<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-discovery-profile</artifactId>
<version>${cas.version}</version>
</dependency>
{
"@class": "java.util.LinkedHashMap",
"profile": {
"@class": "org.apereo.cas.discovery.CasServerProfile",
"registeredServiceTypes": {
"@class": "java.util.HashMap",
"CAS Client": "org.apereo.cas.services.RegexRegisteredService"
},
"registeredServiceTypesSupported": {
"@class": "java.util.HashMap",
"SAML2 Service Provider": "org.apereo.cas.support.saml.services.SamlRegisteredService",
"WS Federation Relying Party": "org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
"OpenID Connect Relying Party": "org.apereo.cas.services.OidcRegisteredService",
"OAuth2 Client": "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"CAS Client": "org.apereo.cas.services.RegexRegisteredService"
},
"multifactorAuthenticationProviderTypesSupported": {
"@class": "java.util.HashMap",
"mfa-gauth": "Google Authenticator",
"mfa-swivel": "Swivel Secure",
"mfa-authy": "Authy",
"mfa-radius": "RADIUS (RSA,WiKID)",
"mfa-u2f": "FIDO U2F",
"mfa-duo": "Duo Security",
"mfa-azure": "Microsoft Azure"
},
"delegatedClientTypesSupported": [
"java.util.HashSet",
[
"OAuth20Client",
"OAuth10Client",
"TwitterClient",
"FoursquareClient",
"QQClient",
"OrcidClient",
"FacebookClient",
"OkClient",
"FormClient",
"CasProxyReceptor",
"GitHubClient",
"BitbucketClient",
"KeycloakOidcClient",
"WordPressClient",
"WindowsLiveClient",
"OidcClient",
"VkClient",
"LinkedIn2Client",
"YahooClient",
"WechatClient",
"Google2Client",
"StravaClient",
"GenericOAuth20Client",
"AzureAdClient",
"GoogleOidcClient",
"CasOAuthWrapperClient",
"WeiboClient",
"PayPalClient",
"DropBoxClient",
"SAML2Client",
"IndirectBasicAuthClient",
"CasClient"
]
],
"availableAttributes": [
"java.util.LinkedHashSet",
[
"uid",
"username",
"name",
"phone"
]
]
}
}
019-04-07 00:32:01,567 INFO [org.apereo.cas.mgmt.web.CasManagementWebApplicationServletInitializer] - The following profiles are active: standalone
2019-04-07 00:32:07,489 DEBUG [org.apereo.cas.config.CasCoreUtilSerializationConfiguration] - Configuring component serialization plan [CasCoreUtilSerializationConfiguration]
2019-04-07 00:32:08,247 DEBUG [org.apereo.cas.mgmt.config.CasManagementAuthenticationConfiguration] - Configuring an authentication strategy based on CAS running at [https://cas.example.com]
2019-04-07 00:32:08,263 DEBUG [org.apereo.cas.mgmt.config.CasManagementAuthenticationConfiguration] - Skipping IP address authentication strategy configuration; no pattern is defined
2019-04-07 00:33:14,297 INFO [org.apereo.cas.mgmt.services.web.factory.FormDataFactory] - CAS Server returned 502 status code from endpoint https://cas.example.com/cas/status/discovery. Using default FormData values.
2019-04-07 00:33:17,369 DEBUG [org.apereo.cas.config.CasCoreServicesConfiguration] - Configuring service registry [JpaServiceRegistryConfiguration]
2019-04-07 00:33:17,402 DEBUG [org.apereo.cas.services.DefaultServiceRegistryExecutionPlan] - Registering service registry [JpaServiceRegistry] into the execution plan
2019-04-07 00:33:17,362 DEBUG [org.apereo.cas.services.AbstractServicesManager] - Registering service registry [JpaServiceRegistry] into the execution planorg.apereo.cas.services.ChainingServiceRegistry@35554139]
2019-04-07 00:33:17,807 DEBUG [org.apereo.cas.services.AbstractServicesManager] - Adding registered service [^https:\/\/app1.example.com(\\z|\/.*)]
2019-04-07 00:33:17,807 DEBUG [org.apereo.cas.services.AbstractServicesManager] - Adding registered service [^https:\/\/app2.example.com(\\z|\/.*)]
2019-04-07 00:33:17,807 DEBUG [org.apereo.cas.services.AbstractServicesManager] - Adding registered service [^https:\/\/app3.example.com(\\z|\/.*)]
2019-04-07 00:33:17,807 DEBUG [org.apereo.cas.services.AbstractServicesManager] - Adding registered service [^https:\/\/app4.example.com(\\z|\/.*)]
2019-04-07 00:33:17,807 DEBUG [org.apereo.cas.services.AbstractServicesManager] - Adding registered service [^https:\/\/cas.example.com(|:8443)\/cas-management(|\\z|\/.*)]
2019-04-07 00:33:17,808 DEBUG [org.apereo.cas.services.AbstractServicesManager] - Adding registered service [^https:\/\/cas.example.com(|:8443)\/cas\/status(|\\z|\/.*)]
2019-04-07 00:33:17,808 DEBUG [org.apereo.cas.services.AbstractServicesManager] - Adding registered service [^https:\/\/localhost:8443(\\z|\/.*)]
2019-04-07 00:33:17,813 INFO [org.apereo.cas.services.AbstractServicesManager] - Loaded [7] service(s) from [JpaServiceRegistry].
2019-04-07 00:33:17,894 DEBUG [org.apereo.cas.util.io.PathWatcherService] - Created service registry watcher for events of type [ENTRY_CREATE]
2019-04-07 00:33:17,954 INFO [org.apereo.cas.mgmt.DefaultCasManagementEventListener] -
2019-04-07 00:33:17,957 INFO [org.apereo.cas.mgmt.DefaultCasManagementEventListener] -
____ _____ _ ____ __ __
| _ \ | ____| / \ | _ \ \ \ / /
| |_) | | _| / _ \ | | | | \ V /
| _ < | |___ / ___ \ | |_| | | |
|_| \_\ |_____| /_/ \_\ |____/ |_|
2019-04-07 00:33:17,957 INFO [org.apereo.cas.mgmt.DefaultCasManagementEventListener] -
curl -v https://cas.example.com:8443/cas/status/discovery
* Trying 2xx.60.112.9...
* Connected to cas.example.com (2xx.60.112.9) port 8443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: cas.example.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: CN=cas.example.com
* start date: Wed, 03 Apr 2019 09:32:48 GMT
* expire date: Tue, 02 Jul 2019 09:32:48 GMT
* issuer: C=US,O=XXXXXXXXXXX,CN=XXXXXXXXXXXXXX
* compression: NULL
* ALPN, server did not agree to a protocol
> GET /cas/status/discovery HTTP/1.1
> Host: cas.example.com:8443
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 302
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< Strict-Transport-Security: max-age=15768000 ; includeSubDomains
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-XSS-Protection: 1; mode=block
< Set-Cookie: JSESSIONID=AECBB7BF899FAFB0B707CE228ECC19EC; Path=/cas; Secure; HttpOnly
< Location: https://cas.example.com:8443/cas/login?service=https%3A%2F%2Fcas.example.com%3A8443%2Fcas%2Fstatus%2Fdiscovery
< Transfer-Encoding: chunked
< Date: Tue, 09 Apr 2019 23:34:01 GMT
<
* Connection #0 to host cas.example.com left intact
Can anyone help please?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6865637d5002e54d38c2e2e619ff06ec63e45f0a.camel%40uvic.ca.
cas.adminPagesSecurity.ip = .*
cas.adminPagesSecurity.loginUrl = ${cas.server.prefix}/login
cas.adminPagesSecurity.service = ${cas.server.prefix}/status/dashboard
cas.adminPagesSecurity.users = file:/etc/cas/config/admusers.properties
cas.adminPagesSecurity.adminRoles[0] = ROLE_ADMIN
cas.adminPagesSecurity.actuatorEndpointsEnabled=true
cas.monitor.endpoints.enabled = true
cas.monitor.endpoints.sensitive = false
cas.monitor.endpoints.status.enabled = true
cas.monitor.endpoints.status.sensitive = false
cas.monitor.endpoints.discovery.enabled = true
cas.monitor.endpoints.discovery.sensitive = false
endpoints.enabled = true
endpoints.sensitive = true
endpoints.restart.enabled=true
endpoints.shutdown.enabled=true
endpoints.autoconfig.enabled=true
endpoints.beans.enabled=true
endpoints.bus.enabled=true
endpoints.configprops.enabled=true
endpoints.dump.enabled=true
endpoints.env.enabled=true
endpoints.health.enabled=true
endpoints.features.enabled=true
endpoints.info.enabled=true
endpoints.loggers.enabled=true
endpoints.logfile.enabled=true
endpoints.trace.enabled=true
endpoints.docs.enabled=true
endpoints.heapdump.enabled=true
To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.
... attributeRepository.stub.attributes.uid = uid.........
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4314fa3d37e510b2956fdda5527281a09aa882d1.camel%40uvic.ca.
Hi,
I have yesterday the same problem on a delegated auth and I needed to watch on cas properties (as it's not listed).
On my case users can come from several auth systems, one is local
from my LDAP, but users can use a delegated auth. So in my conf I
have the basic auth from my local LDAP defined with cas.authn.ldap[0].xxxx
and as example for a delegated auth from a shibboleth IDP I
defined cas.authn.pac4j.saml[0].xxxx
But in the case of a delegated auth I need to chain this auth with a local LDAP request to obtain user's attributes and so I need to define such properties: cas.authn.attributeRepository.ldap[0].xxxx
But this doesn't permit to merge users attributes from my local LDAP, and after search I've found this property that permit to share all attributes retrieved : cas.authn.attributeRepository.defaultAttributesToRelease=${cas.authn.ldap[0].principalAttributeList} where cas.authn.ldap[0].principalAttributeList is my default local LDAP auth user attributes list, and so I have the same list.
Hope this will help you !
Now on my case, as I have several delegated system, I'm looking for if it's possible to set something that tell to use one specific attributeRepository associated to a specific delegated auth (due to the LDAP filter won't be the same) instead of chaining all attributeRepository.
Thanks
Julien
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CCD58B73-2087-41E3-BB23-3247EB357DE0%40gmail.com.
... principalAttributeList = uid, displayName, phoneNumber, emailAddress
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/146520a1-9471-324c-0bc3-c55483bf7a4f%40recia.fr.