Skip to content
This repository has been archived by the owner on May 8, 2019. It is now read-only.

Help to get started Docker Tools/CAS #23

Open
GTAtWork opened this issue Aug 8, 2018 · 5 comments
Open

Help to get started Docker Tools/CAS #23

GTAtWork opened this issue Aug 8, 2018 · 5 comments

Comments

@GTAtWork
Copy link

GTAtWork commented Aug 8, 2018

Hello there,
I'm new to Docker/CAS and hope someone clarify some getting started steps for me...

Specifically to try this out for proof-of-concept, I've got Docker Tool (Kitematic) on Win7Pro running with the image of CAS Version: 5.3.2.

  1. Where do I navigate (absolute path?) to find, change, and issue build.sh and run.sh if this required to proceed?

  2. Can I bypass thekeystore configuration and http for the demo right now? Are there any more detailed instructions available for new-buys like me to get this part right?

Container logs attached CAS v5.3.2 Container.log

Thanks bunch,
GTM
@kevinimbrechts
Copy link

Hi,

Did you solve your problem ?

For your first question, I think there is no build.sh and run.sh. But, in /cas-overlay/bin, there is run-cas.sh to start CAS. If you want rebuild CAS, I don't know how, but I'm interrested. I want use LDAP authentication but it doesn't work, so I think I must rebuild the app... The documentation is not very clear about Docker version...

For your second question, I'm not sure I understand, but try to use 8080 port.

@GTAtWork
Copy link
Author

GTAtWork commented Aug 9, 2018

My problem still is that CAS image fails to successfully start on my local container with few warnings and the error (see log fragment below), and I'm trying to figure out if that's because missing/not configured keystore or issue with Tomcat configuration.

I've tried same on Dock for Mac with the identical failure. So, I'm sure I'm missing some simple step here and positive someone else had similar experience.

Com'on folks, someone give us a hint!

CAS is configured to accept a static list of credentials for authentication. While this is generally useful for demo purposes, it is STRONGLY recommended that you DISABLE this authentication method (by setting 'cas.authn.accept.users' to a blank value) and switch to a mode that is more suitable for production.>
2018-08-09 12:38:26,611 WARN [org.apereo.cas.config.support.authentication.AcceptUsersAuthenticationEventExecutionPlanConfiguration] - <>
2018-08-09 12:38:40,002 INFO [org.apereo.cas.support.events.listener.CasConfigurationEventListener] -
2018-08-09 12:38:41,123 WARN [org.apereo.cas.config.CasCoreServicesConfiguration] - <Runtime memory is used as the persistence storage for retrieving and persisting service definitions. Changes that are made to service definitions during runtime WILL be LOST when the web server is restarted. Ideally for production, you need to choose a storage option (JDBC, etc) to store and track service definitions.>
2018-08-09 12:38:41,264 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].>
2018-08-09 12:38:42,681 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Secret key for encryption is not defined for [Ticket-granting Cookie]; CAS will attempt to auto-generate the encryption key>
2018-08-09 12:38:42,720 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Generated encryption key [xotQg-TSuqwurv2s_E-caGX1Oqhmq7LRZ8c_5CE6VAo] of size [256] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings under setting [cas.tgc.crypto.encryption.key].>
2018-08-09 12:38:42,734 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Secret key for signing is not defined for [Ticket-granting Cookie]. CAS will attempt to auto-generate the signing key>
2018-08-09 12:38:42,744 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Generated signing key [aBmaczICPN0zqvv7L6cnQNhHz4idH9kwu5SwC1Vwq72Cqq_xF61QujZMEHOSHS0G0P4buiycEugjXuXFYSQsdA] of size [512] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings under setting [cas.tgc.crypto.signing.key].>
2018-08-09 12:38:44,206 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Secret key for signing is not defined under [cas.webflow.crypto.signing.key]. CAS will attempt to auto-generate the signing key>
2018-08-09 12:38:44,221 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated signing key [iidtx3yE-MvwR-0RQSeKGgXaArrq7J7Cn0KOwAr2M-ib36iGKUK5zsOfh6gXvleFvos1dfajQzhepF6yH1pvow] of size [512]. The generated key MUST be added to CAS settings under setting [cas.webflow.crypto.signing.key].>
2018-08-09 12:38:44,229 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Secret key for encryption is not defined under [cas.webflow.crypto.encryption.key]. CAS will attempt to auto-generate the encryption key>
2018-08-09 12:38:44,240 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated encryption key [aeoBneAeK43dmRL-IKjUXw] of size [16]. The generated key MUST be added to CAS settings under setting [cas.webflow.crypto.encryption.key].>
2018-08-09 12:38:44,899 ERROR [org.apache.catalina.core.StandardService] - <Failed to start connector [Connector[HTTP/1.1-8443]]>
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-8443]]

@kevinimbrechts
Copy link

To configure my keystore, I've created my own Dockerfile who inherits from apereo/cas:v5.3.2.

In this Dockerfile, I do some things like configure my proxy, install Kerberos and configure CAS (it was working with v5.0.6, but not with the v5.3.2).

To generate my keystore, I use these 2 command lines because I need to modify $JAVA_HOME/lib/security/cacerts and before I had to create /etc/cas/thekeystore. I don't know if /etc/cas/thekeystore is still needed :

RUN keytool -genkey -keyalg RSA -alias cas -keystore /etc/cas/thekeystore -storepass changeit -validity 9999 -keysize 2048 -dname "cn=cas.local, ou=MyOU, o=MyCompany, c=FR, st=Nord, l=MyCity" && \
    keytool -genkey -keyalg RSA -alias cas -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -validity 9999 -keysize 2048 -dname "cn=cas.local, ou=MyOU, o=MyCompany, c=FR, st=Nord, l=MyCity"

@GTAtWork
Copy link
Author

GTAtWork commented Aug 9, 2018

Thanks for the tip. I will try that and let you know if that makes difference.

@kevinimbrechts
Copy link

Also, I precise that I think the team abandonned this GitHub project for https://github.com/apereo/cas which have a docker folder, but there is not possible to submit issues... and I think this GitHub project is about version 5.0.x because there is no commit since 2 years...

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kevinimbrechts @GTAtWork