Enable REST service for CAS Apereo version cas-overlay-template-6.0
I want to enable REST service for CAS Apereo version cas-overlay-template-6.0 (on Ubuntu 16.04)
I have done following this step:
Step 1: Add compile for REST API to build.gradle file
root@ubuntu16:~/cas-overlay-template-6.0# nano build.gradle
And add two line below under dependencies clock
compile "org.apereo.cas:cas-server-support-rest:6.0.0"
compile "org.apereo.cas:cas-server-support-rest-services:6.0.0"
Step 2: clean build
root@ubuntu16:~/cas-overlay-template-6.0# ./build.sh clean
Step 3: Build source code again
root@ubuntu16:~/cas-overlay-template-6.0# ./build.sh run
But in step 3, I got error like this.
CAS is configured to accept a static list of credentials for authentication. While this is generally useful for demo purposes, it is STRONGLY recommended that you DISABLE this authentication method (by setting 'cas.authn.accept.users' to a blank value) and switch to a mode that is more suitable for production.>
2019-12-30 01:17:55,465 WARN [org.apereo.cas.config.support.authentication.AcceptUsersAuthenticationEventExecutionPlanConfiguration] - <>
2019-12-30 01:17:55,806 INFO [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <Found and added static attributes [[email]] to the list of candidate attribute repositories>
2019-12-30 01:17:59,004 WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'registeredServiceResourceRestController' defined in class path resource [org/apereo/cas/support/rest/config/RestServicesConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.rest.RegisteredServiceResource]: Factory method 'registeredServiceResourceRestController' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: No attribute name is defined to enforce authorization when adding services via CAS REST APIs. This is likely due to misconfiguration in CAS settings where the attribute name definition is absent>
Where have I gone wrong?
Remove this:
compile "org.apereo.cas:cas-server-support-rest-services:6.0.0"
This module does this:
Invoke CAS to register applications into its own service registry. The REST call must be authenticated using basic authentication where credentials are authenticated and accepted by the existing CAS authentication strategy, and furthermore the authenticated principal must be authorized with a pre-configured role/attribute name and value that is designated in the CAS configuration via the CAS properties. The body of the request must be the service definition that shall be registered in JSON format and of course, CAS must be configured to accept the particular service type defined in the body. The accepted media type for this request is application/json.
So you can remove it, if you don't need the functionality.
If you do need it, you will need to define attribute names/values that can enforce authorization as the error message is telling you.
No attribute name is defined to enforce authorization when adding services via CAS REST APIs. This is likely due to misconfiguration in CAS settings where the attribute name definition is absent.
So, define:
# cas.rest.attributeName=
# cas.rest.attributeValue=
PS Don't add things you do not need.
- How to check signature of a token coming from Azure SSO
- SSO Integration between 2 webapps using Cognito
- Verify Microsoft Access token on my ASP.NET Core Web API
- How to set Azure MSAL SSO for my Nextjs14 app using Approuter and next-auth
- StackOverflow with Keycloak as login provider returns empty email address
- IdentityServer4 and SSO
- Spring Boot + Security + MVC + LDAP AD + SSO
- Issue with Windows Authentication Type on IIS with Multiple Host Bindings
- Generate IDP Certificate in Azure AD for SSO
- Disqus SSO, "Your API key is not valid on this domain"
- Sign-in With Apple: Possibility To Create Duplicate Account Issue
- AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption
- MS Graph InteractiveBrowserCredential , Is a Client ID registered in Azure Portal really necessary?
- Logout from next-auth with keycloak provider not works
- How to validate access token from AzureAD in python?
- Outlook SSO NAA in pure JS without node.js
- How to create SSO from Liferay to another portal / service?
- How to add ForceAuthn flag on AWS cognito
- Download file from TeamCity with SSO using bash
- Obtain token programatically to go see a page with ASP.NET application
- Which is the best sample/approach to start openiddict server to provide logins to wordpress?
- No Sustainsys.Saml2 for MVC 3? Are there any alternatives?
- Which lib to create an Identity provider to connect to service provider
- The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used
- Best way to implement Single-Sign-On with all major providers?
- Azure AD token for accessing Graph token
- Integration of SSO using MSAL in Angular project gets 401 returned error after login
- Simple way to put AWS Lambda app behind SAML authentication
- Why wouldn't the IdP initiate contact with the SP in a SAML 2.0 SSO integration?
- Log out from SSO kerberos