Re:[cas-user] Can we use sAMAAcountName for single-step authentication without needing to know DN

2015-03-03 Thread Carl R Daudt 
Thanks. I might not get to work on this for a few weeks, but will post back 
when I have some results.
-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Trouble with Auditing Configuration

2015-03-03 Thread Juan Quintanilla 
Hi,



Thanks that did the trick I forgot to define the p-namespace.





___
Juan Quintanilla
jquin...@fiu.edu

From: Scott Battaglia 
Sent: Monday, March 2, 2015 9:16 PM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] Trouble with Auditing Configuration

Did you define the p-namespace?
http://docs.spring.io/spring/docs/current/spring-framework-reference/html/beans.html#beans-p-namespace

Cheers,
Scott

On Mon, Mar 2, 2015 at 5:33 PM, Juan Quintanilla 
mailto:jquin...@fiu.edu>> wrote:

Hi,



Trying to configure auditing for CAS 3.5.3 to an oracle database, I configured 
the tables and modified the auditTrailContext.xml file to include the necessary 
lines but when I startup tomcat I encounter the following error:



[/WEB-INF/spring-configuration/auditTrailContext.xml] is invalid; nested 
exception is org.xml.sax.SAXParseException; lineNumber: 164; columnNumber: 110; 
The prefix "p" for attribute "p:dataSource-ref" associated with an element type 
"bean" is not bound.



I verified that I have the dataSource bean defined in my deployer 
configuration, so I just wanted to see if someone has encountered a similar 
error.



 Below is a snippet of the auditTrailContext.xml file:



  



  


  



  

 
   
 

___
Juan Quintanilla
jquin...@fiu.edu



You are currently subscribed to 
cas-user@lists.jasig.org as: 
jquin...@fiu.edu
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

--
You are currently subscribed to 
cas-user@lists.jasig.org as: 
scott.battag...@gmail.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user


--
You are currently subscribed to cas-user@lists.jasig.org as: jquin...@fiu.edu
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] I am lost... And in desperate need of help

2015-03-03 Thread Dmitriy Kopylenko 
Bryan,

welcome to the club of the happy Hazelcast users! ;-)

Cheers,
D.

> On Mar 3, 2015, at 11:24 AM, Bryan Wooten  wrote:
> 
> I closing this issue down.
>  
> I got everything to work with Hazelcast.
>  
> So goodbye ehcache… It just isn’t worth trying figure out what is wrong with 
> it.
>  
> Thanks,
>  
> Bryan
>  
> From: Bryan Wooten [mailto:bryan.woo...@utah.edu 
> ] 
> Sent: Tuesday, March 03, 2015 8:21 AM
> To: cas-user@lists.jasig.org 
> Subject: RE: [cas-user] I am lost... And in desperate need of help
>  
> Thanks Marv,
>  
> This issue has been fixed, the load balancer guy did something… I am not sure 
> what.
>  
> But now I am back to my registry replication problem.
>  
> I see this in my logs:
> 2015-03-03 07:35:27,937 DEBUG [net.sf.ehcache.util.PropertyUtil] - Value 
> found for peerDiscovery:
> manual
> 2015-03-03 07:35:27,937 DEBUG [net.sf.ehcache.util.PropertyUtil] - Value 
> found for rmiUrls: //cas
> -dev2.acs.utah.edu 
> :40001/org.jasig.cas.ticket.ServiceTicket|//cas-dev2.acs.utah.edu
>  :40001/org.jas
> ig.cas.ticket.TicketGrantingTicket
>  
> But then later:
>  
> 2015-03-03 07:35:28,003 DEBUG 
> [net.sf.ehcache.distribution.RMICacheManagerPeerListener] - 0 RMICachePeers 
> bound in registry for RMI listener
>  
> And:
>  
> 2015-03-03 07:35:28,655 DEBUG 
> [net.sf.ehcache.distribution.RMIBootstrapCacheLoader] - Attempting to acquire 
> cache peers for cache org.jasig.cas.ticket.ServiceTicket to bootstrap from. 
> Will wait up to 0ms for cache to join cluster.
> 2015-03-03 07:35:28,656 DEBUG 
> [net.sf.ehcache.distribution.RMICacheManagerPeerListener] - 0 RMICachePeers 
> bound in registry for RMI listener
>  
> 2015-03-03 07:35:28,658 DEBUG 
> [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL 
> //cas-dev2.acs.utah.edu 
> :40001/org.jasig.cas.ticket.ServiceTicket
> 2015-03-03 07:35:28,658 DEBUG 
> [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL 
> //cas-dev2.acs.utah.edu 
> :40001/org.jasig.cas.ticket.ServiceTicket
>  
> 2015-03-03 07:35:28,703 DEBUG 
> [net.sf.ehcache.distribution.ManualRMICacheManagerPeerProvider] - Looking up 
> rmiUrl //cas-dev2.acs.utah.edu 
> :40001/org.jasig.cas.ticket.ServiceTicket 
> through exception org.jasig.cas.ticket.ServiceTicket. This may be normal if a 
> node has gone offline. Or it may indicate network connectivity difficulties
> java.rmi.NotBoundException: org.jasig.cas.ticket.ServiceTicket
> at sun.rmi.registry.RegistryImpl.lookup(RegistryImpl.java:136)
> at sun.rmi.registry.RegistryImpl_Skel.dispatch(Unknown Source)
>  
> I can successfully telnet from cas-dev1 (where this log trace is from) to 
> cas-dev2 port 40001.
>  
> The “Will wait up to 0ms” concerns me I guess. So I am back to being lost. I 
> will also try a Hazelcast configuration.
>  
> -Bryan
>  
>  
>  
> From: Marvin Addison [mailto:marvin.addi...@gmail.com 
> ] 
> Sent: Monday, March 02, 2015 12:51 PM
> To: cas-user@lists.jasig.org 
> Subject: Re: [cas-user] I am lost... And in desperate need of help
>  
> With Prod 3.4.12 and MFA, don’t get the successful login page. I get “page 
> not found” in the browser.
> Turn the org.jasig.casup to DEBUG and post (sanitized) logs corresponding to 
> the 404 error you mentioned. 
> The error goes away if I take one of the 2 CAS servers offline.
> Did you ever solve your ticket registry replication problems? I wouldn't 
> think that a "ticket not found" error would cause authentication problems, 
> but this sure sounds like some kind of HA config problem.
>  
> M
>  
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org 
>  as: bwoo...@acs.utah.edu 
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user 
> 
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org 
>  as: bryan.woo...@utah.edu 
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user 
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org 
>  as: dkopyle...@unicon.net 
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user 
> 

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki

RE: [cas-user] I am lost... And in desperate need of help

2015-03-03 Thread Bryan Wooten 
I closing this issue down.

I got everything to work with Hazelcast.

So goodbye ehcache… It just isn’t worth trying figure out what is wrong with it.

Thanks,

Bryan

From: Bryan Wooten [mailto:bryan.woo...@utah.edu]
Sent: Tuesday, March 03, 2015 8:21 AM
To: cas-user@lists.jasig.org
Subject: RE: [cas-user] I am lost... And in desperate need of help

Thanks Marv,

This issue has been fixed, the load balancer guy did something… I am not sure 
what.

But now I am back to my registry replication problem.

I see this in my logs:
2015-03-03 07:35:27,937 DEBUG [net.sf.ehcache.util.PropertyUtil] - Value found 
for peerDiscovery:
manual
2015-03-03 07:35:27,937 DEBUG [net.sf.ehcache.util.PropertyUtil] - Value found 
for rmiUrls: //cas
-dev2.acs.utah.edu:40001/org.jasig.cas.ticket.ServiceTicket|//cas-dev2.acs.utah.edu:40001/org.jas
ig.cas.ticket.TicketGrantingTicket

But then later:

2015-03-03 07:35:28,003 DEBUG 
[net.sf.ehcache.distribution.RMICacheManagerPeerListener] - 0 RMICachePeers 
bound in registry for RMI listener

And:

2015-03-03 07:35:28,655 DEBUG 
[net.sf.ehcache.distribution.RMIBootstrapCacheLoader] - Attempting to acquire 
cache peers for cache org.jasig.cas.ticket.ServiceTicket to bootstrap from. 
Will wait up to 0ms for cache to join cluster.
2015-03-03 07:35:28,656 DEBUG 
[net.sf.ehcache.distribution.RMICacheManagerPeerListener] - 0 RMICachePeers 
bound in registry for RMI listener

2015-03-03 07:35:28,658 DEBUG 
[net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL 
//cas-dev2.acs.utah.edu:40001/org.jasig.cas.ticket.ServiceTicket
2015-03-03 07:35:28,658 DEBUG 
[net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL 
//cas-dev2.acs.utah.edu:40001/org.jasig.cas.ticket.ServiceTicket

2015-03-03 07:35:28,703 DEBUG 
[net.sf.ehcache.distribution.ManualRMICacheManagerPeerProvider] - Looking up 
rmiUrl //cas-dev2.acs.utah.edu:40001/org.jasig.cas.ticket.ServiceTicket through 
exception org.jasig.cas.ticket.ServiceTicket. This may be normal if a node has 
gone offline. Or it may indicate network connectivity difficulties
java.rmi.NotBoundException: org.jasig.cas.ticket.ServiceTicket
at sun.rmi.registry.RegistryImpl.lookup(RegistryImpl.java:136)
at sun.rmi.registry.RegistryImpl_Skel.dispatch(Unknown Source)

I can successfully telnet from cas-dev1 (where this log trace is from) to 
cas-dev2 port 40001.

The “Will wait up to 0ms” concerns me I guess. So I am back to being lost. I 
will also try a Hazelcast configuration.

-Bryan



From: Marvin Addison [mailto:marvin.addi...@gmail.com]
Sent: Monday, March 02, 2015 12:51 PM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] I am lost... And in desperate need of help

With Prod 3.4.12 and MFA, don’t get the successful login page. I get “page not 
found” in the browser.
Turn the org.jasig.casup to DEBUG and post (sanitized) logs corresponding to 
the 404 error you mentioned.
The error goes away if I take one of the 2 CAS servers offline.
Did you ever solve your ticket registry replication problems? I wouldn't think 
that a "ticket not found" error would cause authentication problems, but this 
sure sounds like some kind of HA config problem.

M




--

You are currently subscribed to 
cas-user@lists.jasig.org as: 
bwoo...@acs.utah.edu

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user



--

You are currently subscribed to 
cas-user@lists.jasig.org as: 
bryan.woo...@utah.edu

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] I am lost... And in desperate need of help

2015-03-03 Thread Bryan Wooten 
Thanks Marv,

This issue has been fixed, the load balancer guy did something… I am not sure 
what.

But now I am back to my registry replication problem.

I see this in my logs:
2015-03-03 07:35:27,937 DEBUG [net.sf.ehcache.util.PropertyUtil] - Value found 
for peerDiscovery:
manual
2015-03-03 07:35:27,937 DEBUG [net.sf.ehcache.util.PropertyUtil] - Value found 
for rmiUrls: //cas
-dev2.acs.utah.edu:40001/org.jasig.cas.ticket.ServiceTicket|//cas-dev2.acs.utah.edu:40001/org.jas
ig.cas.ticket.TicketGrantingTicket

But then later:

2015-03-03 07:35:28,003 DEBUG 
[net.sf.ehcache.distribution.RMICacheManagerPeerListener] - 0 RMICachePeers 
bound in registry for RMI listener

And:

2015-03-03 07:35:28,655 DEBUG 
[net.sf.ehcache.distribution.RMIBootstrapCacheLoader] - Attempting to acquire 
cache peers for cache org.jasig.cas.ticket.ServiceTicket to bootstrap from. 
Will wait up to 0ms for cache to join cluster.
2015-03-03 07:35:28,656 DEBUG 
[net.sf.ehcache.distribution.RMICacheManagerPeerListener] - 0 RMICachePeers 
bound in registry for RMI listener

2015-03-03 07:35:28,658 DEBUG 
[net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL 
//cas-dev2.acs.utah.edu:40001/org.jasig.cas.ticket.ServiceTicket
2015-03-03 07:35:28,658 DEBUG 
[net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL 
//cas-dev2.acs.utah.edu:40001/org.jasig.cas.ticket.ServiceTicket

2015-03-03 07:35:28,703 DEBUG 
[net.sf.ehcache.distribution.ManualRMICacheManagerPeerProvider] - Looking up 
rmiUrl //cas-dev2.acs.utah.edu:40001/org.jasig.cas.ticket.ServiceTicket through 
exception org.jasig.cas.ticket.ServiceTicket. This may be normal if a node has 
gone offline. Or it may indicate network connectivity difficulties
java.rmi.NotBoundException: org.jasig.cas.ticket.ServiceTicket
at sun.rmi.registry.RegistryImpl.lookup(RegistryImpl.java:136)
at sun.rmi.registry.RegistryImpl_Skel.dispatch(Unknown Source)

I can successfully telnet from cas-dev1 (where this log trace is from) to 
cas-dev2 port 40001.

The “Will wait up to 0ms” concerns me I guess. So I am back to being lost. I 
will also try a Hazelcast configuration.

-Bryan



From: Marvin Addison [mailto:marvin.addi...@gmail.com]
Sent: Monday, March 02, 2015 12:51 PM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] I am lost... And in desperate need of help

With Prod 3.4.12 and MFA, don’t get the successful login page. I get “page not 
found” in the browser.
Turn the org.jasig.casup to DEBUG and post (sanitized) logs corresponding to 
the 404 error you mentioned.
The error goes away if I take one of the 2 CAS servers offline.
Did you ever solve your ticket registry replication problems? I wouldn't think 
that a "ticket not found" error would cause authentication problems, but this 
sure sounds like some kind of HA config problem.

M




--

You are currently subscribed to 
cas-user@lists.jasig.org as: 
bwoo...@acs.utah.edu

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Certificates and Active Directory

2015-03-03 Thread Jim Price 
The useStartTLS property is set to false.
Jim

On Tue, Mar 3, 2015 at 8:56 AM, Daniel Fisher  wrote:

> On Tue, Mar 3, 2015 at 8:23 AM, Jim Price 
> wrote:
>
>> Im pretty sure its hostname verification errors because once I uploaded
>> the certificate from the host and used that hostname instead of the ip it
>> worked. And it was always the hostname error i would get.  I thought the
>> AllowAnyHostnameVerifier would work but not sure how to implement that.
>> I'll try putting the different socket factory in the
>> deployerConfigContext.xml and see what happens.
>>
>
> I inferred you are using LDAPS for your connections, if you're using
> startTLS that's a whole different kettle of fish.
>
> --Daniel Fisher
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> jwpr...@georgiasouthern.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Certificates and Active Directory

2015-03-03 Thread Daniel Fisher 
On Tue, Mar 3, 2015 at 8:23 AM, Jim Price 
wrote:

> Im pretty sure its hostname verification errors because once I uploaded
> the certificate from the host and used that hostname instead of the ip it
> worked. And it was always the hostname error i would get.  I thought the
> AllowAnyHostnameVerifier would work but not sure how to implement that.
> I'll try putting the different socket factory in the
> deployerConfigContext.xml and see what happens.
>

I inferred you are using LDAPS for your connections, if you're using
startTLS that's a whole different kettle of fish.

--Daniel Fisher

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Certificates and Active Directory

2015-03-03 Thread Jim Price 
Im pretty sure its hostname verification errors because once I uploaded the
certificate from the host and used that hostname instead of the ip it
worked. And it was always the hostname error i would get.  I thought the
AllowAnyHostnameVerifier would work but not sure how to implement that.
I'll try putting the different socket factory in the
deployerConfigContext.xml and see what happens.
Thanks,
Jim

On Mon, Mar 2, 2015 at 6:39 PM, Daniel Fisher  wrote:

> On Mon, Mar 2, 2015 at 11:02 AM, Jim Price 
> wrote:
>
>> I'm not really a programmer and need a little guidance. Im guessing that
>> ldaptive is brought in by maven as a dependency could you point me in a
>> direction in how this could be overwritten or the method replaced.
>>
>
> I'm not sure if you're tripping over trust errors or hostname verification
> errors.
> Ldaptive injects a custom socket factory if you're using LDAPS to perform
> hostname verification.
> If you want to change that behavior you can tell JNDI to use a specific
> SocketFactory.
> This should get you back to the behavior you had before:
>
>p:sslSocketFactory-ref=“socketFactory” />
>
> 
>
>p:connectionConfig-ref="connectionConfig"
>   p:provider-ref=“provider” />
>
> --Daniel Fisher
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> jwpr...@georgiasouthern.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user