Help to get started Docker Tools/CAS

[GTAtWork]

Hello there, I'm new to Docker/CAS and hope someone clarify some getting started steps for me...

Specifically to try this out for proof-of-concept, I've got Docker Tool (Kitematic) on Win7Pro running with the image of CAS Version: 5.3.2.

1. Where do I navigate (absolute path?) to find, change, and issue build.sh and run.sh if this required to proceed?

2. Can I bypass thekeystoreconfiguration and http for the demo right now? Are there any more detailed instructions available for new-buys like me to get this part right?

Container logs attached CAS v5.3.2 Container.log

Thanks bunch, GTM

[kevinimbrechts]

Hi,

Did you solve your problem ?

For your first question, I think there is no build.sh and run.sh. But, in /cas-overlay/bin, there is run-cas.sh to start CAS. If you want rebuild CAS, I don't know how, but I'm interrested. I want use LDAP authentication but it doesn't work, so I think I must rebuild the app... The documentation is not very clear about Docker version...

For your second question, I'm not sure I understand, but try to use 8080 port.

[GTAtWork]

My problem still is that CAS image fails to successfully start on my local container with few warnings and the error (see log fragment below), and I'm trying to figure out if that's because missing/not configured keystore or issue with Tomcat configuration.

I've tried same on Dock for Mac with the identical failure. So, I'm sure I'm missing some simple step here and positive someone else had similar experience.

Com'on folks, someone give us a hint!

CAS is configured to accept a static list of credentials for authentication. While this is generally useful for demo purposes, it is STRONGLY recommended that you DISABLE this authentication method (by setting 'cas.authn.accept.users' to a blank value) and switch to a mode that is more suitable for production.> 2018-08-09 12:38:26,611 WARN [org.apereo.cas.config.support.authentication.AcceptUsersAuthenticationEventExecutionPlanConfiguration] - <> 2018-08-09 12:38:40,002 INFO [org.apereo.cas.support.events.listener.CasConfigurationEventListener] - 2018-08-09 12:38:41,123 WARN [org.apereo.cas.config.CasCoreServicesConfiguration] - <Runtime memory is used as the persistence storage for retrieving and persisting service definitions. Changes that are made to service definitions during runtime WILL be LOST when the web server is restarted. Ideally for production, you need to choose a storage option (JDBC, etc) to store and track service definitions.> 2018-08-09 12:38:41,264 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].> 2018-08-09 12:38:42,681 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Secret key for encryption is not defined for [Ticket-granting Cookie]; CAS will attempt to auto-generate the encryption key> 2018-08-09 12:38:42,720 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Generated encryption key [xotQg-TSuqwurv2s_E-caGX1Oqhmq7LRZ8c_5CE6VAo] of size [256] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings under setting [cas.tgc.crypto.encryption.key].> 2018-08-09 12:38:42,734 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Secret key for signing is not defined for [Ticket-granting Cookie]. CAS will attempt to auto-generate the signing key> 2018-08-09 12:38:42,744 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Generated signing key [aBmaczICPN0zqvv7L6cnQNhHz4idH9kwu5SwC1Vwq72Cqq_xF61QujZMEHOSHS0G0P4buiycEugjXuXFYSQsdA] of size [512] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings under setting [cas.tgc.crypto.signing.key].> 2018-08-09 12:38:44,206 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Secret key for signing is not defined under [cas.webflow.crypto.signing.key]. CAS will attempt to auto-generate the signing key> 2018-08-09 12:38:44,221 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated signing key [iidtx3yE-MvwR-0RQSeKGgXaArrq7J7Cn0KOwAr2M-ib36iGKUK5zsOfh6gXvleFvos1dfajQzhepF6yH1pvow] of size [512]. The generated key MUST be added to CAS settings under setting [cas.webflow.crypto.signing.key].> 2018-08-09 12:38:44,229 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Secret key for encryption is not defined under [cas.webflow.crypto.encryption.key]. CAS will attempt to auto-generate the encryption key> 2018-08-09 12:38:44,240 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated encryption key [aeoBneAeK43dmRL-IKjUXw] of size [16]. The generated key MUST be added to CAS settings under setting [cas.webflow.crypto.encryption.key].> 2018-08-09 12:38:44,899 ERROR [org.apache.catalina.core.StandardService] - <Failed to start connector [Connector[HTTP/1.1-8443]]> org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-8443]]

[kevinimbrechts]

To configure my keystore, I've created my own Dockerfile who inherits from apereo/cas:v5.3.2.

In this Dockerfile, I do some things like configure my proxy, install Kerberos and configure CAS (it was working with v5.0.6, but not with the v5.3.2).

To generate my keystore, I use these 2 command lines because I need to modify $JAVA_HOME/lib/security/cacerts and before I had to create /etc/cas/thekeystore. I don't know if /etc/cas/thekeystore is still needed :

RUN keytool -genkey -keyalg RSA -alias cas -keystore /etc/cas/thekeystore -storepass changeit -validity 9999 -keysize 2048 -dname "cn=cas.local, ou=MyOU, o=MyCompany, c=FR, st=Nord, l=MyCity" && \
    keytool -genkey -keyalg RSA -alias cas -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -validity 9999 -keysize 2048 -dname "cn=cas.local, ou=MyOU, o=MyCompany, c=FR, st=Nord, l=MyCity"

[GTAtWork]

Thanks for the tip. I will try that and let you know if that makes difference.

[kevinimbrechts]

Also, I precise that I think the team abandonned this GitHub project for https://github.com/apereo/cas which have a docker folder, but there is not possible to submit issues... and I think this GitHub project is about version 5.0.x because there is no commit since 2 years...