> -----Original Message----- > From: Marvin S. Addison [mailto:marvin.addi...@gmail.com] > Sent: Thursday, August 8, 2013 10:02 AM > To: cas-user@lists.jasig.org > Subject: Re: [cas-user] MemcacheTicketRegistry documentation question > > > I'm following the docs at > > https://wiki.jasig.org/display/CASUM/MemcacheTicketRegistry to > > implement an memcached ticket registry. > > Check out the following: > http://jasig.github.io/cas/installation/Memcached-Ticket-Registry.html > > Although that's targeted at CAS 4.0, the configuration for memcached > components hasn't changed from 3.5.x. > . > > Reads like you've got malformed XML. Hopefully the documentation cited > above will help. If you're still running into problems like above, post > the file (redacted) and I'll take a look. > > M >
Thanks for your help. Between that and what Jesse Banning sent me I'm close to being in business. If I comment out the <property name='hashAlg'> section below: <bean id="memcachedClient" class="net.spy.memcached.spring.MemcachedClientFactoryBean" p:servers="${memcached.servers}" p:protocol="${memcached.protocol}" p:locatorType="${memcached.locatorType}" p:failureMode="${memcached.failureMode}" p:transcoder-ref="kryoTranscoder"> <-!-- <property name="hashAlg"> <util:constant static-field="net.spy.memcached.DefaultHashAlgorithm.${memcached.hashAlgorithm}" /> </property> --> </bean> Then what I get is it seems to work -- at least, it's putting values in memcached if memcached is there. But if I quit the browser and try to login in again, it prompts for reauth, even if I'm careful to hit the same cas machine each time. Also, if I stop memcached, it still lets me log it. Does it fall back to the native ticket registry somehow? If I uncomment the property name, I get this in cas.log: The Spring ContextLoaderListener we wrap threw on contextInitialized. But for our having caught this error, the web application context would not have initialized. org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 52 in XML document from ServletContext resource [/WEB-INF/spring-configuration/ticketRegistry.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 52; columnNumber: 104; The prefix "util" for element "util:constant" is not bound. Thanks again, Aaron Here's my redacted cas.properties and ticketRegistry.xml: ## # Services Management Web UI Security server.name=https://cas-cluster.clarku.edu:8443 server.prefix=${server.name}/cas cas.securityContext.serviceProperties.service=${server.prefix}/services/j_acegi_cas_security_check # Names of roles allowed to access the CAS service manager cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${server.prefix}/login cas.securityContext.ticketValidator.casServerUrlPrefix=${server.prefix} # IP address or CIDR subnet allowed to access the /status URI of CAS that exposes health check information cas.securityContext.status.allowedSubnet=[redacted]/25 #Ldap ldap.pool.minIdle=3 ldap.pool.maxIdle=5 ldap.pool.maxSize=10 # Maximum time in ms to wait for connection to become available # under pool exhausted condition. ldap.pool.maxWait=10000 # memcached ticket registry memcached.servers=server1.clarku.edu:11211,server2.clarku.edu:11211 memcached.protocol=BINARY memcached.locatorType=ARRAY_MOD memcached.failureMode=Redistribute memcached.hashAlgorithm=FNV1_64_HASH memcached.transcoder.initBufSize=12288 expiration.policy.tgt.validity_period=${tgt.maxTimeToLiveInSeconds} expiration.policy.st.validity_period=${st.timeToKillInSeconds} # == Evictor configuration == # Period in ms at which evictor process runs. ldap.pool.evictionPeriod=600000 # Maximum time in ms at which connections can remain idle before # they become liable to eviction. ldap.pool.idleTime=1200000 # == Connection testing settings == # Set to true to enable connection liveliness testing on evictor # process runs. Probably results in best performance. ldap.pool.testWhileIdle=true # Set to true to enable connection liveliness testing before every # request to borrow an object from the pool. ldap.pool.testOnBorrow=false cas.themeResolver.defaultThemeName=cas-theme-default cas.viewResolver.basename=default_views ## # Unique CAS node name # host.name is used to generate unique Service Ticket IDs and SAMLArtifacts. This is usually set to the specific # hostname of the machine running the CAS node, but it could be any label so long as it is unique in the cluster. host.name=cas-cluster.clarku.edu ## # Database flavors for Hibernate # # One of these is needed if you are storing Services or Tickets in an RDBMS via JPA. # # database.hibernate.dialect=org.hibernate.dialect.OracleDialect # database.hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect # database.hibernate.dialect=org.hibernate.dialect.HSQLDialect ## # CAS Logout Behavior # WEB-INF/cas-servlet.xml # # Specify whether CAS should redirect to the specifyed service parameter on /logout requests # cas.logout.followServiceRedirects=false ## # Single Sign-On Session Timeouts # Defaults sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml # # Maximum session timeout - TGT will expire in maxTimeToLiveInSeconds regardless of usage tgt.maxTimeToLiveInSeconds=28800 # # Idle session timeout - TGT will expire sooner than maxTimeToLiveInSeconds if no further requests # for STs occur within timeToKillInSeconds tgt.timeToKillInSeconds=7200 ## # Service Ticket Timeout # Default sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml # # Service Ticket timeout - typically kept short as a control against replay attacks, default is 10s. You'll want to # increase this timeout if you are manually testing service ticket creation/validation via tamperdata or similar tools st.timeToKillInSeconds=10 ## # Single Logout Out Callbacks # Default sourced from WEB-INF/spring-configuration/argumentExtractorsConfiguration.xml # # To turn off all back channel SLO requests set slo.disabled to true # slo.callbacks.disabled=false ## # Service Registry Periodic Reloading Scheduler # Default sourced from WEB-INF/spring-configuration/applicationContext.xml # # Force a startup delay of 2 minutes. # service.registry.quartz.reloader.startDelay=120000 # # Reload services every 2 minutes # service.registry.quartz.reloader.repeatInterval=120000 ## # Log4j # Default sourced from WEB-INF/spring-configuration/log4jConfiguration.xml: # # It is often time helpful to externalize log4j.xml to a system path to preserve settings between upgrades. # e.g. log4j.config.location=/etc/cas/log4j.xml # log4j.config.location=classpath:log4j.xml # # log4j refresh interval in millis # log4j.refresh.interval=60000 Ticketregistry: <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"> <description> Configuration for the MemCacheTicketRegistry </description> <bean id="ticketRegistry" class="org.jasig.cas.ticket.registry.MemCacheTicketRegistry"> <constructor-arg index="0" ref="memcachedClient" /> <!-- TGT timeout in seconds --> <constructor-arg index="1" value="${expiration.policy.tgt.validity_period}" /> <!-- ST timeout in seconds --> <constructor-arg index="2" value="${expiration.policy.st.validity_period}" /> </bean> <!-- NOTE: Changing the transcoder implementation is not required, but Kryo provides for more efficient serialization which significantly improves throughput and storage footprint. See http://code.google.com/p/spymemcached/wiki/SpringIntegration for more info on options for various property values. --> <bean id="memcachedClient" class="net.spy.memcached.spring.MemcachedClientFactoryBean" p:servers="${memcached.servers}" p:protocol="${memcached.protocol}" p:locatorType="${memcached.locatorType}" p:failureMode="${memcached.failureMode}" p:transcoder-ref="kryoTranscoder"> <property name="hashAlg"> <util:constant static-field="net.spy.memcached.DefaultHashAlgorithm.${memcached.hashAlgorithm}" /> </property> </bean> <bean id="kryoTranscoder" class="org.jasig.cas.ticket.registry.support.kryo.KryoTranscoder" init-method="initialize"> <!-- initialBufferSize --> <constructor-arg index="0" value="8192" /> </bean> </beans> Thanks, Aaron -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user