Re: [cas-user] Re: Issues upgrading from CAS 7.0.x to CAS 7.1.x

Mon, 12 May 2025 13:38:40 -0700 

For Palantir; in build.gradle


    implementation "org.apereo.cas:cas-server-support-palantir"

// and maybe
    implementation "org.apereo.cas:cas-server-support-reports"
    implementation "org.apereo.cas:cas-server-support-metrics"

in application.properties

spring.security.user.name=casuser
spring.security.user.password=Mellon

# affects: health.show-details
management.endpoints.access.default=UNRESTRICTED

management.endpoints.web.exposure.include=*

cas.monitor.endpoints.endpoint.defaults.access=ANONYMOUS

That should get you in to palantir. I am still trying to piece it all together.

Ray
________________________________
From: cas-user@apereo.org <cas-user@apereo.org> on behalf of Phil Hale 
<phalei...@gmail.com>
Sent: May 9, 2025 11:46
To: CAS Community <cas-user@apereo.org>
Cc: Brian T. Huntley <bhunt...@clarkson.edu>; Phil Hale <phalei...@gmail.com>
Subject: Re: [cas-user] Re: Issues upgrading from CAS 7.0.x to CAS 7.1.x

Hello Brian,

No, I've not found an answer yet.  I've even moved on to trying to upgrade to 
the 7.2.x release and I'm still encounting the same issues.  I've compared the 
config settings for Delegated Authentication from the 7.2 (and 7.1) CAS 
documentation and as far as I can tell, I'm not missing any property changes.  
I'm not sure what to do at this point.  We are attempting to get some 
consulting hours from Unicon, but I'm not sure yet if my bosses are going to 
approve the funding.  Hopefully someone can point us in the right direction.

Phil

On Wednesday, May 7, 2025 at 9:33:22 PM UTC-5 Brian T. Huntley wrote:
Phil - did you ever have any luck with this?  I'm running into the same 
problem. 7.1.6.

Thanks,
Brian

Brian T. Huntley, CISSP
Director of Network Services and Information Security
Office of Information Technology
Clarkson University
315.268.6723<tel:(315)%20268-6723>


On Fri, Mar 21, 2025 at 10:32 AM Phil Hale <phal...@gmail.com> wrote:
Hello Pablo,

That was a sample from one of my working service files (with version 7.0.10).  
I used the CAS Manager tool to create the service files.  Is there some type of 
lint tool I can use to check these files?  I'm attempting to get Palantir under 
version 7.0 or 7.1 working but running into issues so I'm not sure how to check 
and fix syntax issues.

Phil

On Thursday, March 20, 2025 at 10:13:47 PM UTC-5 Pablo Vidaurri wrote:
In you service file, i see missing commas and double quotes. Is that what you 
really have ? I would exepct something like this:

   "accessStrategy" : {
    "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
    "delegatedAuthenticationPolicy" : {
                "@class" : 
"org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
                "allowedProviders" : [ "java.util.ArrayList", [ "TAMUCC_AAD" ] 
],
                "permitUndefined": false,
                "exclusive": true
    }

On Thursday, March 20, 2025 at 9:23:44 PM UTC-5 Phil Hale wrote:
I added the missing dependency and restarted the services and I'm still getting 
the same warning in the logs:

2025-03-20 13:15:27,445 WARN 
[com.hazelcast.instance.impl.HazelcastInstanceFactory] - <Hazelcast is starting 
in a Java modular environment (Java 9 and newer) but without proper access to 
required Java packages. Use additional Java arguments to provide Hazelcast 
access to Java internal API. The internal API access is used to get the best 
performance results. Arguments to be used:

Are their any additional cas.properties I need to add to make this work again?

Phil

On Thursday, March 20, 2025 at 11:59:04 AM UTC-5 Pablo Vidaurri wrote:
Using OIDC I assume?

Have you tried these dependencies:
    implementation "org.apereo.cas:cas-server-support-pac4j-oidc"   <-- Looks 
like just introduced in 7.1.0
    implementation "org.apereo.cas:cas-server-support-pac4j-webflow"

-psv

On Wednesday, March 19, 2025 at 10:00:52 PM UTC-5 Phil Hale wrote:
Hello,

I'm attempting to upgrade from CAS 7.0 to CAS 7.1.  I can successfully build 
the war file and launch it without issues.  When I attempt to log in I get the 
following error in the log file:

cas.war[331470]: 2025-03-19 15:38:17,967 WARN 
[org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer]
 - <No delegated authentication providers could be determined based on the 
provided configuration. Either no identity providers are configured, or the 
current access strategy rules prohibit CAS from using authentication providers>

and the following on the web browser:


[Screenshot From 2025-03-19 15-40-11.png]

We have each service file set up to call out to a default identity provider 
with the following block in the service json file:
 accessStrategy:
  {
    @class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
    delegatedAuthenticationPolicy:
    {
      @class: 
org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy
      allowedProviders:
      [
        java.util.ArrayList
        [
          TAMUCC_AAD
        ]
      ]
      permitUndefined: false
      exclusive: true
    }
  }

This works as expected in 7.0 but does not work in 7.1.  In 7.0, we are 
automatically directed to the AAD login and after successfully logging in, 
given access to the app.  I've compared the json service file formatting with 
what is documented and can't find any issues.

Hopefully someone has some suggestions on what changes we need to make to get 
this working again.

Thanks,

Phil


--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+u...@apereo.org.
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/621e0fb6-8b1a-4c57-8216-410306f1282an%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/621e0fb6-8b1a-4c57-8216-410306f1282an%40apereo.org?utm_medium=email&utm_source=footer>.

--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/70f94a61-c160-439a-84e8-e6c43cd5032an%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/70f94a61-c160-439a-84e8-e6c43cd5032an%40apereo.org?utm_medium=email&utm_source=footer>.

-- 
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081F79FEC07BAD4F5A21991CE97A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM.

Reply via email to