Hi Ray, I was able to see what was wrong with the regex, and you were right about that. However, I'm still getting this error: " The application you attempted to authenticate to is not authorized to use CAS. This usually indicates that the application is not registered with CAS, or its authorization policy defined in its registration record prevents it from leveraging CAS functionality, or it's malformed and unrecognized by CAS. Contact your CAS administrator to learn how you might register and integrate your application with CAS."
Is there any part of the service registry that I've configured that would make it incompatible? Thanks! Dillon On Monday, June 12, 2023 at 12:14:04 PM UTC-4 Ray Bon wrote: > Dillon, > > Your regex does not look right to me. Here is one of my test apps: > > <https://democasclientdev.uvic.ca/democasclient/callback%5C%5C?client_name=OidcClient> > > <https://bannerdev%5C%5C.uvic%5C%5C.ca/CommunicationManagement/.*> > ^https?://local\\.uvic\\.ca/~rbon/phpCAS/docs/examples/.* > > We are not escaping '/', but are escaping '.' with '\\' (the '.' for > security). Also, if the applications is sending a URN or parameters as part > of the URL, then you want to allow them, or, if it is the same for every > request, perhaps capture it in the serviceId. > > Check your serviceId regex against an actual service argument using an > online regex tester (ideally one for java). You may have to unencode some > characters. > > Ray > > On Fri, 2023-06-09 at 11:15 -0700, Dillon Power wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > Hi all, > > After installing and configuring CAS to work with our DegreeWorks install, > I'm seeing that the application is unable to login with CAS despite having > a service registry. Is there some formatting issues with our registry entry? > > For reference, we're running tomcat 10, cas 7.0.0, jdk17. > > here is my cas.properties: > cas.server.name=http://{casserver}.edu > cas.server.prefix=${cas.server.name}/cas > logging.config=file:/etc/cas/config/log4j2.xml > > #server.port=8080 > server.ssl.enabled=false > > #LDAP Configuration > cas.authn.ldap[0].type=AUTHENTICATED > cas.authn.ldap[0].ldap-url=ldap://ldapserver:389 > cas.authn.ldap[0].base-dn=OU=Accounts,DC=school,DC=edu > cas.authn.ldap[0].search-filter=(sAMAccountName={user}) > cas.authn.ldap[0].bind-dn=CN=ldap_user,OU=Accounts,DC=school,DC=edu > cas.authn.ldap[0].bind-credential=password > cas.authn.ldap[0].subtree-search=true > #cas.authn.ldap[0].principal-attribute-list=samAccountName:UDC_IDENTIFIER > #cas.authn.ldap[0].principal-attribute-password= > cas.authn.ldap[0].principal-attribute-id=UDC_IDENTIFIER > > #DUO MFA > cas.authn.mfa.duo[0].duo-api-host={apihostlink} > #cas.authn.mfa.duo[0].duo-application-key={key} > cas.authn.mfa.duo[0].duo-integration-key={integration_key} > cas.authn.mfa.duo[0].duo-secret-key={secret-key} > > #JSON Registry > cas.service-registry.core.init-from-json=false > cas.service-registry.json.location=file:/etc/cas/services > > here is the service registry for DegreeWorks: > /etc/cas/services/dashboard-849100.json > { > /*Dashboard TEST service registry*/ > "@class":"org.apereo.cas.services.CasRegisteredService", > "serviceId":"^(https:)\/\/degreeworks.school.edu:8491\/dashboard\/", > "name":"Degreeworks Dashboard TEST (degreeworks-test)", > "id":"849100", > "evaluationOrder":1, > "proxyPolicy":{ > > "@class":"org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy", > "pattern":"^ (https:)\/\/degreeworks.school.edu:8491 > \/dashboard\/", > //, > } > logoutType: BACK_CHANNEL > attributeReleasePolicy: > { > "@class" : > "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy", > "allowedAttributes" : [ "java.util.ArrayList", [ "UDC_IDENTIFIER" ] ] > authorizedToReleaseCredentialPassword: false > authorizedToReleaseProxyGrantingTicket: true > excludeDefaultAttributes: false > authorizedToReleaseAuthenticationAttributes: true > } > > multifactorPolicy: > { > > "@class":"org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy" > "multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet", [ > "mfa-duo" ] ] > /*failureMode: NOT_SET > * bypassEnabled: false*/ > > } > accessStrategy: > { > @class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy > order: 0 > enabled: true > ssoEnabled: true > requireAllAttributes: false > caseInsensitive: true > } > > } > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2b0d810d-6b0c-4584-84cf-fca29d6be450n%40apereo.org.
