management.endpoints.web.exposure.include=info,health,status,scheduledtasks,refresh,metrics,prometheus,configprops
management.endpoint.prometheus.enabled=true
cas.monitor.endpoints.endpoint.prometheus.access=ANONYMOUS
But when I go to /actuator I do not see the prometheus one, and /actuator/prometheus return me 404.
Do someone can give me working configuration to get prometheus work? Thanks.
Hi All,
hi, i did do a authentication with CAS with SAML, but the application that use CAS as IDP stay in a jboss and jboss have the libs that comunicate with my CAS.
how i did to work its put the saml libs in pom.xml of CAS, after this i created the service SAML in serviceRegistry configuration and created a xml with idp-metadata.
Hi All,
I have a problem when use new cas overlay version. the problem is after build. i built cas.war without any problem with ldap support. I define ldapUrl, bindDn, bindCredential.
when i try to start tomcat, it fails. it try to initialize ldap. and try to connect to ldap server defined on cas config. but suddenly switch to localhost:389. I am confused. After 3 weeks i can't solve it.
I ask a question in below link on Google group:
https://groups.google.com/a/apereo.org/g/cas-user/c/bHCtF4XNUvw
Logs and config file can be seen in that link. please help me.
Hi All,
I have a problem when use new cas overlay version. the problem is after build. i built cas.war without any problem with ldap support. I define ldapUrl, bindDn, bindCredential.
when i try to start tomcat, it fails. it try to initialize ldap. and try to connect to ldap server defined on cas config. but suddenly switch to localhost:389. I am confused. After 3 weeks i can't solve it.
I ask a question in below link on Google group:
https://groups.google.com/a/apereo.org/g/cas-user/c/bHCtF4XNUvwLogs and config file can be seen in that link. please help me.
and i have experience for more than 7 years on CAS from version 3.5
I think i added cas-server-support-ldap-service-registry as dependency. and i don't have any configuration parameter for that. maybe the problem caused for that!!! I will test again and send result here
The problem solved! with remove cas-server-support-ldap-service-registry from pom.xml. Thanks @asafe-eduardo
hi folks.
i using cas 6.1 and i wanna know if is possible configure 2 jdbc queries to authenticate ? and if is possible how i do it?
example: do my query to authenticate, if user dont exist try another different query
thanks in advance
my problem too has solved, i did do a bean overwrite of cas create my own authenticationHandler extending AbstractJdbcUsernamePasswordAuthenticationHandler and i can able to customize my login method.
2020-08-04 13:02:00,170 ERROR [org.springframework.scheduling.support.TaskUtils$LoggingErrorHandler] - <Unexpected error occurred in scheduled task>
java.lang.ClassCastException: Cannot cast com.sun.proxy.$Proxy218 to org.apereo.inspektr.common.Cleanable
at java.lang.Class.cast(Class.java:3606) ~[?:?]
at org.apereo.cas.audit.config.CasSupportJdbcAuditConfiguration$1.clean(CasSupportJdbcAuditConfiguration.java:139) ~[cas-server-support-audit-jdbc-6.2.1.jar!/:6.2.1]
at jdk.internal.reflect.GeneratedMethodAccessor219.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:84) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) ~[spring-context-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) ~[?:?]
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305) ~[?:?]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
at java.lang.Thread.run(Thread.java:834) [?:?]
2020-08-04 15:20:10,839 ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/].[dispatcherServlet]] - <Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@e23af91 in state 'delegatedAuthenticationAction' of flow 'login' -- action execution attributes were 'map[[empty]]'] with root cause>
Hello. I am trying to get to get Redis running with the Google Authenticator? I have my Redis Sentinel system up and running. I am able to write the registration records to Redis when clients register their MFA devices but on subsequent logins it does not seem to be pulling the registrations from Redis and goes back to the Device Registration QR code page? Any idea what I might be missing config wise? Here is what I have for my Redis config:
CAS v6.2.x
Not sure I need the regular redis.host settings but I have tried to put them in just to see if I got different results.
cas.authn.mfa.gauth.redis.host=redis.cas.svc.cluster.local cas.authn.mfa.gauth.redis.port=6379 cas.authn.mfa.gauth.redis.database=0 cas.authn.mfa.gauth.redis.read-from=MASTER cas.authn.mfa.gauth.redis.sentinel.master=mymaster cas.authn.mfa.gauth.redis.sentinel.node[0]=redis.cas.svc.cluster.local:26379
I just wanted to follow up on this in case someone else comes across this issue. I had configured persistence for storing MFA device registrations in Redis. I was able to write the values to the store but once my container restarted it would no longer read the values. I could see the read requests hit the DB for the key but, CAS would just throw me back to the device registration page like it was a new device. I also tried the local JSON file as well with the same results.
I could not get/find an answer anywhere and even found a person on here with the exact same issue. This morning I started troubleshooting again and after staring at the logs for a long time I noticed one thing in the log that soon became apparent. I was not specifying the following settings and allowed CAS to autogenerate them. After thinking about these settings for a minute it made sense to me:
cas.authn.mfa.gauth.crypto.encryption.key
cas.authn.mfa.gauth.crypto.signing.key
Since the keys would be the same upon restart CAS was able to decrypt the Device Registration keys it was storing in the DB. It would be nice if there was an error thrown in the logs or if the documentation indicated that the autogenerated keys could cause an issue like this. It could have saved me a substantial amount of time.
Hi All,
I am using cas version 5.2.9.
I have implemented password management through LDAP. Whenever I click on reset your password, a new screen is coming and it asks for providing a username.
Upon giving username,,a secure link will go to my mail for reset option.
But I want to break this flow. My requirement is , whenever a user enters his username ,security ques page should come and upon answering it I can change my password. I don't want any link in my mails for reset password.
Is this flow possible? Plzz guide.
Hi, I deployed CAS 6.3 on a local server and be able to login with default account casuser/Mellon. I tried to add a custom service to service registry but when I forward to CAS login page, it still throw Application Not Authorized to Use CAS error. I tried a few suggestions but nothing seems working. These are my configuration:
build.gradle
compile "org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"cas.properties
cas.server.name=https://'my-dormain-name':8443
cas.server.prefix=${cas.server.name}/cas
cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.json.location=file:/etc/cas/services-repo
logging.config=file:/etc/cas/config/log4j2.xml
server.ssl.enabled=true
server.ssl.keyStore=/etc/cas/thekeystore
server.ssl.keyStorePassword=changeit
server.ssl.keyPassword=changeitservice.json
{
@class: org.apereo.cas.services.RegexRegisteredService
serviceId: 'https://'my-hostname'/login/index.php?authCAS=CAS'
name: custom
id: 1596620416602
accessStrategy:
{
@class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
order: 0
enabled: true
ssoEnabled: true
delegatedAuthenticationPolicy:
{
@class: org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy
allowedProviders:
[
java.util.ArrayList
[]
]
permitUndefined: true
exclusive: false
}
requireAllAttributes: true
requiredAttributes:
{
@class: java.util.LinkedHashMap
}
rejectedAttributes:
{
@class: java.util.LinkedHashMap
}
caseInsensitive: false
}Please give me some advice
. Thank you all.
2020-08-08 05:07:47,866 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [1] service(s) from [JsonServiceRegistry].>
2020-08-08 05:08:37,876 WARN [org.apereo.cas.services.AbstractRegisteredService] - <Assigning a collection of required authentication handlers to a registered service is deprecated. This field is scheduled to be removed in the future. If you need to, consider defining an authentication policy for the registered service instead to specify required authentication handlers [[]]>
2020-08-08 05:08:37,877 WARN [org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] - <Unauthorized Service Access. Service [] is not found in service registry.>at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:651)
... 60 more
Caused by: java.lang.NoSuchFieldError: Companion
at okhttp3.internal.Util.<clinit>(Util.kt:72)
at okhttp3.internal.concurrent.TaskRunner.<clinit>(TaskRunner.kt:309)
at okhttp3.ConnectionPool.<init>(ConnectionPool.kt:41)
at okhttp3.ConnectionPool.<init>(ConnectionPool.kt:47)
at okhttp3.OkHttpClient$Builder.<init>(OkHttpClient.kt:471)
at org.springframework.cloud.commons.httpclient.HttpClientConfiguration$OkHttpClientConfiguration.okHttpClientBuilder(HttpClientConfiguration.java:77)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
... 61 more
Hi All,
I am using CAS version 5.2.3.
I have an issue for my application in IdP initiated scenario with Okta. It's working fine in SP initiated scenario.
I have four applications /app-a, /app-b, /app-c, /app-d and /cas is for SSO, where app-b, app-c, app-d Rest APIs are being called from app-a.
From Okta, I set the Single Sign on URL as: https://[server].com/cas/login?client_name=xyz
In the Default Relay State set as: https://[server].com/cas/login?service=https%3A%2F%2F[server].com%2Fapp-a%2Flogin%2Fcas%2F
After login to Okta, I see my app in the list, so when I click on that icon, it eventually load my /app-a in a separated browser tab (I saw from server log TGT and ST (Ticket) has been generated for /app-a) and then it's also generates the ST (Ticket) for app-b, app-c and app-d, which works fine as expected.
If I close the that browser tab and click the icon from Okta app list page again, it goes to /app-d instead of /app-a page and same things happens after all the time.
Is this something Relay State is NOT working as expected or I have to configure something from Okta or CAS pespective?
Please shed some light on this.
cas.authn.pm.jdbc.user=root
cas.authn.pm.jdbc.password=pwd
cas.authn.pm.jdbc.driver-class=com.mysql.jdbc.Driver
cas.authn.pm.jdbc.url=jdbc:mysql://ip:3306/qxgl?useUnicode=true&characterEncoding=utf-8&autoReconnect=true&zeroDateTimeBehavior=convertToNull&serverTimezone=Asia/Shanghai
cas.authn.pm.jdbc.password-encoder.type=NONE
cas.authn.pm.jdbc.password-encoder.character-encoding=utf-8
cas.authn.pm.jdbc.sql-security-questions=select question, answer from table where user=?
cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].password=pwd
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.jdbc.query[0].url=jdbc:mysql://ip:3306/test?useUnicode=true&characterEncoding=utf-8
cas.authn.jdbc.query[0].passwordEncoder.type=NONE
cas.authn.jdbc.query[0].name=user
cas.authn.jdbc.query[0].order=0
cas.authn.jdbc.query[0].sql=SELECT * FROM tb_user WHERE user=?
cas.authn.jdbc.query[0].fieldPassword=password
cas.authn.jdbc.query[0].fieldExpired=expired
cas.authn.jdbc.query[0].fieldDisabled=expired