CAS Management 6.5 tomcat AJP
189 views
Skip to first unread message
Mallory, Erik
Aug 23, 2022, 9:53:40 AM8/23/22
to cas-...@apereo.org
Hello,
Is there a way to get the CAS Management Webapp to use AJP ports, I'd
like to front end the application with Apache.
I attempted to use Apache's https proxy to 8443 which works, but when I
authenticate against CAS it redirects me to cas-mgmt.domain.tld:8443.
It would appear that the management app is inserting the server.port
property into the the data sent to CAS, and cas dutifully returns the
user to the server:port.
If I could use AJP that would solve this problem.
I includled the following in the build.gradle
compile "org.apereo.cas:cas-mgmt-webapp-
tomcat:${project.'casmgmt.version'}
And attempted to use the following properties:
server.tomcat.ajp.enabled=true
server.tomcat.ajp.port=8009
server.tomcat.ajp.protocol=AJP/1.3
server.tomcat.ajp.async-timeout=5000
server.tomcat.ajp.scheme=https
server.tomcat.ajp.max-post-size=20971520
server.tomcat.ajp.proxy-port=10443
server.tomcat.ajp.enable-lookups=false
#cas.server.tomcat.ajp.redirect-port=-1
server.tomcat.ajp.allow-trace=false
server.tomcat.ajp.secure=false
If ajp does not work with the cas-management webapp
Is there away to NOT send the server.port propperty in the connection string so cas will just redirect to cas-mgmt.domain.tld ?
Thanks,
--
Erik Mallory
Server Analyst
Wichita State University
Is there a way to get the CAS Management Webapp to use AJP ports, I'd
like to front end the application with Apache.
I attempted to use Apache's https proxy to 8443 which works, but when I
authenticate against CAS it redirects me to cas-mgmt.domain.tld:8443.
It would appear that the management app is inserting the server.port
property into the the data sent to CAS, and cas dutifully returns the
user to the server:port.
If I could use AJP that would solve this problem.
I includled the following in the build.gradle
compile "org.apereo.cas:cas-mgmt-webapp-
tomcat:${project.'casmgmt.version'}
And attempted to use the following properties:
server.tomcat.ajp.enabled=true
server.tomcat.ajp.port=8009
server.tomcat.ajp.protocol=AJP/1.3
server.tomcat.ajp.async-timeout=5000
server.tomcat.ajp.scheme=https
server.tomcat.ajp.max-post-size=20971520
server.tomcat.ajp.proxy-port=10443
server.tomcat.ajp.enable-lookups=false
#cas.server.tomcat.ajp.redirect-port=-1
server.tomcat.ajp.allow-trace=false
server.tomcat.ajp.secure=false
If ajp does not work with the cas-management webapp
Is there away to NOT send the server.port propperty in the connection string so cas will just redirect to cas-mgmt.domain.tld ?
Thanks,
--
Erik Mallory
Server Analyst
Wichita State University
Jonathan MacDonald
Aug 24, 2022, 3:28:59 AM8/24/22
to CAS Community, Mallory, Erik
Hi Eric, would you mind posting your apache https proxy config? I may be able to point you in the right direction to make that work.
Fabrice Bacchella
Aug 24, 2022, 9:41:01 AM8/24/22
to cas-...@apereo.org
My setup, in cas6.yaml:
cas:
server:
tomcat:
http:
enabled: false
http-proxy:
enabled: false
ajp:
enabled: true
secure: true
scheme: https
attributes:
packetSize: 16384
secretRequired: false
server:
port: 8080
address: 127.0.0.1
useForwardkeyHeaders: true
servlet:
contextPath: "/"
tomcat:
basedir: /data/cas/run
accesslog:
directory: /data/cas/logs
ssl:
enabled: false
And in httpd.conf:
Le 23 août 2022 à 15:53, 'Mallory, Erik' via CAS Community <cas-...@apereo.org> a écrit :EXTERNAL EMAIL : The sender of this email is external to 3DS. Be wary of the content and do not open unexpected attachments or links. If you consider this email as spam, you can click the following link https://spam-report.3ds.com/?linktext=https://www.mailcontrol.com/sr/bROk9mRvESLGX2PQPOmvUnWSlf6oUOY89aUUCReAEoGOnzfs9jImKf5jTRiqvO_fbuBvjQTlArQKghm6_2a-jw== (no login or additional action will be requested).
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1f0074b8f4e2d4828a06f766294e4ab148d83b38.camel%40wichita.edu.
Ray Bon
Aug 29, 2022, 2:37:01 PM8/29/22
to cas-...@apereo.org
Erik,
The management server should not know what port it is running under. Check mgmt.server-name.
Ray
On Tue, 2022-08-23 at 13:53 +0000, 'Mallory, Erik' via CAS Community wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
--- Website:https://apereo.github.io/cas- Gitter Chatroom:https://gitter.im/apereo/cas- List Guidelines:https://goo.gl/1VRrw7- Contributions:https://goo.gl/mh7qDG---You received this message because you are subscribed to the Google Groups "CAS Community" group.To unsubscribe from this group and stop receiving emails from it, send an email tocas-user+u...@apereo.org.To view this discussion on the web visithttps://groups.google.com/a/apereo.org/d/msgid/cas-user/1f0074b8f4e2d4828a06f766294e4ab148d83b38.camel%40wichita.edu.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day.
erik.m...@gmail.com
Aug 31, 2022, 10:33:52 AM8/31/22
to cas-...@apereo.org
All,
I was on vacation and just got back yesterday. Thank you for all your
replies.
Ray,
I tried configuring mgmt.server-name two ways:
mgmt.server-name=https://cas-dev-mgmt.wichita.edu:443 still redirects
to 9443
mgmt.server-name=https://cas-dev-mgmt.wichita.edu same as above
Jonathan,
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass / https://localhost:9443/
ProxyPassReverse / https://localhost:9443/
The management webapp works behind the apache proxy, I just have to
remove the :9443 from the url and refresh my browser,it effects 4 or
less people. It's just annoying for me.
As Ray said the app should not care what port its running on. So
somewhere in the management.properties there should be a way to tell it
use 443 or better yet, have it NOT inject server.port attribute in the
url string. Or.. AJP could work? Maybe?
Frabrice,
Translating from your yaml config to my management.properties config,
it looks like we have the same bits flipped but different ports and
schemes. I do not have the access log turned on and use-forward-headers
defaults to true for the tomcat embedded servlet container.
So I'm not sure this is relevant, I'm sure this works with the main
cas.war, which I think is the config you gave me, I'm not sure that ajp
works with the cas-managment.war, or I haven't seen it work yet. I
appreciate you taking the time to respond.
Thanks again everyone.
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/7bed06562837ce108891fa68d0ab6d0e9f86212c.camel%40uvic.ca
> .
I was on vacation and just got back yesterday. Thank you for all your
replies.
Ray,
I tried configuring mgmt.server-name two ways:
mgmt.server-name=https://cas-dev-mgmt.wichita.edu:443 still redirects
to 9443
mgmt.server-name=https://cas-dev-mgmt.wichita.edu same as above
Jonathan,
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass / https://localhost:9443/
ProxyPassReverse / https://localhost:9443/
The management webapp works behind the apache proxy, I just have to
remove the :9443 from the url and refresh my browser,it effects 4 or
less people. It's just annoying for me.
As Ray said the app should not care what port its running on. So
somewhere in the management.properties there should be a way to tell it
use 443 or better yet, have it NOT inject server.port attribute in the
url string. Or.. AJP could work? Maybe?
Frabrice,
Translating from your yaml config to my management.properties config,
it looks like we have the same bits flipped but different ports and
schemes. I do not have the access log turned on and use-forward-headers
defaults to true for the tomcat embedded servlet container.
So I'm not sure this is relevant, I'm sure this works with the main
cas.war, which I think is the config you gave me, I'm not sure that ajp
works with the cas-managment.war, or I haven't seen it work yet. I
appreciate you taking the time to respond.
Thanks again everyone.
> .
Mallory, Erik
Aug 31, 2022, 11:00:25 AM8/31/22
to cas-...@apereo.org
--
Erik Mallory
Server Analyst
Wichita State University
Erik Mallory
Server Analyst
Wichita State University
On Mon, 2022-08-29 at 18:36 +0000, Ray Bon wrote:
> .
Reply all
Reply to author
Forward
0 new messages