[cas-dev] Disable TGC Signing/Encryption 4.2.x?

[Jeff Gouge]

In order versions of CAS, we were able to disable the signing and encryption of the TGC via the steps documented and seen below.  Has this been removed from 4.2.x?  

We are using Couchbase ticket repository and the 4.2.x documentation states that encryption is disabled by default on other caching software, but nothing on couchbase. When I leave out the tgc.encryption.key and tgc.signing.key, the cas logs show it creates default ones and uses those. We have a business process that requires we have sessions created for one user and browser from two IP addresses, thus they have to sign in twice since the previous cookie was created with a different IP address when encrypted and stored.

if you wish to disable the signing and encryption of the cookie, in the configuration xml file, use the following beans instead of those provided by default:

<bean id="cookieCipherExecutor" class="org.jasig.cas.util.NoOpCipherExecutor" />

<bean id="cookieValueManager" class="org.jasig.cas.web.support.NoOpCookieValueManager"/>

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-dev+u...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.

[Misagh Moayyed]

No it’s not removed. Perhaps poorly documented. You just need to change the cipher for TGC to point to a no-op one. There should be references to this in your deployer file.

-- 
Misagh

[Jeff Gouge]

According to CasCookieConfiguration.java, the only way to return a NoOpCipherExecutor is to set the property: casProperties.getTgc().isCipherEnabled()

Changing the reference in the deployer file threw errors on start. Looking at https://github.com/apereo/cas/blob/c7ba7ea22918326f3f2997b3c19f8aa8eab9fa78/cas-server-support-cookie/src/main/java/org/apereo/cas/web/config/CasCookieConfiguration.java shows that it is only looking for a property setting in order for the noop to be called.

What is the cas properties setting that needs to be in place to change the default isCipherEnabled setting of True? I have tried a few and they are not working.

[Misagh Moayyed]

I neglected to mention that yes, some fixes needed to be added to make this work. So you’ll need to be on 4.2.6-SNAPSHOT. 

-- 
Misagh

From: Jeff Gouge <gouge...@gmail.com>
Reply: Jeff Gouge <gouge...@gmail.com>

Date: September 15, 2016 at 10:11:33 PM
To: Misagh Moayyed <mmoa...@unicon.net>
Subject:  Re: [cas-dev] Disable TGC Signing/Encryption 4.2.x?

Looks like I am still missing a dependency or some other setting...

15-Sep-2016 12:51:35.150 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.listenerStart Exception sending context initialized event to listener instance of class org.jasig.cas.CasEnvironmentContextListener

 org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'initialFlowSetupAction': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.jasig.cas.web.flow.InitialFlowSetupAction.setTicketGrantingTicketCookieGenerator(org.jasig.cas.web.support.CookieRetrievingCookieGenerator); nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'ticketGrantingTicketCookieGenerator' defined in URL [jar:file:/C:/Tomcat/webapps/ROOT/WEB-INF/lib/cas-server-webapp-cookie-4.2.5.jar!/org/jasig/cas/web/support/TGCCookieRetrievingCookieGenerator.class]: Unsatisfied dependency expressed through constructor argument with index 0 of type [org.jasig.cas.web.support.CookieValueManager]: No qualifying bean of type [org.jasig.cas.web.support.CookieValueManager] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Qualifier(value=defaultCookieValueManager)}; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.jasig.cas.web.support.CookieValueManager] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Qualifier(value=defaultCookieValueManager)}

at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:334)

at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1214)

at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)

at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)

at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)

at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)

at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)

at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)

at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772)

at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839)

at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538)

at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:444)

at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:326)

at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)

at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4716)

at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5178)

at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:152)

at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:724)

at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:700)

at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)

at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:952)

at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1823)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

at java.util.concurrent.FutureTask.run(FutureTask.java:266)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at java.lang.Thread.run(Thread.java:745)

Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.jasig.cas.web.flow.InitialFlowSetupAction.setTicketGrantingTicketCookieGenerator(org.jasig.cas.web.support.CookieRetrievingCookieGenerator); nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'ticketGrantingTicketCookieGenerator' defined in URL [jar:file:/C:/Tomcat/webapps/ROOT/WEB-INF/lib/cas-server-webapp-cookie-4.2.5.jar!/org/jasig/cas/web/support/TGCCookieRetrievingCookieGenerator.class]: Unsatisfied dependency expressed through constructor argument with index 0 of type [org.jasig.cas.web.support.CookieValueManager]: No qualifying bean of type [org.jasig.cas.web.support.CookieValueManager] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Qualifier(value=defaultCookieValueManager)}; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.jasig.cas.web.support.CookieValueManager] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Qualifier(value=defaultCookieValueManager)}

at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:661)

at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)

at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:331)

... 26 more

Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'ticketGrantingTicketCookieGenerator' defined in URL [jar:file:/C:/Tomcat/webapps/ROOT/WEB-INF/lib/cas-server-webapp-cookie-4.2.5.jar!/org/jasig/cas/web/support/TGCCookieRetrievingCookieGenerator.class]: Unsatisfied dependency expressed through constructor argument with index 0 of type [org.jasig.cas.web.support.CookieValueManager]: No qualifying bean of type [org.jasig.cas.web.support.CookieValueManager] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Qualifier(value=defaultCookieValueManager)}; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.jasig.cas.web.support.CookieValueManager] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Qualifier(value=defaultCookieValueManager)}

at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:749)

at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:185)

at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1143)

at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1046)

at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510)

at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)

at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)

at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)

at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)

at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)

at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1192)

at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1116)

at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1014)

at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:618)

... 28 more

Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.jasig.cas.web.support.CookieValueManager] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Qualifier(value=defaultCookieValueManager)}

at org.springframework.beans.factory.support.DefaultListableBeanFactory.raiseNoSuchBeanDefinitionException(DefaultListableBeanFactory.java:1373)

at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1119)

at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1014)

at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:813)

at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:741)

... 41 more

On Thu, Sep 15, 2016 at 1:41 PM, Jeff Gouge <gouge...@gmail.com> wrote:

Looks like I am still missing a dependency or some other setting...

On Thu, Sep 15, 2016 at 12:47 PM, Jeff Gouge <gouge...@gmail.com> wrote:

Thank you. Must have missed that! Feel like it wasn't there in one of the versions of the docs I was reviewing. 

On Thu, Sep 15, 2016 at 11:46 AM, Misagh Moayyed <mmoa...@unicon.net> wrote:

Did you get a chance to review this page?

https://apereo.github.io/cas/4.2.x/installation/Configuring-SSO-Session-Cookie.html#turn-off-cookie-encryptionsigning