Do you mean it is buggy because Redis was refusing to write -1 for expiration times?
If you have a lot of time I guess you could write your test case and request pull. Uxío Prego Madiva Soluciones CL / SERRANO GALVACHE 56 BLOQUE ABEDUL PLANTA 4 28033 MADRID +34 917 56 84 94 www.madiva.com www.bbva.com The activity of email inboxes can be systematically tracked by colleagues, business partners and third parties. Turn off automatic loading of images to hamper it. 2018-02-10 2:20 GMT+00:00 michael kromarek <mkroma...@gmail.com>: > Sorry, there's a bit of a history to the problem that involved several > other ticket registries. > > On CAS 3.5 we where using PostgreSQL, but when I upgraded to CAS 5.x I > switched to Hazelcast. Which work okay except that after three days > pinciple ID's start to become null after successful authentication. WE > thought it might be something with Hazelcast so we tried Dynamo which was > an instant bust as it complained about an empty string. We then tried > Redis with AWS but the Setex command was being given a -1 for the ticket > expiration time. So we tried MongoDB, which wasn't writing tickets. > PostgreSQL was the fall back, though my manager prefered I find something > more performant since the JPA driver can be a bit slow (not to mention the > need to 4+ tiggers on the ticketgrantingticket table and another 2-3 on the > serviceticke table). > > But now that I found that the ticket expiration time was the culprit, I > should be able to go forward with MongoDB or Redis. Though the expiration > time problem does sound like a bug to me, but I'm not sure where to report > that. > > --Mike K. > > On Fri, Feb 9, 2018 at 1:03 PM, Uxío Prego <upr...@madiva.com> wrote: > >> I’m a little lost now. >> >> Are you sure you need to waste that much energy investigating so many >> ticket registry alternatives? Shouldn’t you be trying to just assess the >> feasibility of using that data base with which you feel more comfortable? >> >> To be more clear, let’s say it works better using MongoDB than >> PostgreSQL. If you already have a large body of PostgreSQL exposure, which >> you have demonstrated, even if MongoDB performs better there are chances >> your total cost of ownership will be smaller by using PostgreSQL. >> >> I’m sorry again I can’t help you, but with these energy and eagerness you >> seem to have I’m sure you aren’t going to have a lot of trouble with CAS >> once you focus in your problem. Or is it that your thing is to assess which >> one performs better? And if so, why not just ask that? >> >> Regards, >> >> On 9 Feb 2018, at 20:55, michael kromarek <mkroma...@gmail.com> wrote: >> >> So it turns out I already had the driver turned to debug, so no new >> information there. But I did up the verbosity level of MongoDB log to 5 >> and noticed that a write attempt for the TGT ticket wasn't even made >> (subsequent fetches where made though). >> >> I decided to try pulling down the latest maven overlay and move my >> settings over one by one to see what would cause the problem, and culprit >> turned out to be >> >> cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=28800 >> >> >> If I comment that out, it writes the ticket no problem. If I set it, it >> fails creating the ticket and new writes it to or even attempts to write it >> to Mongo. I think this is an error in the ExpirationPolicy class as I have >> also tried Redis and noticed it was writing the expiration time as -1. -1 >> is not acceptable to Redis so it won't make the record. I also tried >> DynamoDB and noticed it was complaining about an empty string being written >> (which for whatever reason Dynamo does not like empty strings at all). I'm >> thinking PostgreSQL didn't have a problem because the expiration policy is >> stored as a large object and it probably doesn't care what it is. >> >> --Mike K. >> >> On Wed, Feb 7, 2018 at 5:51 AM, michael kromarek <mkroma...@gmail.com> >> wrote: >> >>> I'll give that a shot and let you know what I find. >>> >>> Thank you. >>> >>> On Wed, Feb 7, 2018 at 5:31 AM, David Curry <david.cu...@newschool.edu> >>> wrote: >>> >>>> Ah - you just reminded me, and I should have mentioned this last time. >>>> Try adding this to your log4j2.xml: >>>> >>>> <AsyncLogger name="org.mongodb.driver" level="debug" /> >>>> >>>> >>>> That's the actual Java driver. >>>> >>>> --Dave >>>> >>>> >>>> -- >>>> DAVID A. CURRY, CISSP >>>> *DIRECTOR OF INFORMATION SECURITY* >>>> INFORMATION TECHNOLOGY >>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >>>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g> >>>> +1 212 229-5300 x4728 <(212)%20229-5300> • david.cu...@newschool.edu >>>> [image: The New School] >>>> >>>> On Wed, Feb 7, 2018 at 8:25 AM, michael kromarek <mkroma...@gmail.com> >>>> wrote: >>>> >>>>> Hi Dave, >>>>> >>>>> I actually tried those settings first (I was following your guide, but >>>>> only having a single server instead of a cluster for mongo). >>>>> Unfortunately, it fails in the same way with those settings too. I might >>>>> be able to eek out a little more information if I set >>>>> >>>>> org.apereo.cas.ticket.registry.MongoDbTicketRegistry >>>>> >>>>> to debug in the logger, though I already have org.apero.cas and >>>>> com.mongo set to debug. >>>>> >>>>> --Mike K >>>>> >>>>> On Wed, Feb 7, 2018 at 5:15 AM, David Curry <david.cu...@newschool.edu >>>>> > wrote: >>>>> >>>>>> Mike, >>>>>> >>>>>> The only thing that strikes me as odd in your settings is this one: >>>>>> >>>>>> cas.ticket.registry.mongo.collectionName=cas-ticket-registry >>>>>> >>>>>> >>>>>> The Mongo ticket registry uses multiple collections: >>>>>> >>>>>> proxyGrantingTicketsCollection >>>>>> proxyTicketsCollection >>>>>> samlArtifactsCache >>>>>> samlAttributeQueryCache >>>>>> serviceTicketsCollection >>>>>> ticketGrantingTicketsCollection >>>>>> >>>>>> >>>>>> So while I'm not sure if that setting is having any impact on your >>>>>> configuration at all, I suspect that if it _is_ having an impact, it's a >>>>>> negative one. Although, I don't see anything in the logs to suggest that >>>>>> it >>>>>> is -- the server seems to be using the "right" collection: >>>>>> >>>>>> 2018-02-07 00:46:30,159 DEBUG >>>>>> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] >>>>>> - <Locating collection name [ticketGrantingTicketsCollection] for >>>>>> ticket definition [org.apereo.cas.ticket.Default >>>>>> TicketDefinition@28556a8b[implementationClass=class >>>>>> org.apereo.cas.ticket.TicketGrantingTicketImpl,prefix=TGT]]> >>>>>> 2018-02-07 00:46:30,159 DEBUG >>>>>> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] >>>>>> - <Located MongoDb collection instance [ticketGrantingTicketsCollecti >>>>>> on]> >>>>>> 2018-02-07 00:46:30,160 DEBUG [org.mongodb.driver.protocol.command] >>>>>> - <Sending command {find : BsonString{value='ticketGranti >>>>>> ngTicketsCollection'}} to database casdb on connection >>>>>> [connectionId{localValue:6, serverValue:68}] to server localhost:27017> >>>>>> 2018-02-07 00:46:30,161 DEBUG [org.mongodb.driver.protocol.command] >>>>>> - <Command execution completed> >>>>>> >>>>>> For what it's worth, mine is working on 5.2.2 using these settings >>>>>> (essentially the same as yours except I have a replica set): >>>>>> >>>>>> # >>>>>> # Components of the MongoDB connection string broken out for ease of >>>>>> editing. >>>>>> # See https://docs.mongodb.com/manual/reference/connection-string/ >>>>>> # >>>>>> mongo.db: casdb >>>>>> mongo.rs: rs0 >>>>>> mongo.opts: &ssl=true >>>>>> mongo.creds: mongocas:<redacted> >>>>>> mongo.hosts: casdev-srv01-lid.newschool.e >>>>>> du,casdev-srv02-lid.newschool.edu,casdev-srv03-lid.newschool.edu >>>>>> >>>>>> # >>>>>> # The connection string, assembled >>>>>> # >>>>>> mongo.uri: mongodb://${mongo.creds}@$ >>>>>> {mongo.hosts}/${mongo.db}?replicaSet=${mongo.rs}${mongo.opts} >>>>>> >>>>>> # >>>>>> # Ticket registry >>>>>> # >>>>>> cas.ticket.registry.mongo.clientUri: ${mongo.uri} >>>>>> >>>>>> # >>>>>> # Service registry >>>>>> # >>>>>> cas.serviceRegistry.mongo.clientUri: ${mongo.uri} >>>>>> cas.serviceRegistry.mongo.collection: casServiceRegistry >>>>>> >>>>>> >>>>>> >>>>>> --Dave >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> DAVID A. CURRY, CISSP >>>>>> *DIRECTOR OF INFORMATION SECURITY* >>>>>> INFORMATION TECHNOLOGY >>>>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >>>>>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g> >>>>>> +1 212 229-5300 x4728 <(212)%20229-5300> • david.cu...@newschool.edu >>>>>> [image: The New School] >>>>>> >>>>>> On Wed, Feb 7, 2018 at 4:03 AM, Mike Kromarek <mkroma...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> I recently switched from the Postgresql JPA ticket registry to >>>>>>> MongoDB and am having a strange issue. The authentication succeeds, but >>>>>>> then it fails to add the ticket to the mongo database, causing the >>>>>>> process >>>>>>> to fail and return to the login screen. >>>>>>> >>>>>>> -- cas.properties -- >>>>>>> cas.ticket.registry.mongo.host=localhost >>>>>>> cas.ticket.registry.mongo.userId=<redacted> >>>>>>> cas.ticket.registry.mongo.password=<redacted> >>>>>>> cas.ticket.registry.mongo.databaseName=casdb >>>>>>> cas.ticket.registry.mongo.collectionName=cas-ticket-registry >>>>>>> cas.ticket.registry.mongo.dropCollection=false >>>>>>> cas.ticket.registry.mongo.timeout=5000 >>>>>>> cas.ticket.registry.mongo.writeConcern=NORMAL >>>>>>> cas.ticket.mongo.conns.lifetime=60000 >>>>>>> cas.ticket.mongo.conns.perHost=10 >>>>>>> cas.ticket.registry.mongo.idleTimeout=30000 >>>>>>> >>>>>>> >>>>>>> CAS connects to the database with the specified user, makes all the >>>>>>> tables and seems like everything should be good. Then it encodes the >>>>>>> TGT, >>>>>>> but fails to add it. >>>>>>> >>>>>>> >>>>>>> 2018-02-07 00:46:30,024 DEBUG [org.apereo.cas.ticket.factory >>>>>>> .DefaultTicketGrantingTicketFactory] - <Encoded ticket-granting >>>>>>> ticket id [TGT-****************************************** >>>>>>> 3wOfaglzGL-JNpegctV--qfA0S5-xCE-aws-stage-cas.highline.edu >>>>>>> <http://3wofaglzgl-jnpegctv--qfa0s5-xce-aws-stage-cas.highline.edu/> >>>>>>> ]> >>>>>>> 2018-02-07 00:46:30,025 DEBUG >>>>>>> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] >>>>>>> - <Adding ticket [TGT-****************************************** >>>>>>> 3wOfaglzGL-JNpegctV--qfA0S5-xCE-aws-stage-cas.highline.edu >>>>>>> <http://3wofaglzgl-jnpegctv--qfa0s5-xce-aws-stage-cas.highline.edu/> >>>>>>> ]> >>>>>>> 2018-02-07 00:46:30,118 ERROR >>>>>>> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] >>>>>>> - <Failed adding [TGT-****************************************** >>>>>>> 3wOfaglzGL-JNpegctV--qfA0S5-xCE-aws-stage-cas.highline.edu >>>>>>> <http://3wofaglzgl-jnpegctv--qfa0s5-xce-aws-stage-cas.highline.edu/>]: >>>>>>> [java.lang.NullPointerException]> >>>>>>> 2018-02-07 00:46:30,118 DEBUG >>>>>>> [org.apereo.cas.AbstractCentralAuthenticationService] >>>>>>> - <Publishing [org.apereo.cas.support.events >>>>>>> .ticket.CasTicketGrantingTicketCreatedEvent@2c84b7f8[ticketG >>>>>>> rantingTicket=TGT-****************************************** >>>>>>> 3wOfaglzGL-JNpegctV--qfA0S5-xCE-aws-stage-cas.highline.edu >>>>>>> <http://3wofaglzgl-jnpegctv--qfa0s5-xce-aws-stage-cas.highline.edu/> >>>>>>> ]]> >>>>>>> >>>>>>> Has anyone else ran into this? >>>>>>> >>>>>>> --Mike K >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> - Website: https://apereo.github.io/cas >>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "CAS Community" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to cas-user+unsubscr...@apereo.org. >>>>>>> To view this discussion on the web visit https://groups.google.co >>>>>>> m/a/apereo.org/d/msgid/cas-user/051a23e8-bb02-48a3-ab26-86b9 >>>>>>> a2fa3c40%40apereo.org >>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/051a23e8-bb02-48a3-ab26-86b9a2fa3c40%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> - Website: https://apereo.github.io/cas >>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "CAS Community" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to cas-user+unsubscr...@apereo.org. >>>>>> To view this discussion on the web visit https://groups.google.co >>>>>> m/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPtgS2W5jqHcYROaymtC >>>>>> YyTnb2FyjAJQhKCAOUH%2BvCNbQ%40mail.gmail.com >>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPtgS2W5jqHcYROaymtCYyTnb2FyjAJQhKCAOUH%2BvCNbQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> >>>>> >>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to cas-user+unsubscr...@apereo.org. >>>>> To view this discussion on the web visit https://groups.google.co >>>>> m/a/apereo.org/d/msgid/cas-user/CALfsmq71-hfpdSXFe7nQZ5w0t42 >>>>> 99jtOswjGzkhBLgHJKFEcSg%40mail.gmail.com >>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALfsmq71-hfpdSXFe7nQZ5w0t4299jtOswjGzkhBLgHJKFEcSg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> >>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to cas-user+unsubscr...@apereo.org. >>>> To view this discussion on the web visit https://groups.google.co >>>> m/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOy%2B0pG-HA%2BbVTDb >>>> vUv0GX%2Bnw0vhO3nK3Cgw%2BMPEzuLbA%40mail.gmail.com >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOy%2B0pG-HA%2BbVTDbvUv0GX%2Bnw0vhO3nK3Cgw%2BMPEzuLbA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+unsubscr...@apereo.org. >> To view this discussion on the web visit https://groups.google.co >> m/a/apereo.org/d/msgid/cas-user/CALfsmq5iHbn%2BKAv6c9dF1Et98 >> 8OHvXOXqwJTaQBuV1UDCbfBBw%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALfsmq5iHbn%2BKAv6c9dF1Et988OHvXOXqwJTaQBuV1UDCbfBBw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+unsubscr...@apereo.org. >> To view this discussion on the web visit https://groups.google.com/a/ap >> ereo.org/d/msgid/cas-user/83382BCD-F10C-461C-93F5-0FC96D1E01 >> 2B%40madiva.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/83382BCD-F10C-461C-93F5-0FC96D1E012B%40madiva.com?utm_medium=email&utm_source=footer> >> . >> > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/CALfsmq4pDkz8U%3D2_247mkF0sXQXTFrdXqfC2QO- > b01BpkFLvpQ%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALfsmq4pDkz8U%3D2_247mkF0sXQXTFrdXqfC2QO-b01BpkFLvpQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANidDKb4xHgHS4TXwp51R_%2B2hzE3Q9FwY%3DUde29a8ZMM65L9qA%40mail.gmail.com.
