jasig-cas IRC Logs-2011-10-03

Owned by Apereo Infrastructure
Last updated: Oct 03, 2011Version comment
3 min read

[10:16:49 CDT(-0500)] <kickehy> anyone on this fine monday morning?

[10:17:03 CDT(-0500)] <kickehy> or afternoon, depending on where you are

[10:23:16 CDT(-0500)] <ries> morning here...

[10:24:32 CDT(-0500)] <kickehy> heh i'm getting a tomcat 404 when i go to https://server:8443/cas

[10:24:58 CDT(-0500)] <kickehy> when i stop tomcat, copy my custom cas.properties and deployerconfig over, and restart tomcat

[10:25:17 CDT(-0500)] <kickehy> is there a log i can look at?

[10:25:28 CDT(-0500)] <kickehy> oh yes

[10:25:37 CDT(-0500)] <kickehy> i found them as we speak (tongue)

[10:42:56 CDT(-0500)] <foxnesn1> isnt it /cas/login ?

[10:43:29 CDT(-0500)] <kickehy> i think you're right but i still get the same thing

[10:43:42 CDT(-0500)] <kickehy> could it have anything to do with the fact that i force ssl?

[10:44:16 CDT(-0500)] <foxnesn1> what do you mean force ssl?

[10:44:33 CDT(-0500)] <foxnesn1> are you seeing https://yourdomain:8443 for tomcat?

[10:44:34 CDT(-0500)] <ries> foxnesn1: just /cas works here

[10:44:52 CDT(-0500)] <kickehy> foxnesn1: yes

[10:45:21 CDT(-0500)] <kickehy> in my cas.properties file i changed server.prefix to https://localhost:8443/cas

[10:45:29 CDT(-0500)] <foxnesn1> oh you're right

[10:45:32 CDT(-0500)] <foxnesn1> both work

[10:45:56 CDT(-0500)] <foxnesn1> kickehy: why would you do that? to force ssl?

[10:46:22 CDT(-0500)] <foxnesn1> i believe you would force ssl in tomcat, not in cas

[10:46:25 CDT(-0500)] <kickehy> foxnesn1: yes, i assumed that was bette for security's sake

[10:46:42 CDT(-0500)] <kickehy> foxnesn1: i did do it through tomcat via the server.xml file

[10:46:43 CDT(-0500)] <foxnesn1> so just comment out 8080 in the tomcat server.xml

[10:47:06 CDT(-0500)] <foxnesn1> i never made any changes to cas.properties

[10:47:14 CDT(-0500)] <kickehy> foxnesn1: actually i made tomcat forward everything from 8080 to 8443

[10:47:35 CDT(-0500)] <foxnesn1> then you shouldnt have to mess with cas.properties i dont think

[10:47:46 CDT(-0500)] <kickehy> mmmk i'll change it back and try again (big grin)

[10:52:34 CDT(-0500)] <kickehy> or it could be because i screwed up my deployerConfig for LDAP (tongue)

[10:52:43 CDT(-0500)] <kickehy> now just to figure out what i did

[10:55:07 CDT(-0500)] <foxnesn1> you connecting to an AD? just curious.

[10:55:35 CDT(-0500)] <kickehy> trying to

[10:58:33 CDT(-0500)] <foxnesn1> hrm, i hope to be doing the same thing by the end of the week

[10:58:50 CDT(-0500)] <foxnesn1> will you have a password self service solution?

[11:06:49 CDT(-0500)] <kickehy> ummm, not too sure what that is (tongue)

[11:07:10 CDT(-0500)] <kickehy> in case someone forgets their AD password?

[11:52:58 CDT(-0500)] <kickehy> http://pastie.org/2632968 <--could anyone take a look and see if i've royal screwed something up? I'm at a loss on how to get this setup with ldap

[11:53:07 CDT(-0500)] <kickehy> royally*

[11:56:26 CDT(-0500)] <foxnesn1> kickehy: yea if someone forgets their password then a program like PWM can allow them to reset it based on a bunch of variables.

[11:57:24 CDT(-0500)] <kickehy> foxnesn1: then we probably won't do that

[11:57:30 CDT(-0500)] <kickehy> even though that idea is nice

[11:57:51 CDT(-0500)] <foxnesn1> do you not have students listed on the AD to get onto your domain then?

[11:59:59 CDT(-0500)] <kickehy> we do

[12:00:19 CDT(-0500)] <foxnesn1> so what happens if your students fogrget their password?

[12:00:29 CDT(-0500)] <kickehy> in order for them to reset their password they, currently, have to physically come to the help desk and verify their identity to reset their password

[12:00:35 CDT(-0500)] <kickehy> it's annoying i know

[12:00:39 CDT(-0500)] <kickehy> wasn't my decision

[12:01:12 CDT(-0500)] <foxnesn1> ahhh

[12:01:22 CDT(-0500)] <foxnesn1> ok, yea that has to be a pain but whatever

[12:01:30 CDT(-0500)] <kickehy> very much so

[12:01:58 CDT(-0500)] <kickehy> but that was the policy they established after this "red flags" security meeting

[12:02:23 CDT(-0500)] <kickehy> they as in my bosses

[12:02:49 CDT(-0500)] <kickehy> but if i could figure out a way to create a password reset policy, i bet they'd open that can of worms back up

[12:03:04 CDT(-0500)] * kickehy out to lunch

[13:22:50 CDT(-0500)] <kickehy> anyone have any ideas on that pastie i posted?

[13:41:56 CDT(-0500)] <foxnesn1> hrm looking at it now

[13:42:20 CDT(-0500)] <foxnesn1> does tomcat log throw an error?

[13:54:12 CDT(-0500)] <kickehy> foxnesn1: org.apache.catalina.core.StandardContext start

[13:54:15 CDT(-0500)] <kickehy> SEVERE: Context [/cas] startup failed due to previous errors

[13:54:41 CDT(-0500)] <kickehy> that's from the tomcat6-stderr log

[13:58:09 CDT(-0500)] <foxnesn1> woah no idea there