[cas-user] cas jpa-ticket-registry with oauth-webflow javax.persistence.TransactionRequiredException
I am trying to get a jpa-ticket-registry configured for CAS but I'm getting a TransactionRequiredException in CAS when my application tries to verify the login token with CAS. The exception is: javax.persistence.TransactionRequiredException: Executing an update/delete query at org.hibernate.query.internal.AbstractProducedQuery.executeUpdate(AbstractProducedQuery.java:1496) ~[hibernate-core-5.2.17.Final.jar!/:5.2.17.Final] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_192] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_192] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_192] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192] at org.springframework.orm.jpa.SharedEntityManagerCreator$DeferredQueryInvocationHandler.invoke(SharedEntityManagerCreator.java:375) ~[spring-orm-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] at com.sun.proxy.$Proxy216.executeUpdate(Unknown Source) ~[?:?] at org.apereo.cas.ticket.registry.JpaTicketRegistry.deleteSingleTicket(JpaTicketRegistry.java:158) ~[cas-server-support-jpa-ticket-registry-5.3.11.jar!/:5.3.11] at org.apereo.cas.ticket.registry.AbstractTicketRegistry.deleteTicket(AbstractTicketRegistry.java:121) ~[cas-server-core-tickets-api-5.3.11.jar!/:5.3.11] at org.apereo.cas.ticket.registry.AbstractTicketRegistry.deleteTicket(AbstractTicketRegistry.java:98) ~[cas-server-core-tickets-api-5.3.11.jar!/:5.3.11] at org.apereo.cas.ticket.registry.AbstractTicketRegistry$$FastClassBySpringCGLIB$$d3c67a11.invoke() ~[cas-server-core-tickets-api-5.3.11.jar!/:5.3.11] at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) ~[spring-core-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:667) ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] at org.apereo.cas.ticket.registry.JpaTicketRegistry$$EnhancerBySpringCGLIB$$9000de6b.deleteTicket() ~[cas-server-support-jpa-ticket-registry-5.3.11.jar!/:5.3.11] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_192] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_192] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_192] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192] at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) ~[spring-core-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) ~[spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] at com.sun.proxy.$Proxy109.deleteTicket(Unknown Source) ~[?:?] at org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator.generate(OAuth20DefaultTokenGenerator.java:67) ~[cas-server-support-oauth-5.3.11.jar!/:5.3.11] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_192] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_192] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_192] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192] at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) ~[spring-core-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) ~[spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] at com.sun.proxy.$Proxy175.generate(Unknown Source) ~[?:?] at org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController.handleRequest(OAuth20AccessTokenEndpointController.java:119) ~[cas-server-support-oauth-5.3.11.jar!/:5.3.11] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_192] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_192] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_192] at
[cas-user] Re: Logout workflow with Delegated Auth
After more debuging on this problem it seems that the session can't be retrieved whereas all element where saved in the session store. The requestContext doesn't contains any session at the logout process (event if the action is called before the terminateSessionState and so only a new session is available. But cookies are again available ! Where is the problem ? the webflow can't provide a session is there some configuration needed ? Thanks Le jeudi 4 juillet 2019 14:29:47 UTC+2, Julien Gribonvald a écrit : > > To add some informations from my previous message: > - from CAS I have this log : > DEBUG > [org.apereo.cas.web.flow.DelegatedAuthenticationSAML2ClientLogoutAction] - > logout action will be executed.> > > after debugging into the code to find if a client is a SAML2Client a > profile should be provisionned, but it's not the case so it returns each > time a null client. > > What is missing here ? should a profile be provisionned and how in this > case ? Or there is a problem with a wrong check ? > > I could fix that but let me know what is to good way to do. > Thansk > > > Le jeudi 4 juillet 2019 13:16:17 UTC+2, Julien Gribonvald a écrit : >> >> Hi, >> >> I can't find in documentation how the logout should work with delegated >> Authentification (from pac4j module as example). >> >> I'm looking on the workflow when the global logout is initiated from the >> CAS (or from a service to the CAS), is there a way to propagate it to >> the IDP which the user connected ? I can't have this working with a SAML >> IDP whereas metadatas have the SLOLogout url information provided. >> >> Also is it working when the logout request come from the SAML IDP ? >> >> How this should work, what are the requirements ? I'm using the CAS V6 >> master branch. >> >> Thanks, >> >> -- >> Julien Gribonvald >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c1b91b16-da4c-4510-8c96-329243e28151%40apereo.org.
Re: [cas-user] Configure CAS 5.3 with LDAP
Im trying your configuration in my cas And its return javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - BindSimple: Transport encryption required.] And the CAS not loaded. Did I miss something? Im new to CAS, so Im just following new school documentation, how to implement CAS -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b50847c1-dbab-4250-b5ce-713bc8a6cd8b%40apereo.org.
Re: [cas-user] Configure CAS 5.3 with LDAP
> Thank you so much for your answer. But can you guide me where and how to
add selfsign certificate in the keystore file?
>Ive tried use ldap with port 389. CAS is loaded, but when im trying to
login with my username and password its return error. LDAP: error code 8 -
BindSimple: Transport encryption required
On Friday, July 12, 2019 at 2:39:25 PM UTC+7, casuser wrote:
>
> You need to add the self sign certificate in thekeystore file of CAS, also
> check of the port 636 is open or not. Actually you don't need ldaps for cas
> authentication. Bellow is my ldap config which works for me. Check whether
> your ports are open or not.
>
> cas.authn.ldap[0].principalAttributeList
> =sAMAccountName,cn,givenName,memberOf,userPrincipalName,department,title,distinguishedName
> cas.authn.ldap[0].collectDnAttribute=false
> #cas.authn.ldap[0].principalDnAttributeName=sAMAccountName
> # cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
> # cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
> #cas.authn.ldap[0].credentialCriteria=
> cas.authn.ldap[0].ldapUrl=ldap://myldap:389
> cas.authn.ldap[0].bindDn=CN=myldapadmin,OU=admin,DC=example,DC=edu
> cas.authn.ldap[0].bindCredential=mypass
> cas.authn.ldap[0].minPoolSize=3
> cas.authn.ldap[0].maxPoolSize=10
> cas.authn.ldap[0].validateOnCheckout=true
> cas.authn.ldap[0].validatePeriodically=true
> cas.authn.ldap[0].validatePeriod=600
> #cas.authn.ldap[0].validateTimeout=PT5S
> cas.authn.ldap[0].failFast=true
> # cas.authn.ldap[0].idleTime=PT10M
> # cas.authn.ldap[0].prunePeriod=PT2H
> # cas.authn.ldap[0].blockWaitTime=PT3S
> cas.authn.ldap[0].useSsl=false
> cas.authn.ldap[0].useStartTls=false
> #cas.authn.ldap[0].responseTimeout=PT5S
> cas.authn.ldap[0].allowMultipleDns=false
> #cas.authn.ldap[0].name=
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].baseDn=DC=example,DC=edu
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].searchFilter=sAMAccountName={user}
> cas.authn.ldap[0].enhanceWithEntryResolver=true
> #cas.authn.ldap[0].derefAliases=NEVER|SEARCHING|FINDING|ALWAYS
> cas.authn.ldap[0].dnFormat=uid=%s,DC=example,DC=edu
> #cas.authn.ldap[0].principalAttributePassword=
> cas.authn.ldap[0].followReferrals=false
> cas.authn.ldap[0].hostnameVerifier=ANY
>
> On Fri, Jul 12, 2019 at 2:54 PM Alex Samosir > wrote:
>
>> Yes. Because Its in my local PC.
>>
>> On Friday, July 12, 2019 at 8:03:24 AM UTC+7, casuser wrote:
>>>
>>> Are you using a self signed certificate?
>>>
>>>
>>> On Fri, Jul 12, 2019 at 12:12 AM Alex Samosir
>>> wrote:
>>>
Im trying to connect CAS with my LDAP Server. And im following The New
School Tutorial by the way.
But its no luck
Im facing this error
[image: ldaps.png]
Ive already tried that configuration with my LDAP Browser
And its success and connected
[image: ldap browser.png]
[image: LDAP BROWSER SUCCESS.png]
here is my cas.properties
cas.authn.ldap[0].order:0
cas.authn.ldap[0].name: LDAP
cas.authn.ldap[0].type: AUTHENTICATED
cas.authn.ldap[0].ldapUrl: ldaps://10.2.2.64
cas.authn.ldap[0].validatePeriod: 270
#cas.authn.ldap[0].poolPassivator: BIND
cas.authn.ldap[0].searchFilter: cn={user}
cas.authn.ldap[0].baseDn:
cn=Users,DC=app,DC=lkpp,DC=go,DC=id
#cas.authn.ldap[0].dnFormat:
cn=%s,CN=Users,DC=app,DC=lkpp,DC=go,DC=id
cas.authn.ldap[0].bindDn:cn=Administrator,cn=Users,dc=app,dc=lkpp,dc=go,dc=id
cas.authn.ldap[0].bindCredential:
any suggestion what I did wrong?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to cas-...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/17449e07-16ac-4650-8b38-9008603a15de%40apereo.org
.
>>>
>>>
>>> --
>>> -Fazla.
>>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-...@apereo.org .
>> To view
Re: [cas-user] Configure CAS 5.3 with LDAP
You need to add the self sign certificate in thekeystore file of CAS, also
check of the port 636 is open or not. Actually you don't need ldaps for cas
authentication. Bellow is my ldap config which works for me. Check whether
your ports are open or not.
cas.authn.ldap[0].principalAttributeList
=sAMAccountName,cn,givenName,memberOf,userPrincipalName,department,title,distinguishedName
cas.authn.ldap[0].collectDnAttribute=false
#cas.authn.ldap[0].principalDnAttributeName=sAMAccountName
# cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
# cas.authn.ldap[0].allowMissingPrincipalAttributeValue=true
#cas.authn.ldap[0].credentialCriteria=
cas.authn.ldap[0].ldapUrl=ldap://myldap:389
cas.authn.ldap[0].bindDn=CN=myldapadmin,OU=admin,DC=example,DC=edu
cas.authn.ldap[0].bindCredential=mypass
cas.authn.ldap[0].minPoolSize=3
cas.authn.ldap[0].maxPoolSize=10
cas.authn.ldap[0].validateOnCheckout=true
cas.authn.ldap[0].validatePeriodically=true
cas.authn.ldap[0].validatePeriod=600
#cas.authn.ldap[0].validateTimeout=PT5S
cas.authn.ldap[0].failFast=true
# cas.authn.ldap[0].idleTime=PT10M
# cas.authn.ldap[0].prunePeriod=PT2H
# cas.authn.ldap[0].blockWaitTime=PT3S
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].useStartTls=false
#cas.authn.ldap[0].responseTimeout=PT5S
cas.authn.ldap[0].allowMultipleDns=false
#cas.authn.ldap[0].name=
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].baseDn=DC=example,DC=edu
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].searchFilter=sAMAccountName={user}
cas.authn.ldap[0].enhanceWithEntryResolver=true
#cas.authn.ldap[0].derefAliases=NEVER|SEARCHING|FINDING|ALWAYS
cas.authn.ldap[0].dnFormat=uid=%s,DC=example,DC=edu
#cas.authn.ldap[0].principalAttributePassword=
cas.authn.ldap[0].followReferrals=false
cas.authn.ldap[0].hostnameVerifier=ANY
On Fri, Jul 12, 2019 at 2:54 PM Alex Samosir
wrote:
> Yes. Because Its in my local PC.
>
> On Friday, July 12, 2019 at 8:03:24 AM UTC+7, casuser wrote:
>>
>> Are you using a self signed certificate?
>>
>>
>> On Fri, Jul 12, 2019 at 12:12 AM Alex Samosir
>> wrote:
>>
>>> Im trying to connect CAS with my LDAP Server. And im following The New
>>> School Tutorial by the way.
>>> But its no luck
>>> Im facing this error
>>>
>>> [image: ldaps.png]
>>>
>>>
>>>
>>> Ive already tried that configuration with my LDAP Browser
>>> And its success and connected
>>>
>>>
>>> [image: ldap browser.png]
>>>
>>> [image: LDAP BROWSER SUCCESS.png]
>>> here is my cas.properties
>>>
>>> cas.authn.ldap[0].order:0
>>> cas.authn.ldap[0].name: LDAP
>>> cas.authn.ldap[0].type: AUTHENTICATED
>>> cas.authn.ldap[0].ldapUrl: ldaps://10.2.2.64
>>> cas.authn.ldap[0].validatePeriod: 270
>>> #cas.authn.ldap[0].poolPassivator: BIND
>>> cas.authn.ldap[0].searchFilter: cn={user}
>>> cas.authn.ldap[0].baseDn:
>>> cn=Users,DC=app,DC=lkpp,DC=go,DC=id
>>> #cas.authn.ldap[0].dnFormat:
>>> cn=%s,CN=Users,DC=app,DC=lkpp,DC=go,DC=id
>>>
>>> cas.authn.ldap[0].bindDn:cn=Administrator,cn=Users,dc=app,dc=lkpp,dc=go,dc=id
>>> cas.authn.ldap[0].bindCredential:
>>>
>>> any suggestion what I did wrong?
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/17449e07-16ac-4650-8b38-9008603a15de%40apereo.org
>>>
>>> .
>>>
>>
>>
>> --
>> -Fazla.
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/79e4a05b-07ab-4ca6-abae-ca5095edd10a%40apereo.org
>
> .
>
--
-Fazla.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from
Re: [cas-user] Configure CAS 5.3 with LDAP
Yes. Because Its in my local PC.
On Friday, July 12, 2019 at 8:03:24 AM UTC+7, casuser wrote:
>
> Are you using a self signed certificate?
>
>
> On Fri, Jul 12, 2019 at 12:12 AM Alex Samosir > wrote:
>
>> Im trying to connect CAS with my LDAP Server. And im following The New
>> School Tutorial by the way.
>> But its no luck
>> Im facing this error
>>
>> [image: ldaps.png]
>>
>>
>>
>> Ive already tried that configuration with my LDAP Browser
>> And its success and connected
>>
>>
>> [image: ldap browser.png]
>>
>> [image: LDAP BROWSER SUCCESS.png]
>> here is my cas.properties
>>
>> cas.authn.ldap[0].order:0
>> cas.authn.ldap[0].name: LDAP
>> cas.authn.ldap[0].type: AUTHENTICATED
>> cas.authn.ldap[0].ldapUrl: ldaps://10.2.2.64
>> cas.authn.ldap[0].validatePeriod: 270
>> #cas.authn.ldap[0].poolPassivator: BIND
>> cas.authn.ldap[0].searchFilter: cn={user}
>> cas.authn.ldap[0].baseDn:
>> cn=Users,DC=app,DC=lkpp,DC=go,DC=id
>> #cas.authn.ldap[0].dnFormat:
>> cn=%s,CN=Users,DC=app,DC=lkpp,DC=go,DC=id
>>
>> cas.authn.ldap[0].bindDn:cn=Administrator,cn=Users,dc=app,dc=lkpp,dc=go,dc=id
>> cas.authn.ldap[0].bindCredential:
>>
>> any suggestion what I did wrong?
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-...@apereo.org .
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/17449e07-16ac-4650-8b38-9008603a15de%40apereo.org
>>
>>
>> .
>>
>
>
> --
> -Fazla.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/79e4a05b-07ab-4ca6-abae-ca5095edd10a%40apereo.org.
