[help required]5.3.0-RC2 CAS dashboard not working

38 views
Skip to first unread message

Naresh kumar kankati

unread,
May 25, 2018, 8:44:31 AM5/25/18
to CAS Community

Hi,

I am in the process of upgrading CAS from 5.2.2 to 5.3.0-RC2.

 

CAS dashboard was working fine with 5.2.2 but when I switched to 5.3.0-RC2. It always returns forbidden.

 

Not sure what I am missing here. Can anyone help please?

 

CAS properties:

cas.adminPagesSecurity.ip=127.0.0.1

cas.adminPagesSecurity.alternateIpHeaderName=X-Forwarded-For

cas.adminPagesSecurity.loginUrl=https://localhost:8443/cas/login

cas.adminPagesSecurity.service=https://localhost:8443/cas/status/dashboard

cas.adminPagesSecurity.users=file:/opt/test/cas/config/adminusers.properties

cas.adminPagesSecurity.adminRoles=ROLE_ADMIN

 

security.basic.authorizeMode=role

security.basic.enabled=true

security.basic.path=/cas/status/**

security.basic.realm=CAS

 

cas.adminPagesSecurity.actuatorEndpointsEnabled=true

 

cas.rest.attributeName=sAMAccountName

cas.rest.attributeValue=sAMAccountName

 

Registered a service:

{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https://localhost:8443/cas/status/dashboard",

  "name" : "CAS Admin Dashboard",

  "id" : 10000011,

  "theme":"iamadmin",

  "description" : "CAS dashboard and administrative endpoints",

  "evaluationOrder" : 5000

}

 

Referred:

 https://dacurry-tns.github.io/deploying-apereo-cas/building_server_dashboard_overview.html

https://apereo.github.io/cas/development/installation/Configuration-Properties.html

 

Debug logs:

DEBUG [org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - <=== SECURITY ===>

2018-05-11 07:54:57,198 DEBUG [org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - <url: https://localhost:8443/cas/status/dashboard>

2018-05-25 07:54:57,198 DEBUG [org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - <matchers: null>

2018-05-25 07:54:57,199 DEBUG [org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - <clients: CasClient>

2018-05-25 07:54:57,199 DEBUG [org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - <currentClients: [#DirectCasClient# | configuration: #CasConfiguration# | loginUrl: https://localhost:8443/cas/login | prefixUrl: https://localhost:8443/cas/ | restUrl: https://localhost:8443/cas/v1/tickets | protocol: CAS30 | renew: false | gateway: false | encoding: UTF-8 | logoutHandler: #DefaultCasLogoutHandler# | store: #GuavaStore# | size: 10000 | timeout: 30 | timeUnit: MINUTES | | destroySession: false | | acceptAnyProxy: false | allowedProxyChains: [] | proxyReceptor: null | timeTolerance: 1000 | postLogoutUrlParameter: service | defaultTicketValidator: null | urlResolver: org.pac4j.core.http.DefaultUrlResolver@6577f727 | |]>

2018-05-25 07:54:57,199 DEBUG [org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - <loadProfilesFromSession: true>

2018-05-25 07:54:57,200 DEBUG [org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - <profiles: [#CasProfile# | id: testuser | attributes: {isFromNewLogin=true, mail=test...@test.com, bypassMultifactorAuthentication=true, authenticationDate=2018-05-25T07:54:48.391-04:00[America/New_York], sAMAccountName=testuser, accountExpires=9223372036854775807, givenName=testuser, successfulAuthenticationHandlers=LdapAuthenticationHandler, cn=testuser, credentialType=RememberMeUsernamePasswordCredential, msDS-UserPasswordExpiryTimeComputed=9223372036854775807, bypassedMultifactorAuthenticationProviderId=mfa-duo, authenticationMethod=LdapAuthenticationHandler, longTermAuthenticationRequestTokenUsed=false, sn=testuser, lockoutTime=0, username=testuser, pwdLastSet=131578106790314866, badPwdCount=0} | roles: [] | permissions: [] | isRemembered: false | clientName: CasClient | linkedId: null |]>

2018-05-25 07:54:57,200 DEBUG [org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - <authorizers: securityHeaders,csrfToken,RequireAnyRoleAuthorizer>

2018-05-25 07:54:57,201 DEBUG [org.pac4j.core.authorization.checker.DefaultAuthorizationChecker] - <Checking authorizer: org.pac4j.core.authorization.authorizer.CacheControlHeader@6be8c6e5 -> true>

2018-05-25 07:54:57,201 DEBUG [org.pac4j.core.authorization.checker.DefaultAuthorizationChecker] - <Checking authorizer: org.pac4j.core.authorization.authorizer.XContentTypeOptionsHeader@3a99578a -> true>

2018-05-25 07:54:57,201 DEBUG [org.pac4j.core.authorization.checker.DefaultAuthorizationChecker] - <Checking authorizer: org.pac4j.core.authorization.authorizer.StrictTransportSecurityHeader@b49fcda -> true>

2018-05-25 07:54:57,201 DEBUG [org.pac4j.core.authorization.checker.DefaultAuthorizationChecker] - <Checking authorizer: org.pac4j.core.authorization.authorizer.XFrameOptionsHeader@7b1cdf3e -> true>

2018-05-25 07:54:57,201 DEBUG [org.pac4j.core.authorization.checker.DefaultAuthorizationChecker] - <Checking authorizer: org.pac4j.core.authorizatio

 

2018-05-25 07:54:57,201 DEBUG [org.pac4j.core.authorization.checker.DefaultAuthorizationChecker] - <Checking authorizer: org.pac4j.core.authorization.authorizer.XSSProtectionHeader@31458155 -> true>

2018-05-25 07:54:57,201 DEBUG [org.pac4j.core.authorization.checker.DefaultAuthorizationChecker] - <Checking authorizer: #CsrfTokenGeneratorAuthorizer# | csrfTokenGenerator: org.pac4j.core.authorization.authorizer.csrf.DefaultCsrfTokenGenerator@10dddcf8 | domain: null | path: / | httpOnly: null | secure: null | -> true>

2018-05-25 07:54:57,201 DEBUG [org.pac4j.core.authorization.checker.DefaultAuthorizationChecker] - <Checking authorizer: org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer@d0fa89f -> false>

2018-05-25 07:54:57,201 DEBUG [org.apereo.cas.web.pac4j.CasSecurityInterceptor$1] - <forbidden>

RequireAnyRoleAuthorizer always returns false

 

Thanks

Naresh 

Reply all
Reply to author
Forward
0 new messages