jasig-cas IRC Logs-2011-09-30

Owned by Apereo Infrastructure
Last updated: Sept 30, 2011Version comment
5 min read

[07:47:27 CDT(-0500)] <foxnesn1> morning
[07:47:34 CDT(-0500)] <wgthom> howdy
[07:47:48 CDT(-0500)] <foxnesn1> how goes it?
[07:48:06 CDT(-0500)] <wgthom> fine. you?
[07:49:00 CDT(-0500)] <foxnesn1> pretty good
[08:30:02 CDT(-0500)] <wgthom> atilling: you on?
[09:08:47 CDT(-0500)] <apetro> I'm iffy on ability to make the weekly #jasig-cas CAS developer IRC meetup today, just fyi.
[09:13:23 CDT(-0500)] <serac> Thanks for the heads up.
[09:24:39 CDT(-0500)] <kickehy> should my cas server be forwarding any connection from 8080 to 8443?
[09:24:48 CDT(-0500)] <serac> No.
[09:25:10 CDT(-0500)] <kickehy> mmmk i just saw something in the server.xml for tomcat that made me think it did
[09:25:13 CDT(-0500)] <serac> A servlet can be configured to send a redirect to a client to get on 443.
[09:25:22 CDT(-0500)] <serac> or 8443 or whatever.
[09:25:39 CDT(-0500)] <serac> But forwarding in the sense of servlet forwards would never involve a port # change.
[09:26:08 CDT(-0500)] <kickehy> i assume i would want to force all my clients to connect using ssl
[09:26:24 CDT(-0500)] <serac> Correct. You can do that via a web.xml security-constraint.
[09:26:30 CDT(-0500)] <serac> Part of servlet spec.
[09:26:34 CDT(-0500)] <kickehy> i'll take a peek
[09:27:06 CDT(-0500)] <kickehy> i'm still working on setting this up (tongue), FINALLY got my certificates straigtened out
[09:27:59 CDT(-0500)] <serac> Everyone that's worked with certs to any degree can sympathize.
[09:29:57 CDT(-0500)] <kickehy> heh
[09:30:15 CDT(-0500)] <kickehy> do you change your ports to 80 and 443?
[09:30:37 CDT(-0500)] <serac> On my development box I use iptables source nat rules to do that.
[09:31:18 CDT(-0500)] <serac> In dev/pprd/prod environments, the load balancer maps 80->8080, 443->8443 from the vip to the reals.
[09:31:50 CDT(-0500)] <serac> It's a nice convenience so you don't have to worry about port numbers in urls.
[09:54:18 CDT(-0500)] <foxnesn1> so im testing an ldap config, can i just copy the pom.xml from cas-server-support-ldap ?
[09:54:32 CDT(-0500)] <serac> Dangerous.
[09:54:49 CDT(-0500)] <serac> Copy relevant beans then edit would be better.
[10:23:25 CDT(-0500)] <kickehy> would you suggest forwarding everything to ssl?
[10:30:26 CDT(-0500)] <serac> Yes.
[10:45:28 CDT(-0500)] <kickehy> serac: http://pastie.org/2617602 <---I'm assuming that's all i need to do
[10:48:15 CDT(-0500)] <shintaku> so happy this channel exists. i'm new to cas. i understand that it does authentication only. i have 10 web apps that need single sign on. cas supplies only the authentication piece, right? so, how do i get users to register for an account on their own?
[10:50:59 CDT(-0500)] <wgthom> account management is not covered by cas. you'll something else to handle that
[10:51:20 CDT(-0500)] <wgthom> you'll likely want to customize the login flow with links to whatever that is
[10:51:57 CDT(-0500)] <shintaku> if you want anyone registering, do you guys create some custom user management web applicatino
[10:52:05 CDT(-0500)] <shintaku> and then have cas interface with that
[10:53:29 CDT(-0500)] <wgthom> yes, something like that
[10:54:00 CDT(-0500)] <shintaku> i wonder if there's a rails app or something on github so i don't have to reinvent the wheel
[10:54:01 CDT(-0500)] <shintaku> thanks, wgthom
[10:57:21 CDT(-0500)] <wgthom> ur welcome. good luck
[12:34:25 CDT(-0500)] <kickehy> https://wiki.jasig.org/display/CASUM/End-to-end+Windows+Example <---in that example, do you have to create that "registry locks" table?
[12:34:34 CDT(-0500)] <kickehy> in the database
[12:37:06 CDT(-0500)] <serac> Yes.
[12:37:28 CDT(-0500)] <serac> If you want to use the JdbcLockingStrategy component.
[12:37:41 CDT(-0500)] <serac> You only need that for HA environments with multiple nodes.
[12:41:55 CDT(-0500)] <kickehy> i assume i don't need that then...all i'm trying to do is setup a simple CAS server for http://www.orgsync.com/
[13:04:59 CDT(-0500)] <wgthom> 14:00 and I just can't stop thinking about cas
[13:06:39 CDT(-0500)] <ries> wgthom: then it's time for weekend
[13:07:09 CDT(-0500)] <apetro> checking in slightly late
[13:07:27 CDT(-0500)] <ries> hello apetro
[13:20:25 CDT(-0500)] <kickehy> is there a good guide for integrating ldap with cas?
[13:21:04 CDT(-0500)] <kickehy> https://wiki.jasig.org/display/CASUM/End-to-end+Windows+Example <---or will the one in there work fine?
[13:22:27 CDT(-0500)] <wgthom> https://wiki.jasig.org/display/CASUM/LDAP
[13:25:15 CDT(-0500)] <kickehy> thanks
[13:25:47 CDT(-0500)] <kickehy> just missed that link apparently
[13:26:58 CDT(-0500)] <ries> kickehy: personally, Wiki's are great to put information on, but are horrible at organizing information… I always have a hard time finding information in a wiki
[13:27:58 CDT(-0500)] <foxnesn1> kickehy: let me know how that ldap integration goes. i am looking into it myself.
[13:31:11 CDT(-0500)] <kickehy> foxnesn1: sure thing (big grin)
[13:31:54 CDT(-0500)] <kickehy> i have yet another question, is it better to keep the default pom.xml and add stuff to that, or create your own?
[13:31:55 CDT(-0500)] <foxnesn1> im currently working on another project so i will have to shelve this one for a few days
[13:32:13 CDT(-0500)] <foxnesn1> kickehy: just add the things you need to your pom
[13:32:21 CDT(-0500)] <kickehy> foxnesn1: thanks
[13:32:31 CDT(-0500)] <foxnesn1> i asked about simply copy/paste the pom.xml from the cas-server-ldap folder and was told that was a bad idea
[13:32:50 CDT(-0500)] <foxnesn1> but i bet it works for testing purposes
[13:33:12 CDT(-0500)] <kickehy> single sign on gives me a headache (tongue)
[13:33:17 CDT(-0500)] <foxnesn1> yea ha
[13:33:21 CDT(-0500)] <foxnesn1> im very new to sso
[13:33:24 CDT(-0500)] <kickehy> me too
[13:33:28 CDT(-0500)] <kickehy> started last week
[13:33:31 CDT(-0500)] <foxnesn1> and learning hurts my head
[13:33:33 CDT(-0500)] <foxnesn1> me too
[13:34:06 CDT(-0500)] <foxnesn1> the nice thing is that at least sso provides a major service to people
[13:34:15 CDT(-0500)] <kickehy> a department at our college decided to blindly buy a piece of software before consulting with the IT department
[13:34:17 CDT(-0500)] <foxnesn1> most things i do seem to be just busy work lol
[13:34:34 CDT(-0500)] <foxnesn1> what software?
[13:34:35 CDT(-0500)] <kickehy> and it requires sso
[13:34:37 CDT(-0500)] <kickehy> orgsync
[13:34:44 CDT(-0500)] <foxnesn1> never heard of it
[13:34:48 CDT(-0500)] <kickehy> me either (tongue)
[13:34:57 CDT(-0500)] <kickehy> we already use sharepoint
[13:35:16 CDT(-0500)] <kickehy> so why buy another 'portal' software? i don't know
[13:35:26 CDT(-0500)] <kickehy> to make me mad i guess
[13:35:30 CDT(-0500)] <foxnesn1> yes
[13:38:53 CDT(-0500)] <atilling> You shouldn't need to modify any of the files from the CAS download
[13:39:08 CDT(-0500)] <atilling> you want to use the maven overlay method
[13:39:50 CDT(-0500)] <atilling> so you create a new folder under cas and you add your custom pom.xml there as well as deployerConfig changes etc
[13:41:43 CDT(-0500)] <kickehy> atilling: yeah i think that's part of the example i'm following
[13:41:56 CDT(-0500)] <kickehy> https://wiki.jasig.org/display/CASUM/End-to-end+Windows+Example
[13:42:06 CDT(-0500)] <kickehy> but any tips are greatly appreciated (big grin)
[13:42:16 CDT(-0500)] <foxnesn1> i think you just need to add your dependencies to your pom.xml
[13:42:25 CDT(-0500)] <foxnesn1> then add which authenticators you want in the deployer
[13:51:44 CDT(-0500)] <serac> very late to dev chat
[13:52:00 CDT(-0500)] <serac> Anything to discuss?
[14:22:56 CDT(-0500)] <kickehy> 'packaging' with value 'war' is invalid. Aggregator projects require 'pom' as packaging <--forgive my n00bness but all i did was edit the pom.xml and added a few things from https://wiki.jasig.org/display/CASUM/End-to-end+Windows+Example#End-to-endWindowsExample-TheStarterPom
[14:40:42 CDT(-0500)] <serac> Hot damn! Looks like I fixed at least one manifestation of the JPA deadlock issue.
[14:44:24 CDT(-0500)] <wgthom> nice.
[14:45:01 CDT(-0500)] <serac> I've been getting a deadlock report daily for maybe a year now. I'd be thrilled if that stopped.
[14:45:37 CDT(-0500)] <wgthom> and the change is in scope for 3.4.11 / 3.5?
[14:46:16 CDT(-0500)] <serac> I'm gonna create an issue to track and push my changes to my forked CAS repo for review. There's a slight change to the interface of JpaTicketRegistry, but this is arguably worth it for the value of the fix to hit 3.4.11.
[16:11:55 CDT(-0500)] <kickehy> does cas with and ldap connection deal with paged results?
[16:12:07 CDT(-0500)] <kickehy> an*