CAS Management 6.1.0-RC4 BUGS

53 views

Skip to first unread message

William Jojo

unread,

Jan 23, 2020, 3:09:33 PM1/23/20

to cas-...@apereo.org

Hope this is the right place to list CAS Management bugs, there are several to report.

Please know that I love the tool and wanted to provide detailed feedback.

My management.properties looks like:

cas.server.name=https://casdev-master.hvcc.edu

cas.server.prefix=${cas.server.name}/cas

mgmt.serverName=${cas.server.name}

mgmt.adminRoles[0]=ROLE_ADMIN

mgmt.userPropertiesFile=file:/etc/cas/config/users.properties

mgmt.versionControl.servicesRepo=/etc/tomcat9/services-repo

mgmt.versionControl.enabled=false

cas.serviceRegistry.json.location=file:/etc/tomcat9/services-repo

logging.config=file:/etc/cas/config/log4j2-management.xml

cas.authn.attributeRepository.stub.attributes.UDC_IDENTIFIER: UDC_IDENTIFIER

cas.authn.attributeRepository.stub.attributes.cn: cn

cas.authn.attributeRepository.stub.attributes.displayName: displayName

cas.authn.attributeRepository.stub.attributes.givenName: givenName

cas.authn.attributeRepository.stub.attributes.mail: mail

cas.authn.attributeRepository.stub.attributes.sn: sn

cas.authn.attributeRepository.stub.attributes.sAMAccountName: sAMAccountName

cas.authn.attributeRepository.stub.attributes.uid: uid

Had to use users.properties with:

w.jojo=notused,ROLE_ADMIN

Since the users.json:

{

"w.jojo" : {

"@class" : "org.apereo.cas.mgmt.authz.json.UserAuthorizationDefinition",

"roles" : [ "ROLE_ADMIN" ]

}

Would not work. Received an authorization failure with a redirect error.

Many properties have changed having added versionControl to some property names. For example:

mgmt.versionControl.servicesRepo=/etc/tomcat9/services-repo

mgmt.versionControl.enabled=false # had to dig through the code for this one.

The docs need some care and feeding.

The docs issue aside, if enabled is false, the tool still insists in finding a git repository and refuses to load the JSON files. The only way around this was to forcibly create an initialized repo (the directory is not enough, it MUST be one with “git init” having been done - not mentioned in the docs) whereby the JSON files are then read and visible in the management interface list of services.

Some sort of indicator in the management interface regarding a failure to assess the repo folder (Read only filesystem for jailed Tomcat apps) and for uninitialized git repos would be really helpful here. Or maybe asking if the user would like a "git init" done on their behalf indicating the repo location.

Additionally, if version control is disabled, there would be no need to validate the repo.

After all of that was fixed, I was able to create a new entry. Yay! But saw a warning in the logs:

[casdev-casapp-1579718776438.json] does not match the recommended pattern [(\w+)-(\d+)\.json]

Tried renaming a service resulting in

java.nio.file.NoSuchFileException: /etc/tomcat9/services-repo/casdev-casapp-1579718776438..json

Note the extra dot. Looks like a filename handling bug. Had to remove the file manually then save was successful.

Would it be advantageous to not allow extra hyphens in the service name? Would it also be possible to notify the user that there was a file handling error? It currently says there was a problem and you should try again later.

Cannot edit service and switch from Return All to Return Allowed. You can select it, but the list remains and you have to either pick Return All or Deny All to move through the interface. If you do pick Deny All and save it, editing it again reveals that it is still Return All.

Delete service shows “deleting service” thumb-sucker long after (about 45-60 seconds) file has been deleted from repo. You can select other actions, it just hangs around for awhile.

Thank you!

Bill

Reply all

Reply to author

Forward

0 new messages