CAS Service Management webapp not loading

[Josep Manel Andrés]

Hi,
I am done with the CAS installation along with the LDAP setup (btw, I
had to enable SAML under pom.xml for LDAP auth to work....don't know why...)
so now I am trying to build and deploy cas-services management webapp,
following the maven overlay, I just followed the procedure from the
website that is basically coping the files from etc directory and moving
them, to my /etc/cas/ directory along with cas.properties and
log4j2.xml. I also edited log4j2.xml and added

<RollingFile name="cas-management"
fileName="/opt/tomcat/logs/cas-services/cas-management.log" append="true"

filePattern="/opt/tomcat/logs/cas-services/cas-management-%d{yyyy-MM-dd-HH}-%i.log.gz">
<PatternLayout pattern="%d %p [%c] - %m%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="512 KB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>



So, app is compiling and deployment is fine, but when I go to :
https://cas02.mydomain.com:8443/cas%2Dservices/

nothing is loaded (I noticed there is %2D instead of a dash, doesn't
matter if I replace it with a dash)

but if I go to :
https://cas02.mydomain.com:8443/cas-services/login/cas

I get a CAS Services Management webpage stating:


Access Denied

You are not authorized to access this resource. Contact your CAS
administrator for more info.


I don't even have the chance to put username and password.

do I have to modify pom.xml on cas-overlay or on the
cas-service-management overlay?

Thanks.

--
Josep Manel Andrés (josep....@bsc.es)
Operations - Barcelona Supercomputing Center
C/ Jordi Girona, 31 http://www.bsc.es
08034 Barcelona, Spain Tel: +34-93-405 42 14
e-mail: sys...@bsc.es Fax: +34-93-413 77 21
-----------------------------------------------

WARNING / LEGAL TEXT: This message is intended only for the use of the
individual or entity to which it is addressed and may contain
information which is privileged, confidential, proprietary, or exempt
from disclosure under applicable law. If you are not the intended
recipient or the person responsible for delivering the message to the
intended recipient, you are strictly prohibited from disclosing,
distributing, copying, or in any way using this message. If you have
received this communication in error, please notify the sender and
destroy and delete any copies you may have received.

http://www.bsc.es/disclaimer

[Josep Manel Andrés]

Hi,
After some days stuck here, I come back to see if anyone can help me
with this.

With the following setup I can get to the login page
https://cas02.mydomain:8443/cas but I get a 404 error when going to
https://cas02.mydomain:8443/cas-services

But if I go to https://cas02.mydomain:8443/cas-services/login/cas I can
see the unauthorized page.

Any help would be appreciated.

This is my cas-management.properties

# CAS
cas.host=https://cas02.mydomain:8443
#cas.host=https://localhost:8443
cas.prefix=${cas.host}
cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${cas.prefix}/login
cas.securityContext.ticketValidator.casServerUrlPrefix=${cas.prefix}

# Management
cas-management.host=https://cas02.mydomain.com:8443
cas-management.prefix=${cas-management.host}/cas-services
cas-management.securityContext.serviceProperties.service=${cas-management.prefix}/login/cas
cas-management.securityContext.serviceProperties.adminRoles=hasRole('ROLE_ADMIN')

# views
cas-management.viewResolver.basename=default_views

##
# User details file location that contains list of users
# who are allowed access to the management webapp:
#
user.details.file.location = file:/etc/cas/user-details.properties

##
# JSON Service Registry
#
# Directory location where JSON service files may be found.
service.registry.config.location=file:/etc/cas/services

##
# Log4j
# Default sourced from WEB-INF/spring-configuration/log4jConfiguration.xml:
#
# It is often time helpful to externalize log4j.xml to a system path to
preserve settings between upgrades.
# e.g. log4j.config.location=file:/etc/cas/log4j2.xml
log4j.config.location=file:/etc/cas/log4j2.xml


And here is my cas.properties

#server.name=http://cas02.bsc.es:8080
server.name=https://cas02.bsc.es:8443
server.prefix=${server.name}/cas

[Misagh Moayyed]

Your configuration for the management app says:

1. My CAS server is running here: https://cas02.mydomain:8443
2. My Mgmt server is running here: https://cas02.mydomain.com:8443

Which is of course wrong. You either need to pick a different server or a
different port. These are two different apps, assuming you're on some
version of CAS4.

> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email
> to cas-user+u...@apereo.org.
> Visit this group at
> https://groups.google.com/a/apereo.org/group/cas-user/.

[Josep Manel Andrés]

But I have multiple applications running on the same server under the
same port, just in different paths, like

/cas
/docs
/examples
/manager

[Misagh Moayyed]

My default. I was too presumptuous in my last post. Sorry about that.

So to clarify, there is a CAS webapp, and there is a CAS management webapp.
These are two different applications, that need to be separately deployed.
Your brief snippet here below shows that you have only deployed the former
and not the latter. (You copied the cas.war over to tomcat's but not the
other app) So you get a 404 when you try to access it. You have not deployed
the management app.

In order to do so, you need a separate overlay that builds that app for you
just like you have one now that builds the main CAS application for you.
This is a good starting point:
https://github.com/Jasig/cas-services-management-overlay

Have you done any of those steps?

[Josep Manel Andrés]

No problem at all,
Regarding the deployment, I did it for both, server and cas-services:

opscas02:/opt/tomcat # l webapps/
total 81740
drwxr-xr-x 8 root root 4096 Feb 17 17:12 ./
drwxr-xr-x 9 root root 4096 Feb 4 12:40 ../
drwxr-xr-x 3 tomcat root 4096 Feb 4 12:40 ROOT/
drwxr-xr-x 8 tomcat tomcat 4096 Feb 17 10:52 cas-services/
-rw-r--r-- 1 root root 36622968 Feb 17 10:52 cas-services.war
-rw-r--r-- 1 root root 47040277 Feb 17 17:12 cas.war
drwxr-xr-x 14 tomcat root 4096 Feb 4 12:40 docs/
drwxr-xr-x 7 tomcat root 4096 Feb 4 12:40 examples/
drwxr-xr-x 5 tomcat root 4096 Feb 4 12:40 host-manager/
drwxr-xr-x 5 tomcat root 4096 Feb 4 12:40 manager/
opscas02:/opt/tomcat #

I even get this screen:




and cas server is working and authenticating:




So, I assume there might be something wrong with the config files.

when I access to https://cas02.mydomain.com:8443/cas-services
I get redirected to:

https://cas02.mydomain:8443/login?service=https%3A%2F%2Fcas02.bsc.es%2Fcas-services%2Flogin%2Fcas

not sure if this is correct.

Thanks for yor help.

[Dmitriy Kopylenko]

What user are you using to login to  the mgmt app? By default only 'casuser' is authorized to use the app: https://github.com/Jasig/cas-services-management-overlay/blob/master/etc/user-details.properties#L29

Cheers,

Dmitriy. 

Sent from my iPhone

On Mar 8, 2016, at 08:23, Josep Manel Andrés <josep....@bsc.es> wrote:

No problem at all,
Regarding the deployment, I did it for both, server and cas-services:

opscas02:/opt/tomcat # l webapps/
total 81740
drwxr-xr-x 8 root root 4096 Feb 17 17:12 ./
drwxr-xr-x 9 root root 4096 Feb 4 12:40 ../
drwxr-xr-x 3 tomcat root 4096 Feb 4 12:40 ROOT/
drwxr-xr-x 8 tomcat tomcat 4096 Feb 17 10:52 cas-services/
-rw-r--r-- 1 root root 36622968 Feb 17 10:52 cas-services.war
-rw-r--r-- 1 root root 47040277 Feb 17 17:12 cas.war
drwxr-xr-x 14 tomcat root 4096 Feb 4 12:40 docs/
drwxr-xr-x 7 tomcat root 4096 Feb 4 12:40 examples/
drwxr-xr-x 5 tomcat root 4096 Feb 4 12:40 host-manager/
drwxr-xr-x 5 tomcat root 4096 Feb 4 12:40 manager/
opscas02:/opt/tomcat #

I even get this screen:

<bfhcfhib.png>

and cas server is working and authenticating:

<hjdgjceb.png>

[Josep Manel Andrés]

Hi,
I've added my user there, but I don't even have the chance to get the login page, when I type cas02.mydomain.com:8443/cas-services I get redirected somewhere and tomcat throws a 404 error. The only place I can go is cas02.mydomain.com:8443/cas which the main cas server, to which I am able to log in. But the weird thing is when I type https://cas02.mydomain.com:8443/cas-services/login/cas I am able to get the unauthorized access page.

[Dmitriy Kopylenko]

Hard to say what is going on there… Where’s your cas.properties file - e.g. externalized vs embedded in the cas.war? Have you restarted the Tomcat after adding the user? etc. etc. You will have to do some log files sifting to figure out what is going on.

Best,

D.

[Eric Kyle]

I am in the same boat as you. We have authentication setup with ADFS (which is working with the regular CAS page), but I can't get to cas-services - I am just taken to the Access Denied page with no chance to login.

Eric

[Josep Manel Andrés]

My cas.properties and cas-management.properties are located in /etc/cas directory and called from the cas app. The problem is that cas-services is not able to log anything to the files, it has only created an empty file, but nothing more.
Yes, I did restart the server after changes.

and tomcat logs only shows 302 error or 401 errors

Cheers.

[Josep Manel Andrés]

Hi,
I fixed it, was a path that was not correctly set up in cas-management.properties. Here is how the file looks right now.

# CAS
cas.host=https://cas02.mydomain.com:8443
cas.prefix=${cas.host}/cas --> I believe /cas was the problem, since it was not there before
cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${cas.prefix}/login

cas.securityContext.ticketValidator.casServerUrlPrefix=${cas.prefix}

# Management
cas-management.host=https://cas02.mydomain.com:8443
cas-management.prefix=${cas-management.host}/cas-services

cas-management.securityContext.serviceProperties.service=${cas-management.prefix}/login/cas
cas-management.securityContext.serviceProperties.adminRoles=hasRole('ROLE_ADMIN')

Hope this helps.

Just some thoughts about documentation.... Don't you guys find a lack of documentation/procedures for CAS environment? Specially compared with CAS 3.X version, I think with the version 4 documentation has become more schematic, less explanatory. I think it is a great tool  used by a lot of centers but I cannot find manuals/guides/articles on how to intall, deploy, tweak..... cas server.
Do you guys think it is due the commercial support being behind the product? Doesn't matter!!, a lot of free  software projects have commercial support and still they have a lot of documentation.

Cheers!