Command-line Shell

The CAS command-line shell provides the ability to query the CAS server for help on available settings/modules and various other utility functions.

To invoke and work with the utility, execute:


1

java -jar /path/to/cas-server-support-shell-$casVersion.jar

…where $casVersion needless to say is the CAS version that is deployed.

The interface that is next presented will guide you through with available parameters and methods of querying. You will learn how to launch into the interactive shell and query the CAS engine dynamically.

JCE Requirement

Make sure you have the proper JCE bundle installed in your Java environment that is used by CAS, specially if you need to use specific signing/encryption algorithms and methods. Be sure to pick the right version of the JCE for your Java version. Java versions can be detected via the java -version command.

Note that the WAR Overlay deployment strategy should already be equipped with this functionality. You should not have to do anything special and extra to interact with the shell. See the relevant overlay documentation for more info on how to invoke and work with the shell.

Shell Commands

The following commands are available and exposed by the CAS command-line shell.

generate-key

Generate signing/encryption crypto keys for CAS settings

Name	Description	Default
`key-size,--key-size`	`Key size`	`256`

cipher-text,encode-text

Sign and encrypt text data using keys

Show entries

Search:

Name	Description	Default
`enable-encryption,--enable-encryption`	`Whether value should be encrypted`	`true`
`enable-signing,--enable-signing`	`Whether value should be signed`	`true`
`encryption-alg,--encryption-alg`	`Encryption alg`	`A256CBC-HS512`
`encryption-key,--encryption-key`	`Encryption key`	`__NULL__`
`encryption-key-size,--encryption-key-size`	`Encryption key size`	`512`

Showing 1 to 5 of 8 entries

Previous1 2Next

decipher-text,decode-text

Decrypt and verify text data using keys

Show entries

Search:

Name	Description	Default
`enable-encryption,--enable-encryption`	`Whether value should be encrypted`	`true`
`enable-signing,--enable-signing`	`Whether value should be signed`	`true`
`encryption-alg,--encryption-alg`	`Encryption alg`	`A256CBC-HS512`
`encryption-key,--encryption-key`	`Encryption key`	`__NULL__`
`encryption-key-size,--encryption-key-size`	`Encryption key size`	`512`

Showing 1 to 5 of 8 entries

Previous1 2Next

generate-ddl

Generate database DDL scripts

Show entries

Search:

Name	Description	Default
`createSchema,--createSchema`	`Generate DROP SQL statements in the DDL`	`false`
`delimiter,--delimiter`	`Delimiter to use for separation of statements when generating SQL`	`;`
`dialect,--dialect`	`Database dialect class`	`HSQL`
`dropSchema,--dropSchema`	`Generate DROP SQL statements in the DDL`	`false`
`file,--file`	`DDL file to contain to generated script`	`/etc/cas/config/cas-db-schema.sql`

Showing 1 to 5 of 8 entries

Previous1 2Next

decrypt-value

Decrypt a CAS property value/setting via Jasypt

Show entries

Search:

Name	Description	Default
`alg,--alg`	`Algorithm to use to decrypt`	`__NULL__`
`initvector,--initvector,iv,--iv`	`Use initialization vector to encrypt`	`false`
`iterations,--iterations`	`Key obtention iterations to decrypt, default 1000`	`__NULL__`
`password,--password`	`Password (encryption key) to decrypt`	`__NONE__`
`provider,--provider`	`Security provider to use to decrypt`	`__NULL__`

Showing 1 to 5 of 6 entries

Previous1 2Next

encrypt-value

Encrypt a CAS property value/setting via Jasypt

Show entries

Search:

Name	Description	Default
`alg,--alg`	`Algorithm to use to encrypt`	`__NULL__`
`file,--file`	`File to encrypt`	`__NULL__`
`initvector,--initvector,iv,--iv`	`Use initialization vector to encrypt`	`false`
`iterations,--iterations`	`Key obtention iterations to encrypt, default 1000`	`__NULL__`
`password,--password`	`Password (encryption key) to encrypt`	`__NONE__`

Showing 1 to 5 of 7 entries

Previous1 2Next

jasypt-list-algorithms

List alogrithms you can use with Jasypt for property encryption

Name	Description	Default
`includeBC,--includeBC`	`Include Bouncy Castle provider`	`false`

jasypt-list-providers

List encryption providers with PBE Ciphers you can use with Jasypt

Name	Description	Default
`includeBC,--includeBC`	`Include Bouncy Castle provider`	`false`

jasypt-test-algorithms

Test encryption algorithms you can use with Jasypt to make sure encryption and decryption both work

Name	Description	Default
No data available in table

generate-full-jwt

Generate JWT and sign it using a given keystore

Show entries

Search:

Name	Description	Default
`aud,--aud`	`Audience`	`CAS`
`claims,--claims`	`JWT claims as JSON`	`{}`
`exp,--exp`	`Expiration in seconds`	`300`
`iss,--iss`	`Issuer`	`https://localhost:8443/cas/oidc`
`jwks,--jwks`	`Path to the JWKS file used to sign the token`

Showing 1 to 5 of 6 entries

Previous1 2Next

generate-jwt

Generate a JWT with given size and algorithm for signing and encryption.

Show entries

Search:

Name	Description	Default
`encryptionAlgorithm,--encryptionAlgorithm`	`Algorithm to use for encryption`	`dir`
`encryptionMethod,--encryptionMethod`	`Method to use for encryption`	`A192CBC-HS384`
`encryptionSecretSize,--encryptionSecretSize`	`Size of the encryption secret`	`48`
`signingAlgorithm,--signingAlgorithm`	`Algorithm to use for signing`	`HS256`
`signingSecretSize,--signingSecretSize`	`Size of the signing secret`	`256`

Showing 1 to 5 of 6 entries

Previous1 2Next

generate-oidc-jwks

Generate OIDC JSON Web Keystore

Show entries

Search:

Name	Description	Default
`jwksFile,--jwksFile`	`Location of the JSON web keystore file.`	`/etc/cas/config/keystore.jwks`
`jwksKeyId,--jwksKeyId`	`The key identifier to set for the generated key in the keystore.`	`cas`
`jwksKeySize,--jwksKeySize`	`The key size (an algorithm-specific) for the generated jwks.`	`2048`
`jwksKeyType,--jwksKeyType`	`The type of the JWKS used to handle signing/encryption of authentication tokens.`	`RSA`

Showing 1 to 4 of 4 entries

Previous1Next

add-properties

Add properties associated with a CAS group/module to a Properties/Yaml configuration file.

Show entries

Search:

Name	Description	Default
`file,--file`	`Path to the CAS configuration file`	`/etc/cas/config/cas.properties`
`group,--group`	`Group/module whose associated settings should be added to the CAS configuration file`	`__NONE__`

Showing 1 to 2 of 2 entries

Previous1Next

convert-props

Convert CAS properties to YAML file at the same location.

Show entries

Search:

Name	Description	Default
`properties,--properties`	`Path to a properties file that contains CAS settings`	`/etc/cas/config/cas.properties`

Showing 1 to 1 of 1 entries

Previous1Next

export-props

Export CAS properties and settings from configuration metadata.

Show entries

Search:

Name	Description	Default
`dir,--dir`	`Path to a directory where reference configuration files would be exported.`	`./etc/cas/config`

Showing 1 to 1 of 1 entries

Previous1Next

find

Look up properties associated with a CAS group/module.

Show entries

Search:

Name	Description	Default
`name,--name`	`Property name regex pattern`	`.+`
`strict-match,--strict-match`	`Whether pattern should be done in strict-mode which means the matching engine tries to match the entire region for the query.`	`__NONE__`
`summary,--summary`	`Whether results should be presented in summarized mode`	`__NONE__`

Showing 1 to 3 of 3 entries

Previous1Next

generate-idp-metadata

Generate SAML2 IdP Metadata

Show entries

Search:

Name	Description	Default
`entityId,--entityId`	`Entity ID to use for the generated metadata`	`cas.example.org`
`force,--force`	`Force metadata generation (XML only, not certs), overwriting anything at the specified location`	`__NONE__`
`hostName,--hostName`	`CAS server prefix to be used at the IdP host name when generating metadata`	`https://cas.example.org/cas`
`metadataLocation,--metadataLocation`	`Directory location to hold metadata and relevant keys/certificates`	`/etc/cas/saml`
`scope,--scope`	`Scope to use when generating metadata`	`example.org`

Showing 1 to 5 of 6 entries

Previous1 2Next

generate-anonymous-user

Generate an anonymous (persistent) username identifier

Show entries

Search:

Name	Description	Default
`salt,--salt`	`Salt used to generate and encode the anonymous identifier`	`__NONE__`
`service,--service`	`Service application URL for which CAS may generate the identifier`	`__NONE__`
`username,--username`	`Authenticated username`	`__NONE__`

Showing 1 to 3 of 3 entries

Previous1Next

generate-yaml

Generate a YAML registered service definition

Show entries

Search:

Name	Description	Default
`destination,--destination`	`Path to the destination YAML service definition file`	`__NONE__`
`file,--file`	`Path to the JSON service definition file`	`__NONE__`

Showing 1 to 2 of 2 entries

Previous1Next

validate-service

Validate a given JSON/YAML service definition by path or directory

Show entries

Search:

Name	Description	Default
`directory,--directory`	`Path to the JSON/YAML service definitions directory`
`file,--file`	`Path to the JSON/YAML service definition file`

Showing 1 to 2 of 2 entries

Previous1Next

validate-endpoint

Test connections to an endpoint to verify connectivity, SSL, etc

Show entries

Search:

Name	Description	Default
`proxy,--proxy`	`Proxy address to use when testing the endpoint url`
`timeout,--timeout`	`Timeout to use in milliseconds when testing the url`	`5000`
`url,--url`	`Endpoint URL to test`	`__NONE__`

Showing 1 to 3 of 3 entries

Previous1Next

validate-ldap

Test connections to an LDAP server to verify connectivity, SSL, etc

Show entries

Search:

Name	Description	Default
`baseDn,--baseDn`	`baseDn to use when testing the LDAP server, searching for accounts (i.e. OU=some,DC=org,DC=edu)`	`__NONE__`
`bindCredential,--bindCredential`	`bindCredential to use when testing the LDAP server`	`__NONE__`
`bindDn,--bindDn`	`bindDn to use when testing the LDAP server`	`__NONE__`
`searchFilter,--searchFilter`	`Filter to use when searching for accounts (i.e. (&(objectClass=*) (sAMAccountName=user)))`
`url,--url`	`LDAP URL to test, comma-separated.`	`__NONE__`

Showing 1 to 5 of 7 entries

Previous1 2Next