Phil - did you ever have any luck with this? I'm running into the same
problem. 7.1.6.
Thanks,
Brian
Brian T. Huntley, CISSP
Director of Network Services and Information Security
Office of Information Technology
Clarkson University
315.268.6723
On Fri, Mar 21, 2025 at 10:32 AM Phil Hale <phalei...@gmail.com> wrote:
> Hello Pablo,
>
> That was a sample from one of my working service files (with version
> 7.0.10). I used the CAS Manager tool to create the service files. Is
> there some type of lint tool I can use to check these files? I'm
> attempting to get Palantir under version 7.0 or 7.1 working but running
> into issues so I'm not sure how to check and fix syntax issues.
>
> Phil
>
> On Thursday, March 20, 2025 at 10:13:47 PM UTC-5 Pablo Vidaurri wrote:
>
>> In you service file, i see missing commas and double quotes. Is that what
>> you really have ? I would exepct something like this:
>>
>> "accessStrategy" : {
>> "@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
>> "delegatedAuthenticationPolicy" : {
>> "@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
>> "allowedProviders" : [ "java.util.ArrayList", [
>> "TAMUCC_AAD" ] ],
>> "permitUndefined": false,
>> "exclusive": true
>> }
>>
>> On Thursday, March 20, 2025 at 9:23:44 PM UTC-5 Phil Hale wrote:
>>
>>> I added the missing dependency and restarted the services and I'm still
>>> getting the same warning in the logs:
>>>
>>> 2025-03-20 13:15:27,445 WARN
>>> [com.hazelcast.instance.impl.HazelcastInstanceFactory] - <Hazelcast is
>>> starting in a Java modular environment (Java 9 and newer) but without
>>> proper access to required Java packages. Use additional Java arguments to
>>> provide Hazelcast access to Java internal API. The internal API access is
>>> used to get the best performance results. Arguments to be used:
>>>
>>> Are their any additional cas.properties I need to add to make this work
>>> again?
>>>
>>> Phil
>>>
>>> On Thursday, March 20, 2025 at 11:59:04 AM UTC-5 Pablo Vidaurri wrote:
>>>
>>>> Using OIDC I assume?
>>>>
>>>> Have you tried these dependencies:
>>>> implementation "org.apereo.cas:cas-server-support-pac4j-oidc" <--
>>>> Looks like just introduced in 7.1.0
>>>> implementation "org.apereo.cas:cas-server-support-pac4j-webflow"
>>>>
>>>> -psv
>>>>
>>>> On Wednesday, March 19, 2025 at 10:00:52 PM UTC-5 Phil Hale wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I'm attempting to upgrade from CAS 7.0 to CAS 7.1. I can successfully
>>>>> build the war file and launch it without issues. When I attempt to log in
>>>>> I get the following error in the log file:
>>>>>
>>>>> cas.war[331470]: 2025-03-19 15:38:17,967 WARN
>>>>> [org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer]
>>>>> - <No delegated authentication providers could be determined based on the
>>>>> provided configuration. Either no identity providers are configured, or
>>>>> the
>>>>> current access strategy rules prohibit CAS from using authentication
>>>>> providers>
>>>>>
>>>>> and the following on the web browser:
>>>>>
>>>>>
>>>>> [image: Screenshot From 2025-03-19 15-40-11.png]
>>>>>
>>>>> We have each service file set up to call out to a default identity
>>>>> provider with the following block in the service json file:
>>>>> accessStrategy:
>>>>> {
>>>>> @class:
>>>>> org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
>>>>> delegatedAuthenticationPolicy:
>>>>> {
>>>>> @class:
>>>>> org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy
>>>>> allowedProviders:
>>>>> [
>>>>> java.util.ArrayList
>>>>> [
>>>>> TAMUCC_AAD
>>>>> ]
>>>>> ]
>>>>> permitUndefined: false
>>>>> exclusive: true
>>>>> }
>>>>> }
>>>>>
>>>>> This works as expected in 7.0 but does not work in 7.1. In 7.0, we
>>>>> are automatically directed to the AAD login and after successfully logging
>>>>> in, given access to the app. I've compared the json service file
>>>>> formatting with what is documented and can't find any issues.
>>>>>
>>>>> Hopefully someone has some suggestions on what changes we need to make
>>>>> to get this working again.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Phil
>>>>>
>>>>> --
> - Website: https://apereo.github.io/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/621e0fb6-8b1a-4c57-8216-410306f1282an%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/621e0fb6-8b1a-4c57-8216-410306f1282an%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABa%3D6af0CDaNbvRg43%3DkivEvicv_hXQHSmMCCK09QgnRY0cuDg%40mail.gmail.com.
