From: Gustavo Martin Morcuende Date: Sun, 4 Oct 2015 14:41:50 +0000 (+0200) Subject: CAS: cas and cas-management X-Git-Url: https://git.gumartinm.name/?a=commitdiff_plain;h=e6a06d99592849a548564a669155f0f94f2056fe;p=JavaForFun CAS: cas and cas-management For being used with my centos-httpd-cas and centos-tomcat-cas docker containers. --- diff --git a/CAS/CAS-MANAGEMENT/README b/CAS/CAS-MANAGEMENT/README new file mode 100644 index 0000000..a7d9734 --- /dev/null +++ b/CAS/CAS-MANAGEMENT/README @@ -0,0 +1 @@ +mvn clean package -DskipTests=true diff --git a/CAS/CAS-MANAGEMENT/pom.xml b/CAS/CAS-MANAGEMENT/pom.xml new file mode 100644 index 0000000..bc20568 --- /dev/null +++ b/CAS/CAS-MANAGEMENT/pom.xml @@ -0,0 +1,72 @@ + + + 4.0.0 + de.example.cas + gumartinm-cas-management + war + 1.0-SNAPSHOT + + + + maven-war-plugin + + cas-management + + + + + + + org.jasig.cas + cas-management-webapp + ${cas.version} + war + runtime + + + org.jasig.cas + cas-server-support-ldap + ${cas.version} + + + commons-dbcp + commons-dbcp + 1.4 + runtime + + + mysql + mysql-connector-java + 5.1.36 + runtime + + + org.hibernate + hibernate-entitymanager + 5.0.1.Final + runtime + jar + + + concurrent + concurrent + 1.3.4 + runtime + + + + 4.1.0 + + + + ja-sig + http://oss.sonatype.org/content/repositories/releases/ + + + jboss + http://repository.jboss.org/nexus/content/groups/public-jboss/ + + + diff --git a/CAS/CAS-MANAGEMENT/src/main/webapp/WEB-INF/cas-management.properties b/CAS/CAS-MANAGEMENT/src/main/webapp/WEB-INF/cas-management.properties new file mode 100644 index 0000000..d9f6086 --- /dev/null +++ b/CAS/CAS-MANAGEMENT/src/main/webapp/WEB-INF/cas-management.properties @@ -0,0 +1,71 @@ +# +# Licensed to Apereo under one or more contributor license +# agreements. See the NOTICE file distributed with this work +# for additional information regarding copyright ownership. +# Apereo licenses this file to you under the Apache License, +# Version 2.0 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a +# copy of the License at the following location: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# hosts and urls + +# CAS +cas.host=https://192.168.1.11:8443 +cas.prefix=${cas.host}/cas +cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${cas.prefix}/login +cas.securityContext.ticketValidator.casServerUrlPrefix=${cas.prefix} + +# Management +cas-management.host=${cas.host} +cas-management.prefix=${cas-management.host}/cas-management +cas-management.securityContext.serviceProperties.service=${cas-management.prefix}/login/cas +cas-management.securityContext.serviceProperties.adminRoles=hasRole('ROLE_ADMIN') + +# views +cas-management.viewResolver.basename=default_views + +## +# User details file location that contains list of users +# who are allowed access to the management webapp: +# +# user.details.file.location = classpath:user-details.properties + +## +# JSON Service Registry +# +# Directory location where JSON service files may be found. +# service.registry.config.location=classpath:services + +## +# Database flavors for Hibernate +# +# One of these is needed if you are storing Services in an RDBMS via JPA. +# +# database.hibernate.dialect=org.hibernate.dialect.OracleDialect +# database.hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect +# database.hibernate.dialect=org.hibernate.dialect.HSQLDialect + +## +# Log4j +# Default sourced from WEB-INF/spring-configuration/log4jConfiguration.xml: +# +# It is often time helpful to externalize log4j.xml to a system path to preserve settings between upgrades. +# e.g. log4j.config.location=file:/etc/cas/log4j2.xml +# log4j.config.location=classpath:log4j2.xml + +## +# Metrics +# Default sourced from WEB-INF/spring-configuration/metricsConfiguration.xml: +# +# Define how often should metric data be reported. Default is 30 seconds. +# metrics.refresh.internal=30s diff --git a/CAS/CAS-MANAGEMENT/src/main/webapp/WEB-INF/classes/log4j2.xml b/CAS/CAS-MANAGEMENT/src/main/webapp/WEB-INF/classes/log4j2.xml new file mode 100644 index 0000000..87b05c2 --- /dev/null +++ b/CAS/CAS-MANAGEMENT/src/main/webapp/WEB-INF/classes/log4j2.xml @@ -0,0 +1,67 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/CAS/CAS-MANAGEMENT/src/main/webapp/WEB-INF/classes/services/ServicesManagementWebApplication-52497044623301.json b/CAS/CAS-MANAGEMENT/src/main/webapp/WEB-INF/classes/services/ServicesManagementWebApplication-52497044623301.json new file mode 100644 index 0000000..3857efb --- /dev/null +++ b/CAS/CAS-MANAGEMENT/src/main/webapp/WEB-INF/classes/services/ServicesManagementWebApplication-52497044623301.json @@ -0,0 +1,28 @@ +{ + "@class" : "org.jasig.cas.services.RegexRegisteredService", + "serviceId" : "https://192.168.1.11:8443/cas-management/login/cas", + "name" : "Services Management Web Application", + "id" : 52497044623301, + "description" : "Services Management Web Application", + "proxyPolicy" : { + "@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy" + }, + "evaluationOrder" : 2, + "usernameAttributeProvider" : { + "@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider" + }, + "logoutType" : "BACK_CHANNEL", + "attributeReleasePolicy" : { + "@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy", + "principalAttributesRepository" : { + "@class" : "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository" + }, + "authorizedToReleaseCredentialPassword" : false, + "authorizedToReleaseProxyGrantingTicket" : false + }, + "accessStrategy" : { + "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy", + "enabled" : true, + "ssoEnabled" : true + } +} diff --git a/CAS/CAS-MANAGEMENT/src/main/webapp/WEB-INF/classes/user-details.properties b/CAS/CAS-MANAGEMENT/src/main/webapp/WEB-INF/classes/user-details.properties new file mode 100644 index 0000000..c362499 --- /dev/null +++ b/CAS/CAS-MANAGEMENT/src/main/webapp/WEB-INF/classes/user-details.properties @@ -0,0 +1,30 @@ + # +# Licensed to Apereo under one or more contributor license +# agreements. See the NOTICE file distributed with this work +# for additional information regarding copyright ownership. +# Apereo licenses this file to you under the Apache License, +# Version 2.0 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a +# copy of the License at the following location: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# This file lists the set of users that are allowed access to the management app. +# See this link for more info: +# http://docs.spring.io/spring-security/site/docs/3.0.x/reference/ns-config.html +# +# The syntax of each entry should be in the form of: +# +# username=password,grantedAuthority[,grantedAuthority][,enabled|disabled] +gustavo=gustavo,ROLE_ADMIN + +# Example: +# casuser=notused,ROLE_ADMIN diff --git a/CAS/CAS/README b/CAS/CAS/README new file mode 100644 index 0000000..a7d9734 --- /dev/null +++ b/CAS/CAS/README @@ -0,0 +1 @@ +mvn clean package -DskipTests=true diff --git a/CAS/CAS/pom.xml b/CAS/CAS/pom.xml new file mode 100644 index 0000000..28e4714 --- /dev/null +++ b/CAS/CAS/pom.xml @@ -0,0 +1,72 @@ + + + 4.0.0 + de.example.cas + gumartinm-cas + war + 1.0-SNAPSHOT + + + + maven-war-plugin + + cas + + + + + + + org.jasig.cas + cas-server-webapp + ${cas.version} + war + runtime + + + org.jasig.cas + cas-server-support-ldap + ${cas.version} + + + commons-dbcp + commons-dbcp + 1.4 + runtime + + + mysql + mysql-connector-java + 5.1.36 + runtime + + + org.hibernate + hibernate-entitymanager + 5.0.1.Final + runtime + jar + + + concurrent + concurrent + 1.3.4 + runtime + + + + 4.1.0 + + + + ja-sig + http://oss.sonatype.org/content/repositories/releases/ + + + jboss + http://repository.jboss.org/nexus/content/groups/public-jboss/ + + + diff --git a/CAS/CAS/src/main/webapp/WEB-INF/cas.properties b/CAS/CAS/src/main/webapp/WEB-INF/cas.properties new file mode 100644 index 0000000..4647335 --- /dev/null +++ b/CAS/CAS/src/main/webapp/WEB-INF/cas.properties @@ -0,0 +1,216 @@ +# +# Licensed to Apereo under one or more contributor license +# agreements. See the NOTICE file distributed with this work +# for additional information regarding copyright ownership. +# Apereo licenses this file to you under the Apache License, +# Version 2.0 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a +# copy of the License at the following location: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +server.name=https://192.168.1.11:8443 +server.prefix=${server.name}/cas + +# Spring Security's EL-based access rules for the /status URI of CAS that exposes health check information +cas.securityContext.status.access=permitAll + +# Spring Security's EL-based access rules for the /statistics URI of CAS that exposes stats about the CAS server +cas.securityContext.statistics.access=hasIpAddress('127.0.0.1') + +cas.themeResolver.defaultThemeName=cas-theme-default + +# Path prefix for where views are to be found +# cas.viewResolver.defaultViewsPathPrefix=/WEB-INF/view/jsp/default/ui/ + +# Location of the Spring xml config file where views may be collected +# cas.viewResolver.xmlFile=/META-INF/spring/views.xml + +## +# Unique CAS node name +# host.name is used to generate unique Service Ticket IDs and SAMLArtifacts. This is usually set to the specific +# hostname of the machine running the CAS node, but it could be any label so long as it is unique in the cluster. +# host.name=cas01.example.org +host.name=192.168.1.11 + +## +# Database flavors for Hibernate +# +# One of these is needed if you are storing Services or Tickets in an RDBMS via JPA. +# +# database.hibernate.dialect=org.hibernate.dialect.OracleDialect +database.hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect +# database.hibernate.dialect=org.hibernate.dialect.HSQLDialect +# database.hibernate.batchSize=10 + +## +# CAS SSO Cookie Generation & Security +# See https://github.com/mitreid-connect/json-web-key-generator +# +# Do note that the following settings MUST be generated per deployment. +# +# Defaults at spring-configuration/ticketGrantingTicketCookieGenerator.xml +# The encryption secret key. By default, must be a octet string of size 256. +tgc.encryption.key=1PbwSbnHeinpkZOSZjuSJ8yYpUrInm5aaV18J2Ar4rM + +# The signing secret key. By default, must be a octet string of size 512. +tgc.signing.key=szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dWxsOVGutZWgvmY3l5oVPO3w + +## +# CAS Logout Behavior +# WEB-INF/cas-servlet.xml +# +# Specify whether CAS should redirect to the specified service parameter on /logout requests +# cas.logout.followServiceRedirects=false + +## +# CAS Cached Attributes Timeouts +# Controls the cached attribute expiration policy +# +# Notes the duration in which attributes will be kept alive +# cas.attrs.timeToExpireInHours=2 + +## +# Single Sign-On Session +# +# Indicates whether an SSO session should be created for renewed authentication requests. +# create.sso.renewed.authn=true +# +# Indicates whether an SSO session can be created if no service is present. +# create.sso.missing.service=true + +## +# Spring Webflow Web Application Session +# Define the settings that are required to encrypt and persist the CAS web application session. +# See the cas-servlet.xml file to understand how these properties are used. +# +# cas.webflow.cipher.alg=AES +# cas.webflow.cipher.mode=CBC +# cas.webflow.cipher.padding=PKCS7 +# cas.webflow.keystore=classpath:/etc/keystore.jceks +# cas.webflow.keystore.type=JCEKS +# cas.webflow.keystore.password=changeit +# cas.webflow.keyalias=aes128 +# cas.webflow.keypassword=changeit +## +# Single Sign-On Session Timeouts +# Defaults sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml +# +# Maximum session timeout - TGT will expire in maxTimeToLiveInSeconds regardless of usage +# tgt.maxTimeToLiveInSeconds=28800 +# +# Idle session timeout - TGT will expire sooner than maxTimeToLiveInSeconds if no further requests +# for STs occur within timeToKillInSeconds +# tgt.timeToKillInSeconds=7200 + +## +# Service Ticket Timeout +# Default sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml +# +# Service Ticket timeout - typically kept short as a control against replay attacks, default is 10s. You'll want to +# increase this timeout if you are manually testing service ticket creation/validation via tamperdata or similar tools +# st.timeToKillInSeconds=10 + +## +# Http Client Settings +# +# The http client read timeout in milliseconds +# http.client.read.timeout=5000 + +# The http client connection timeout in milliseconds +# http.client.connection.timeout=5000 +# +# The http client truststore file, in addition to the default's +# http.client.truststore.file=classpath:truststore.jks +# +# The http client truststore's password +# http.client.truststore.psw=changeit + +## +# Single Logout Out Callbacks +# Default sourced from WEB-INF/spring-configuration/argumentExtractorsConfiguration.xml +# +# To turn off all back channel SLO requests set this to true +# slo.callbacks.disabled=false +# +# To send callbacks to endpoints synchronously, set this to false +# slo.callbacks.asynchronous=true + +## +# CAS Protocol Security Filter +# +# Are multi-valued parameters accepted? +# cas.http.allow.multivalue.params=false + +# Define the list of request parameters to examine for sanity +# cas.http.check.params=ticket,service,renew,gateway,warn,target,SAMLart,pgtUrl,pgt,pgtId,pgtIou,targetService + +# Define the list of request parameters only allowed via POST +# cas.http.allow.post.params=username,password + +## +# JSON Service Registry +# +# Directory location where JSON service files may be found. +# service.registry.config.location=classpath:services + +## +# Service Registry Periodic Reloading Scheduler +# Default sourced from WEB-INF/spring-configuration/applicationContext.xml +# +# Force a startup delay of 2 minutes. +# service.registry.quartz.reloader.startDelay=120000 +# +# Reload services every 2 minutes +# service.registry.quartz.reloader.repeatInterval=120000 + +## +# Log4j +# Default sourced from WEB-INF/spring-configuration/log4jConfiguration.xml: +# +# It is often time helpful to externalize log4j.xml to a system path to preserve settings between upgrades. +# log4j.config.location=file:///etc/cas/log4j2.xml +# log4j.config.location=classpath:log4j2.xml + +## +# Metrics +# Default sourced from WEB-INF/spring-configuration/metricsConfiguration.xml: +# +# Define how often should metric data be reported. Default is 30 seconds. +# metrics.refresh.internal=30s + +## +# Encoding +# +# Set the encoding to use for requests. Default is UTF-8 +# httprequest.web.encoding=UTF-8 + +# Default is true. Switch this to "false" to not enforce the specified encoding in any case, +# applying it as default response encoding as well. +# httprequest.web.encoding.force=true + +## +# Reports +# +# Setting to whether include the ticket granting ticket id in the report +# sso.sessions.include.tgt=false + +## +# Password Policy +# +# Warn all users of expiration date regardless of warningDays value. +# password.policy.warnAll=false + +# Threshold number of days to begin displaying password expiration warnings. +# password.policy.warningDays=30 + +# URL to which the user will be redirected to change the password. +# password.policy.url=https://password.example.edu/change diff --git a/CAS/CAS/src/main/webapp/WEB-INF/classes/log4j2.xml b/CAS/CAS/src/main/webapp/WEB-INF/classes/log4j2.xml new file mode 100644 index 0000000..8d33ba4 --- /dev/null +++ b/CAS/CAS/src/main/webapp/WEB-INF/classes/log4j2.xml @@ -0,0 +1,83 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/CAS/CAS/src/main/webapp/WEB-INF/classes/services/mod-cas.json b/CAS/CAS/src/main/webapp/WEB-INF/classes/services/mod-cas.json new file mode 100644 index 0000000..08c16ef --- /dev/null +++ b/CAS/CAS/src/main/webapp/WEB-INF/classes/services/mod-cas.json @@ -0,0 +1,11 @@ +{ + "@class" : "org.jasig.cas.services.RegexRegisteredService", + "serviceId" : "^http://192.168.1.6/.*", + "name" : "apache-mod-cas", + "id" : 6969697, + "description" : "apache-mod-cas", + "usernameAttributeProvider" : { + "@class" : "org.jasig.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider", + "usernameAttribute" : "cn" + } +} diff --git a/CAS/CAS/src/main/webapp/WEB-INF/deployerConfigContext.xml b/CAS/CAS/src/main/webapp/WEB-INF/deployerConfigContext.xml new file mode 100644 index 0000000..f6f3e65 --- /dev/null +++ b/CAS/CAS/src/main/webapp/WEB-INF/deployerConfigContext.xml @@ -0,0 +1,180 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + memberOf + + faculty + staff + org + + + + + + + + + + + + + + + +