If you want to set up a usable CAS server and you are sure you will not need some extra features provided by apereo CAS, just take a look at CASino <https://casino.rbcas.com/>. It is written in Ruby, supports Database credential, or LDAP credential. It runs well before we migrate to apereo CAS, they set up it within 1 hour and migrate all web sites to CAS --- that's why we use apereo CAS now.
在 2019年5月16日星期四 UTC+8下午8:54:10,Va Sja写道: > > Hello David, > many thanks for your explanation. I am sure - CAS works on many > productions environments, and support a lot of possible protocols and > standarts. But... > ...did You played with Lego? There you can be successful already in 20 > minutes. Then you just increase your success step-by-step. Did you install > some server from latest past? MySQL, Tomcat, Cassandra? How many steps you > need to "read-download-install-configure-start-check"? Is it oft takes more > then 20 min to understand what you really do ? > > As I and many other peoples has already explained : for CAS there are no > way to do it from read-2-check in 10 mins, 10 hours, and even in 10 days! > ...the latests readable documentation is minimum 2-3 years old. Then we > have a lot of linked and not readable pages. > You can check yourself the link, what you sendet to me and try to answer > for > a) who need to know as first page about for ex ?: > - Support for many SPs built in: Adobe Creative Cloud, Google Apps, > Office 365, > b) what version is possible to start when on the same page are: > - .. CAS 6._ , CAS 5., CAS 3.5 , CAS 5.2.7, CAS 5.3.*x* .,CAS 4 ... > c) where is the start ? > d) what should I DO ? > e) am I really need so complex solution, when it is not possible to setup > even Plain-User-Password-Auth for 1 web-site in weeks? > f) there are a lot of left-menu-Items, but is all I need to read and > understand for very first installation? Create? Build? Configure? Install? > Commit? Add? > > ( BTW even on Intro-page there are no explanation WHAT IS CAS!!! You > have to search it somewhere else over Google? ) > > i will appreciate your answers and constructive feedback without links > this time ! We can then "attach it" to already existing Documentation > portals as only one new page like "CAS for Dummy" , "CAS for lazy admin" or > "CAS in 20 minutes" :) > > Kindest regards > > > > > > Am Donnerstag, 16. Mai 2019 14:02:00 UTC+2 schrieb David Curry: >> >> Va, >> >> If you want 1-2-3 FINISH then perhaps, as Matthew already suggested, this >> is what you're looking for: >> >> https://dacurry-tns.github.io/deploying-apereo-cas/ >> >> >> It starts from zero knowledge of CAS and goes step-by-step to an >> installation that is running in production today. And it does it in >> increments, so you can check that things are working along the way. The >> initial "Building the CAS server" section will in fact get you a running >> server in 1-2-3-4-FINISH (create an overlay project, build the default >> server, edit a couple of config files, install and test). >> >> But just as "Hello World" is a pretty useless program, the CAS server >> you're going to get in 4 steps is a pretty useless server. If you want to >> use it to do any real work, you're going to have to configure it to talk to >> your user directories, define the services you want it to manage, figure >> out the attributes you need to release, perhaps enable multifactor >> authentication, customize the user interface to meet your corporate >> branding standards, perhaps enable other protocols like SAML2 or OAuth, >> perhaps add in support for high availability, etc. Every one of those >> things is supported by CAS, most of them in multiple flavors. But to use >> them, you're going to have to learn how to add them to the server and >> configure them. The above guide shows how to do that for one set (sometimes >> two) of choices; they may not be the choices you want, but it should be >> easy to extrapolate from one to another once you see how the basic setup >> works. >> >> If you don't want to exert the effort to learn how the software works, or >> don't have the patience to start a project that's going to take more than >> 20 minutes to complete, then perhaps doing it yourself isn't the right >> answer. There are several third party service providers that will provide >> consulting expertise to help you configure and support it; some of them >> will even host and operate it for you. >> >> -- >> >> DAVID A. CURRY, CISSP >> *DIRECTOR OF INFORMATION SECURITY* >> THE NEW SCHOOL • INFORMATION TECHNOLOGY >> >> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >> +1 212 229-5300 x4728 • [email protected] >> >> >> On Thu, May 16, 2019 at 6:47 AM Va Sja <[email protected]> wrote: >> >>> Matthew, you are fully right - there are a lot of much worse software as >>> well as documentation. And in case, when is the goal "getting as much as >>> more money for support" - it is exactly the right tactic - to make >>> documentation unusable, and release as often as possible new releases with >>> more and more features, that will be selled as a next. But it is not really >>> the main vector for open-source, when you need weeks and some hundred gurus >>> for install at least "HelloWorld". And you point me again to some " very >>> easy to follow guide " may be very informative but for my case unusable >>> documentation, when I need really to jumping over hundreds links just to >>> getting again the understanding - IT IS TOO COMPLEX TO UNDERSTAND. It is >>> exactly " very easy to follow " with a lot of links , but "absolutely not >>> possible to understand what this manual about. Sorry that I am scream - >>> otherwise I have to cry :) >>> >>> May be we understand the words "follow", "understand", "jump", "start", >>> "finish", "result", "productivity" different? >>> >>> The documentation should help to focus to the problem, and your link >>> make exactly opposite: it point me in next 2-3 sentences to jump to some >>> another Web Page. Nothing more. But I need to know steps to success: >>> 1-2-3-FINISH. And there are no complete story about "how to do install >>> HelloWorld?". U cannot push all of it into your brain in 1 hour, 1 day, 1 >>> week, but you need much more! >>> >>> May be U are absolutely right: " the documentation does in fact tell me >>> what I need to know ". And you a able to "getting started"! But it not help >>> to finish some minimal positive result. >>> >>> Alternatively you have to pay for somebody else who know this software - >>> that is the only one Idea, what you have to get from such documentation. >>> Unfortunately... >>> ...and it is not only my view. Fortunately! 8-) >>> >>> Am Mittwoch, 15. Mai 2019 15:10:46 UTC+2 schrieb Matthew Uribe: >>>> >>>> Va, >>>> >>>> I would like to mention that your complaint is about a product that you >>>> get to use *for free*. I support some paid software with worse >>>> documentation. I do understand the frustration, as the learning curve is >>>> steep, but that's where this community comes in. Everyone here tries to be >>>> very helpful, giving one another their time *for free*. I've been >>>> supporting CAS 5 in my organization now for just over a year, and I find >>>> that the documentation does in fact tell me what I need to know. It's just >>>> that getting started can be tough. >>>> >>>> Yet another free resource you may find helpful: David Curry, one of our >>>> community members, created a very easy to follow guide to implementing CAS >>>> 5. Check it out here: >>>> https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html >>>> >>>> <https://www.google.com/url?q=https%3A%2F%2Fdacurry-tns.github.io%2Fdeploying-apereo-cas%2Fintroduction_overview.html&sa=D&sntz=1&usg=AFQjCNFX1J25kRvoW2H7j5N4HxolCh8Kjw> >>>> >>>> Matt >>>> >>>> On Wednesday, May 15, 2019 at 7:01:39 AM UTC-6, Va Sja wrote: >>>>> >>>>> As I see after almost 2 years documentation still don't getted better >>>>> ... >>>>> ... there are no some 1-2-3-Specs to finish even HelloWorld with CAS. >>>>> But the release number grows extremely. 3.6, 4.0-1-2-3, 5.0-1-2-3, 6.0. >>>>> >>>>> So - looks like the developers stacked in the similar way as users :) >>>>> >>>>> I would wait till first release with suffix "STABLE", before start to >>>>> use IT. After a week of rolling over >>>>> LinkDoc-to-LinkDoc-to-LinkDoc-to-LinkDoc I give Up. Jan has created >>>>> *___THE_BEST_MANUAL_EVER__ >>>>> *, but currently on my side I reach the pont, that I can logIn, but* >>>>> LogOut not works *as expected... >>>>> >>>>> Hope somebody from DigitalOcean <https://www.digitalocean.com/> can >>>>> repeat success from already thousand of HOW_TO like that : >>>>> how-to-install-mysql-on-ubuntu-18-04 >>>>> <https://www.digitalocean.com/community/tutorials/how-to-install-mysql-on-ubuntu-18-04> >>>>> . >>>>> It should be not harder as 10 mins, isn't- it? >>>>> >>>>> >>>>> >>>>> Am Montag, 30. Oktober 2017 14:50:43 UTC+1 schrieb Jan: >>>>>> >>>>>> Hello, >>>>>> >>>>>> As a new user of CAS, I'd like to voice my opinion that the official >>>>>> documentation of how one can get started with CAS is just awful. By this >>>>>> I >>>>>> mean not the lack of it, but rather how indirect, not step-by-step it >>>>>> is. >>>>>> Clarity could often be improved too. >>>>>> >>>>>> In the end I managed to do what I hoped for, ie investigate CAS >>>>>> locally as an SSO solution, for which I needed to (1) run CAS server >>>>>> locally, (2) connect and authenticate using a simple CAS client locally, >>>>>> (3) run the service management app. However, the difficulty I had at >>>>>> most >>>>>> steps of getting it all to work make me really want to use something >>>>>> else >>>>>> even if I have to implement parts of it from scratch.. >>>>>> >>>>>> Only now, when wanting to post this message, did I find this helpful >>>>>> guide: https://dacurry-tns.github.io/deploying-apereo-cas/ Could the >>>>>> CAS team incorporate some step-by-step tutorial like this into the >>>>>> official >>>>>> documentation? >>>>>> >>>>>> These threads seem to voice a similar concern: >>>>>> >>>>>> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/documentation/cas-user/z3BLJ0IQwZ0/wRybEK1LAQAJ >>>>>> >>>>>> https://groups.google.com/a/apereo.org/forum/#!searchin/cas-user/documentation/cas-user/qaAINooFi1s/D3k7Pr-7BQAJ >>>>>> >>>>>> I'm also posting the notes I made for myself during the process. I >>>>>> wouldn't have written them if there was something like this available in >>>>>> official docs, or I had found the unofficial guide earlier. I'm adding >>>>>> **** >>>>>> to points that took me particularly long to figure out. >>>>>> >>>>>> *Building* >>>>>> - Described here: >>>>>> https://apereo.github.io/cas/developer/Build-Process.html >>>>>> - git clone --depth=1 --single-branch --branch=master >>>>>> [email protected]:apereo/cas.git cas-server >>>>>> - cd cas-server >>>>>> - git checkout master >>>>>> - ./gradlew build install --parallel -x test -x javadoc -x check >>>>>> >>>>>> *Config* >>>>>> - Default config dir is /etc/cas/config (may need to be created, >>>>>> given permissions) If you create application.properties in there, CAS >>>>>> seems >>>>>> to pick them up. **** >>>>>> - You can override in there any properties listed on >>>>>> https://apereo.github.io/cas/development/installation/Configuration-Properties.html >>>>>> >>>>>> *Keys* >>>>>> - keytool -genkey -alias cas -keyalg RSA -validity 999 -keystore >>>>>> /etc/cas/thekeystore -ext san=dns:cas-sso.local >>>>>> - Add 127.0.0.1 cas-sso.local to /etc/hosts >>>>>> - keytool -export -file /etc/cas/config/cas.crt -keystore >>>>>> /etc/cas/thekeystore -alias cas >>>>>> - sudo keytool -import -file /etc/cas/config/cas.crt -alias cas >>>>>> -keystore $JAVA_HOME/jre/lib/security/cacerts (default password to >>>>>> cacerts >>>>>> is changeit) >>>>>> - Add the following lines to application.properties in CAS config dir >>>>>> (with whatever password you set up for /etc/cas/thekeystore) **** >>>>>> server.ssl.keyStorePassword=qwer1234 >>>>>> server.ssl.keyPassword=qwer1234 >>>>>> >>>>>> *Adding JSON service registry (to get a sample client registered)* >>>>>> - Add line >>compile >>>>>> "org.apereo.cas:cas-server-support-json-service-registry:5.2.0-SNAPSHOT"<< >>>>>> >>>>>> to the file cas-server/webapp/cas-server-webapp-tomcat/build.gradle, >>>>>> replacing 5.2.0-SNAPSHOT with whatever version of CAS you have. The >>>>>> version >>>>>> can be figured out after starting CAS (is displayed). **** >>>>>> - Recompile the whole thing as above. >>>>>> - Add the following lines to application.properties in CAS config >>>>>> dir: **** >>>>>> cas.serviceRegistry.watcherEnabled=true >>>>>> cas.serviceRegistry.repeatInterval=10 >>>>>> cas.serviceRegistry.startDelay=1 >>>>>> cas.serviceRegistry.initFromJson=true >>>>>> - Add json file with service defs in directory >>>>>> cas-server/webapp/resources/services (the server seems to display which >>>>>> directory it watches after start). >>>>>> { >>>>>> "@class" : "org.apereo.cas.services.RegexRegisteredService", >>>>>> "serviceId" : "http://localhost/.*";, **** >>>>>> "name" : "testId", >>>>>> "id" : 1, >>>>>> "accessStrategy" : { >>>>>> "@class" : >>>>>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", >>>>>> "enabled" : true, >>>>>> "ssoEnabled" : true >>>>>> } >>>>>> } >>>>>> >>>>>> *Getting access to /status/dashboard endpoint ***** >>>>>> - Add the following lines to application.properties in CAS config dir: >>>>>> cas.adminPagesSecurity.ip=127\.0\.0\.1 >>>>>> cas.monitor.endpoints.enabled=true >>>>>> cas.monitor.endpoints.sensitive=false >>>>>> >>>>>> *Running* >>>>>> - cd webapp/cas-server-webapp-tomcat >>>>>> - ../../gradlew build bootRun --parallel >>>>>> >>>>>> *Simple client* >>>>>> - git clone [email protected]:apereo/phpCAS.git >>>>>> - cd phpCAS >>>>>> - Copy docs/examples/config.example.php to docs/examples/config.php >>>>>> and edit: >>>>>> // Full Hostname of your CAS Server >>>>>> $cas_host = 'cas-sso.local'; >>>>>> // Context of the CAS Server >>>>>> $cas_context = '/cas'; >>>>>> // Port of your CAS server. Normally for a https server it's 443 >>>>>> $cas_port = 8443; >>>>>> - Make the file docs/examples/example_simple.php accessible by www. >>>>>> - Navigate to >>>>>> http://localhost/phpCAS/docs/examples/example_simple.php >>>>>> >>>>>> *Service management app* >>>>>> - Based on https://github.com/apereo/cas-services-management-overlay >>>>>> - git clone [email protected]:apereo/cas-services-management-overlay.git >>>>>> - cd cas-services-management-overlay >>>>>> - ./build.sh package >>>>>> - This creates target/cas-management.war, which should be deployed to >>>>>> Tomcat. Make sure Tomcat uses the same Java as CAS server. Otherwise, it >>>>>> won't find the SSL keys in the Java truststore. **** >>>>>> - On first run, it copies various files from cas/config into >>>>>> /etc/cas/config. You may want to update management.properties as >>>>>> follows, >>>>>> in particular: >>>>>> # CAS server that management app will authenticate with >>>>>> # This server will authenticate for any app (service) and you can >>>>>> login as casuser/Mellon >>>>>> cas.server.name: https://cas-sso.local:8443/ >>>>>> cas.server.prefix: https://cas-sso.local:8443/cas >>>>>> cas.mgmt.adminRoles[0]=ROLE_ADMIN >>>>>> cas.mgmt.userPropertiesFile=file:/etc/cas/config/users.properties >>>>>> # Update this URL to point at server running this management app >>>>>> cas.mgmt.serverName=http://localhost:8080 >>>>>> server.context-path=/cas-management >>>>>> server.port=8080 >>>>>> logging.config=file:/etc/cas/config/log4j2-management.xml >>>>>> - http://localhost:8080/cas-management >>>>>> >>>>>> *Conclusions* >>>>>> - Really painful to set up. >>>>>> - CAS documentation is very unclear, tons of linked documents, not >>>>>> sure where to find information. >>>>>> - Wonder if better to do OAuth2 even if redirecting to Google / FB >>>>>> needs to be implemented from scratch. >>>>>> >>>>>> --- >>>>>> >>>>>> With all that, thank you for writing and maintaining this software. >>>>>> It does seem like a good choice for SSO solutions - but the initial >>>>>> learning curve shouldn't be quite so sharp. >>>>>> >>>>>> Jan >>>>>> >>>>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/b1f5e450-ab52-482d-8e19-944f656c71a3%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b1f5e450-ab52-482d-8e19-944f656c71a3%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/62007526-2b52-4be0-bac8-ac70c10c2099%40apereo.org.
