CAS Management 6.5.2

50 views
Skip to first unread message

Trevor Fong

unread,
May 12, 2022, 6:51:09 PMMay 12
to CAS Community
Hi All,
I'm trying to set up a fresh 6.5.2 install and am having trouble getting the cas-management to work.  I can login OK if I go to https://<cas-server>/cas/login.
But if I try to go to https://<cas-server>/cas-management I get redirected to https://localhost:8443/cas-management/

Theoretically, this should be controlled by the "mgmt.server-name" property in management.properties but changing it doesn't seem to have any affect.

In the /etc/cas/config/management.properties I have the following configured:
cas.server.name=https://<cas-server>
cas.server.prefix=https://<cas-server>/cas

mgmt.admin-roles[0]=ROLE_ADMIN
mgmt.user-properties-file=file:/etc/cas/config/users.properties

# Update this URL to point at server running this management app
mgmt.server-name=https://<cas-server>

server.context-path=/cas-management
server.port=443

logging.config=file:/etc/cas/config/log4j2-management.xml


Would anyone have any clue what's going on?

Thanks a lot,
Trev

Mathieu HETRU

unread,
May 17, 2022, 11:31:32 AMMay 17
to cas-...@apereo.org
Just add this line in your management.properties :

mgmt.serverName=https://<cas-server>
or
mgmt.server.name=https://<cas-server>

Best Regards,

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/744d1b02-a0df-4105-b1c0-a051c9379c50n%40apereo.org.

Trevor Fong

unread,
May 17, 2022, 12:14:06 PMMay 17
to cas-...@apereo.org
Hi Mathieu

I’ve tried those variations also to the same result.

Thanks a lot for the suggestions though.  Really appreciate any tips.

Trev

.
On May 17, 2022, 8:31 AM -0700, cas-...@apereo.org, wrote:

To

Mathieu HETRU

unread,
May 17, 2022, 12:42:19 PMMay 17
to cas-...@apereo.org
Have you created the management.properties file in this place ? /etc/cas/config/management.properties ?

Best Regards,

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

Trevor Fong

unread,
May 17, 2022, 4:55:00 PMMay 17
to cas-...@apereo.org
Hi Mathieu

Yes - I do have an /etc/cas/config/management.properties file.  From my initial message:

In the /etc/cas/config/management.properties I have the following configured:
cas.server.name=https://<cas-server>
cas.server.prefix=https://<cas-server>/cas

mgmt.admin-roles[0]=ROLE_ADMIN
mgmt.user-properties-file=file:/etc/cas/config/users.properties

# Update this URL to point at server running this management app
mgmt.server-name=https://<cas-server>

server.context-path=/cas-management
server.port=443

logging.config=file:/etc/cas/config/log4j2-management.xml

Thanks a lot
Trev

.

Trevor Fong

unread,
May 25, 2022, 5:25:44 PMMay 25
to CAS Community, Trevor Fong
Hi Everyone,

In an attempt to resolve my CAS Management issues, I've now upgraded to 6.5.3 and am deploying via CASInitializr, all to no avail, still!:
# getcas --type cas-overlay --casVersion 6.5.3 --modules support-jpa-ticket-registry,support-jpa-service-registry,support-ldap,support-saml,support-duo,support-audit-jdbc
# getcas getcas --type cas-management-overlay --casVersion 6.5.3  
After "./gradlew clean build" for both, I'm then deploying the resulting cas.war and cas-management.war files to a Tomcat 9 instance.

My /etc/cas/config/management.properties is:


# Update this URL to point at server running this management app
mgmt.server-name=https://my.server.name

mgmt.user-properties-file=file:/etc/cas/config/users.json
mgmt.admin-roles[0]=ROLE_ADMIN
mgmt.user-roles[0]=ROLE_USER

server.servlet.context-path=/cas-management
server.port=8080

logging.config=file:/etc/cas/config/log4j2-management.xml
...


Any help would be greatly appreciated.

Thanks,
Trev

Trevor Fong

unread,
May 25, 2022, 5:34:46 PMMay 25
to CAS Community, Trevor Fong
I forgot to mention that setting all logging to DEBUG doesn't seem to reveal anything enlightening.  It just shows that it is finding the management.properties file and it is loading those properties.  It just doesn't seem to be using them to construct the redirect address:

2022-05-25 07:07:55,084 DEBUG [org.apereo.cas.configuration.DefaultCasConfigurationPropertiesSourceLocator] - <Located CAS standalone configuration directory at [/etc/cas/config]>
2022-05-25 07:07:55,095 INFO [org.apereo.cas.configuration.DefaultCasConfigurationPropertiesSourceLocator] - <Configuration files found at [/etc/cas/config] are [[file [/etc/cas/config/management.properties]]] under profile(s) [[standalone]]>
2022-05-25 07:07:55,096 DEBUG [org.apereo.cas.configuration.DefaultCasConfigurationPropertiesSourceLocator] - <Loading configuration file [file [/etc/cas/config/management.properties]]>
2022-05-25 07:07:55,097 DEBUG [org.apereo.cas.configuration.loader.SimpleConfigurationPropertiesLoader] - <Located CAS standalone configuration file at [file [/etc/cas/config/management.properties]]>
2022-05-25 07:07:55,098 DEBUG [org.apereo.cas.configuration.loader.SimpleConfigurationPropertiesLoader] - <Found settings [[cas.serviceRegistry.jpa.isolateInternalQueries, cas.authn.attributeRepository.stub.attributes.[redacted attribute name], cas.server.name, cas.serviceRegistry.repeatInterval, cas.serviceRegistry.jpa.pool.maxIdleTime, mgmt.admin-roles[0], mgmt.server-name, cas.serviceRegistry.jpa.batchSize, cas.serviceRegistry.jpa.pool.minSize, cas.serviceRegistry.jpa.pool.suspension, cas.serviceRegistry.startDelay, cas.serviceRegistry.jpa.autocommit, cas.authn.attributeRepository.stub.attributes.[redacted attribute name], cas.serviceRegistry.jpa.failFast, cas.serviceRegistry.jpa.dialect, cas.serviceRegistry.jpa.idleTimeout, cas.serviceRegistry.jpa.driverClass, server.port, cas.serviceRegistry.jpa.healthQuery, cas.serviceRegistry.initFromJson, cas.authn.attributeRepository.stub.attributes.[redacted attribute name], cas.serviceRegistry.jpa.pool.maxWait, cas.authn.attributeRepository.stub.attributes.[redacted attribute name], cas.serviceRegistry.jpa.password, cas.authn.attributeRepository.stub.attributes.[redacted attribute name], server.context-path, cas.authn.attributeRepository.stub.attributes.[redacted attribute name], logging.config, mgmt.user-properties-file, cas.serviceRegistry.watcherEnabled, cas.serviceRegistry.jpa.pool.maxSize, cas.serviceRegistry.jpa.defaultSchema, cas.serviceRegistry.jpa.url, cas.serviceRegistry.jpa.user, cas.authn.attributeRepository.stub.attributes.[redacted attribute name], cas.authn.attributeRepository.stub.attributes.[redacted attribute name], cas.server.prefix, cas.serviceRegistry.jpa.ddlAuto, cas.serviceRegistry.jpa.leakThreshold, cas.serviceRegistry.jpa.defaultCatalog]] in file [file [/etc/cas/config/management.properties]]>
2022-05-25 07:07:55,100 DEBUG [org.apereo.cas.configuration.DefaultCasConfigurationPropertiesSourceLocator] - <Loading embedded YAML configuration files [[class path resource [application-standalone.yml], class path resource [application.yml]]]>
2022-05-25 07:07:55,110 DEBUG [org.apereo.cas.configuration.loader.YamlConfigurationPropertiesLoader] - <No properties were located inside [class path resource [application.yml]]>
2022-05-25 07:07:55,181 INFO [org.apereo.cas.mgmt.web.CasManagementWebApplicationServletInitializer] - <The following profiles are active: standalone>

--Trev

Ray Bon

unread,
May 25, 2022, 6:10:44 PMMay 25
to cas-...@apereo.org, tjf...@gmail.com
Trev,

Are you being redirected to localhost after log in or when you access https://my.server.../cas-management?

If it is before, then this could be an issue with the application container.
If it is after, it may be in the service definition for cas-management.

Ray

On Wed, 2022-05-25 at 14:25 -0700, Trevor Fong wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
-- 
Ray Bon
Programmer Analyst
Development Services, University Systems

I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day.

Trevor Fong

unread,
May 25, 2022, 6:47:27 PMMay 25
to Ray Bon, cas-...@apereo.org
Hi Ray,

Thanks very much for your response.

It's before authentication - the redirection happens as soon as I GET https://my.cas.server/cas-management
Here's a DEBUG log of it happening right after I do a GET on https://my.cas.server/cas-management via my browser:

2022-05-25 14:48:13,815 INFO [org.springframework.web.servlet.DispatcherServlet] - <Initializing Servlet 'dispatcherServlet'>
2022-05-25 14:48:13,815 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Detected StandardServletMultipartResolver>
2022-05-25 14:48:13,815 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Detected AcceptHeaderLocaleResolver>
2022-05-25 14:48:13,815 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Detected FixedThemeResolver>
2022-05-25 14:48:13,817 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Detected org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator@43a5b282>
2022-05-25 14:48:13,818 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Detected org.springframework.web.servlet.support.SessionFlashMapManager@3133cb27>
2022-05-25 14:48:13,818 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <enableLoggingRequestDetails='false': request parameters and headers will be masked to prevent unsafe logging of potentially sensitive data>
2022-05-25 14:48:13,818 INFO [org.springframework.web.servlet.DispatcherServlet] - <Completed initialization in 3 ms>
2022-05-25 14:48:13,832 DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing GET />
2022-05-25 14:48:13,834 DEBUG [org.springframework.security.web.access.channel.ChannelProcessingFilter] - <Request: filter invocation [GET /]; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]>
2022-05-25 14:48:13,834 DEBUG [org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint] - <Redirecting to: https://localhost:8443/cas-management/>
2022-05-25 14:48:13,834 DEBUG [org.springframework.security.web.DefaultRedirectStrategy] - <Redirecting to https://localhost:8443/cas-management/>

Thanks,
Trev

Trevor Fong

unread,
May 25, 2022, 7:05:41 PMMay 25
to Ray Bon, cas-...@apereo.org
Thanks a lot Ray,

That was the prompt I needed!  I managed to get cas-management to start working by updating my stock Tomcat 9's server.xml:
I commented out the default Connector on port 8080 and replaced it with the following:

    <!--
    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    -->
    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               server="Apache"
               address="127.0.0.1"
               maxThreads="150"
               proxyPort="443"
               proxyName="my.cas.server"
               scheme="https"
               secure="true"/>

Now to squash the next set of gremlins...

Thanks again,
Trev
Reply all
Reply to author
Forward
0 new messages