis,

Thanks! I think that worked.  That is what I get for reading older documentation.  I really wish bad lines would not be ignored.  Makes me wonder what else I have entered might not be doing anything. 

Tim

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAC_RtEbB3-52_Q1uxZWZto5YYw6fj4PcvocW0DXh7nfdU2-1bQ%40mail.gmail.com.

[Travis Schmidt]

The next CAS release has been changed to no longer ignore unknown fields.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c83880ddc64fe203e3f5aa644392a06e%40mail.gmail.com.

[Tom Poage]

I was going to ask about this: Apereo/Unicon, do you have a policy on what/when “breaking” changes are allowed between different versions?

 

E.g. https://semver.org/

 

In addition to the registry location property change, I think we were also bit by a change from JSON to HJSON somewhere back there in a point release.

 

Thanks!

Tom.

 

From: <cas-...@apereo.org> on behalf of Travis Schmidt <travis....@gmail.com>
Reply-To: "cas-...@apereo.org" <cas-...@apereo.org>
Date: Friday, February 23, 2018 at 8:11 AM
To: "cas-...@apereo.org" <cas-...@apereo.org>
Subject: Re: [cas-user] Access Strategy not working???

 

The property was changed in 5.2 to cas.serviceRegistry.json.location.  5.2 currently ignores unknown properties and falls back to default on this.  I got bit by this on a deployment two weeks ago.  Also the property names for webflow and tgc encryption were changed, so check those as well.

 

 

 

On Fri, Feb 23, 2018 at 7:35 AM Tim Tyler <ty...@beloit.edu> wrote:

CAS users,

  Ok, I am on CAS 5.2 on Redhat 7. 

 

I have created a number of services stored in json files in /etc/cas/services.   But I don’t think any of them are getting read by CAS.   The CAS-Management creates them and puts them there.  But I am not sure CAS is reading them there.  My goal was to create a service for one of our Moodle development servers where only staff could access it, not students.  I simply added an ldap attribute which contains the value of Staff.  CAS-Management seems to create it properly.   But CAS ignores it.

 

Instead I get the following results from the CAS Dashboard from the “Attribute Release” interface (see picture below):  The result is https|imap which I never created a service for.  I had to hunt for where this was coming from and found it in /usr/local/cas/target/cas/WEB-INF/classes/services/HTTPSandIMAPS-10000001.json

 

I tried removing it but it restored itself when I restarted the server.  I don’t understand what is going on here.  I have the following setting in cas:

cas.serviceRegistry.config.location: file:/etc/cas/services

 

So why is CAS finding json services from /usr/local/cas/target/cas/WEB-INF/classes/services instead of /etc/cas/services  {or at least the dashboard anyways}?   Shouldn’t the “cas.serviceRegistry.config.location: entry be pointing in to /etc/cas/services”???  I think I got this from the documentation.

 

In case this helps, this is in the DevMoodle service registration json file:

@class: org.apereo.cas.services.RegexRegisteredService

  serviceId: https://devmoodle.beloit.edu.*

  name: Dev Moodle

  id: 1519398393836  

…..and much more

 

 

 

 

Tim Tyler

Network Engineer

Beloit College

 

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/03d58f91ff6f2a6b1fc06d57f6946e3b%40mail.gmail.com.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org

.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAC_RtEbB3-52_Q1uxZWZto5YYw6fj4PcvocW0DXh7nfdU2-1bQ%40mail.gmail.com.