Did you get the solution? Please post i am also getting the same issue with memcached.
On Friday, September 8, 2017 at 4:06:00 AM UTC+5:45, bobsan...@gmail.com wrote: > > Hi, all. > > I've been prototyping and learning Apereo CAS 5.1.3, using the Cas Overlay > Template. > > I am able to get it set up so I can run an instance on my workstation, and > hit https://localhost:8443/cas/login and authenticate. Then, I'm able to > hit https://localhost:8443/cas/status/dashboard to see the CAS Dashboard > app. That was using the default in-memory token store. > > Then I tried to change the token store to memcached, and started getting > an intermittent errors. I've been trying to debug it, and am at the point > where I need help. > > Basically, the ST token gets written OK to the memcached client I'm using > (I can see it in the memcached console, and in the debugger it successfully > gets through MemCacheTicketRegistry method addTitket, including the 'sanity > check' that reads back that cache entity. > > However - the next call to getTicket for the ST token fails. The raw > memcached retrieve works - it's the Kryo based deserialization that fails. > It gets to the lastTimeUsed field when deserializing to ServiceTicketImpl, > and gets this exception (this is just the deepest section): > > Caused by: java.time.DateTimeException: Invalid ID for region-based > ZoneId, invalid format: ST-1-ekjABqJkYU9gJdlkLxHd-DL-GB46TC2 > at java.time.ZoneRegion.checkName(ZoneRegion.java:151) > ~[?:1.8.0_131] > at java.time.ZoneRegion.ofId(ZoneRegion.java:116) ~[?:1.8.0_131] > at java.time.ZoneId.of(ZoneId.java:411) ~[?:1.8.0_131] > at java.time.ZoneId.of(ZoneId.java:359) ~[?:1.8.0_131] > at > org.apereo.cas.ticket.registry.support.kryo.serial.ZonedDateTimeTranscoder.read(ZonedDateTimeTranscoder.java:26) > > ~[cas-server-support-memcached-ticket-registry-5.1.3.jar!/:5.1.3] > at > org.apereo.cas.ticket.registry.support.kryo.serial.ZonedDateTimeTranscoder.read(ZonedDateTimeTranscoder.java:16) > > ~[cas-server-support-memcached-ticket-registry-5.1.3.jar!/:5.1.3] > at com.esotericsoftware.kryo.Kryo.readObjectOrNull(Kryo.java:789) > ~[kryo-4.0.0.jar!/:?] > at > com.esotericsoftware.kryo.serializers.ObjectField.read(ObjectField.java:132) > ~[kryo-4.0.0.jar!/:?] > at > com.esotericsoftware.kryo.serializers.FieldSerializer.read(FieldSerializer.java:540) > > ~[kryo-4.0.0.jar!/:?] > at > com.esotericsoftware.kryo.Kryo.readClassAndObject(Kryo.java:816) > ~[kryo-4.0.0.jar!/:?] > at > org.apereo.cas.ticket.registry.support.kryo.KryoTranscoder.decode(KryoTranscoder.java:187) > > ~[cas-server-support-memcached-ticket-registry-5.1.3.jar!/:5.1.3] > at > net.spy.memcached.transcoders.TranscodeService$1.call(TranscodeService.java:63) > > ~[spymemcached-2.12.1.jar!/:2.12.1] > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > ~[?:1.8.0_131] > at > net.spy.memcached.transcoders.TranscodeService$Task.run(TranscodeService.java:110) > > ~[spymemcached-2.12.1.jar!/:2.12.1] > at > net.spy.memcached.transcoders.TranscodeService$Task.get(TranscodeService.java:96) > > ~[spymemcached-2.12.1.jar!/:2.12.1] > at net.spy.memcached.internal.GetFuture.get(GetFuture.java:70) > ~[spymemcached-2.12.1.jar!/:2.12.1] > at > net.spy.memcached.MemcachedClient.get(MemcachedClient.java:1229) > ~[spymemcached-2.12.1.jar!/:2.12.1] > ... 121 more > > You can see that for some reason, when trying to get the time zone (in > ZonedDateTimeTranscoder, line 26) it doesn't find a 'Z' (which it did on > the initial, successful sanity check read), but seems to find the token ID > instead. > > If I log out from the CAS console, and then log in again, I don't see any > further exceptions. > > So - after starting up CAS, the SECOND cache read fails consistently - but > that's the only one. > > Any ideas? > > Should I report this as a bug, or wait and see if anyone here has any > ideas? > > > How to replicate: > 1. Start with a fresh clone > of ssh://git@bitbucket/sand/cas-server-overlay.git > > 2. Set it up to be able to run the console and the dashboard. (These are > an attempt at a minimal change to the repo to reproduce the proboem) > > 2a. create etc\cas\config\services\HTTPSandIMAPS-10000001.json with > contents: > > { > "@class" : "org.apereo.cas.services.RegexRegisteredService", > "serviceId" : "^(https|imaps)://.*", > "name" : "HTTPS and IMAPS", > "id" : 10000001, > "description" : "This service definition authorizes all application urls > that support HTTPS and IMAPS protocols.", > "evaluationOrder" : 10000 > } > > > 2b. create etc\cas\config\adminusers.properties with contents: > > > casuser=notused,ROLE_ADMIN > > > 2c. update etc\cas\config\cas.properties to look like this: > > cas.server.name=https://localhost:8443 > cas.server.prefix=https://localhost:8443/cas > > cas.adminPagesSecurity.ip=127\.0\.0\.1 > > logging.config=file:/etc/cas/config/log4j2.xml > # cas.serviceRegistry.config.location: classpath:/services > > #cas.serviceRegistry.config.location=classpath:/services > # Where the Service Registry config files reside. > cas.serviceRegistry.config.location=file:/etc/cas/config/services > # Should CAS ALSO load service registry from $TEMP/cas/services? Almost > certainly no - just load from the > # config location mentioned just above. > cas.serviceRegistry.initFromJson=false > > cas.tgc.encryptionKey=n-mjo3eRBKS2D1bN-9LfyrAKs97qaVDS1qm_QnXjXSk > cas.tgc.signingKey=pf7scXUAk-l6FmwWDVzOONH-Is8RU1OLIcGlTdTPJL_hYQvYz8zhwzOiLQQZE6I-sbJbiyNL7WP5jq9UkvxN7w > > cas.webflow.signing.key=73eYssgawTHjAjkH_4uaEw4wUdaXD3M1lsPoqk50lpdpr_tu0XtLKLZmS_0DIJcZ_dU99nuXX7EaG9OBHQN1JA > cas.webflow.encryption.key=qblhBvdquHNqGjkw > > management.contextPath=/status > management.security.enabled=false > management.security.roles=ACTUATOR,ADMIN > management.security.sessions=if_required > > endpoints.restart.enabled=false > endpoints.shutdown.enabled=false > endpoints.autoconfig.enabled=true > endpoints.beans.enabled=true > endpoints.bus.enabled=true > endpoints.configprops.enabled=true > endpoints.dump.enabled=true > endpoints.env.enabled=true > endpoints.health.enabled=true > endpoints.features.enabled=true > endpoints.info.enabled=true > endpoints.loggers.enabled=true > endpoints.logfile.enabled=true > endpoints.trace.enabled=true > endpoints.docs.enabled=false > endpoints.heapdump.enabled=true > > cas.adminPagesSecurity.loginUrl=https://localhost:8443/cas/login > cas.adminPagesSecurity.service=https://localhost:8443/cas/status/dashboard > cas.adminPagesSecurity.users=file:/etc/cas/config/adminusers.properties > cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN > > cas.adminPagesSecurity.actuatorEndpointsEnabled=false > > cas.monitor.endpoints.enabled=true > cas.monitor.endpoints.sensitive=false > > 2d. Add this dependency to the pom: > > > <dependency> > <groupId>org.apereo.cas</groupId> > <artifactId>cas-server-support-json-service-registry</artifactId> > <version>${cas.version}</version> > </dependency> > > > > 3. Start up the CAS server > > > 3a. gen an ssl certificate and use keytool to import that into your JAVA > keystore. > > > 3b. create \etc\cas\config folders (with appropriate permissions) > > > 3c. "build copy" to copy the config files to \etc\cas\config > > > 3d. "build run" to fire up the CAS server. > > 4. Browse to https://localhost:8443/cas > You should get a login screen - login with casuser > > 5. Browse to https://localhost:8443/cas/status/dashboard > You should see the dashboard. > > > Now - enable memcached. > > 6. Add memcached dependency to the pom: > > <dependency> > <groupId>org.apereo.cas</groupId> > <artifactId>cas-server-support-memcached-ticket-registry</artifactId> > <version>${cas.version}</version> > </dependency> > > > 7. I added a couple of extra properties to the cas.properties file: > > cas.ticket.st.timeToKillInSeconds=28800 > > cas.ticket.registry.memcached.servers=localhost:11211 > > > The first one is just to extend the timeout on the ST tokens - gives more > time to debug. the second one isn't really required, since that's the > default value for the memcached server. > > > 8. Start up a local memcached server. I'm on Windows, and using > memcached-win64 version 1.4.2. I start it with: > > memcached -p 11211 -vv > > (the '-vv' shows the keys of all the adds, gets, and deletes made to the > memcached server) > > > 9. Repeat steps 4 and 5. > > When you get to step 5, if you have memcached showing the keys, then > you'll see an add for the ST token, then a get for the ST token, then > (likely) a TGT token get, then the second ST get. > > In your CAS server console, you'll see the exception noted above. > > Thanks! > > Bob. > > > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9008f3ea-3cdb-412a-a91e-7bd730e2af42%40apereo.org.
