We found the same Problem on CAS 6.5.5 with a JPA-Ticket Registry and
delegation to a Microsoft AD via SAML2.
TL;DR: It seems like CAS failes to read the JSON it wrote earlier.
Inside the stored ticket is some JSON Data which gets serialized when the
ticket is stored.
When the tickets is then read again later, CAS tries to deserialize the
JSON back into Java objects which fails here.
This seems to be independent of the actual storage used as it happens with
both JMS/Artemis (your case) and JPA/MariaDB (our case).
Im afraid this is a bug which has to be fixed somewhere inside CAS itself
and we cannnot fix it by simply setting some properties.
surfr...@surfrock66.com schrieb am Donnerstag, 21. Juli 2022 um 08:47:56
UTC+2:
> We have a cas environment with 2 front ends, and want to point to a
> central jms server for distributed ticketing. We have artemis set up on a
> third box (not using artemis specifically, just using it as the next
> activemq release). Auth is handed off via delegated saml (to okta) so
> pac4j is used for authentication. When a user logs in, it is successful,
> they get a ticket and they get attributes, but I do not believe the
> distributed ticketing is successful. Here is the JMS configuration:
>
> cas.ticket.registry.jms.crypto.signing.key=REDACTED
> cas.ticket.registry.jms.crypto.encryption.key=REDACTED
> spring.activemq.broker-url=tcp://urltoserver:61617
> spring.activemq.user=REDACTED
> spring.activemq.password=REDACTED
> spring.activemq.pool.enabled=true
> spring.activemq.pool.max-connections=50
> spring.activemq.packages.trust-all=false
> spring.activemq.packages.trusted=org.apereo.cas
>
> Then when a user logs in, despite the login being successful, I get this
> in the cas logs (the actual value of the specified config replaces what's
> in bold):
>
> 2022-07-20 20:32:37,106 WARN
> [org.springframework.jms.listener.DefaultMessageListenerContainer] -
> <Execution of JMS message listener failed, and no ErrorHandler has been
> set.>
> org.springframework.jms.listener.adapter.ListenerExecutionFailedException:
> Listener method 'public void
> org.apereo.cas.ticket.registry.JmsTicketRegistryQueueReceiver.receive(org.apereo.cas.ticket.queue.BaseMessageQueueCommand)
>
> throws java.lang.Exception' threw exception; nested exception is
> org.springframework.jms.support.converter.MessageConversionException:
> Failed to convert JSON message content; nested exception is
> com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Problem
> deserializing 'setterless' property ("authnContexts"): no way to handle
> typed deser with setterless yet
> at [Source:
> (String)"{"@class":"org.apereo.cas.ticket.queue.UpdateTicketMessageQueueCommand","id":{"@class":"org.apereo.cas.util.PublisherIdentifier","id":"90e5a8e0-2654-43dc-aeb8-210880c1083d"},"ticket":{"@class":"org.apereo.cas.ticket.TransientSessionTicketImpl","@id":1,"expirationPolicy":{"@class":"org.apereo.cas.ticket.expiration.MultiTimeUseOrTimeoutExpirationPolicy$TransientSessionTicketExpirationPolicy","numberOfUses":1,"timeToLive":300,"name":"TransientSessionTicketExpirationPolicy-95b2fec6-0c78-4d42-8f70-99"[truncated
>
> 2020 chars]; line: 1, column: 2068] (through reference chain:
> org.apereo.cas.ticket.queue.UpdateTicketMessageQueueCommand["ticket"]->org.apereo.cas.ticket.TransientSessionTicketImpl["properties"]->java.util.HashMap["pac4jUserProfiles"]->java.util.LinkedHashMap["
> *cas.authn.pac4j.saml[0].clientName=*
> "]->org.pac4j.saml.profile.SAML2Profile["authnContexts"])
>
> Additionally, this is in the artemis logs:
>
> 2022-07-20 20:32:39,115 WARN [org.apache.activemq.artemis.core.server]
> AMQ222149: Message
> Reference[47408]:RELIABLE:CoreMessage[messageID=47408,durable=true,userID=11bdaf9a-086b-11ed-b8ae-0a888fcbcf63,priority=4,
>
> timestamp=Wed Jul 20 20:32:27 UTC 2022,expiration=0, durable=true,
> address=CasTicketRegistryQueue,size=6788,properties=TypedProperties[__HDR_dlqDeliveryFailureCause=java.lang.Throwable:
>
> Delivery[7] exceeds redelivery policy limit:RedeliveryPolicy {destination =
> null, collisionAvoidanceFactor = 0.15, maximumRedeliveries = 6,
> maximumRedeliveryDelay = -1, initialRedeliveryDelay = 1000,
> useCollisionAvoidance = false, useExponentialBackOff = false,
> backOffMultiplier = 5.0, redeliveryDelay = 1000, preDispatchCheck = true},
> cause:null,__AMQ_CID=ID:*cas-front-end-hostname*
> -36353-1658348877999-0:10,_AMQ_GROUP_SEQUENCE=0,__HDR_BROKER_IN_TIME=1658349147052,@class=org.apereo.cas.ticket.queue.UpdateTicketMessageQueueCommand,_AMQ_ROUTING_TYPE=1,__HDR_ARRIVAL=0,__HDR_COMMAND_ID=5,__HDR_PRODUCER_ID=ID:
> *cas-front-end-hostname*-36353-1658348877999-1:10:1:1,__HDR_MESSAGE_ID=ID:
> *cas-front-end-hostname*-36353-1658348877999-1:10:1:1:1,__HDR_DROPPABLE=false]]@1093364495
>
> has reached maximum delivery attempts, sending it to Dead Letter Address
> DLQ from CasTicketRegistryQueue
>
> I'm stumped, this is over my head as a sysadmin and not a java developer,
> any clues would be helpful here.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d293135f-1758-45cc-9a66-49bc07fdfbd1n%40apereo.org.
