Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 18:04
    dalbrx synchronize #4654
  • 17:56
    claassistantio commented #4652
  • 17:56
    claassistantio commented #4654
  • 17:56
    claassistantio commented #4651
  • 17:56
    claassistantio commented #4653
  • 17:48
    claassistantio commented #4653
  • 16:19
    claassistantio commented #4653
  • 16:14
    hdeadman synchronize #4655
  • 16:14

    hdeadman on x509IssuerDn

    Add table to document config va… (compare)

  • 14:51
    codecov[bot] commented #4653
  • 14:51
    codecov[bot] commented #4653
  • 14:50
    apereocas-bot synchronize #4653
  • 14:50
    apereocas-bot synchronize #4655
  • 14:50

    apereocas-bot on x509IssuerDn

    Fix authn delegation behavior (… Merged branch master into x509I… (compare)

  • 14:26

    leleuj on master

    Fix authn delegation behavior (… (compare)

  • 14:26
    leleuj closed #4644
  • 14:26
    leleuj commented #4644
  • 13:56

    mmoayyed on 6.1.x

    Fix authn delegation behavior (… (compare)

  • 13:56
    mmoayyed closed #4643
  • 11:50
    apereocas-bot synchronize #4653
Small
@417511458
Hi all,I am using cas-management 6.0.1. I find that versionControl is used JsonServiceRegistry. How I sync registeredServices to redis repository?
ArtiWavale
@ArtiWavale
how to create certificate for cas server and mod_auth_cas client
infinity202
@infinity202
@ArtiWavale the creation of the serverside (CAS) is relatively easy.
One thing to keep in mind: you need to set a unique hostname on your CAS server which you need to put into /etc/hosts when using Linux or C:\Windows\System32\drivers\etc\hosts. Then use the keytool to create a certificate based on the unique hostname. It is no problem that it is an unofficial certificate.
You can use this: https://www.digicert.com/easy-csr/keytool.htm to create the certificate.
After succesfull creation you EXPORT the certificate from the keystore: keytool -export -file /etc/cas/config/cas.crt -keystore /etc/cas/thekeystore -alias server
Then you copy this cas.cert certificate to the server or service that needs to communicate with the CAS server.
!! Make sure that if you use an other server or PC that you add the unique hostname of the CAS server to the local hosts file (including the correct IP) !!
!! Make sure you don't specify the IP-address of the CAS server in your code, but instead use the unique hostname !!
infinity202
@infinity202
!! You only need to use the generator of digicert. There is no need to order a real certificate afterwards !!
Small
@417511458
java.lang.NullPointerException: null
at org.apereo.cas.mgmt.controller.CommitController.isPublishedBehind(CommitController.java:201) ~[cas-mgmt-support-version-control-6.0.1.jar:6.0.1]
who can help me,cas-manament error
public Ref getPublished() {
try {
Ref ref = (Ref)this.git.tagList().call().get(0); //here is java.lang.NullPointerException:
return this.git.getRepository().peel(ref);
} catch (Exception var2) {
LOGGER.trace(var2.getMessage(), var2);
return null;
}
}
I cannot publish
infinity202
@infinity202
does anyone know how to tweak the test version of CAS ? I try to test the server via gradlew run but it is to slow to handle even a single remote connection. I run into ticket mismatches because the CAS server doesn't respond soon enough for my remote code to catch the response so the remote code doesn't get the ticket number and retries later on. But then CAS says "he i know you i already have a ticket for you" which results in:
DEBUG [org.apereo.cas.ticket.expiration.MultiTimeUseOrTimeoutExpirationPolicy] - <Ticket usage count [1] is greater than or equal to [1]. Ticket has expired>
infinity202
@infinity202
It seems that it isn't related to the slowness of the CAS service. I tried the undertow version and it is a lot faster but doesn't resolve the problem. In stead it makes it a little more clear where the problem occurs.
I use the REST function of CAS and took the code from https://apereo.github.io/cas/6.0.x/protocol/REST-Protocol.html#cas-rest-clients
What i see what happens is the following:
  1. line 36: credentials.getUserProfile(); // talks to CAS and CAS creates a TGT Ticket
  2. line 38: client.requestServiceTicket(serviceUrl, profile, webContext); //requests the ST ticket by sending the TGT ticket
  3. line 40: client.validateServiceTicket(serviceUrl, casCredentials, webContext); resends a request with the same combination of credentials.
    CAS thinks it needs to create a ticket, which results in the same ticket number, which results in a duplicate detection, which results in a destroy of the service (ST) ticket.
    when later on you try to verify the ST ticket it is destroyed and you need to login again. In reality you have been logged in for at most 3 seconds....
for me the problem is that line 38: requestServiceTicket gives my ONLY the ticket number ST. I need to know which personRoles the user has, so i need to do validateServiceTicket too. This gives me the result i need, but effectively destroys the corresponding Ticket ;-(
Pavlos Drandakis
@pdrados
Hi all,
I am using CAS 6.1.x and when accessing actuator/discoveryProfile endpoint, the response seems to be xml, instead of json. Testing with an older version ( 5.3.x ), the response is json, just as stated in documentation. Has anyone else observed the same?
infinity202
@infinity202
How do you "talk" to CAS?
Depending on the request you can set the "accept" header to JSON or specify "&view=json"
Pavlos Drandakis
@pdrados
I am accessing /actuator/discoveryProfile by browser, so it is a GET request. This endpoint, according to documentation, should return a json representation of the CAS configuration and capabilities, so I shouldn't have to add "&view=json"
I have tried, though, adding "&view=json" but nothing changed
Pavlos Drandakis
@pdrados
Accessing, the same way, a 5.3.x instance, a json representation of CAS configuration is returned
infinity202
@infinity202
hmm i use 6.2 and i do get a json formatted response
wait, i see i gave you the wrong hint. sorry! in stead of "&view=json" try "&format=json"
Pavlos Drandakis
@pdrados
Thanks for the hint. I 've just build a new war, based on 6.2.0 (war overlay method) and I still get the same error, so it must be something with my environment or with the modules that I include.
I forgot to mention that I deploy cas.war to an external (tomcat) servlet container
infinity202
@infinity202
i think i cant help any further. I am using the REST function myself and i have CAS running in a standalone debug mode. I am "talking" to CAS from a second webserver over the REST function. But after hours of debugging i discovered that it's better to use plain POST and GET methods to talk to the RESt
Pavlos Drandakis
@pdrados
I see now that in the logs there is the following line:WARN [org.springframework.http.converter.json.Jackson2ObjectMapperBuilder] - <For Jackson Kotlin classes support please add "com.fasterxml.jackso n.module:jackson-module-kotlin" to the classpath>
infinity202
@infinity202
ah, that looks to me as if you need to find the corresponding jackson JAR and put it in the Tomcat lib directory
Pavlos Drandakis
@pdrados
Yes, that's what I thought also. Could you please confirm, that you have this jar in your classpath?
infinity202
@infinity202
I am starting the CAS server still just from running ./gradlew run and i am using the undertow engine.
i didn't alter any pom or other file. So it should be working out of the box
i guess....

`
/opt/cas-overlay-template/build/overlays/bootWar/cas/WEB-INF/lib/jackson-annotations-2.10.1.jar
/opt/cas-overlay-template/build/overlays/bootWar/cas/WEB-INF/lib/jackson-core-2.10.1.jar
/opt/cas-overlay-template/build/overlays/bootWar/cas/WEB-INF/lib/jackson-databind-2.10.1.jar
/opt/cas-overlay-template/build/overlays/bootWar/cas/WEB-INF/lib/jackson-dataformat-xml-2.10.1.jar
/opt/cas-overlay-template/build/overlays/bootWar/cas/WEB-INF/lib/jackson-dataformat-yaml-2.10.1.jar
/opt/cas-overlay-template/build/overlays/bootWar/cas/WEB-INF/lib/jackson-datatype-guava-2.10.1.jar
/opt/cas-overlay-template/build/overlays/bootWar/cas/WEB-INF/lib/jackson-datatype-jdk8-2.10.0.jar
/opt/cas-overlay-template/build/overlays/bootWar/cas/WEB-INF/lib/jackson-datatype-jsr310-2.10.1.jar
/opt/cas-overlay-template/build/overlays/bootWar/cas/WEB-INF/lib/jackson-jaxrs-base-2.10.1.jar
/opt/cas-overlay-template/build/overlays/bootWar/cas/WEB-INF/lib/jackson-jaxrs-json-provider-2.10.1.jar
/opt/cas-overlay-template/build/overlays/bootWar/cas/WEB-INF/lib/jackson-module-jaxb-annotations-2.10.1.jar
/opt/cas-overlay-template/build/overlays/bootWar/cas/WEB-INF/lib/jackson-module-parameter-names-2.10.0.jar

`

find ./ -name '*.jar' | grep json
./build/overlays/bootWar/cas/WEB-INF/lib/groovy-json-3.0.0-rc-1.jar
./build/overlays/bootWar/cas/WEB-INF/lib/hjson-3.0.0.jar
./build/overlays/bootWar/cas/WEB-INF/lib/jackson-jaxrs-json-provider-2.10.1.jar
./build/overlays/bootWar/cas/WEB-INF/lib/json-20160810.jar
./build/overlays/bootWar/cas/WEB-INF/lib/json-smart-2.3.jar
./build/overlays/bootWar/cas/WEB-INF/lib/spring-boot-starter-json-2.2.1.RELEASE.jar
Pavlos Drandakis
@pdrados
I have the same jackson jars (and some more)
infinity202
@infinity202
are they the same version ?
i have experienced that mixing up different versions can lead to errors
Pavlos Drandakis
@pdrados
./jackson-dataformat-smile-2.9.9.jar
./jackson-datatype-jsr310-2.10.1.jar
./jackson-annotations-2.10.1.jar
./jackson-jaxrs-json-provider-2.10.1.jar
./jackson-core-2.10.1.jar
./jackson-module-parameter-names-2.10.0.jar
./jackson-databind-2.10.1.jar
./jackson-module-jaxb-annotations-2.10.1.jar
./jackson-dataformat-cbor-2.6.7.jar
./jackson-jaxrs-base-2.10.1.jar
./jackson-datatype-jdk8-2.10.0.jar
./jackson-datatype-guava-2.10.1.jar
./jackson-dataformat-xml-2.10.1.jar
./jackson-dataformat-yaml-2.10.1.jar
./javax.json-api-1.0.jar
./groovy-json-3.0.0-rc-1.jar
./hjson-3.0.0.jar
./jackson-jaxrs-json-provider-2.10.1.jar
./spring-boot-starter-json-2.2.1.RELEASE.jar
./json-20160810.jar
./json-smart-2.3.jar
./cxf-rt-rs-json-basic-3.3.4.jar
./javax.json-1.0.4.jar
infinity202
@infinity202
But i'm into the woods where to find the corresponding JAR file. I always do try and error
Pavlos Drandakis
@pdrados
Ok, thanks! I will investigate it some more...
I really appreciate your help
Thank you
infinity202
@infinity202
I wish i had the knowledge to really help.
I woudl suggest you to remove the last jar file https://mvnrepository.com/artifact/org.glassfish/javax.json/1.0.4 seems to be an outdated version from 2013.
and it isn't on my system
I had something too when i used a couple of outdated jars in combination with the new spring jars. I resulted in strange errors when i tried HTTP GET and POST functions
Pavlos Drandakis
@pdrados
I just did it but I still get the same error
I will remove every jar that it's not on your list
and see what happens ...
that's the full list of the jars inside my apereo installment.