RE: [cas-user] CAS 4.0.0 Production Issue: Heap Memory Issue

[Jaroslav Kacer]

Hi Dave!

We have the same configuration for all nodes. The cleaner is scheduled to run 
20 seconds after the application starts and then periodically once per hour 
(the original value is greater than that: 5000 s).

Because we don’t start the nodes at the same time, the cleaner also runs at 
different time on different nodes. We don’t do any locking or anything like 
that. I think that the cleaner simply removes some tickets locally and then the 
deletions get replicated to other nodes, so they are in fact deleted on those 
other nodes too. But I don’t know the implementation, so I may be wrong on this.

We introduced the cleaner quite recently, so unfortunately I have very little 
real experience it. Should I found something more concerning the cleaner, I 
will post it to this list.

Best Regards,
   Jarda


From: David A. Kovacic [mailto:d...@case.edu]
Sent: 20. November 2014 4:56 odp.
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] CAS 4.0.0 Production Issue: Heap Memory Issue

Hi Jaroslav,

Well, given the error I knew it had to be something like that - I just couldn't 
find where logoutManager was supposed to be defined.  Thanks for pointing me in 
the correct direction. :-)

A couple last questions on your setup:

Are you running the ticket cleaner on multiple nodes of your environment 
simultaneously, or just one?  If you run multiple simultaneous cleaners are you 
doing any kind of locking on the cache to prevent them from stepping on each 
other, or has it never been a problem for you?

Thanks,
Dave


Join IDC beginning October 29, 2014 through January 29, 2015 for:
IDC's 2015 Predictions and IDC FutureScapes Web Conference 
Series
Accelerating Innovation on the 3rd Platform
Register 
Now



-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE:[cas-user] CAs nnot working for us

[Pitonyak, Andrew D]

Are you able to login directly to the CAS server using HTTPS?

My first attempt to set the certificate was because I did not use the same 
password for my store as that used by Tomcat. Finally, I had to export the cert 
so that I could import that Cert into Windows (or Windows prevented it).

Kind of  along shot



From: Chris Cheltenham [cchelten...@swaintechs.com]
Sent: Friday, November 21, 2014 8:34 AM
To: cas-user@lists.jasig.org
Subject: [cas-user] CAs nnot working for us


Hello All Thanks for any help in advance,


We have CAS set up tomcat picks up and logs into CAS via ldap fine.

When we try to process from the web server using mod_auth_cas ,we get this 
error;

>From /var/log/https/ssl_error

How do you  create the cacerts it cannot process?
I copied this from the CAS / tomcat servers cert.



[Fri Nov 21 08:31:33 2014] [error] [client 24.127.129.237] MOD_AUTH_CAS: Could 
not process Certificate Authority: /etc/pki/CA/cacert.pem, referer: 
https://10.153.111.217:8443/cas/login?service=https%3a%2f%2ftest.dcis.hhs.gov%2fnew-web


[cid:image002.png@01D00565.E4D3DCB0]

Thank You,

Chris Cheltenham
SwainTechs / HHS

Cell# 267-586-2369


--
You are currently subscribed to cas-user@lists.jasig.org as: 
pitony...@battelle.org
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] MFA and Self-service Password Reset CAS 4.x

[Jehan Procaccia]

Hello,

as a long time user of CAS (3.x ) , I am concerned now by multifactor 
authentication and Self-service Password Reset

does CAS 4.0 provides those features natively now ?
what do you recommend to perform those features ?
I came accros that projet for CAS 3.5 apparently
http://www.unicon.net/content/unicon-contributes-password-manager-jasig-central-authentication-service-cas-community

what do you recommend ?

thanks  for your help


--
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] initial CAS deployment not working

[Chris Adams]

No, still gives a 404. The cas.log has this, if any help:

2014-11-21 09:03:18,921 ERROR [org.jasig.cas.web.init.SafeContextLoaderListener]
- SafeContextLoaderListener:
The Spring ContextLoaderListener we wrap threw on contextInitialized.
But for our having caught this error, the web application context would not have
initialized.
org.springframework.beans.factory.BeanCreationException: Error creating bean wit
h name 'jobDetailTicketRegistryCleaner' defined in ServletContext resource [/WEB
-INF/spring-configuration/ticketRegistry.xml]: Invocation of init method failed;
nested exception is java.lang.NoSuchMethodError: org.apache.commons.collections
.SetUtils.orderedSet(Ljava/util/Set;)Ljava/util/Set;

From: Scott Battaglia [mailto:scott.battag...@gmail.com]
Sent: Thursday, November 20, 2014 9:01 PM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] initial CAS deployment not working

It looks like CAS was deployed.  Does it work if you go to host:8080/cas/login 
instead of host:8080/cas/ ?

On Thu, Nov 20, 2014 at 6:57 PM, Chris Adams 
mailto:chris.a.ad...@state.or.us>> wrote:
I checked the permssions on the cas.war file and the tomcat user has full 
access to it.

I waded through the logs and there were some entries that might be of some help.

20-Nov-2014 15:46:16.540 WARNING [localhost-startStop-1] org.apache.catalina.loa
der.WebappClassLoaderBase.clearReferencesThreads The web application [cas] appea
rs to have started a thread named [FileWatchdog] but has failed to stop it. This
is very likely to create a memory leak. Stack trace of thread:
java.lang.Thread.sleep(Native Method)
org.apache.log4j.helpers.FileWatchdog.run(FileWatchdog.java:104)

From: Scott Battaglia 
[mailto:scott.battag...@gmail.com]
Sent: Thursday, November 20, 2014 1:05 PM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] initial CAS deployment not working

Have you checked the Tomcat logs for any errors/exceptions?

Cheers,
Scott

On Thu, Nov 20, 2014 at 3:50 PM, Chris Adams 
mailto:chris.a.ad...@state.or.us>> wrote:
Hello,

I am quite new to CAS. I have been plodding along to get this server up and 
running, but have come to a roadblock. At this point, I only want to be able to 
get CAS available via http, for proof of concept.

I have all the components in place and have Tomcat running successfully on port 
8080. Using Maven, I built the WAR file and then moved it into the Tomcat 
webapps folder and started Tomcat.

Tomcat starts up, but I don’t see it referencing the cas.war file and I believe 
it should. Going to the URL:8080/cas/ results in a 404.

I would appreciate if someone could get me on the right track so that I can get 
on to bigger and more fun things.

Many thanks.

--

You are currently subscribed to 
cas-user@lists.jasig.org as: 
scott.battag...@gmail.com

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user




--

You are currently subscribed to 
cas-user@lists.jasig.org as: 
chris.a.ad...@state.or.us

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

--

You are currently subscribed to 
cas-user@lists.jasig.org as: 
scott.battag...@gmail.com

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user




--

You are currently subscribed to 
cas-user@lists.jasig.org as: 
chris.a.ad...@state.or.us

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE:[cas-user] CAs nnot working for us

[Chris Cheltenham]

Hello,

I can log into CAS if I point my browser to CAS via tomcat https, yes.

I believe the issue is mod_auth_cas cacert.pem fials between apache and cas.
I do not know how to make that cert.

 

Thank You,

Chris Cheltenham
SwainTechs / HHS

Cell# 267-586-2369

-Original Message-
From: Pitonyak, Andrew D [mailto:pitony...@battelle.org] 
Sent: Friday, November 21, 2014 10:50 AM
To: cas-user@lists.jasig.org
Subject: RE:[cas-user] CAs nnot working for us

Are you able to login directly to the CAS server using HTTPS?

My first attempt to set the certificate was because I did not use the same 
password for my store as that used by Tomcat. Finally, I had to export the cert 
so that I could import that Cert into Windows (or Windows prevented it).

Kind of  along shot



From: Chris Cheltenham [cchelten...@swaintechs.com]
Sent: Friday, November 21, 2014 8:34 AM
To: cas-user@lists.jasig.org
Subject: [cas-user] CAs nnot working for us


Hello All Thanks for any help in advance,


We have CAS set up tomcat picks up and logs into CAS via ldap fine.

When we try to process from the web server using mod_auth_cas ,we get this 
error;

>From /var/log/https/ssl_error

How do you  create the cacerts it cannot process?
I copied this from the CAS / tomcat servers cert.



[Fri Nov 21 08:31:33 2014] [error] [client 24.127.129.237] MOD_AUTH_CAS: Could 
not process Certificate Authority: /etc/pki/CA/cacert.pem, referer: 
https://10.153.111.217:8443/cas/login?service=https%3a%2f%2ftest.dcis.hhs.gov%2fnew-web


[cid:image002.png@01D00565.E4D3DCB0]

Thank You,

Chris Cheltenham
SwainTechs / HHS

Cell# 267-586-2369


--
You are currently subscribed to cas-user@lists.jasig.org as: 
pitony...@battelle.org To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

--
You are currently subscribed to cas-user@lists.jasig.org as: 
cchelten...@swaintechs.com To unsubscribe, change settings or access archives, 
see http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] how to add classpath resource ?

[Christian Lévesque]

Hi guys, I'm trying to add a resource like this in my config

  


but each time I try to test it, I get redirected to the login page. How to 
exlude path in jasig ?

thanks !

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] json services registry for cas

[Dmitriy Kopylenko]

Just an FYI - I just released the 1.0.0-GA version and put the documentation 
out there: 
https://github.com/unicon-cas-addons/cas-addon-yaml-services-registry/blob/master/README.md
 


Have a great weekend.

Dmitriy.

> On Nov 20, 2014, at 7:01 PM, Dmitriy Kopylenko  wrote:
> 
> Glad that worked for you. It doesn't reload periodically, but on demand when 
> the config file is changed. Look at the beans config that I referenced 
> earlier. The entire config for this machinery is there. 
> 
> Cheers,
> D.
> 
> Sent from my iPhone
> 
>> On Nov 20, 2014, at 18:51, Milt Epstein > > wrote:
>> 
>> Thanks, that did the trick -- I was able install and use the
>> cas-addon-yaml-service-registry package via a dependency in my pom.xml
>> file.  The main problem was that I had used 1.0.0-M1 as the version
>> (that was previously on the package's web page, but looks like you
>> updated it to 1.0.0-RC1).
>> 
>> And looks like it's automatically set up to reload periodically.  Is
>> that controlled by these parameters in cas.properties:
>> 
>> # Service Registry Periodic Reloading Scheduler
>> # service.registry.quartz.reloader.startDelay=12
>> # Reload services every 2 minutes
>> # service.registry.quartz.reloader.repeatInterval=12
>> 
>> (I didn't uncomment these, so it must be using default values.)
>> 
>> And for the core CAS devs, can you address these questions?:
>> 
 Other questions: I assume the CAS-integrated JSON service registry is
 not available for version 4.0, just 4.1?  And when is 4.1 due for
 release?  Is there a candidate ready to be tried now?  How close to
 being ready to go is it?
>>> 
>>> This is the question for core CAS devs ;-)
>> 
>> Thanks.
>> 
>> Milt Epstein
>> Applications Developer
>> Graduate School of Library and Information Science (GSLIS)
>> University of Illinois at Urbana-Champaign (UIUC)
>> mepst...@illinois.edu 
>> 
>> 
>>> On Thu, 20 Nov 2014, Dmitriy Kopylenko wrote:
>>> 
 On Nov 20, 2014, at 1:20 PM, Milt Epstein >>> > wrote:
>> [ ... ]
 But more importantly, it's still not clear how to use/integrate the
 cas-addon-yaml-service-registry package.  Can I put a dependency for
 it in my pom.xml?  I tried something for that, and it didn't work.
 Can I download it and put it into my maven overlay?  I tried
 downloading the master zip, and tried to build that (using gradlew?),
 separately, but it failed.
>>> 
>>> Here’s an example of how to use it (version 1.0.0-RC1 is available in Maven 
>>> central since yesterday):
>>> 
>>> https://github.com/UniconLabs/simple-cas4-overlay-template/blob/micro-addons/pom.xml#L62
>>>  
>>> 
>>>  
>>> >>  
>>> >
>>> 
>>> https://github.com/UniconLabs/simple-cas4-overlay-template/blob/micro-addons/src/main/webapp/WEB-INF/spring-configuration/servicesRegistry.xml
>>>  
>>> >>  
>>> >
>>> 
>>> Note that this config element  
>>> assumes the default location to be: /etc/cas/servicesRegistry.yml Just put 
>>> the file there and you should be good to go.
>>> 
 
 Other questions: I assume the CAS-integrated JSON service registry is
 not available for version 4.0, just 4.1?  And when is 4.1 due for
 release?  Is there a candidate ready to be tried now?  How close to
 being ready to go is it?
>>> 
>>> This is the question for core CAS devs ;-)
>>> 
>>> 
>>> -- 
>>> You are currently subscribed to cas-user@lists.jasig.org 
>>>  as: mepst...@illinois.edu 
>>> 
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user 
>>> 
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org 
>>  as: dkopyle...@unicon.net 
>> 
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user 
>> 

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change