Skip to content

Commit

Permalink
Published documentation to [gh-pages].
Browse files Browse the repository at this point in the history
  • Loading branch information
travis-ci committed Sep 29, 2023
1 parent 1d3a364 commit 8edffab
Show file tree
Hide file tree
Showing 7 changed files with 820 additions and 0 deletions.
5 changes: 5 additions & 0 deletions 6.6.x/build.gradle
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
description = "Apereo CAS Management Documentation"

javadoc {
enabled false
}
40 changes: 40 additions & 0 deletions 6.6.x/index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
---
layout: default
title: CAS Management Web Application
---

# CAS Management Web Application

* Manage and register [client applications and services](installation/Installing-ServicesMgmt-Webapp.html) with specific authentication policies.
* View, edit, restore and track changes registration records in history.
* Implement approval/review workflows when submitting client registration requests.
* Submit a request to add yourself as a contact to a service.
* Submit a request to remove yourself as a contact from a service.
* Submit a request to add/remove others as a contact form a service.
* Submit a request to add a new service to the registry.
* Submit a request to remove a service from the registry.
* View pending requests

## Contribute

To learn how to contribute to the project, [please see this guide](/cas/developer/Contributor-Guidelines.html).

## Getting Started

We recommend reading the following documentation in order to plan and execute a CAS deployment.

* [Installation](installation/Installing-ServicesMgmt-Webapp.html)
* [Development Environment](installation/Development-Environment.html)

## Powered By

CAS development is powered by the following tools, projects and services.

<table width="100%" style="overflow:hidden">
<tr>
<td><a href="https://travis-ci.org"><img src="https://travis-ci.com/images/logos/TravisCI-Full-Color.png" width="180" height="55"></a></td>
<td><a href="https://www.jetbrains.com/idea/"><img src="https://user-images.githubusercontent.com/1205228/31548576-1ac3d688-b038-11e7-9565-ffd89501872e.png" width="180" height="70"></a></td>
<td><a href="https://www.eclipse.org"><img width="180" height="50" src="https://user-images.githubusercontent.com/1205228/32225495-ac7b1e94-be5a-11e7-8f83-5c7399398fb8.png"></a></td>
<td><a href="http://projects.spring.io/spring-boot/"><img width="180" height="50" src="https://user-images.githubusercontent.com/1205228/32322526-0b58ac44-bfda-11e7-822e-ad763eb80faf.png"></a></td>
 </tr>
</table>
124 changes: 124 additions & 0 deletions 6.6.x/installation/Configuration-Properties.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,124 @@
---
layout: default
title: CAS - Management Web Application Properties
---

# CAS Management Web Application Properties

The management web application is primarily controlled by a `/etc/cas/config/management.(yml|properties)` file.
Note that all configuration strategies supported by CAS should equally apply here as well in the way that settings are defined, passed and resolved.
The primary difference of course is the name of the configuration file.

## Naming Convention

- Settings and properties that are controlled by the CAS platform directly always begin with the prefix `mgmt`. All other settings are controlled
and provided to CAS via other underlying frameworks and may have their own schemas and syntax. **BE CAREFUL** with the distinction.

- Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends.
This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting
is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

## Indexed Settings

Settings able to accept multiple values are typically documented with an index, such as `mgmt.some.setting[0]=value`.
The index `[0]` is meant to be incremented by the adopter to allow for distinct multiple configuration blocks:

```properties
# mgmt.some.setting[0]=value1
# mgmt.some.setting[1]=value2
```

## Properties

```properties
# mgmt.admin-roles[0]=ROLE_ADMIN
# mgmt.user-roles[0]=ROLE_USER

# mgmt.server-name=https://localhost:8443
# mgmt.default-locale=en

# mgmt.authz-ip-regex=
# mgmt.authz-attributes[0]=
# mgmt.user-properties-file=classpath:user-details.properties

# mgmt.version-control.enabled=false
# mgmt.version-control.services-repo=/etc/cas/services-repo
# mgmt.version-control.sync-script=

# mgmt.delegated.enabled=false
# mgmt.delegated.user-repos-dir=/etc/cas/user-repos

# mgmt.enable-discovery-endpoint-call=true
```

### Notifications

| Configuration Key
|-----------------------------------
| `mgmt.notifications.submit`
| `mgmt.notifications.accept`
| `mgmt.notifications.reject`

The following properties are applicable to notification settings given the above configuration keys:

```properties
# ${configurationKey}.attributeName=mail
# ${configurationKey}.text=
# ${configurationKey}.from=
# ${configurationKey}.subject=
# ${configurationKey}.cc=
# ${configurationKey}.bcc=
```

### LDAP

```properties
# mgmt.ldap.ldap-url = ldap://localhost:389
# mgmt.ldap.bind-dn =
# mgmt.ldap.bind-credential =
# mgmt.ldap.use-ssl = true

# mgmt.ldap.trust-certificates =
# mgmt.ldap.keystore =
# mgmt.ldap.keystore-password =
# mgmt.ldap.keystore-type =

# mgmt.ldap.min-pool-size = 3
# mgmt.ldap.max-pool-size = 10
# mgmt.ldap.pool-passivator = BIND
# mgmt.ldap.validate-on-checkout = true
# mgmt.ldap.validate-periodically = true
# mgmt.ldap.validate-timeout = PT5S
# mgmt.ldap.validate-period = PT5M

# mgmt.ldap.fail-fast = true
# mgmt.ldap.idle-time = PT10M
# mgmt.ldap.prune-period = PT2H
# mgmt.ldap.block-wait-time = PT3S
# mgmt.ldap.connection-strategy =
# mgmt.ldap.use-start-tls =
# mgmt.ldap.connect-timeout = PT5S
# mgmt.ldap.response-timeout = PT5S
# mgmt.ldap.provider-class =
# mgmt.ldap.allow-multiple-dns = false
# mgmt.ldap.sasl-realm =
# mgmt.ldap.sasl-mechanism =
# mgmt.ldap.sasl-authorization-id =
# mgmt.ldap.sasl-security-strength =
# mgmt.ldap.sasl-mutual-auth =
# mgmt.ldap.sasl-quality-of-protection =

```
#### LDAP Authorization

```properties
# mgmt.ldap.ldap-authz.role-attribute = uugid
# mgmt.ldap.ldap-authz.role-prefix = ROLE_
# mgmt.ldap.ldap-authz.allow-multiple-results =
# mgmt.ldap.ldap-authz.group-attribute =
# mgmt.ldap.ldap-authz.group-prefix =
# mgmt.ldap.ldap-authz.group-filter =
# mgmt.ldap.ldap-authz.group-base-dn =
# mgmt.ldap.ldap-authz.base-dn =
# mgmt.ldap.ldap-authz.search-filter =
```
157 changes: 157 additions & 0 deletions 6.6.x/installation/Development-Environment.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
# Setting up CAS Management for UI development

When planning to contribute a fix or change to the CAS Management application, it is best to have access to a set of commands and configuration files to make local development more productive and efficient. We will reference two sides of the CAS Management application, the Administrator Dashboard (referred to simply as 'Dashboard') and Services Management (referred to simply as 'service registry').

You may need to make adjustments to the commands below based on your environment, especially if it is a Windows environment. The commands below assume a *nix based operating system.

## System Requirements

* Java (JDK 11)
* Visual Studio Code
* Command Line Interface (I recommend oh-my-zsh)
* Node.js

## Setting up CAS Management

First, download or checkout the source code for the [CAS Management](https://github.com/apereo/cas-management) application. You will want to make sure you download the correct version of CAS Management, or if using GIT, checkout the version branch accordingly (for example, `git checkout 6.4.x`).

Create a folder at `/etc/cas/config` on your local computer, and create a file `management.properties` in that folder. Add these values to that folder.

```bash
cas.server.name=https://casserver.herokuapp.com
cas.server.prefix=${cas.server.name}/cas

mgmt.serverName=https://localhost:8443
mgmt.adminRoles[0]=ROLE_ADMIN
mgmt.userPropertiesFile=file:/etc/cas/config/users.json

logging.config=file:/etc/cas/config/log4j2-management.xml
```

In addition to `/etc/cas/config/management.properties`, you will need to add a users.json file at `/etc/cas/config/users.json`. Add this to that file:

```JSON
{
"casuser" : {
"@class" : "org.apereo.cas.mgmt.authz.json.UserAuthorizationDefinition",
"roles" : [ "ROLE_ADMIN" ]
}
}
```

You may want to make adjustments to fit your environment needs, such as changing ports and domains. The first line will have your local environment pointed at the demo instance of CAS deployed on Heroku. Later, we'll show you how to configure a local instance of CAS.

This will set up a default user with the role of administrator.

Now, in your command line, navigate to `{ project root }/webapp/cas-mgmt-webapp-tomcat` and enter the following command to start up the embedded tomcat instance.

```bash
../../gradlew build && ../../gradlew bootRun --configure-on-demand --build-cache --parallel --scan --stacktrace -x check -x test -x javadoc -DskipErrorProneCompiler=true -DbuildDev=true -DskipClientBuild=true
```

Once you see the large ASCII `READY` text in your console, navigate a browser of choice to `https://localhost:8443/cas-management`. The application should be up and running, prompting you to log in. You can get the credentials [here](https://apereo.github.io/cas/Demos.html).

In order to compile the Typescript code for the UI, you will need to open a second command line interface window, and navigate to `{ project root }/webapp/cas-mgmt-webapp-workspace`. From here, run the following command to build the UI and set up a watcher for when you make code changes:

```bash
ng build --source-map=true --watch --poll 1000
```

This will create a watcher for the management application code. If you require working on the dashboard application, append `dashboard` to the end of the command, like so:

```bash
ng build --source-map=true --watch --poll 1000 dashboard
```

## CAS Management code structure

The UI code of the CAS Management web application is organized into two separate applications, called `dashboard` and `management`. These two applications rely on a library also included in the code-base, called `mgmt-lib`. This is where any code that is shared between these two applications should live. The applications themselves are really just wrappers, with the specific routes and views tied only to their application. The forms and services which make up the bulk of the code for either application lives in `mgmt-lib`.

## Optional - Setting up CAS Management without authentication

It is also possible to configure CAS Management to not require authentication at all. This can be useful for rapid and efficient testing of new features and bug fixes that do not require any sort of authentication or authorization.

In order to set this up, you only need to modify `management.properties` in `/etc/cas/config` to include these lines:

```
cas.server.name=https://casserver.herokuapp.com
cas.server.prefix=${cas.server.name}/cas
mgmt.cas-sso=false
mgmt.authz-ip-regex=.*
mgmt.serverName=https://localhost:8443
```

## Optional - Setting up CAS Management VCS (version control)

It is possible to enable version control features in CAS Management, which creates a submitter / approver workflow where one user submits a change (ex. to a service) and an administrator is able to approve or deny this change.

Note: In order to use both sides of version control (submitter / approver) it is best to provide two users, so that you can test submission and approval. This means it is a good idea to set up multiple users with authentication.

```bash
cas.server.name=https://casserver.herokuapp.com
cas.server.prefix=${cas.server.name}/cas

mgmt.serverName=https://localhost:8443
mgmt.version-control.enabled=true
mgmt.delegated.enabled=true
mgmt.user-properties-file=file:/etc/cas/config/users.json
mgmt.admin-roles[0]=ROLE_ADMIN
mgmt.user-roles[0]=ROLE_USER

cas.service-registry.init-from-json=true
cas.service-registry.json.location=file:/Users/ryanmathis/Development/projects/IAM/Apereo-CAS/service-registry
```

The user-details JSON file should also contain:

```JSON
{
"casuser" : {
"@class" : "org.apereo.cas.mgmt.authz.json.UserAuthorizationDefinition",
"roles" : [ "ROLE_USER" ],
"permissions": [ "default" ]
},
"casadmin" : {
"@class" : "org.apereo.cas.mgmt.authz.json.UserAuthorizationDefinition",
"roles" : [ "ROLE_ADMIN" ],
"permissions": [ "*" ]
}
}
```

Then you need to have two browsers open; one logged in with casuser and one logged in with casadmin. (You need an external authn like CAS)

## Optional - Setting up CAS Overlay

Now we will implement a CAS Overlay. This is needed when working with many of the views within the Dashboard. If you are not planning to work on the Dashboard code, you can skip this step.

Download a copy of the CAS Overlay template from Github, [here](http://foo.com). Make sure the major version of CAS and CAS Management match (for example, if using Management 6.4.x, make sure you get the CAS Overlay for CAS 6.4.x). Copy the files in `{ project root }/etc/cas/config` to your local environments `/etc/cas/config` folder.

The following properties will need to be added to your `/etc/cas/cas.properties` file in order to allow the CAS Management Dashboard to connect to the APIs provided by CAS.

```bash
cas.serviceRegistry.json.location=file:/etc/cas/services

endpoints.health.sensitive=false
management.endpoints.enabled-by-default=true
management.endpoints.web.exposure.include=*
management.endpoint.health.show-details=always
management.endpoint.health.show-components=always

management.health.systemHealthIndicator.enabled=true
management.health.memoryHealthIndicator.enabled=true
management.health.sessionHealthIndicator.enabled=true
```

In order to enable these endpoints, you will need to add dependencies in build.gradle of your CAS Overlay. Find the `dependencies` block that contains the line `implementation "org.apereo.cas:cas-server-webapp-init"` and below that, add these two lines:

```gradle
implementation "org.apereo.cas:cas-server-support-reports"
implementation "org.apereo.cas:cas-server-core-monitor"
```

Then, using a CLI from the root of the overlay folder, you can run `./gradlew clean build` followed by `./gradlew run` and the CAS 6 server should start up. Once you see the large ASCII `READY` text in your console, navigate a browser of choice to `https://localhost:8443/cas`.

For more advanced configuration of CAS, refer to the CAS Documentation.
Loading

0 comments on commit 8edffab

Please sign in to comment.