I'm using https on all files, as can be seen below
Do you have any records that I can see if the service registry is working
properly?
CASServiceManagement-1517578442.json
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^https://scna-cas.cna.org.br/cas-management(\\z|/.*)",
"name" : "CAS Services Management",
"id" : 1517578442,
"description" : "CAS services management webapp",
"evaluationOrder" : 5500
}
CASAdminDashboard-1517507674.json
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" :
"^https://scna-cas.cna.org.br/cas/status/dashboard(\\z|/.*)",
"name" : "CAS Admin Dashboard",
"id" : 1517507674,
"description" : "CAS dashboard and administrative endpoints",
"evaluationOrder" : 5000
}
Em sexta-feira, 2 de fevereiro de 2018 12:37:10 UTC-2, David Curry escreveu:
>
> The dashboard and cas-management are two completely different things; I
> suggest focusing on one at a time.
>
> If you're getting ERR_CONNECTION_REFUSED, that means there is nothing
> listening on the server/port you're trying to connect to.
>
> Are you using HTTPS or HTTP?
>
> The config file you posted before had "http", but your service registry
> has "https". You need to be using the same thing everywhere, and then
> connecting to the right port.
>
> --Dave
>
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • [email protected] <javascript:>
>
> [image: The New School]
>
> On Fri, Feb 2, 2018 at 9:32 AM, Carlos Eduardo Santos <
> [email protected] <javascript:>> wrote:
>
>> Hi David,
>> I can only have the / status /
>> now the dashboard and cas-management are giving error
>> "ERR_CONNECTION_REFUSED" I have the firewalld disabled and SELINUX tbm so I
>> have no problem with that.
>> I can not identify where the mistake is.
>> - cas-management.log is not registering anything.
>> - The admusers.properties file is with the 2 users below.
>> gnarls = passwordnotused, ROLE_ADMIN
>> carlos.alves = passwordnotused, ROLE_ADMIN
>> - The CASAdminDashboard-1517507674.json service is as described below.
>> "@class": "org.apereo.cas.services.RegexRegisteredService",
>> "serviceId": "^ https: //scna-cas.cna.org.br/cas/status/dashboard (\\
>> z | /.*)",
>> "name": "CAS Admin Dashboard",
>> "id": 1517507674,
>> "description": "CAS dashboard and administrative endpoints",
>> "evaluationOrder": 5000
>>
>>
>>
>> Em sexta-feira, 2 de fevereiro de 2018 11:30:27 UTC-2, David Curry
>> escreveu:
>>
>>> Carlos,
>>>
>>> The only mistake I see here is that on the second line,
>>> cas.server.prefix should be getting set to ${cas.server.name}/cas, not
>>> ${server.name}/cas.
>>>
>>> As for the adminPages configuration, based on what you've provided, you
>>> should be able to access
>>>
>>> http[s]://your.cas.server/cas/status
>>>
>>>
>>> from any IP address in 10.1.3.0/24 or from 10.1.0.10, or from
>>> 10.1.0.20. You should be able to do this using either a web browser or even
>>> just curl, without any further authentication required, and get a small
>>> plain-text page back that contains the server status, version, etc. The
>>> result should look something like this:
>>>
>>> % curl https://casdev.newschoool.edu/cas/status
>>>
>>> Health: OK
>>>
>>> 1.SessionMonitor: OK - 1 sessions. 0 service tickets.
>>>
>>> 2.MemoryMonitor: OK - 1452.29MB free (79.77%), 368.32MB used, 1820.61MB
>>> total.
>>>
>>> Host: casdev-srv01
>>> Server: https://casdev.newschool.edu
>>> Version: 5.2.2
>>>
>>>
>>> Does that part work? If so, move on to the next part. If not, set <Property
>>> name="cas.log.level" >*debug*</Property> near the top of log4j2.xml,
>>> restart the server, and check cas.log.
>>>
>>> If the above is working, then you should also be able to access
>>>
>>> http[s]://your.cas.server/cas/status/dashboard
>>>
>>>
>>> and have the CAS login page appear. Don't forget that in order for this
>>> to work, you need to create an entry in the service registry for the
>>> dashboard URL:
>>>
>>> "serviceId" : "^https://your.cas.server/cas/status/dashboard(\\z|/.*)",
>>>
>>>
>>>
>>> Does that part work? If so, move on to the next part. If not, it's
>>> probably a service registry problem.
>>>
>>> If the above is working, then you should authenticate to the CAS server
>>> as a user you've listed in admusers.properties. This file should have
>>> lines like
>>>
>>> username=passwordnotused,ROLE_ADMIN
>>>
>>>
>>> Where username is the user's LDAP user name (sAMAccountName in your
>>> setup). The user should use his/her LDAP password.
>>>
>>> Does that part work? If not, check the debug logs, or report back here
>>> with the error message(s) you're seeing.
>>>
>>> Good luck,
>>> --Dave
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> DAVID A. CURRY, CISSP
>>> *DIRECTOR OF INFORMATION SECURITY*
>>> INFORMATION TECHNOLOGY
>>>
>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
>>> +1 212 229-5300 x4728 • [email protected]
>>>
>>> [image: The New School]
>>>
>>> On Fri, Feb 2, 2018 at 7:54 AM, Carlos Eduardo Santos <
>>> [email protected]> wrote:
>>>
>>>> / status / dashborad - Page not found.
>>>> Hello everyone, I have been trying to configure the CAS server for a
>>>> few days (following all the information from "the new school"). The
>>>> information is very clear, but I could not access anything ahead of /
>>>> status /.
>>>> To the status page I can visualize the dashboard, for example, nothing.
>>>> Below the configuration of cas.properties
>>>>
>>>> cas.server.name = http: // xxxxxxxxxxxxxx
>>>> cas.server.prefix = $ {server.name} / cas
>>>> cas.tgc.secure = true
>>>> cas.tgc.encryptionKey = DCETkZ33-A7TETvjgZ24J_o2xQkyQxc0FCFa725ubnY
>>>> cas.tgc.signingKey =
>>>> 8y-RtN0Ny3VF9DAkNQPvIeXXkHtTetFu9bEcG5G7F95ckmSdvE9ZdMSbVCRvBEmwJv_Bbr7wBIfsCrXdo-IytQ
>>>> cas.webflow.crypto.signing.key =
>>>> J4qjH74TlZY5Ic6GTnblZbwKN4Ye1mBuMEr-a3_DNpakNbmkX0LUmXGQ30oetbf8N_dNXsG_rdjWyXUOen1mEA
>>>> cas.webflow.crypto.encryption.key = dE1URfP5K6nvFtnUgBppQw ==
>>>> cas.authn.accept.users =
>>>> logging.config = file: /etc/cas/config/log4j2.xml
>>>> cas.serviceRegistry.config.location = file: / etc / cas / services
>>>> cas.authn.accept.users =
>>>> cas.authn.ldap [0] .order = 0
>>>> cas.authn.ldap [0] .name = Active Directory
>>>> cas.authn.ldap [0] .type = AUTHENTICATED
>>>> cas.authn.ldap [0] .ldapUrl = ldap: //10.1.0.48:389
>>>> cas.authn.ldap [0] .userFilter = sAMAccountName = {user}
>>>> cas.authn.ldap [0] .useSsl = false
>>>> cas.authn.ldap [0] .baseDn = OU = CNANET, DC = cna, DC = org, DC = br
>>>> cas.authn.ldap [0] .dnFormat = uid =% s, ou = people, dc = example, dc
>>>> = org
>>>> cas.authn.ldap [0] .subtreeSearch = true
>>>> cas.authn.ldap [0] .bindDn = cn = xxxxx, cn = Users, dc = xxx, dc =
>>>> org, dc = br
>>>> cas.authn.ldap [0] .bindCredential = xxxxxxx
>>>> cas.adminPagesSecurity.actuatorEndpointsEnabled = true
>>>> cas.monitor.endpoints.enabled = true
>>>> endpoints.enabled = true
>>>> cas.adminPagesSecurity.ip = ^ 10 \\. 1 \\. (3 \\. [0-9] {1,3} | 0 \\.
>>>> [12] 0) $
>>>> cas.monitor.endpoints.sensitive = false
>>>> endpoints.sensitive = false
>>>> cas.adminPagesSecurity.loginUrl = $ {cas.server.prefix} / login
>>>> cas.adminPagesSecurity.service = $ {cas.server.prefix} / status /
>>>> dashboard
>>>> cas.adminPagesSecurity.users = file: /etc/cas/config/admusers.properties
>>>> cas.adminPagesSecurity.adminRoles [0] = ROLE_ADMIN
>>>> ##############
>>>> I'm trying to free cas.adminPagesSecurity.ip for the 10.1.3.0/24
>>>> network. but I do not know if that's the right way.
>>>> I've tried to follow another topic that talks about it but without
>>>> success.
>>>> Please, can someone help me !!!
>>>> Thank you.
>>>>
>>>> --
>>>> - Website: https://apereo.github.io/cas
>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>> - Contributions: https://goo.gl/mh7qDG
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/aeed34f4-003b-45ed-9221-264c6f45ea04%40apereo.org
>>>>
>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/aeed34f4-003b-45ed-9221-264c6f45ea04%40apereo.org?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>
>>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a015990e-68d9-4477-992b-fc2d2c19040d%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/a015990e-68d9-4477-992b-fc2d2c19040d%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/67740b15-321a-4baf-b2ad-1f981c399c0d%40apereo.org.
