Two instances of CAS
53 views
Skip to first unread message
Colin Wilkinson
Mar 27, 2023, 1:39:54 AM3/27/23
to CAS Community
Hi,
cas.authn.oidc.jwks.fileSystem.jwks-file=file:/etc/applicantCas/config/defaultKeystore.jwks
I have overlay configured with
We have picked up a weird issue during our development of a our CAS upgrade. We are running two instances of CAS an instance handle only the delegation authentication for employee/students to Azure Ad and applicants to the second instance of CAS for on premise AD.
This issue when you try and run CAS configuration from another directory e.g. "/etc/applicantCas/config" and the main directory of "/etc/cas/config" is not accessible (not writtable).
The issue looks that either the configuration is not be read or or something as I am getting the following error
Caused by: java.io.FileNotFoundException: /etc/cas/config/keystore.jwks (Permission denied)
Even though I have the following set
cas.authn.oidc.jwks.fileSystem.jwks-file=file:/etc/applicantCas/config/defaultKeystore.jwks
I have overlay configured with
implementation "org.apereo.cas:cas-server-core-api-configuration-model"
implementation "org.apereo.cas:cas-server-webapp-init"
implementation "org.apereo.cas:cas-server-support-json-service-registry"
implementation "org.apereo.cas:cas-server-support-oauth-webflow"
implementation "org.apereo.cas:cas-server-support-oidc"
implementation "org.apereo.cas:cas-server-support-ldap"
implementation "org.apereo.cas:cas-server-webapp-init"
implementation "org.apereo.cas:cas-server-support-json-service-registry"
implementation "org.apereo.cas:cas-server-support-oauth-webflow"
implementation "org.apereo.cas:cas-server-support-oidc"
implementation "org.apereo.cas:cas-server-support-ldap"
Tomcat is set to with -Dcas.standalone.configuration-directory=/etc/applicantCas/config
Tomcat is set to run from user/group tomcat1012 (tomcat 10 instance 2)
The main CAS configuration "/etc/cas/config/" is set to user/group tomcat101 (tomcat 10 instance 1) and hence the main configuration is writtable from tomcat1012.
I think part of the issue that in FileSystemOidcJsonWebKeystoreProperties.java the variable jwksFile is hardcoded to "file:/etc/cas/config/keystore.jwks"
I think part of the issue that in FileSystemOidcJsonWebKeystoreProperties.java the variable jwksFile is hardcoded to "file:/etc/cas/config/keystore.jwks"
Should not the above variable honor the
cas.standalone.configuration-directory setting.
I apologies if this is not clear.
Regards,
Colin
Pablo Vidaurri
Apr 19, 2023, 1:25:45 PM4/19/23
to CAS Community, wilc...@gmail.com
are you running two instances of cas under the same jvm (same tomcat)?
Colin Wilkinson
Apr 21, 2023, 11:47:42 AM4/21/23
to CAS Community, Pablo Vidaurri, Colin Wilkinson
Hi Pablo,
Two version of tomcat running under separate users.
CAS1 Details,
Tomcat Location: /opt/tomcat1
CAS Config: /etc/cas/config
Tomcat Location: /opt/tomcat1
CAS Config: /etc/cas/config
Tomcat User: tomcat101
CAS2 Details,
Tomcat Location: /opt/tomcat2
CAS Config: /etc/cas2/config
Tomcat Location: /opt/tomcat2
CAS Config: /etc/cas2/config
Tomcat User: tomcat1012
This issue should be able to be replicated via one instance, just config the cas another directory other than default e.g /etc/anotherCAS/config rather than /etc/cas/config and make sure that tomcat is not able to write to /etc/cas and the issue should be replicated.
Regards,
Colin
Reply all
Reply to author
Forward
0 new messages