DEVHIDE
Login Or Sign up

Getting apereo/cas in docker to authenticate from whitelist

1.4k Views Asked by At

Running apereo/cas docker container with the following command

docker run -p 8443:8443 -v /root/cas/config:/etc/cas/config -d apereo/cas:v6.2.4

/root/cas/config/cas.properties file is on host machine

cas.authn.accept.users=
cas.authn.file.separator=::
cas.authn.file.filename=file:///etc/cas/config/users.txt
cas.authn.file.name=file:///etc/cas/config/users.txt
cas.authn.file.passwordEncoder.type=NONE

/root/cas/config/users.txt file

testuser::password

I can see the same cas.properties and users.txt files at /etc/cas/config when I exec into the docker container but for some reason, it's not authenticating when I log in as testuser.

Not sure why!!

container startup



     _    ____  _____ ____  _____ ___     ____    _    ____
    / \  |  _ \| ____|  _ \| ____/ _ \   / ___|  / \  / ___|
   / _ \ | |_) |  _| | |_) |  _|| | | | | |     / _ \ \___ \
  / ___ \|  __/| |___|  _ <| |__| |_| | | |___ / ___ \ ___) |
 /_/   \_\_|   |_____|_| \_\_____\___/   \____/_/   \_\____/


CAS Version: 6.2.4
CAS Branch: 6.2.x
CAS Commit Id: 60ba4cdd35a279ba8aae8922920099d314576500
CAS Build Date/Time: 2020-10-14T10:36:30Z
Spring Boot Version: 2.2.8.RELEASE
Spring Version: 5.2.6.RELEASE
Java Home: /opt/java/openjdk
Java Vendor: AdoptOpenJDK
Java Version: 11.0.8
JVM Free Memory: 71 MB
JVM Maximum Memory: 1 GB
JVM Total Memory: 113 MB
JCE Installed: Yes
OS Architecture: amd64
OS Name: Linux
OS Version: 4.4.11-23.53.amzn1.x86_64
OS Date/Time: 2020-11-03T21:30:47.993674
OS Temp Directory: /tmp
------------------------------------------------------------
Apache Tomcat Version: Apache Tomcat/9.0.39
------------------------------------------------------------


2020-11-03 21:30:48,104 INFO [org.apereo.cas.configuration.DefaultCasConfigurationPropertiesSourceLocator] - <Configuration files found at [/etc/cas/config] are [[file [/etc/cas/config/cas.properties]]] under profile(s) [[standalone]]>
2020-11-03 21:30:48,602 INFO [org.apereo.cas.web.CasWebApplication] - <The following profiles are active: standalone>
2020-11-03 21:30:49,521 DEBUG [org.apereo.cas.web.CasWebApplicationContext] - <Refreshing org.apereo.cas.web.CasWebApplicationContext@3c443976>
2020-11-03 21:30:58,432 INFO [org.apereo.cas.configuration.CasConfigurationPropertiesValidator] - <Application context has validated CAS property sources and configuration successfully.>
2020-11-03 21:30:59,484 DEBUG [org.apereo.cas.tomcat.CasTomcatServletWebServerFactory] - <Code archive: /cas-overlay/cas.war>
2020-11-03 21:30:59,492 DEBUG [org.apereo.cas.tomcat.CasTomcatServletWebServerFactory] - <Document root: /cas-overlay/cas.war>
2020-11-03 21:31:12,045 DEBUG [org.apereo.cas.config.CasCoreConfiguration] - <Applying configuration for Accept Any Authentication Policy>
2020-11-03 21:31:14,978 INFO [org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration] - <

Using generated security password: 512112df-5dd0-48ff-878f-41828c1c6899
>
2020-11-03 21:31:15,415 INFO [org.springframework.security.web.access.channel.ChannelProcessingFilter] - <Validated configuration attributes>
2020-11-03 21:31:15,454 INFO [org.springframework.security.web.DefaultSecurityFilterChain] - <Creating filter chain: any request, [org.springframework.security.web.access.channel.ChannelProcessingFilter@4ea48b2e, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@45790cb, org.springframework.security.web.context.SecurityContextPersistenceFilter@2820b369, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@476c137b, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2507a170, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@73a5d86c, org.springframework.security.web.session.SessionManagementFilter@688d2a5d, org.springframework.security.web.access.ExceptionTranslationFilter@1e3566e, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@1280bae3]>
2020-11-03 21:31:17,974 DEBUG [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <Attribute repository sources are not available for person-directory principal resolution>
2020-11-03 21:31:18,086 WARN [org.apereo.cas.config.CasCoreServicesConfiguration] - <Runtime memory is used as the persistence storage for retrieving and persisting service definitions. Changes that are made to service definitions during runtime WILL be LOST when the CAS server is restarted. Ideally for production, you should choose a storage option (JSON, JDBC, MongoDb, etc) to track service definitions.>
2020-11-03 21:31:18,142 WARN [org.apereo.cas.config.CasCoreTicketsConfiguration] - <Runtime memory is used as the persistence storage for retrieving and managing tickets. Tickets that are issued during runtime will be LOST when the web server is restarted. This MAY impact SSO functionality.>
2020-11-03 21:31:18,154 INFO [org.apereo.cas.util.CoreTicketUtils] - <Ticket registry encryption/signing is turned off. This MAY NOT be safe in a clustered production environment. Consider using other choices to handle encryption, signing and verification of ticket registry tickets, and verify the chosen ticket registry does support this behavior.>
2020-11-03 21:31:18,186 DEBUG [org.apereo.cas.config.CasCoreTicketsSchedulingConfiguration] - <Ticket registry cleaner is enabled.>
2020-11-03 21:31:18,377 DEBUG [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <No attribute repository sources are available/defined to merge together.>
2020-11-03 21:31:18,415 DEBUG [org.apereo.cas.pm.config.PasswordManagementConfiguration] - <Password management is disabled. To enable the password management functionality, add 'cas.authn.pm.enabled=true' to the CAS configuration and then configure storage options for account updates>
2020-11-03 21:31:18,530 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Secret key for encryption is not defined for [Ticket-granting Cookie]; CAS will attempt to auto-generate the encryption key>
2020-11-03 21:31:18,558 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Generated encryption key [aXblgCPSNYneVsuoV52UEx-N4qeYR8L1_Tlt9eSy9Q8] of size [256] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings under setting [cas.tgc.crypto.encryption.key].>
2020-11-03 21:31:18,566 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Secret key for signing is not defined for [Ticket-granting Cookie]. CAS will attempt to auto-generate the signing key>
2020-11-03 21:31:18,567 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Generated signing key [DbaQjgbvwkhg6d6EMbURZwdxD2QRxbG71Iflo6wsX76xzaJAgIqFCbOlAfxiVKa2M9EbXFxh5hN1MPcUVMUx8w] of size [512] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings under setting [cas.tgc.crypto.signing.key].>
2020-11-03 21:31:18,931 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Secret key for signing is not defined under [cas.webflow.crypto.signing.key]. CAS will attempt to auto-generate the signing key>
2020-11-03 21:31:18,934 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated signing key [7dk5gLYwNoYKNCQTQB1BZvIhEmj-hOaSkVwMRnNGD0WyO9EBCA5F_y69GLRZP41cNeKoH2nXNt4ItcaDFdF5cw] of size [512]. The generated key MUST be added to CAS settings under setting [cas.webflow.crypto.signing.key].>
2020-11-03 21:31:18,935 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Secret key for encryption is not defined under [cas.webflow.crypto.encryption.key]. CAS will attempt to auto-generate the encryption key>
2020-11-03 21:31:18,937 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated encryption key [ybP_djhKWyRG-CCAfNFeCA] of size [16]. The generated key MUST be added to CAS settings under setting [cas.webflow.crypto.encryption.key].>
2020-11-03 21:31:19,628 INFO [org.apereo.cas.web.CasWebApplication] - <Started CasWebApplication in 38.442 seconds (JVM running for 44.26)>
2020-11-03 21:31:19,643 INFO [org.apereo.cas.web.CasWebApplication] - <>
2020-11-03 21:31:19,643 INFO [org.apereo.cas.web.CasWebApplication] - <


  ____  _____    _    ______   __
 |  _ \| ____|  / \  |  _ \ \ / /
 | |_) |  _|   / _ \ | | | \ V /
 |  _ <| |___ / ___ \| |_| || |
 |_| \_\_____/_/   \_\____/ |_|

>
2020-11-03 21:31:19,644 INFO [org.apereo.cas.web.CasWebApplication] - <>
2020-11-03 21:31:19,645 INFO [org.apereo.cas.web.CasWebApplication] - <Ready to process requests @ [2020-11-03T21:31:19.642Z]>
2020-11-03 21:31:19,683 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].>
docker authentication cas apereo central
Original Q&A
1

There are 1 best solutions below

0
On

The reason for the service not to read the cas.properties settings for authentication or service is because the cas overlay needs to be built with additional modules to read those properties.

 implementation "org.apereo.cas:cas-server-support-generic:${casServerVersion}"
 implementation "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}"

Once you rebuild the cas-overlay-template project with these 2 modules it should read the cas.properties related to file authentication and json service registry

Related Questions in DOCKER

Related Questions in AUTHENTICATION

Related Questions in CAS

Related Questions in APEREO

Related Questions in CENTRAL

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.