I configured CAS server behind my company proxy; While validating using Saml11TicketValidationFilter it is giving
java.lang.RuntimeException: java.net.UnknownHostException
This is because CAS client is not able to access validating URL which is behind proxy. Can some body help me to configure proxy in CAS client.
Related
I am trying to integrate apereo CAS management with CAS server and the only tutorial that I found is this for a passwordless authentication(More precisely QR code authentication) and I am finding difficulties in the final step cas server works perfectly but cas management is display
Application Not Authorized to Use CAS
The application you attempted to authenticate to is not authorized to use CAS.
I tried to add casManagement as a service into cas server(both overlay versions)
I tried running them on different machines and that could not help
I tried building from code base but it didn't work
I was trying to establish tls between an app and mysql server (no mutual authentication is needed in this case)
URL passed in my Hibernate Property file:
hibernate.dialect=net.sf.hibernate.dialect.MySQLDialect
hibernate.connection.url=jdbc:mysql://mysql-0:3306/dbschema?useSSL=true&requireSSL=false&trustCertificateKeyStoreUrl=file:/opt/jks/truststore.jks&trustCertificateKeyStorePassword=test12
Also I'm passing configuration in percona server like this :
mysqld --ssl-ca=/custom_certs/ca-test.pem --ssl-cert=/custom_certs/server-cert-test.pem --ssl-key=/custom_certs/server-key-test.pem --require-secure-transport=ON
After doing all the changes and adding trust store to the app, while starting application tls ceremony is enforcing client certificate retrieval.
Network capture looks like this:
MySQL --> Login Request user= TLSv1.2 Client Hello
TLSv1.2 --> Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done
TLSv1.2 --> Certificate
TLSv1.2 --> Alert (Level: Fatal, Description: Unknown CA)
I also verified the user table to see if there's requireX509 column enforced as true for the said user, but that was not the case.
What can be the root cause of the issue? Is there any missing hibernates / mysql property or some other configuration that is possible via code?
Please note: Here I don't have the access to the code of app. Only configuration files are accessible via k8s secrets.
Using CAS 4.0.1 and successfully build with maven cas webapp and cas management app.
Accessing the cas-management app shows the services gui with the following error:
"The CAS management webapp is Unavailable
There was an error trying to complete your request. Please notify your support desk or try again."
I am able to solve my problem and I hope it might help you as well.
The reason behind this error is the security certificate was not in the VM parameter for my CAS server, namely
-Djavax.net.ssl.trustStore=truststore -Djavax.net.ssl.trustStorePassword=trustword"
If the CAS server has both cas and cas-management, then it requires the client certificate of this server to be part of the VM param.
The link http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore shows how to create server and client certificates.
I got my Dropwizard application running in an Openshift DIY Cartridge.
The application uses Https and binds to port 8080. I can access the application with curl from within an ssh connection via rhc ssh appname.
What do I have do configure that I can access my Dropwizard application via the appname-username.rhcloud.com domain?
I always get a proxy error 502. Error reading from remote server.
Any suggestion is greatly appreciated.
tmy
In OpenShift your application is deployed behind a proxy server ant this proxy server can only communicate with your application using http.
The OpenShift proxy server allows you to use both http and https connections and to communicate which type of connection was used the proxy server adds x-forwarded headers in the request to your application.
Tho configure Dropwizard, you will need to configure the http connector on port 8080, the default, and set useForwardedHeaders to true, also the default. See http://dropwizard.io/manual/configuration.html#http for more information.
At this point Dropwizard is aware whether a http or https connection was used. The thing I did not find is how to make content "confidential" so that the jetty container inside Dropwizard redirect the client to the https connector served by the OpenShift proxy server when the client tries to connect to your application using http.
I have setup CAS server in Java and using RubyCas-client for my application. Now my application runs on sub-domain so my concern is once I am authenticated by CAS server for some particular sub-domain, I am able to access others sub-domain also.
Here is brief example:-
My CAS server URL is https://localhost:8443/cas/login
I have given credentials for sub-domain1.mydomain.com and got authenticated for same but when I am trying to access sub-domain2.mydomain.com, getting authenticated for sub-domain2 and sub-domain3 and so on also.
What I want to do that for each sub-domain it will ask me for credentials. Is this possible.
Thanks in advance!