Opencast with CAS SSO authentication issues

Papa Amadou Baba NDIAYE

unread,

Jun 21, 2022, 11:58:13 AM6/21/22

to Opencast Users

Hello guys i'm a new user of Opencast

i'm trying to config CAS SSO auth for Opencast. i follow this tutorial https://docs.opencast.org/r/11.x/admin/#configuration/security.cas/ but i have

this error:

###############################

root@srv-opencast:/etc/opencast# tail -f /var/log/opencast/opencast.log
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: org.apache.felix.resolver.reason.ReasonException: Unable to resolve opencast-security-cas/11.7.0: missing requirement [opencast-security-cas/11.7.0] osgi.identity; osgi.identity=opencast-security-cas-client-wrapper; type=osgi.bundle; version="[11.7.0,11.7.0]"; resolution:=mandatory [caused by: Unable to resolve opencast-security-cas-client-wrapper/11.7.0: missing requirement [opencast-security-cas-client-wrapper/11.7.0] osgi.wiring.package; filter:="(osgi.wiring.package=javax.servlet)"]
at org.apache.felix.resolver.Candidates$MissingRequirementError.toException(Candidates.java:1343) ~[?:?]
... 12 more
Caused by: org.apache.felix.resolver.reason.ReasonException: Unable to resolve opencast-security-cas-client-wrapper/11.7.0: missing requirement [opencast-security-cas-client-wrapper/11.7.0] osgi.wiring.package; filter:="(osgi.wiring.package=javax.servlet)"
at org.apache.felix.resolver.Candidates$MissingRequirementError.toException(Candidates.java:1343) ~[?:?]
at org.apache.felix.resolver.Candidates$MissingRequirementError.toException(Candidates.java:1343) ~[?:?]
... 12 more

################################

mh_default.txt

Karen Dolan

unread,

Jun 30, 2022, 3:22:27 PM6/30/22

to Opencast Users

Hi,

Our site is also looking at using CAS in Opencast v11 and having difficulties.

When debugging, I notice that a couple months after a CAS module patch was merged into a previous version of OC, a library update patch got merged in that updated the version of a security-cas-client-wrapper module dependency “opensaml" from 1.1 to 2.6.4 in the main pom. This affects the version in the opencast-security-cas-client-wrapper.

The previous opensaml library 1.1 has no dependencies, but the updated opensaml library 2.6.4 has seven additional dependencies.

See:

https://mvnrepository.com/artifact/org.opensaml/opensaml/1.1
https://mvnrepository.com/artifact/org.opensaml/opensaml/2.6.4

A possible resolution for the missing opencast-security-cas-client-wrapper dependency issue is to declare some potentially missing dependencies into its pom

https://github.com/opencast/opencast/blob/develop/modules/security-cas-client-wrapper/pom.xml

<groupId>org.jasig.cas.client</groupId>

<artifactId>cas-client-core</artifactId>

<!— correct version 3.3.3 in main POM -->

</dependency>

<groupId>commons-codec</groupId>

<artifactId>commons-codec</artifactId>

<!— correct version 1.15 version in main POM -->

</dependency>

<groupId>org.opensaml</groupId>

<artifactId>opensaml</artifactId>

</dependency>

<groupId>org.apache.commons</groupId>

<artifactId>commons-collections4</artifactId>

</dependency>

<groupId>org.apache.commons</groupId>

<artifactId>commons-lang3</artifactId>

</dependency>

<!— earlier version 2.10.10 in main POM -->

</dependency>

<groupId>org.apache.santuario</groupId>

<artifactId>xmlsec</artifactId>

<!— earlier version 2.1.7 in main POM -->

</dependency>

<groupId>org.apache.velocity</groupId>

<artifactId>velocity-engine-core</artifactId>

</dependency>

<groupId>org.opensaml</groupId>

<artifactId>openws</artifactId>

</dependency>

<groupId>org.owasp.esapi</groupId>

<artifactId>esapi</artifactId>

<!— earlier version 2.1.0.1 in main POM -->

</dependency>

We haven’t tested this yet.

Best regards,

Karen

<Capture.JPG>

--
To unsubscribe from this group and stop receiving emails from it, send an email to users+un...@opencast.org.
<Capture.JPG><mh_default.txt>

Miguel Escriva Gregori

unread,

Jul 4, 2022, 5:36:17 AM7/4/22

to Opencast Users

I tested Opencast 12 with CAS and it works for me.

I build opencast myself using tag 12.0 - 085d2c62e3

I followed this guide https://docs.opencast.org/r/12.x/admin/#configuration/security.cas/

Remember to enable the CAS Support sanction (the guide does not mention it)

<!-- ############### —>

Karen, as you see security-cas-client-wrapper is loaded and active.

karaf@root()> bundle:list | grep security

170 x Resolved x 82 x 12.0.0 x Opencast :: security-aai, Hosts: 137

171 x Resolved x 82 x 12.0.0 x Opencast :: security-cas, Hosts: 137

172 x Active x 82 x 12.0.0 x Opencast :: security-cas-client-wrapper

173 x Active x 82 x 12.0.0 x Opencast :: security-lti

174 x Resolved x 82 x 12.0.0 x Opencast :: security-shibboleth, Hosts: 137

To test it, I used a mock CAS server (https://github.com/soulwing/cas-mock-server)

This mock CAS server has no configured users and allows any credentials in which username = password. As an example, entering a username of “admin" and password of “admin" will successfully authenticate the admin user.

Miguel

Baba Ndiaye

unread,

Jul 4, 2022, 5:38:38 AM7/4/22

to us...@opencast.org

Thank you all Karen and Miguel i'll check it and after make a feedback

Reply all

Reply to author

Forward