I still get the static login from ./bulid.sh run. It seems to generate a
bunch of keys which should have already been set in my cas.properties file
which leads me to think at least part of the problem is with that.
The file is in /etc/cas/config/cas.properties (seems to be a new location
from the former /etc/cas/cas.properties). The file (and folders) are owned
by root:root, but the are all world readable.
If nothing rings a bell in any of that, could you put the exact overlay
template you are using with database authentication online somewhere, and
I'll try pulling that in? (Of course, I'll have to change the database,
but even if I didn't if I can get to an error with the database connection
that would be progress.)
Also, thanks so much for your help! I try to keep detailed notes so I'll
post my full install guide for Ubuntu 16.04 when I get it running and
hopefully that will help others.
Here is my output:
__ ____ _ ____ __
/ / / ___| / \ / ___| \ \
| | | | / _ \ \___ \ | |
| | | |___ / ___ \ ___) | | |
| | \____|/_/ \_\|____/ | |
\_\ /_/
CAS Version: 5.0.0.RC1-SNAPSHOT
Build Date/Time: 2016-08-03T21:18:38Z
Java Home: /usr/lib/jvm/java-8-openjdk-amd64/jre
Java Vendor: Oracle Corporation
Java Version: 1.8.0_91
OS Architecture: amd64
OS Name: Linux
OS Version: 4.4.0-21-generic
2016-08-03 17:19:09,728 INFO [org.apereo.cas.web.CasWebApplication] - <The
following profiles are active: native>
2016-08-03 17:20:17,567 INFO
[org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 0 services
from InMemoryServiceRegistryDaoImpl.>
2016-08-03 17:21:09,669 WARN
[org.apereo.cas.WebflowConversationStateCipherExecutor] - <Secret key for
signing is not defined. CAS will attempt to auto-generate the signing key>
2016-08-03 17:21:09,738 WARN
[org.apereo.cas.WebflowConversationStateCipherExecutor] - <Generated
signing key
rIH_jLu8goRjqDI7nhatbyZiUGXHBcDxPmTQzPY9EoueP6ZicsQ77qnXkS1txOaDQinVQ7AWjBAV0leD9iE7TA
of size 512. The generated key MUST be added to CAS settings.>
2016-08-03 17:21:09,739 WARN
[org.apereo.cas.WebflowConversationStateCipherExecutor] - <No encryption
key is defined. CAS will attempt to auto-generate keys>
2016-08-03 17:21:09,740 WARN
[org.apereo.cas.WebflowConversationStateCipherExecutor] - <Generated
encryption key YlXiwAUdrcsYlUjG of size 16. The generated key MUST be added
to CAS settings.>
2016-08-03 17:21:10,808 WARN
[org.apereo.cas.config.CasSecurityContextConfiguration] - <>
2016-08-03 17:21:10,825 WARN
[org.apereo.cas.config.CasSecurityContextConfiguration] - <
____ _____ ___ ____ _
/ ___| |_ _| / _ \ | _ \ | |
\___ \ | | | | | || |_) || |
___) | | | | |_| || __/ |_|
|____/ |_| \___/ |_| (_)
CAS is configured to accept a static list of credentials for
authentication. While this is generally useful for demo purposes, it is
STRONGLY recommended that you DISABLE this authentication method (by
REMOVING 'cas.authn.accept.users' from your configuration) and switch to a
mode that is more suitable for production.
>
2016-08-03 17:21:10,831 WARN
[org.apereo.cas.config.CasSecurityContextConfiguration] - <>
2016-08-03 17:21:22,793 WARN
[org.apereo.cas.services.InMemoryServiceRegistryDaoImpl] - <Runtime memory
is used as the persistence storage for retrieving and persisting service
definitions. Changes that are made to service definitions during runtime
will be LOST upon container restarts.>
2016-08-03 17:21:22,811 WARN
[org.apereo.cas.services.InMemoryServiceRegistryDaoImpl] - <Runtime memory
is used as the persistence storage for retrieving and persisting service
definitions. Changes that are made to service definitions during runtime
will be LOST upon container restarts.>
2016-08-03 17:21:22,827 INFO
[org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services
from InMemoryServiceRegistryDaoImpl.>
2016-08-03 17:22:04,182 INFO
[org.apereo.cas.configuration.CasConfigurationRebinder] - <Reloading CAS
configuration via
cas-org.apereo.cas.configuration.CasConfigurationProperties>
2016-08-03 17:22:04,653 INFO
[org.apereo.cas.configuration.CasConfigurationRebinder] - <Reloaded CAS
configuration cas-org.apereo.cas.configuration.CasConfigurationProperties>
2016-08-03 17:22:11,319 INFO [org.apereo.cas.web.CasWebApplication] - <The
following profiles are active: native>
2016-08-03 17:22:12,953 INFO [org.apereo.cas.web.CasWebApplication] -
<Started CasWebApplication in 6.475 seconds (JVM running for 208.508)>
2016-08-03 17:22:13,694 WARN
[org.apereo.cas.util.TicketGrantingCookieCipherExecutor] - <Secret key for
encryption is not defined. CAS will attempt to auto-generate the encryption
key>
2016-08-03 17:22:13,695 WARN
[org.apereo.cas.util.TicketGrantingCookieCipherExecutor] - <Generated
encryption key ufXZRKBro-62lLFa79hlFrx94V2BTZHeRdpqY1iydgQ of size 256. The
generated key MUST be added to CAS settings.>
2016-08-03 17:22:13,696 WARN
[org.apereo.cas.util.TicketGrantingCookieCipherExecutor] - <Secret key for
signing is not defined. CAS will attempt to auto-generate the signing key>
2016-08-03 17:22:13,696 WARN
[org.apereo.cas.util.TicketGrantingCookieCipherExecutor] - <Generated
signing key
IeXJFidypAEpbWuUCpaEJh3c6Ghi9_eAhQs_6mUTFWUSmiVv137Fimp2HVdRVPnbT2HynF7gvJGbBYirLrON_w
of size 512. The generated key MUST be added to CAS settings.>
2016-08-03 17:22:14,152 INFO [org.apereo.cas.configuration.support.Beans] -
<Ticket registry encryption/signing is turned off. This may NOT be safe in
a clustered production environment. Consider using other choices to handle
encryption, signing and verification of ticket registry tickets.>
2016-08-03 17:22:18,770 INFO [org.apereo.cas.web.CasWebApplication] -
<Started CasWebApplication in 207.005 seconds (JVM running for 214.325)>
2016-08-03 17:22:27,505 INFO
[org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter]
- <Beginning audit cleanup...>
2016-08-03 17:22:37,505 INFO
[org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services
from InMemoryServiceRegistryDaoImpl.>
2016-08-03 17:22:37,539 INFO
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Beginning
ticket cleanup...>
2016-08-03 17:22:37,546 INFO
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <0 expired
tickets removed.>
2016-08-03 17:22:37,546 INFO
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Finished
ticket cleanup.>
2016-08-03 17:22:47,506 INFO
[org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter]
- <Beginning audit cleanup...>
2016-08-03 17:23:07,507 INFO
[org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter]
- <Beginning audit cleanup...>
Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< -
expected >JDWP-Handshake<
Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< -
expected >JDWP-Handshake<
Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< -
expected >JDWP-Handshake<
Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< -
expected >JDWP-Handshake<
Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< -
expected >JDWP-Handshake<
Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< -
expected >JDWP-Handshake<
Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< -
expected >JDWP-Handshake<
Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< -
expected >JDWP-Handshake<
Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< -
expected >JDWP-Handshake<
Debugger failed to attach: handshake failed - received >GET / HTTP/1.1< -
expected >JDWP-Handshake<
2016-08-03 17:23:27,507 INFO
[org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter]
- <Beginning audit cleanup...>
2016-08-03 17:23:37,505 INFO
[org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services
from InMemoryServiceRegistryDaoImpl.>
2016-08-03 17:23:37,554 INFO
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Beginning
ticket cleanup...>
2016-08-03 17:23:37,555 INFO
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <0 expired
tickets removed.>
2016-08-03 17:23:37,555 INFO
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <Finished
ticket cleanup.>
2016-08-03 17:23:43,749 INFO
[org.apereo.cas.web.flow.InitialFlowSetupAction] - <Setting path for
cookies for warn cookie generator to: /cas/ >
2016-08-03 17:23:43,758 INFO
[org.apereo.cas.web.flow.InitialFlowSetupAction] - <Setting path for
cookies for TGC cookie generator to: /cas/ >
2016-08-03 17:23:47,508 INFO
[org.apereo.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter]
- <Beginning audit cleanup...>
2016-08-03 17:23:57,560 INFO
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<AcceptUsersAuthenticationHandler failed authenticating lklingman112>
2016-08-03 17:23:57,561 WARN
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<Authentication has failed. Credentials may be incorrect or CAS cannot find
authentication handler that supports [lklingman112] of type
[UsernamePasswordCredential], which suggests a configuration problem.>
2016-08-03 17:23:57,576 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
On Wednesday, August 3, 2016 at 4:56:35 PM UTC-4, Misagh Moayyed wrote:
>
> Cant duplicate. I’ll blame permissions, or tomcat. What happens when you
> run "./build.sh run”?
>
> --
> Misagh
>
> From: Loren Klingman <[email protected]> <javascript:>
> Reply: Loren Klingman <[email protected]> <javascript:>
> Date: August 3, 2016 at 1:13:05 PM
> To: CAS Community <[email protected]> <javascript:>
> Cc: [email protected] <javascript:> <[email protected]> <javascript:>
> Subject: Re: [cas-user] CAS 5 Connect to JDBC for Authentication
>
> Reposting because I failed to post the last reply publically.
>
> Thanks, I've changed the cas.properties file as you requested. That line
> is actually exactly out of the overlay template on github (
> https://github.com/apereo/cas-overlay-template/blob/5.0/etc/cas/config/cas.properties)
>
> so if it's wrong it probably needs to be updated there also.
>
> My log4j2.xml should be an exact copy from the 5.0 branch of the overlay
> template, but I'm attaching it here just in case I changed something by
> mistake.
>
> Since I don't want to push database passwords up, I did not push up any
> changes to cas.properties to the overlay (which means it's actually exactly
> the same as the master one) but for good measure and in case I need it for
> future testing, I did push up what I'm using (the 5.0 branch):
> https://github.com/loren138/cas-overlay-test
>
> For deployment, I'm using the following commands to build and then send
> the war file over to tomcat8:
>
> sudo ./build.sh package
>
>
> sudo service tomcat8 stop && sudo rm -rf /var/lib/tomcat8/webapps/ROOT &&
> sudo cp ./target/cas.war /var/lib/tomcat8/webapps/ROOT.war && sudo service
> tomcat8 start
>
>
>
>
> Loren Klingman
>
>
> On Wednesday, August 3, 2016 at 3:40:49 PM UTC-4, Misagh Moayyed wrote:
>>
>> And, this:
>>
>> logging.config: file:/etc/cas/config/log4j2.xml
>>
>>
>> Probably should be:
>>
>> logging.config=file:/etc/cas/config/log4j2.xml
>>
>>
>> And you want to make sure that file exists. If it does, please share that
>> too.
>>
>> --
>> Misagh
>>
>> From: Misagh Moayyed <[email protected]>
>> Reply: Misagh Moayyed <[email protected]>
>> Date: August 3, 2016 at 12:36:10 PM
>> To: CAS Community <[email protected]>
>> Subject: Re: [cas-user] CAS 5 Connect to JDBC for Authentication
>>
>> Got an overlay you can share?
>>
>> --
>> Misagh
>>
>> From: Loren Klingman <[email protected]>
>> Reply: Loren Klingman <[email protected]>
>> Date: August 3, 2016 at 12:27:18 PM
>> To: CAS Community <[email protected]>
>> Subject: [cas-user] CAS 5 Connect to JDBC for Authentication
>>
>> I'm excited to start working with CAS 5 and setup all in the config file,
>> but I'm having issues getting switched over to auth in the database. (IE
>> casuser/Mellon is still the only login that works to login.)
>>
>> I've been trying to work slowly changing only what I need to at the time
>> so I don't think I've changed any other files other than cas.properties
>> (copied in below), but please let me know if some other file would be
>> useful to include.
>>
>> I'm seeing this error in catalina.out which may be related:
>> 2016-08-03 15:18:40,206 Log4j2-AsyncLoggerConfig-14 ERROR An exception
>> occurred processing Appender casAudit java.lang.NullPointerException
>> at org.apereo.cas.logging.CasAppender.append(CasAppender.java:85)
>> at
>> org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:155)
>> at
>> org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:128)
>> at
>> org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:119)
>> at
>> org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:84)
>> at
>> org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:390)
>> at
>> org.apache.logging.log4j.core.async.AsyncLoggerConfig.asyncCallAppenders(AsyncLoggerConfig.java:113)
>> at
>> org.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor$Log4jEventWrapperHandler.onEvent(AsyncLoggerConfigDisruptor.java:111)
>> at
>> org.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor$Log4jEventWrapperHandler.onEvent(AsyncLoggerConfigDisruptor.java:97)
>> at
>> com.lmax.disruptor.BatchEventProcessor.run(BatchEventProcessor.java:129)
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> at java.lang.Thread.run(Thread.java:745)
>>
>> I haven't found any CAS log files yet (looking in /var/log/cas where they
>> used to be) so let me know if I should be looking somewhere new for those).
>>
>> Here is my cas.properties file:
>>
>> cas.server.name: https://webdev-g.sbts.edu
>> cas.server.prefix: https://webdev-g.sbts.edu/cas
>>
>>
>> cas.adminPagesSecurity.ip=(10)(\.(241|244|245|247|99))(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2}
>>
>> # 8 hours - negative value = never expires
>> cas.ticket.tgt.maxTimeToLiveInSeconds=28800
>> # 40 minutes (Set to a negative value to never expire tickets)
>> cas.ticket.tgt.timeToKillInSeconds=2400
>>
>> ##
>> # CAS SSO Cookie Generation & Security
>> # See https://github.com/mitreid-connect/json-web-key-generator
>> #
>> # Do note that the following settings MUST be generated per deployment.
>> #
>> # Defaults at spring-configuration/ticketGrantingTicketCookieGenerator.xml
>> # The encryption secret key. By default, must be a octet string of size
>> 256.
>> tgc.encryption.key=stuff...
>> # The signing secret key. By default, must be a octet string of size 512.
>> tgc.signing.key=stuf...
>>
>> ##
>> # Service Ticket Timeout
>> # Default sourced from
>> WEB-INF/spring-configuration/ticketExpirationPolices.xml
>> #
>> # Service Ticket timeout - typically kept short as a control against
>> replay attacks, default is 10s. You'll want to
>> # increase this timeout if you are manually testing service ticket
>> creation/validation via tamperdata or similar tools
>> cas.ticket.st.timeToKillInSeconds=45
>> cas.ticket.st.numberOfUses=1
>>
>>
>> cas.googleAnalytics.googleAnalyticsTrackingId=UA-801923423-2
>>
>> cas.slo.disabled=true
>> # cas.slo.asynchronous=true
>>
>> logging.config: file:/etc/cas/config/log4j2.xml
>>
>> ##
>> # CAS Logout Behavior
>> # WEB-INF/cas-servlet.xml
>> #
>> # Specify whether CAS should redirect to the specified service parameter
>> on /logout requests
>> cas.logout.followServiceRedirects=true
>> # cas.serviceRegistry.config.location: classpath:/services
>>
>> # Authentication
>>
>> # Throttle - I honestly have no idea what units these things are in...
>> May the docs are better by now...
>> #
>> https://apereo.github.io/cas/development/installation/Configuration-Properties.html#authentication-throttling
>> cas.authn.throttle.usernameParameter=username
>> cas.authn.throttle.startDelay=10000
>> cas.authn.throttle.repeatInterval=20000
>> cas.authn.throttle.appcode=CAS
>>
>> cas.authn.throttle.failure.threshold=100
>> cas.authn.throttle.failure.code=AUTHENTICATION_FAILED
>> cas.authn.throttle.failure.rangeSeconds=60
>>
>> cas.authn.jdbc.search[0].fieldUser=username
>> cas.authn.jdbc.search[0].tableUsers=users
>> cas.authn.jdbc.search[0].fieldPassword=passwordsha1
>> cas.authn.jdbc.search[0].healthQuery=SELECT 1
>> cas.authn.jdbc.search[0].isolateInternalQueries=false
>> cas.authn.jdbc.search[0].url=jdbc:sqlserver://oeuoue;databaseName=qjkrcg
>> cas.authn.jdbc.search[0].failFast=true
>> cas.authn.jdbc.search[0].isolationLevelName=ISOLATION_READ_COMMITTED
>>
>> cas.authn.jdbc.search[0].dialect=org.hibernate.dialect.SQLServer2008Dialect
>> cas.authn.jdbc.search[0].leakThreshold=10
>> cas.authn.jdbc.search[0].propagationBehaviorName=PROPAGATION_REQUIRED
>> cas.authn.jdbc.search[0].batchSize=1
>> cas.authn.jdbc.search[0].user=CAS_User
>> cas.authn.jdbc.search[0].ddlAuto=validate
>> cas.authn.jdbc.search[0].maxAgeDays=180
>> cas.authn.jdbc.search[0].password=ououeo
>> cas.authn.jdbc.search[0].autocommit=false
>>
>> cas.authn.jdbc.search[0].driverClass=com.microsoft.sqlserver.jdbc.SQLServerDriver
>> cas.authn.jdbc.search[0].idleTimeout=5000
>>
>> cas.authn.jdbc.search[0].passwordEncoder.type=STANDARD
>> cas.authn.jdbc.search[0].passwordEncoder.characterEncoding=UTF-8
>> cas.authn.jdbc.search[0].passwordEncoder.encodingAlgorithm=SHA1
>> cas.authn.jdbc.search[0].passwordEncoder.secret=
>> cas.authn.jdbc.search[0].passwordEncoder.strength=16
>>
>> cas.authn.jdbc.bind[0].principalTransformation.suffix=
>> cas.authn.jdbc.bind[0].principalTransformation.caseConversion=LOWERCASE
>> cas.authn.jdbc.bind[0].principalTransformation.prefix=
>> --
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To post to this group, send email to [email protected].
>> Visit this group at
>> https://groups.google.com/a/apereo.org/group/cas-user/.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3179fbe9-67cc-4944-b8a1-e32519b7621e%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3179fbe9-67cc-4944-b8a1-e32519b7621e%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
>>
>>
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/448e90ff-5edf-4c5b-a64e-afc6496f970e%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
