How to get started

[fiedl]

I'm trying setup CAS as authentication proxy for several web applications.

incoming request ----> nginx ----> CAS
                        |           |------> LDAP server
                        |
                        |--------> web app

Why opening an issue here?

Through the Getting Started Guide I got to the Docker Installation Guide, which, for instructions on the configuration, directs to this repo.

How to get started?

I've successfully created a docker container for cas:v5.1.2. Although the guide reads

Once CAS is running, it will be available under ports 8080 and 8443.

openeing the ports suggested by docker ps in the browser does not work. Also curl returns "curl: (52) Empty reply from server".

Thus, I guess I'm missing some documentation on how to proceed. Could you give me some pointers on the following topics or point me to the corresponding documentation:

1. How to access the docker container through the browser, and in case that this is only possible after configuration,
2. how tell CAS which LDAP server to use for authentication and how to connect to this LDAP server,
3. how to configure nginx to redirect properly to CAS when authentication is needed.

[mmoayyed]

1. Is your docker build set to expose relevant ports? Do logs show CAS is running on ports 8080 and 8443 when you ssh into the container?
2. Need to consult the CAS documentation
3. Probably best answered by the nginx community.

[fiedl]

Thanks for your reply. I gather what I've experienced is not the regular behaviour and I should rather get a response when curling the ports.

I've set up a minimal example: https://github.com/fiedl/cas-docker-test

git clone [email protected]:fiedl/cas-docker-test.git
cd cas-docker-test
docker-compose up

The output is quite short and does not show any indication that the server is listening at port 8080.

▶ docker-compose up
Recreating casdockertest_cas_1 ...
Recreating casdockertest_cas_1 ... done
Attaching to casdockertest_cas_1
cas_1  | Executing build from directory:
cas_1  | /cas-overlay
cas_1  | [INFO] Scanning for projects...
cas_1  | [INFO]
cas_1  | [INFO] Using the MultiThreadedBuilder implementation with a thread count of 5
cas_1  | [INFO]
cas_1  | [INFO] ------------------------------------------------------------------------
cas_1  | [INFO] Building cas-overlay 1.0
cas_1  | [INFO] ------------------------------------------------------------------------
cas_1  | [INFO]
cas_1  | [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ cas-overlay ---
cas_1  | [INFO] Deleting /cas-overlay/target
cas_1  | [INFO]
cas_1  | [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ cas-overlay ---
cas_1  | [INFO] Using 'UTF-8' encoding to copy filtered resources.
cas_1  | [INFO] skip non existing resourceDirectory /cas-overlay/src/main/resources
cas_1  | [INFO]
cas_1  | [INFO] --- maven-compiler-plugin:3.3:compile (default-compile) @ cas-overlay ---
cas_1  | [INFO] No sources to compile
cas_1  | [INFO]
cas_1  | [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ cas-overlay ---
cas_1  | [INFO] Using 'UTF-8' encoding to copy filtered resources.
cas_1  | [INFO] skip non existing resourceDirectory /cas-overlay/src/test/resources
cas_1  | [INFO]
cas_1  | [INFO] --- maven-compiler-plugin:3.3:testCompile (default-testCompile) @ cas-overlay ---
cas_1  | [INFO] No sources to compile
cas_1  | [INFO]
cas_1  | [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ cas-overlay ---
cas_1  | [INFO] No tests to run.
cas_1  | [INFO]
cas_1  | [INFO] --- maven-war-plugin:2.6:war (default-war) @ cas-overlay ---
cas_1  | [INFO] Packaging webapp
cas_1  | [INFO] Assembling webapp [cas-overlay] in [/cas-overlay/target/cas]
cas_1  | [info] Copying manifest...
cas_1  | [INFO] Processing war project
cas_1  | [INFO] Processing overlay [ id org.apereo.cas:cas-server-webapp-tomcat]
cas_1  | [INFO] Webapp assembled in [465 msecs]
cas_1  | [INFO] Building war: /cas-overlay/target/cas.war
cas_1  | [INFO] ------------------------------------------------------------------------
cas_1  | [INFO] BUILD SUCCESS
cas_1  | [INFO] ------------------------------------------------------------------------
cas_1  | [INFO] Total time: 2.053 s (Wall Clock)
cas_1  | [INFO] Finished at: 2017-09-08T16:20:41Z
cas_1  | [INFO] Final Memory: 10M/188M
cas_1  | [INFO] ------------------------------------------------------------------------
cas_1  | Creating configuration directory under /etc/cas
cas_1  | Copying configuration files from etc/cas to /etc/cas
cas_1  | 'etc/cas/config/log4j2.xml' -> '/etc/cas/config/log4j2.xml'
cas_1  | 'etc/cas/config/cas.properties' -> '/etc/cas/config/cas.properties'
cas_1  | 'etc/cas/config/application.yml' -> '/etc/cas/config/application.yml'
cas_1  |
cas_1  |    __   ____      _      ____   __
cas_1  |   / /  / ___|    / \    / ___|  \ \
cas_1  |  | |  | |       / _ \   \___ \   | |
cas_1  |  | |  | |___   / ___ \   ___) |  | |
cas_1  |  | |   \____| /_/   \_\ |____/   | |
cas_1  |   \_\                           /_/
cas_1  |
cas_1  | CAS Version: 5.1.2
cas_1  | CAS Commit Id: fae163b426ba91cc78a18e3805b2f2fac9c03b2e
cas_1  | CAS Build Date/Time: 2017-09-08T16:20:41Z
cas_1  | Spring Boot Version: 1.5.3.RELEASE
cas_1  | ------------------------------------------------------------
cas_1  | System Date/Time: 2017-09-08T16:20:46.344
cas_1  | System Temp Directory: /tmp
cas_1  | ------------------------------------------------------------
cas_1  | Java Home: /opt/zulu8.19.0.1-jdk8.0.112-linux_x64/jre
cas_1  | Java Vendor: Azul Systems, Inc.
cas_1  | Java Version: 1.8.0_112
cas_1  | JCE Installed: yes
cas_1  | ------------------------------------------------------------
cas_1  | OS Architecture: amd64
cas_1  | OS Name: Linux
cas_1  | OS Version: 4.9.41-moby
cas_1  | ------------------------------------------------------------
cas_1  | Apache Tomcat Version: Apache Tomcat/8.5.15
cas_1  | ------------------------------------------------------------
cas_1  |
cas_1  |
cas_1  | 2017-09-08 16:20:46,492 INFO [org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration] - <Configuration files found at [/etc/cas/config] are [[/etc/cas/config/application.yml, /etc/cas/config/cas.properties]]>
cas_1  | 2017-09-08 16:20:46,522 INFO [org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration] - <Found and loaded [5] setting(s) from [/etc/cas/config]>
cas_1  | 2017-09-08 16:20:46,523 INFO [org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration] - <Located property source: PropertiesPropertySource [name='standaloneCasConfigService']>
cas_1  | 2017-09-08 16:20:51,367 WARN [org.apereo.cas.config.CasCoreTicketsConfiguration] - <Runtime memory is used as the persistence storage for retrieving and managing tickets. Tickets that are issued during runtime will be LOST upon container restarts. This MAY impact SSO functionality.>
cas_1  | 2017-09-08 16:21:04,243 WARN [org.apereo.cas.config.support.authentication.AcceptUsersAuthenticationEventExecutionPlanConfiguration] - <>
cas_1  | 2017-09-08 16:21:04,247 WARN [org.apereo.cas.config.support.authentication.AcceptUsersAuthenticationEventExecutionPlanConfiguration] - <
cas_1  |
cas_1  |   ____    _____    ___    ____    _
cas_1  |  / ___|  |_   _|  / _ \  |  _ \  | |
cas_1  |  \___ \    | |   | | | | | |_) | | |
cas_1  |   ___) |   | |   | |_| | |  __/  |_|
cas_1  |  |____/    |_|    \___/  |_|     (_)
cas_1  |
cas_1  |
cas_1  | CAS is configured to accept a static list of credentials for authentication. While this is generally useful for demo purposes, it is STRONGLY recommended that you DISABLE this authentication method (by SETTING 'cas.authn.accept.users' to a blank value) and switch to a mode that is more suitable for production.>
cas_1  | 2017-09-08 16:21:04,247 WARN [org.apereo.cas.config.support.authentication.AcceptUsersAuthenticationEventExecutionPlanConfiguration] - <>
cas_1  | 2017-09-08 16:21:05,147 WARN [org.apereo.cas.config.CasCoreServicesConfiguration] - <Runtime memory is used as the persistence storage for retrieving and persisting service definitions. Changes that are made to service definitions during runtime WILL be LOST upon container restarts.>
cas_1  | 2017-09-08 16:21:11,106 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Secret key for encryption is not defined for [Ticket-granting Cookie]; CAS will attempt to auto-generate the encryption key>
cas_1  | 2017-09-08 16:21:11,118 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Generated encryption key [YMwIubHCn5NaWNoequAc0uaGtf3_9Jd9-Mkz-yGN3Zg] of size [256] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings.>
cas_1  | 2017-09-08 16:21:11,118 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Secret key for signing is not defined for [Ticket-granting Cookie]. CAS will attempt to auto-generate the signing key>
cas_1  | 2017-09-08 16:21:11,119 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Generated signing key [0ISOEx0OfGn-mZ3_B7ZVi5Y7QgXhYWtdD0n4KF4Y3eb0ZtSwewUcX3EJb22BvggyV6FjPTfDGGJzi-o3sIe_aQ] of size [512] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings.>
cas_1  | 2017-09-08 16:21:11,590 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Secret key for signing is not defined. CAS will attempt to auto-generate the signing key>
cas_1  | 2017-09-08 16:21:11,590 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated signing key [Estn5Jcl5MFnNOwaVQcWkVR_DXaotCGEZOrhQ5K8tzHUNyZKvAM7Gg8CMvKnGs_jqwa83-mDZo05AJAfI3U9sw] of size [512]. The generated key MUST be added to CAS settings.>
cas_1  | 2017-09-08 16:21:11,591 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <No encryption key is defined. CAS will attempt to auto-generate keys>
cas_1  | 2017-09-08 16:21:11,591 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated encryption key [hqZmRoszMUuROWoz] of size [16]. The generated key MUST be added to CAS settings.>

Docker shows that the ports are correctly redirected.

▶ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                            NAMES
0fa9bc5a3908        apereo/cas:v5.1.2   "/cas-overlay/bin/..."   12 minutes ago      Up 12 minutes       0.0.0.0:8080->8080/tcp, 0.0.0.0:8443->8443/tcp   casdockertest_cas_1

Curl does not reach the server.

▶ curl localhost:8080
curl: (52) Empty reply from server

[mmoayyed]

Could I assume that you have correctly created a keystore and CAS is using it? Because your logs seem incomplete. You should be seeing a READY asciiart, and since you dont that means something has gone wrong and the server has not really started.

[mmoayyed]

Actually, ignore the comment about the READY asciiart. That does not apply to 5.1.x, but the rest is all the same. Does port 8443 work?

[mmoayyed]

Also it appears that port 8080 is not by default enabled:
https://github.com/apereo/cas/blob/5.1.x/core/cas-server-core-configuration/src/main/java/org/apereo/cas/configuration/model/core/CasServerProperties.java#L326

You'll need to enable the port for the embedded tomcat first before you can access/expose it.

[fiedl]

@mmoayyed Thanks for the pointers, but I'm really not sure how to approach this. I'm still reading the CAS documentation.

Maybe I did not understand this docker image altogether: I'm wondering if it is possible to use this docker image and configure it to connect to our ldap server, and maybe, also include a custom logo or welcome text, without coding any java, just by setting environment variables, mounting configuration files and resource folders through docker.

[wscalf]

I'm running into (I think) the same thing - I mapped port 8080 with -p8080:8080, and traffic is getting to Tomcat because it's showing up in the Tomcat access log, but I'm getting back 400 (Bad Request) when I try to navigate to the root of the site (http://localhost:8080)

I haven't been able to find any configuration RE Tomcat at all. If there's something that needs to be enabled, I'm completely lost.

[shingoxray]

Try http://localhost:8080/cas/

[sebastiennoir]

Did someone find a solution ? I have the same issue...

[wscalf]

Yes and no. I never got the HTTP endpoint to work, but if I recall correctly, I got the HTTPS endpoint to work from inside the container by..I think generating a new cert, but it's been a while.

…

On Fri, Mar 2, 2018 at 12:27 PM, sebastiennoir ***@***.***> wrote: Did someone find a solution ? I have the same issue... — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#17 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACPsRy91I0FNvZ573tNM368AqYDNleG7ks5taYDqgaJpZM4PPq1e> .

[linkerx]

I have the same problem, generate the certs, put in the keystore and the cacerts file, but still not working. Now my error is:
java.io.IOException: Alias name [null] does not identify a key entry

[liudonghua123]

I have the same problem too.

[liudonghua123]

Finally, I found the problem, the thekeystore in /etc/cas/ is a empty keystore. We need to add an entry into it using keytool -genkeypair -alias cas -keyalg RSA -keypass changeit -storepass changeit -keystore \path\to\thekeystore -dname "CN=cas.example.org,OU=Example,OU=Org,C=US" -ext SAN="dns:example.org,dns:localhost,ip:127.0.0.1"

see more on https://github.com/CenterForOpenScience/docker-library/blob/master/cas/Dockerfile

[JustDoItQz]

I hava set up the keystore ,but still exists this proplem , where are the ploblems?