azer, Cas will run 'out of the box'. With a fresh clone of the overlay project (checkout 6.6), it will run and allow you to log in [no configuration necessary].
$ git clone https://github.com/apereo/cas-overlay-template.git $ cd cas-overlay-template/ $ git fetch origin 6.6 $ git checkout 6.6 $ sudo mkdir -p /etc/cas/config $ sudo chgrp username /etc/cas $ sudo chmod -R 775 /etc/cas/ $ ./gradlew createKeystore $ ./gradlew clean build $ ./gradlew run in your browser, https://localhost:8443/cas/login username: casuser password: Mellon You can look into https://github.com/apereo/inspektr to generate the cas-overlay. You will need to know what features you want by reading/understanding the docs, https://apereo.github.io/cas/6.6.x/index.html and using the tutorials at https://fawnoos.com/blog/ starting with the install at https://fawnoos.com/2022/08/06/cas66-gettingstarted-overlay/ The tutorials for the older cas versions are meant as a guide for the steps involved. You will have to make the necessary adjustments for the current version. >From your attachment: Are you intending to create three different client apps, each one with a different protocol? What do you mean by 'Apache App' (php, python, ...)? Are you intending to have multiple authentication sources (LDAP, DB, AD)? First get cas running with its config before you start with the client application. The error about the application not authorized to use cas means that the service is not registered with cas (see doc links above). If you tried to access the application and it redirected you to cas, then that suggests that the application is configured correctly. The docs linked above will have an example cas.properties You can use self signed certificates as long as cas and the application know about each other's certificate. You may want to add the certificates to /etc/ssl/certs, tomcat, and the jvm. Ray On Sat, 2023-05-13 at 04:52 -0700, azer tyuiop wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello I hope you are well, in any case I come back to you with a huge disappointment and fear of the fact that I still did not manage to make CAS SSO work for the authentication of web applications. Indeed, with the new version of CAS-OVERLAY-TEMPLATE, I encountered several difficulties which are: - All the tutorials on the Internet and that you provided me concerning the complete implementation of CAS are obsolete because: * The CAS versions used are obsolete * The configuration files like "cas.properties" for the connection of CAS to LDAP exist. * The implementation is done with Tomcat 7 - 9; jdk8-11 and cas 5.x.x - 6.3.x; Debian 10 and other OS like RED HAT * Installation and configuration of clients and applications is easier and more functional - I can't even clone the old CAS versions on github to comply with the tutorials which use old CAS versions Please I really need urgent help as I am currently a third year undergraduate student and this( Implementing CAS SSO) is my thesis topic for my defense and the defense date is approaching so I am really stressed. If possible, I would like you to make a tutorial with the new version of CAS 6.6.7 and LDAP with java-cas-client or pac4j in order to help me to realize this project please. Attached is a pdf with screenshots of the errors I got. I am looking forward to your help. Thank you in advance! Le mercredi 10 mai 2023 à 18:04:38 UTC+1, Ray Bon a écrit : azer, I started with java cas client by getting a working test application from the internet. The java cas client requires edit to web.xml; in my opinion it is less friendly than pac4j, which uses spring beans. Check the docs in the previous links. Ray P.S. here is a chunk of pac4j config: <bean id="casClientConfig" class="org.pac4j.cas.config.CasConfiguration"> <property name="loginUrl" value="${cas.server.prefix}/login" /> <property name="proxyReceptor"> <bean class="org.pac4j.cas.client.CasProxyReceptor"> <property name="callbackUrl" value="${demo.clients.callback-url}" /> </bean> </property> <property name="defaultTicketValidator"> <bean class="org.jasig.cas.client.validation.Cas30ServiceTicketValidator"> <constructor-arg value="${cas.server.prefix}" /> </bean> </property> </bean> <bean id="casClient" class="org.pac4j.cas.client.CasClient"> <property name="configuration" ref="casClientConfig" /> </bean> <bean id="clients" class="org.pac4j.core.client.Clients"> <constructor-arg name="callbackUrl" value="${demo.clients.callback-url}" /> <constructor-arg name="clients"> <list> <ref bean="oidcClient" /> <ref bean="casOAuthWrapperClient" /> <ref bean="samlClient" /> <ref bean="casClient" /> </list> </constructor-arg> </bean> On Wed, 2023-05-10 at 02:00 -0700, azer tyuiop wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, you told me earlier that you had to install and use java-ca-client as a client for your architecture, then I would like you to give the necessary configurations to integrate the applications to the java-ca-client so that they can be linked or take into account the CAS authentication, because I try for a few days but it does not work Thanks in advance Le jeudi 4 mai 2023 à 20:37:00 UTC+1, Ray Bon a écrit : azer, Checkout these options (java centric): https://fawnoos.com/2021/02/13/cas63-bootiful-cas-client/ https://www.pac4j.org/docs/index.html (clients section) Ray On Thu, 2023-05-04 at 11:06 -0700, azer tyuiop wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Oh right, but I don't have an application, I've just started and barely managed to install cases via CAS-OVERLAY-TEMPLATE and it's my first time to do all this which is why I'm having a lot of trouble. Le jeudi 4 mai 2023 à 17:16:55 UTC+1, Ray Bon a écrit : azer, For the client side of your system, the choice will depend on which technology and architecture you are using. Here is a list from the cas docs, https://apereo.github.io/cas/6.6.x/integration/CAS-Clients.html I have used java and php clients. More recently, pac4j, since it provides support for many different protocols. My coworkers have used spring security in grails, OIDC in node.js, or keycloak for some third party applications. There is also Shibboleth SP and of course commercial vendors. Cas itself supports many protocols, https://apereo.github.io/cas/6.6.x/protocol/Protocol-Overview.html Do you have an application already built or just starting? As far as the installation guides, though they are for older versions, the steps and terminology used are still relevant. Ray On Thu, 2023-05-04 at 02:55 -0700, azer tyuiop wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi, I thank you very much for the links you provided me because it's difficult to find more detailed information about CAS deployment, but those don't help me much because they use obsolete versions with your environments different from mine. I use : - JDK-17 - Tomcat 10.1.8 (my cas server is deployed in this one) - CAS-6.6.7 - LDAP directory I was able to install CAS Server, what bothers me at the moment is to link CAS to web applications so that they can take into account CAS-SSO so that authentication is unique through CAS. It would help me a lot if you try to help me with the specifications I provided on my CAS deployment. Thank you in advance! Le mardi 2 mai 2023 à 17:49:55 UTC+1, Ray Bon a écrit : azer, These might help: https://paulchauvet.github.io/deploying-cas/ https://dacurry-tns.github.io/deploying-apereo-cas/introduction_overview.html Ray On Tue, 2023-05-02 at 04:48 -0700, azer tyuiop wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Thanks, I was able to solve this problem, but I would like to know how to put cas in https and how to configure web applications to this one so that they take into account the authentication with cas...! Thanks in advance! Le lundi 1 mai 2023 à 18:53:17 UTC+1, Ray Bon a écrit : azer, The default location is /etc/cas Do you have write access to this directory? You can also change the location in the gradle.properties; certDir=... Ray On Sat, 2023-04-29 at 08:43 -0700, azer tyuiop wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Task :createKeystore FAILED erreur keytool : java.lang.Exception: Paire de clés non générée, l'alias <cas> existe déjà FAILURE: Build failed with an exception. * Where: Script '/opt/cas-overlay-template/gradle/tasks.gradle' line: 160 * What went wrong: Execution failed for task ':createKeystore'. > Process 'command 'keytool'' finished with non-zero exit value 1 Le vendredi 28 avril 2023 à 17:11:43 UTC+1, Ray Bon a écrit : Coeurcy, And the problem is...? Ray On Fri, 2023-04-28 at 03:57 -0700, Coeurcy Mokoko wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, I am working on the implementation of an SSO with CAS using, tomcat9, ldap, lam, jdk17, I encounter several errors that I can not solve for a week already including the compilation of the build.gradle file, I really need help it's urgent...! I thank you in advance! -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/64fa36683efb8c635550b3b94a5dec8878469a5c.camel%40uvic.ca.
