I’ve posted another document to the gist, the clearpass-configuration.xml file without the map encryption. If we run with this configuration, it works just fine. (The only changes are removing the EncryptedMapDecorator and changing the name of the CacheMap to credentialsCache.)
Where would I set the logging for the clearpass extension? I currently have all of the logging levels in log4j.xml set to DEBUG. ---------------------------------- Mark St. Laurent Web Systems Administrator Yavapai College (928) 717-7654 http://www.yc.edu<http://www.yc.edu/> From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: Friday, November 15, 2013 9:22 AM To: cas-user@lists.jasig.org Subject: RE: [cas-user] ClearPass with Load-Balanced CAS Thank you…and you mentioned that this works correctly without map encryption? If so, could you describe how you run the test that confirms correct behavior? Usually, if it’s an encryption issue the problem has to do with a missing configuration element. If you can confirm that all settings on all nodes match (and having reviewed the snippet you posted, nothing really jumped out at me) and the integration still fails with no map encryption, then it usually is a matter of replication failing somewhere. To better debug this, set the clearpass package debug level to TRACE and report back the exception stack. With AOP turned on, right now it’s hard to figure out where the failure comes from. (Or you could disable AOP and run through the test once, but that’s more complicated). The encrypted map decorator component seems like could really benefit from additional log statements. From: St Laurent, Mark [mailto:mark.stlaur...@yc.edu] Sent: Friday, November 15, 2013 8:18 AM To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Subject: RE: [cas-user] ClearPass with Load-Balanced CAS Here you go: https://gist.github.com/markstlaurent/7485914 Thanks, ---------------------------------- Mark St. Laurent Web Systems Administrator Yavapai College (928) 717-7654 http://www.yc.edu<http://www.yc.edu/> From: Misagh [mailto:misagh.moay...@gmail.com] Sent: Thursday, November 14, 2013 5:41 PM To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Subject: RE: [cas-user] ClearPass with Load-Balanced CAS Mark could u please post relevant snippets of your clearpass and deployer config context xml files perhaps as github gists? On Nov 14, 2013 3:35 PM, "St Laurent, Mark" <mark.stlaur...@yc.edu<mailto:mark.stlaur...@yc.edu>> wrote: Yeah, just got done trying it in the test environment, no effect. Thanks, ---------------------------------- Mark St. Laurent Web Systems Administrator Yavapai College (928) 717-7654<tel:%28928%29%20717-7654> http://www.yc.edu -----Original Message----- From: Tom Poage [mailto:tfpo...@ucdavis.edu<mailto:tfpo...@ucdavis.edu>] Sent: Thursday, November 14, 2013 4:14 PM To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Subject: Re: [cas-user] ClearPass with Load-Balanced CAS On 11/14/2013 03:07 PM, Tom Poage wrote: > E.g. I see reference to SHA-512 in EncryptedMapDecorator.java and > suspect it may not be supported with the standard JCE policy. Nope, that's wrong: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest Tom. -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: mark.stlaur...@yc.edu<mailto:mark.stlaur...@yc.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: misagh.moay...@gmail.com<mailto:misagh.moay...@gmail.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: mark.stlaur...@yc.edu<mailto:mark.stlaur...@yc.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: mmoay...@unicon.net<mailto:mmoay...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: mark.stlaur...@yc.edu<mailto:mark.stlaur...@yc.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user