Thank you for the quick reply. First I accessed via the browser https://cas.example.com/cas/status/discovery, then CAS directed to login. After successfully logging in, the results are like this: { "@class": "java.util.LinkedHashMap", "profile": { "@class": "org.apereo.cas.discovery.CasServerProfile", "registeredServiceTypes": { "@class": "java.util.HashMap", "CAS Client": "org.apereo.cas.services.RegexRegisteredService" }, "registeredServiceTypesSupported": { "@class": "java.util.HashMap", "SAML2 Service Provider": "org.apereo.cas.support.saml.services.SamlRegisteredService", "WS Federation Relying Party": "org.apereo.cas.ws.idp.services.WSFederationRegisteredService", "OpenID Connect Relying Party": "org.apereo.cas.services.OidcRegisteredService", "OAuth2 Client": "org.apereo.cas.support.oauth.services.OAuthRegisteredService", "CAS Client": "org.apereo.cas.services.RegexRegisteredService" }, "multifactorAuthenticationProviderTypesSupported": { "@class": "java.util.HashMap", "mfa-gauth": "Google Authenticator", "mfa-swivel": "Swivel Secure", "mfa-authy": "Authy", "mfa-radius": "RADIUS (RSA,WiKID)", "mfa-u2f": "FIDO U2F", "mfa-azure": "Microsoft Azure", "mfa-duo": "Duo Security" }, "delegatedClientTypesSupported": [ "java.util.HashSet", [ "OAuth20Client", "OAuth10Client", "TwitterClient", "FoursquareClient", "QQClient", "OrcidClient", "FacebookClient", "OkClient", "FormClient", "CasProxyReceptor", "GitHubClient", "KeycloakOidcClient", "BitbucketClient", "WordPressClient", "OidcClient", "WindowsLiveClient", "VkClient", "LinkedIn2Client", "YahooClient", "WechatClient", "Google2Client", "StravaClient", "GenericOAuth20Client", "AzureAdClient", "GoogleOidcClient", "CasOAuthWrapperClient", "PayPalClient", "WeiboClient", "DropBoxClient", "SAML2Client", "CasClient", "IndirectBasicAuthClient" ] ], *"availableAttributes": [* * "java.util.LinkedHashSet",* * [* * "mail",* * "eppn",* * "displayName",* * "givenName",* * "uid"* * ]* * ]* } }
You can see the availableAttributes section? I need it to make it easier for CAS administrators to release attributes for each service. But when I access *https://cas.example.com/cas-management* and try to add services, the *"mail", "eppn", "displayName", "givenName", "uid"* attributes *not show in the dropdown option* ( Attribute Release Policy). I hope the dropdown option contains dynamic based on the attributes in JDBC (Multi-Row), but I have not found a solution. How to solve this problem? Thank you. Pada Rabu, 10 April 2019 07.45.56 UTC+7, rbon menulis: > > Fahmi, > > I have not set up any of the status features for cas, so have no > experience here. > Can you access it with a browser (that is, have you verified it is working > as expected)? > > What is your reason for using curl? > > Perhaps there is another alternative that others on the list have tried. > > Ray > > On Wed, 2019-04-10 at 07:34 +0700, Fahmi L. Ramdhani wrote: > > Please tell me how to unprotect? In cas.properties i have to set > > endpoints.status.discovery.enabled = true > ..sensitive = false > > Sorry for my questions. Thank you Ray. > Sent from my iPhone > > On 10 Apr 2019, at 07.05, Ray Bon <[email protected] <javascript:>> wrote: > > Fahmi, > > It looks like /cas/status/discovery is protected by cas and it redirects > to cas/login (status code 302). > Should the discovery page be protected? > > Ray > > On Tue, 2019-04-09 at 16:43 -0700, Fahmi L. Ramdhani wrote: > > I tried accessing the result curl like this: > > curl -v https://cas.example.com:8443/cas/status/discovery > * Trying 2xx.60.112.9... > * Connected to cas.example.com (2xx.60.112.9) port 8443 (#0) > * found 148 certificates in /etc/ssl/certs/ca-certificates.crt > * found 592 certificates in /etc/ssl/certs > * ALPN, offering http/1.1 > * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 > * server certificate verification OK > * server certificate status verification SKIPPED > * common name: cas.example.com (matched) > * server certificate expiration date OK > * server certificate activation date OK > * certificate public key: RSA > * certificate version: #3 > * subject: CN=cas.example.com > * start date: Wed, 03 Apr 2019 09:32:48 GMT > * expire date: Tue, 02 Jul 2019 09:32:48 GMT > * issuer: C=US,O=XXXXXXXXXXX,CN=XXXXXXXXXXXXXX > * compression: NULL > * ALPN, server did not agree to a protocol > > GET /cas/status/discovery HTTP/1.1 > > Host: cas.example.com:8443 > > User-Agent: curl/7.47.0 > > Accept: */* > > > < HTTP/1.1 302 > < Cache-Control: no-cache, no-store, max-age=0, must-revalidate > < Pragma: no-cache > < Expires: 0 > < Strict-Transport-Security: max-age=15768000 ; includeSubDomains > < X-Content-Type-Options: nosniff > < X-Frame-Options: DENY > < X-XSS-Protection: 1; mode=block > < Set-Cookie: JSESSIONID=AECBB7BF899FAFB0B707CE228ECC19EC; Path=/cas; > Secure; HttpOnly > < Location: > https://cas.example.com:8443/cas/login?service=https%3A%2F%2Fcas.example.com%3A8443%2Fcas%2Fstatus%2Fdiscovery > < Transfer-Encoding: chunked > < Date: Tue, 09 Apr 2019 23:34:01 GMT > < > * Connection #0 to host cas.example.com left intact > > Can anyone help please? > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/6865637d5002e54d38c2e2e619ff06ec63e45f0a.camel%40uvic.ca > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6865637d5002e54d38c2e2e619ff06ec63e45f0a.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ca9185b4-f104-4c74-838c-a711ac984de8%40apereo.org.
