CAS files not generating

[Ben]

Hello,

 

I am trying to generate a deployment of CAS 7.0. From reading the documentation, I should (and am hopefully) using a clean WAR Overlay build. I am using guides I found in the CAS Community such as the following:

• https://paulchauvet.github.io/deploying-cas/building-cas/initial-cas-config/
• https://fawnoos.com/2023/12/15/cas70x-gettingstarted-overlay/

 

I am going the route of checking out (and creating my own branch of) branch 7.0 from https://github.com/apereo/cas-overlay-template/tree/7.0 instead of doing the curl command. I then run the “./gradlew clean build” command. That works. Next, from all the documentation, it mentions to look into the cas.properties files among others. When I look into the etc/config folder, I seem to be missing many files like the SAML and Services folder, and the keystore. Having missing SAML and Services folders causes my builds to fail too.

 

How does one generate the files (among others I’m sure I’m missing)? Am I missing an obvious step?

 

Thanks,

Benjamin Chang

[Benjamin Chang]

Thank you Frédéri. I've been playing around and I ran 

curl -k https://getcas.apereo.org/starter.tgz  \
  -d type=cas-overlay -d baseDir=overlay | tar -xzvf -

This made an overview file that had SAML and Services folder in the /etc/cas. However there is still no keystore. I've tried running your command among "./gradlew.bat createkeystore --info" and it keeps erroring. I get

Custom actions are attached to task ':createKeystore'.
Caching disabled for task ':createKeystore' because:
  Gradle would require more information to cache this task
Task ':createKeystore' is not up-to-date because:
  Task has not declared any outputs despite executing actions.

I've tried running it out of gradlew with your command and it doesn't seem to recognize keytool despite my environmental variables being java_21 and the bin folder has the ./keytool.exe

On Wed, Jul 3, 2024 at 8:08 AM Frédéric Dussurget <dussu...@gmail.com> wrote:

Hi Benjamin,

as saml and services folders are not mandatory (saml is optionnal and you may store your services elsewhere, eg. in a mongo/redit/postgres db ...) you'll have to handle this on your own

You might write your cas.properties file from scratch (know that cas properties could also be stored in a .yml format ...)

If you choose your filesystem to store services, create the folder /etc/cas/services regarding the documentation you've just told about :

cas.service-registry.core.init-from-json=false cas.service-registry.json.location=file:/etc/cas/services

Same thing for SAML.

Finally, about Keystore, the doc says :

By default, the CAS web application expects to run on the secure port 8443 which requires that you create a keystore file at /etc/cas/ named thekeystore.

So, let's generate your own keystore with keytool, eg :

sudo keytool -keystore /etc/cas/thekeystore -keyalg RSA -genkey -alias shared

sudo keytool -importkeystore -srckeystore mywonderful.p12 -destkeystore /etc/cas/thekeystore -srcstoretype pkcs12 -alias shared

(Watch for permissions on every file/folder you create so that your tomcat webapp can open them)

hope it helps

[Ray Bon]

Benjamin,

You can create directories and files as necessary; then rebuild.

Ray

---

From: cas-...@apereo.org <cas-...@apereo.org> on behalf of Ben <zeal...@gmail.com>
Sent: 02 July 2024 08:46
To: CAS Community <cas-...@apereo.org>
Subject: [cas-user] CAS files not generating

 

You don't often get email from zeal...@gmail.com. Learn why this is important

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/de826b53-7e44-4bb1-9f77-5e4ca5c36e38n%40apereo.org.

[Frédéric Dussurget]

Hi Benjamin,

as saml and services folders are not mandatory (saml is optionnal and you may store your services elsewhere, eg. in a mongo/redit/postgres db ...) you'll have to handle this on your own

You might write your cas.properties file from scratch (know that cas properties could also be stored in a .yml format ...)

If you choose your filesystem to store services, create the folder /etc/cas/services regarding the documentation you've just told about :

cas.service-registry.core.init-from-json=false cas.service-registry.json.location=file:/etc/cas/services

Same thing for SAML.

Finally, about Keystore, the doc says :

By default, the CAS web application expects to run on the secure port 8443 which requires that you create a keystore file at /etc/cas/ named thekeystore.

So, let's generate your own keystore with keytool, eg :

sudo keytool -keystore /etc/cas/thekeystore -keyalg RSA -genkey -alias shared

sudo keytool -importkeystore -srckeystore mywonderful.p12 -destkeystore /etc/cas/thekeystore -srcstoretype pkcs12 -alias shared

(Watch for permissions on every file/folder you create so that your tomcat webapp can open them)

hope it helps

Le mardi 2 juillet 2024 à 17:49:20 UTC+2, Ben a écrit :

[Benjamin Chang]

I tried creating a thekeystore folder in /etc/cas and that just seems to cause more erroring to occur when I run the './gradlew createkeystore'. From my understanding looking at a different build of cas, the keystore is just a file with no extension so a folder isnt the right type and I'm not sure how else to create the keystore aside from keytool or ./gradlew?

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/YT3PR01MB994671D7728513A805991CEACEDD2%40YT3PR01MB9946.CANPRD01.PROD.OUTLOOK.COM.

[Frédéric Dussurget]

Keytool is an external tool provided by java so I guess it's juste a matter of path on your system ... Here is what I have on linux.

As the doc says, you should create this file /etc/cas/thekeystore as cas expects by default and, without any file extension.

Prior to that, check this (let's assume you installed openjdk 21 in /usr/lib/jvm/java-21-openjdk-amd64/ ):

cat /etc/environment
JAVA_HOME=/usr/lib/jvm/java-21-openjdk-amd64/

echo $JAVA_HOME

/usr/lib/jvm/java-21-openjdk-amd64/

I also linked java folder to default-java :

sudo ln -s java-21-openjdk-amd64 default-java

/usr/lib/jvm$ ls -al
lrwxrwxrwx 1 root root   21 Oct 17  2023 default-java -> java-21-openjdk-amd64

[...]
drwxr-xr-x 8 root root 4096 Apr 23 15:08 java-21-openjdk-amd64
[...]

You might also update alternatives on your system :

sudo update-alternatives --install /usr/bin/keytool keytool /usr/lib/jvm/java-21-openjdk-amd64/bin/keytool 1

sudo update-alternatives --config keytool

[Benjamin Chang]

Update/solution (?) for others potentially running into my issue: It appears that I was going to the wrong site to see if it worked. I was going to https://localhost:8443 and it was showing a 404 page, but turns out I needed to go to https://localhost:8443/cas which led to a log in page.

It appears all I needed to do was create "SAML" and "Services" folders in the "/etc/cas/" directory. I had to copy and paste the keystore from a previous project however. That seems to still be an issue.