Differences

This shows you the differences between two versions of the page.

--- docpublic:systemes:ssocas:cas7install [2024/06/06 17:17]
adminjp [personalisation des views]
+++ docpublic:systemes:ssocas:cas7install [2024/06/16 09:06] (current)
adminjp [Registering Applications]
@@ Line 657: / Line 657: @@
 <code>
-[root@cas7d cas-overlay-template]# cp /opt/cas-src/cas-overlay-template/build/libs/cas.war /opt/tomcat/webapps/
+[root@cas7 cas-overlay-template]# cp /opt/cas-src/cas-overlay-template/build/libs/cas.war /opt/tomcat/webapps/
-[root@cas7d cas-overlay-template]# systemctl start tomcat.service
+[root@cas7 cas-overlay-template]# systemctl start tomcat.service
 [root@cas7 cas-overlay-template]# ls -ltr /opt/tomcat/webapps/
@@ Line 763: / Line 763: @@
 <code>
-[root@cas6 ~]# cat /etc/httpd/conf.d/cas.conf
+[root@cas7 ~]#  cat /etc/httpd/conf.d/cas7.conf
-ProxyRequests off
+#ProxyRequests off
-ProxyPass /cas ajp://127.0.0.1:8009/idp retry=0
+ProxyPass /cas ajp://127.0.0.1:8009/cas
-ProxyPassReverse /cas ajp://127.0.0.1:8009/idp
+ProxyPassReverse /cas ajp://127.0.0.1:8009/cas
 ProxyPass /manager ajp://127.0.0.1:8009/manager
 ProxyPassReverse /manager ajp://127.0.0.1:8009/manager
 </code>
@@ Line 859: / Line 860: @@
 ==== Registering Applications ====
+  * https://jasigcas.readthedocs.io/en/latest/cas-server-documentation/installation/JSON-Service-Management.html
 les appplications clientes autorisées à utiliser notre serveur CAS doivent etre declarée au préalable . cela peut se faire au travers d'un simple fichier de type json .
-nous déclarons dans cas.prpoerties le chemin d'acces a ce fichier json
+nous déclarons dans cas.properties le chemin d'acces a ce fichier json
 <code>
-[root@ssocas6 cas-overlay-template]# tail -2 etc/cas/config/cas.properties
+[root@cas7 cas-overlay-template]# grep -b1 service etc/cas/config/cas.properties
-### Registering Applications
+-### Registering Applications
-cas.serviceRegistry.json.location: file:/etc/cas/services
+:cas.serviceRegistry.json.location: file:/etc/cas/services
 </code>
-Il est recommandé de nommer les nouveaux fichiers JSON comme ceci: "serviceName-serviceNumericId.json"
+Il est recommandé de nommer les nouveaux fichiers JSON comme ceci: "serviceName-serviceNumericId.json", et de bien reprendre le nom serviceName dans l'attribut "name"
 Pour créer l'ID nous utilisons la commande date +%s
 <code>
-[root@ssocas6 cas-overlay-template]# mkdir /etc/cas/services
+[root@cas7 cas-overlay-template]# mkdir /etc/cas/services
-[root@ssocas6 cas-overlay-template]# cd /etc/cas/services
+[root@cas7 cas-overlay-template]# cd /etc/cas/services
-[root@ssocas6 services]# touch disi_wikis-`date +%s`.json
+[root@cas7 services]# touch disi_star_domain-`date +%s`.json
-[root@ssocas6 services]# vim disi_wikis-1621678622.json
+[root@cas7 services]# vim disi_star_domain-1718526946.json
 </code>
-on peux ensuite ajouter d'autres services (ici un 3eme cf logs CAS [1]) , le serveur CAS lit regulierement le directory /etc/cas/services pour les charger dynamiquement sans necessité de restart de tomcat/cas .
+le contenu de la définition de services a autoriser, dans cet exemple RegEx sur tout un domain
+<code>
+[root@cas7 services]# cat disi_star_domain-1718526946.json
+{
+"@class" : "org.apereo.cas.services.CasRegisteredService",
+"serviceId" : "https://.*.domain.fr/.*",
+"name" : "disi_star_domain",
+"id" : 1718526946,
+"evaluationOrder" : 40616,
+"matchingStrategy": {
+   "@class": "org.apereo.cas.services.FullRegexRegisteredServiceMatchingStrategy"
+}
+"proxyPolicy" : {
+    "@class" : "org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
+    "pattern" : "https?:\/\/.*.domain.fr\/.*"
+  }
+  "attributeReleasePolicy" : {
+   "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
+ }
+}
+</code>
+on peut ensuite ajouter d'autres services (ici un 3eme cf logs CAS [1]) , le serveur CAS lit regulierement le directory /etc/cas/services pour les charger dynamiquement sans necessité de restart de tomcat/cas .
 <code>
@@ Line 887: / Line 916: @@
 [root@ssocas6 services]#cat dsi_ws_domain1-fr-1622207781.json
 {
-"@class" : "org.apereo.cas.services.RegexRegisteredService",
+"@class" : "org.apereo.cas.services.CasRegisteredService",
 "serviceId" : "^https://.*.domain1.fr/.*",
 "name" : "Dsi_ws-tem-tsp-eu",
@@ Line 899: / Line 928: @@
 [1]
 <code>
--05-28 14:18:03,506 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [3] service(s) from [JsonServiceRegistry].>
+-06-16 10:56:43,076 INFO [org.apereo.cas.services.mgmt.AbstractServicesManager] - <Loaded [2] service(s) from [JsonServiceRegistry].>
 </code>
@@ Line 961: / Line 991: @@
   * https://fawnoos.com/2020/05/17/cas62x-reloadable-html-views/
   * https://fawnoos.com/2021/02/16/cas63-ui-themes/
+  * https://apereo.github.io/cas/7.0.x/ux/User-Interface-Customization.html
@@ Line 1011: / Line 1042: @@
+</code>
+List des ressources / fichier modifiables
+<code>
+[root@cas7 cas-overlay-template]# ./gradlew listTemplateViews
+Configuration on demand is an incubating feature.
+> Task :listTemplateViews
+/templates/acct-mgmt/casAccountSignupView.html
+/templates/acct-mgmt/casAccountSignupViewComplete.html
+/templates/acct-mgmt/casAccountSignupViewCompleted.html
+/templates/acct-mgmt/casAccountSignupViewSentInfo.html
+/templates/acct/casMyAccountProfile.html
+/templates/adaptive-authn/casRiskAuthenticationBlockedView.html
+/templates/adaptive-authn/casRiskAuthenticationVerifiedView.html
+/templates/admin/casAdminLoginView.html
+/templates/aup/casAcceptableUsagePolicyView.html
+/templates/consent/casConsentView.html
+/templates/delegated-authn/casDelegatedAuthnErrorView.html
+/templates/delegated-authn/casDelegatedAuthnSelectionView.html
+/templates/delegated-authn/casDelegatedAuthnStopWebflow.html
+/templates/delegated-authn/casDynamicDiscoveryView.html
+/templates/error.html
+/templates/error/400.html
+/templates/error/401.html
+/templates/error/403.html
+/templates/error/404.html
+/templates/error/405.html
+/templates/error/423.html
+/templates/error/casServiceErrorView.html
+/templates/error/casUnauthorizedServiceRedirectView.html
+/templates/error/casWebflowConfigErrorView.html
+/templates/forgot-username/casForgotUsernameSendInfoView.html
+/templates/forgot-username/casForgotUsernameSentInfoView.html
+/templates/fragments/accountprofileapplications.html
+/templates/fragments/accountprofileattributes.html
+/templates/fragments/accountprofileauditlog.html
+/templates/fragments/accountprofileconsent.html
+/templates/fragments/accountprofilemfadevices.html
+/templates/fragments/accountprofilenavigation.html
+/templates/fragments/accountprofileoverview.html
+/templates/fragments/accountprofilesecurityquestions.html
+/templates/fragments/accountprofilesessions.html
+/templates/fragments/accountprofiletrusteddevices.html
+/templates/fragments/footer.html
+/templates/fragments/googleanalytics.html
+/templates/fragments/header.html
+/templates/fragments/includes.html
+/templates/fragments/loginProviders.html
+/templates/fragments/logindrawer.html
+/templates/fragments/loginform.html
+/templates/fragments/loginsidebar.html
+/templates/fragments/pmlinks.html
+/templates/fragments/pwdupdateform.html
+/templates/fragments/qrAuthentication.html
+/templates/fragments/recaptcha.html
+/templates/fragments/scripts.html
+/templates/fragments/serviceui.html
+/templates/fragments/submitbutton.html
+/templates/fragments/unlockaccount.html
+/templates/fragments/webAuthnLogin.html
+/templates/gauth/casGoogleAuthenticatorConfirmRegistrationView.html
+/templates/gauth/casGoogleAuthenticatorLoginView.html
+/templates/gauth/casGoogleAuthenticatorRegistrationView.html
+/templates/gua/casGuaDisplayUserGraphicsView.html
+/templates/gua/casGuaGetUserIdView.html
+/templates/interrupt/casInterruptView.html
+/templates/inwebo/casInweboCheckResultView.html
+/templates/inwebo/casInweboErrorView.html
+/templates/inwebo/casInweboMAAuthnView.html
+/templates/inwebo/casInweboSelectAuthnView.html
+/templates/inwebo/casInweboVAAuthnView.html
+/templates/layout.html
+/templates/login-error/casAccountDisabledView.html
+/templates/login-error/casAccountLockedView.html
+/templates/login-error/casAccountUnlockedView.html
+/templates/login-error/casAuthenticationBlockedView.html
+/templates/login-error/casBadHoursView.html
+/templates/login-error/casBadWorkstationView.html
+/templates/login-error/casExpiredPassView.html
+/templates/login-error/casMustChangePassView.html
+/templates/login/casConfirmView.html
+/templates/login/casGenericSuccessView.html
+/templates/login/casLoginMessageView.html
+/templates/login/casLoginView.html
+/templates/logout/casConfirmLogoutView.html
+/templates/logout/casLogoutView.html
+/templates/logout/casPropagateLogoutView.html
+/templates/mfa-trusted-devices/casMfaRegisterDeviceView.html
+/templates/mfa/casCompositeMfaProviderSelectionView.html
+/templates/mfa/casMfaDeniedView.html
+/templates/mfa/casMfaUnavailableView.html
+/templates/password-reset/casPasswordUpdateSuccessView.html
+/templates/password-reset/casResetPasswordErrorView.html
+/templates/password-reset/casResetPasswordSendInstructionsView.html
+/templates/password-reset/casResetPasswordSentInstructionsView.html
+/templates/password-reset/casResetPasswordVerifyQuestionsView.html
+/templates/password-reset/casWeakPasswordDetectedView.html
+/templates/passwordless/casPasswordlessDisplayView.html
+/templates/passwordless/casPasswordlessGetUserIdView.html
+/templates/protocol/casPostResponseView.html
+/templates/protocol/oauth/confirm.html
+/templates/protocol/oauth/deviceCodeApproval.html
+/templates/protocol/oauth/deviceCodeApproved.html
+/templates/protocol/oauth/sessionStaleMismatchError.html
+/templates/protocol/oidc/confirm.html
+/templates/radius/casRadiusLoginView.html
+/templates/saml2-discovery/casSamlIdPDiscoveryView.html
+/templates/saml2-idp/casSamlIdPErrorView.html
+/templates/simple-mfa/casSimpleMfaLoginView.html
+/templates/simple-mfa/casSimpleMfaSelectEmailsView.html
+/templates/storage/casSessionStorageReadView.html
+/templates/storage/casSessionStorageWriteView.html
+/templates/surrogate/casSurrogateAuthnListView.html
+/templates/surrogate/casSurrogateAuthnWildcardView.html
+/templates/webauthn/casWebAuthnLoginView.html
+/templates/webauthn/casWebAuthnRegistrationView.html
+/templates/wsfed/casWsFedStopWebflow.html
+/templates/yubikey/casYubiKeyLoginView.html
+/templates/yubikey/casYubiKeyRegistrationView.html
+BUILD SUCCESSFUL in 3s
+actionable tasks: 1 executed, 9 up-to-date
 </code>
@@ Line 1016: / Line 1172: @@
 <code>
-[root@ssocas6 cas-overlay-template]#  ./gradlew getResource -PresourceName=casLoginView.html
+[root@cas7 cas-overlay-template]# ./gradlew getResource -PresourceName=casLoginView.html --no-daemon
+To honour the JVM settings for this build a single-use Daemon process will be forked. For more on this, please refer to https://docs.gradle.org/8.8/userguide/gradle_daemon.html#sec:disabling_the_daemon in the Gradle documentation.
+Daemon will be stopped at the end of the build
+Configuration on demand is an incubating feature.
+> Task :unzipWAR
+Unzipped WAR into /opt/cas-src/cas-overlay-template/build/app
 > Task :getResource
-Copied file /opt/test-6.3-cas-overlay-template/cas-overlay-template/build/cas-resources/templates/casLoginView.html to src/main/resources/templates/casLoginView.html
+Copied file /opt/cas-src/cas-overlay-template/build/cas-resources/templates/login/casLoginView.html to /opt/cas-src/cas-overlay-template/src/main/resources/templates/login/casLoginView.html
-</code>
+BUILD SUCCESSFUL in 13s
+actionable tasks: 5 executed, 5 up-to-date
+[root@cas7 cas-overlay-template]# ls -l /opt/cas-src/cas-overlay-template/src/main/resources/templates/login/
+-rw-r--r-- 1 root root 1955 Jun  6 19:34 casLoginView.html
 on va egalement prendre header.html (extrait vers src/main/resources/templates/fragments/header.html) pour y changer le logo
 <code>
-[root@ssocas6 cas-overlay-template]# grep logo src/main/resources/templates/fragments/header.html
+[root@cas7 cas-overlay-template]# ./gradlew getResource -PresourceName=header.html --no-daemon
-                        <img class="cas-logo"
+To honour the JVM settings for this build a single-use Daemon process will be forked. For more on this, please refer to https://docs.gradle.org/8.8/userguide/gradle_daemon.html#sec:disabling_the_daemon in the Gradle documentation.
-                             th:src="@{${#strings.defaultString(#themes.code('cas.logo.file'), '/images/our-logo.png')}}" />
+Daemon will be stopped at the end of the build
+Configuration on demand is an incubating feature.
+> Task :getResource
+Copied file /opt/cas-src/cas-overlay-template/build/cas-resources/templates/fragments/header.html to /opt/cas-src/cas-overlay-template/src/main/resources/templates/fragments/header.html
+BUILD SUCCESSFUL in 9s
+actionable tasks: 1 executed, 9 up-to-date
+[root@cas7d cas-overlay-template]# grep logo /opt/cas-src/cas-overlay-template/src/main/resources/templates/fragments/header.html
+                            <img id="cas-logo" class="cas-logo"
+                                 th:src="@{${#strings.defaultString(#themes.code('cas.logo.file'), '/images/cas-logo.png')}}"
 </code>
-on peux aussi extraire le cas.logo.png afin de disposer de l'arborescence locale depo des images et y copier notre fichier image / logo
+on peut aussi extraire le cas.logo.png afin de disposer de l'arborescence locale depo des images et y copier notre fichier image / logo
 <code>
-[root@ssocas6 cas-overlay-template]# cp /root/our-logo.png src/main/resources/static/images/
+[root@cas7 cas-overlay-template]# ./gradlew getResource -PresourceName=cas-logo.png --no-daemon
+> Task :getResource
+Copied file /opt/cas-src/cas-overlay-template/build/cas-resources/static/images/cas-logo.png to /opt/cas-src/cas-overlay-template/src/main/resources/static/images/cas-logo.png
 </code>
+il est possible de recuperer le logo depuis une autre version/machine et de le recopier dans les sources de cette version sous src/main/resources/static/images
+<code>
+[root@cas6 resources]# scp static/images/logo_IMTBS-TSP_198x80.png root@cas7d.int-evry.fr:/opt/cas-src/cas-overlay-template/src/main/resources/static/images
+root@cas7.domain.fr's password:
+logo_IMTBS-TSP_198x80.png
+</code>
+restera a appeler ce fichier dans le cas.css
+==== CSS ====
+pour les gouts et les couleurs, extraire et modifier //cas.css//
+<code>
+[root@cas7 cas-overlay-template]# ./gradlew getResource -PresourceName=cas.css --no-daemon
+To honour the JVM settings for this build a single-use Daemon process will be forked. For more on this, please refer to https://docs.gradle.org/8.8/userguide/gradle_daemon.html#sec:disabling_the_daemon in the Gradle documentation.
+Daemon will be stopped at the end of the build
+Configuration on demand is an incubating feature.
+> Task :unzipWAR
+Unzipped WAR into /opt/cas-src/cas-overlay-template/build/app
+> Task :getResource
+Copied file /opt/cas-src/cas-overlay-template/build/cas-resources/static/css/cas.css to /opt/cas-src/cas-overlay-template/src/main/resources/static/css/cas.css
+BUILD SUCCESSFUL in 13s
+actionable tasks: 5 executed, 5 up-to-date
+</code>
+on change par exemple le logo
+<code>
+[root@cas7 resources]# diff templates/fragments/header.html.dist templates/fragments/header.html
+c35
+<                                  th:src="@{${#strings.defaultString(#themes.code('cas.logo.file'), '/images/cas-logo.png')}}"
+---
+>                                  th:src="@{${#strings.defaultString(#themes.code('cas.logo.file'), '/images/logo_IMTBS-TSP_198x80.png')}}"
+</code>
 enfin on redeploie le tout (il est possible de faire usage ./gradlew bootRun pour changer les views a chaud)
@@ Line 1054: / Line 1281: @@
-=== lie vers l'URL de changement de password ===
+==== lien vers l'URL de changement de password ====
 il est definit via le password Manamegement link => fragment pmlink a extraire pour trouver le bon lienvers le messages.propeties a modifier
 <code>
-#./gradlew getResource -PresourceName=pmlinks
+[root@cas7 cas-overlay-template]# ./gradlew getResource -PresourceName=pmlinks --no-daemon
 > Task :getResource
-Copied file /opt/test-6.3-cas-overlay-template/cas-overlay-template/build/cas-resources/templates/fragments/pmlinks.html to src/main/resources/templates/fragments/pmlinks.html
+Copied file /opt/cas-src/cas-overlay-template/build/cas-resources/templates/fragments/pmlinks.html to /opt/cas-src/cas-overlay-template/src/main/resources/templates/fragments/pmlinks.html
-[root@ssocas6d cas-overlay-template]# grep pwd.example.org  src/main/resources/templates/fragments/pmlinks.html
-            <span th:utext="#{screen.pm.button.forgotpwd('https://pwd.example.org')}">Forgot your password?</span>
 </code>
@@ Line 1074: / Line 1297: @@
 [root@ssocas6dev cas-overlay-template]# grep screen.pm.button.forgotpwd src/main/resources/messages_fr.properties
 screen.pm.button.forgotpwd=<a href="https://credreset.domain.fr/">Mot de passe oublié ?</a>
-</code>
-=== CSS ===
-pour les gouts et les couleurs, cas.css
-<code>
-./gradlew getResource -PresourceName=cas.css
-> Task :getResource
-Copied file /opt/test-6.3-cas-overlay-template/cas-overlay-template/build/cas-resources/static/css/cas.css to src/main/resources/static/css/cas.css
 </code>

docpublic/systemes/ssocas/cas7install.1717694236.txt.gz · Last modified: 2024/06/06 17:17 by adminjp

Show page Old revisions

[unknown link type]Back to top