[cas-user] Re: AbstractServicesManager.findServiceBy called to many times( 17 times) for login
Actually its 24 times for each service request. On Monday, December 17, 2018 at 1:39:59 PM UTC-8, Mr Rao wrote: > > Hi, > I would like to implement my custom serviceManager to create a Service > based on passed in Service object/id on the fly since we do not want to go > through all services for every login to find matching service. > > When I was implementing this I noticed > that AbstractServicesManager.findServiceBy called 17 times for a single > login, is that normal? > > Thanks > > Rao > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b27bf3cc-cf0d-4608-b100-0f143c3baa39%40apereo.org.
[cas-user] Re: Cas 5.2 Cas-gradle-overlay, command explodeWar doesn't work
/necromancing
I just spent some time trying to use the gradle explodeWar command with
5.3.2, and the below fixes appear to still be needed. When I get a complete
working overlay, I plan to try and update the build files for 5.3 - any
tips welcome.
cheers,
Jac
On Friday, December 22, 2017 at 2:36:10 AM UTC-8, Francis wrote:
>
> Hi,
>
> On the cas v5.2 with gradle, the command ./gradlew clean run explodeWar
> doesn't seem to do anything.
>
> After investigation, the problem is that the cas.war is not working
> properly, and the command zipTree in gradle doesn't create the fileTree
> that is used by the command explodeWar.
>
> When trying to extract with the command "jar xvf cas.war", nothing happen.
> When extracting with "unzip cas.war" it is working, but the command "zip
> -sf cas.war" signal that the zip/war is malformed
>
> $ zip -sf cas.war
> zip warning: expected 653 entries but found 80
> zip error: Zip file structure invalid (cas.war)
>
> I found another file cas.war.original, generated by gradle, the difference
> between both is the tomcat inside.
>
> So I modified temporarily the explodeWar command :
>
> I replaced into explodeWar in cas/build.gradle
> from zipTree(project.war.outputs.files.singleFile)
>
> by this :
> from zipTree(project.war.outputs.files.singleFile.toString() +
> ".original")
>
>
> At the same time, the copy function is not working either:
>
> task explodeWar(type: Copy, group: "build", description: "Explodes the
> cas.war") {
> from zipTree(project.war.outputs.files.singleFile.toString() +
> ".original")
> into "${buildDir}/cas"
> doLast{
> logger.info "CAS web application artifact exploded into
> [cas/build/cas]"
> }
> }
>
> How to use copy command:
> https://stackoverflow.com/questions/20249194/dynamically-created-task-of-type-copy-is-always-up-to-date?answertab=active#tab-top
>
> It is said:
>
>> A Copy task only gets executed if it has something to copy. Telling it
>> what to copy is part of configuring the task, and therefore needs to be
>> done in the *configuration phase*, rather than the *execution phase*.
>
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/15445994-f117-40fb-8c52-e04c5a963043%40apereo.org.
[cas-user] Re: AbstractServicesManager.findServiceBy called to many times( 17 times) for login
This is cas 5.2.3 version. On Monday, December 17, 2018 at 1:39:59 PM UTC-8, Mr Rao wrote: > > Hi, > I would like to implement my custom serviceManager to create a Service > based on passed in Service object/id on the fly since we do not want to go > through all services for every login to find matching service. > > When I was implementing this I noticed > that AbstractServicesManager.findServiceBy called 17 times for a single > login, is that normal? > > Thanks > > Rao > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/eca4d677-5c6d-48d5-9214-3d747784bf92%40apereo.org.
[cas-user] AbstractServicesManager.findServiceBy called to many times( 17 times) for login
Hi, I would like to implement my custom serviceManager to create a Service based on passed in Service object/id on the fly since we do not want to go through all services for every login to find matching service. When I was implementing this I noticed that AbstractServicesManager.findServiceBy called 17 times for a single login, is that normal? Thanks Rao -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a8f40409-fe67-4941-a1ec-6b7dae845509%40apereo.org.
Re: [cas-user] How to disable CasMetricsConfiguration in CAS 5.2.3?
Thanks, Ray. Rao. On Wednesday, December 12, 2018 at 2:55:32 PM UTC-8, rbon wrote: > > By 'application log files', do you mean catalina.out? > > First make sure you are editing the correct file. You can force a > particular file with a setting like this in cas.properties: > > logging.config: file:/home/uvtomcat/config/log4j2.xml > > Perhaps there is a more general logger that picks up the perStatsLogger. > In the logger definition 'additivity="false"' prevents other loggers from > also processing the messages. _BUT_ you must have an AppenderRef defined; > if not the root logger (typically console => catalina.out) will take over. > In other words, you have to comment out the logger, as below, not just the > appender ref. > > Ray > > On Wed, 2018-12-12 at 14:03 -0800, Mr Rao wrote: > > Thanks for your response. I tried commenting out and it started routing > the logs to application log files which didn't solve the issue. > > > > On Wednesday, December 12, 2018 at 9:28:43 AM UTC-8, Jon Anderson wrote: > > I fought with the same issue a few months ago, and I did not figure out > how to suppress that log. I'm pretty sure that I tried commenting out the > log4j entry as well as other tweaks, but nothing worked for me. If it works > I'll have to try again... > > Jon > -- > *From:* cas-...@apereo.org [cas-...@apereo.org] on behalf of Ray Bon [ > rb...@uvic.ca] > *Sent:* Wednesday, December 12, 2018 11:10 AM > *To:* cas-...@apereo.org > *Subject:* Re: [cas-user] How to disable CasMetricsConfiguration in CAS > 5.2.3? > > Rao, > > You can comment it out in log4j2.xml: > > > > > Ray > > On Tue, 2018-12-11 at 18:32 -0800, Mr Rao wrote: > > Hi, > We have decided to disable CasMetricsConfiguration I couldn't find > property in cas.properties file to disable this? > > I do not want any perfStatsLogger at all. Any help is greatly > appreciated. This is filling up log files/disk space. > > > Thanks > Rao > > > 018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.non-heap.used, value=105554216 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Code-Cache.committed, value=11108352 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Code-Cache.init, value=163840 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Code-Cache.max, value=33554432 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Code-Cache.usage, value=0.1809825897216797 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Code-Cache.used, value=6072768 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Eden-Space.committed, value=143130624 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Eden-Space.init, value=4521984 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Eden-Space.max, value=143130624 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Eden-Space.usage, value=0.34437706356956843 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Eden-Space.used, value=49290904 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Eden-Space.used-after-gc, value=0 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Metaspace.committed, value=100773888 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Metaspace.init, value=0 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Metaspace.max, value=-1 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Metaspace.usage, value=0.9871748522791935 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Metaspace.used, value=99481448 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Survivor-Space.committed, value=17891328 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Survivor-Space.init, value=524288 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Survivor-Space.max, value=17891328 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Survivor-Space.usage, value=0.20750611692994506 > 2018-12-11 18:22:13,666 severity=INFO, class=perfStatsLogger, type=GAUGE, > name=jvm.memory.pools.Survivor-Space.used, value=3712560 > 2018-12-11 18:22:13,666
Re: [cas-user] Re: CAS 5.2.x as IDP using SAML 2.0
Ray, Thanks for your help :) I've already tried this solution, and more (the cert has been uploaded to every keystore found on the system). The solution was to create a new keystore dedicated the cas client, and uploading the cert inside : cas.httpClient.truststore.psw=x cas.httpClient.truststore.file=file:/etc/cas/config/truststore-cas-client.jks Sam On Monday, December 17, 2018 at 7:06:07 PM UTC+1, rbon wrote: > > Samuel, > > You may have to install the certificate in the java keystore. > https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html > > Ray > > On Sun, 2018-12-16 at 11:36 -0800, Samuel Garçon wrote: > > Hi, > > I have exaclty the same problem. > I'm running 5.3.7-SNAPSHOT. > I have tried to uploading cert from the SP (SalesForce Request Signing > Certificate) inside the tomcate keystore, it's not working. > > Have you found a solution ? > > Sam > > On Monday, April 23, 2018 at 2:12:48 PM UTC+2, David Curry wrote: > > Ah, cryptography errors. My favorite. :-) > > The problem here is that the server cannot validate the certification path > on some SSL certificate it's been given. Of course, Java being Java, the > error message isn't helpful enough to tell you which one. It could be its > own certificate, or it could be the certificate of the client that's > connecting to it. If the server is working with other services, then it's > somewhat more likely that the problem is with the client's certificate, not > the server's. > > Suggestions: > >1. Edit log4j2.xml and set the logging level for java.net.ssl and/or >sun.security.provider to "debug". It might give you more useful > information. >2. Make sure the client's host name (the one it's claiming to be, >which may not be the same one the operating system is using) matches the >host name in the client's SSL certificate. >3. Make sure the server's host name (the one it's claiming to be, >which may not be the same one the operating system is using) matches the >host name in the server's SSL certificate. >4. Check the URLs being used, including what's showing up in the >?service= parameters and whatever's being sent along in the SAML metadata, >are using the correct host names from (2) and/or (3). > > Debugging these errors is a pain in the butt. There's no help for it but > patience and persistence, unfortunately. > > --Dave > > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR OF INFORMATION SECURITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 212 229-5300 x4728 • david.cu...@newschool.edu > > [image: The New School] > > On Mon, Apr 23, 2018 at 4:35 AM, Jay wrote: > > Yes Dave, I did. > > But initially I had the entries in the json file i had already. But had to > move it to separate file as it was not reading the entry. > > I got the login screen and when I entered the credentials as > casuser/Mellon, i see below error. > > java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:458) > at > org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) > at > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) > at > org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController.validateRequestAndBuildCasAssertion(SSOSamlProfileCallbackHandlerController.java:134) > at > org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController.handleCallbackProfileRequest(SSOSamlProfileCallbackHandlerController.java:100) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:483) > at > org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) > at > org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > at > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673) > at > org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController$$EnhancerBySpringCGLIB$$2c28306b.handleCallbackProfileRequest() > at
Re: [cas-user] Re: CAS 5.2.x as IDP using SAML 2.0
Samuel, You may have to install the certificate in the java keystore. https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html Ray On Sun, 2018-12-16 at 11:36 -0800, Samuel Garçon wrote: Hi, I have exaclty the same problem. I'm running 5.3.7-SNAPSHOT. I have tried to uploading cert from the SP (SalesForce Request Signing Certificate) inside the tomcate keystore, it's not working. Have you found a solution ? Sam On Monday, April 23, 2018 at 2:12:48 PM UTC+2, David Curry wrote: Ah, cryptography errors. My favorite. :-) The problem here is that the server cannot validate the certification path on some SSL certificate it's been given. Of course, Java being Java, the error message isn't helpful enough to tell you which one. It could be its own certificate, or it could be the certificate of the client that's connecting to it. If the server is working with other services, then it's somewhat more likely that the problem is with the client's certificate, not the server's. Suggestions: 1. Edit log4j2.xml and set the logging level for java.net.ssl and/or sun.security.provider to "debug". It might give you more useful information. 2. Make sure the client's host name (the one it's claiming to be, which may not be the same one the operating system is using) matches the host name in the client's SSL certificate. 3. Make sure the server's host name (the one it's claiming to be, which may not be the same one the operating system is using) matches the host name in the server's SSL certificate. 4. Check the URLs being used, including what's showing up in the ?service= parameters and whatever's being sent along in the SAML metadata, are using the correct host names from (2) and/or (3). Debugging these errors is a pain in the butt. There's no help for it but patience and persistence, unfortunately. --Dave -- DAVID A. CURRY, CISSP DIRECTOR OF INFORMATION SECURITY INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu [The New School] On Mon, Apr 23, 2018 at 4:35 AM, Jay > wrote: Yes Dave, I did. But initially I had the entries in the json file i had already. But had to move it to separate file as it was not reading the entry. I got the login screen and when I entered the credentials as casuser/Mellon, i see below error. java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:458) at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) at org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController.validateRequestAndBuildCasAssertion(SSOSamlProfileCallbackHandlerController.java:134) at org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController.handleCallbackProfileRequest(SSOSamlProfileCallbackHandlerController.java:100) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673) at org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlProfileCallbackHandlerController$$EnhancerBySpringCGLIB$$2c28306b.handleCallbackProfileRequest() at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133) at
