RE: [cas-user] I am lost... And in desperate need of help
Thanks Marv, This issue has been fixed, the load balancer guy did something… I am not sure what. But now I am back to my registry replication problem. I see this in my logs: 2015-03-03 07:35:27,937 DEBUG [net.sf.ehcache.util.PropertyUtil] - Value found for peerDiscovery: manual 2015-03-03 07:35:27,937 DEBUG [net.sf.ehcache.util.PropertyUtil] - Value found for rmiUrls: //cas -dev2.acs.utah.edu:40001/org.jasig.cas.ticket.ServiceTicket|//cas-dev2.acs.utah.edu:40001/org.jas ig.cas.ticket.TicketGrantingTicket But then later: 2015-03-03 07:35:28,003 DEBUG [net.sf.ehcache.distribution.RMICacheManagerPeerListener] - 0 RMICachePeers bound in registry for RMI listener And: 2015-03-03 07:35:28,655 DEBUG [net.sf.ehcache.distribution.RMIBootstrapCacheLoader] - Attempting to acquire cache peers for cache org.jasig.cas.ticket.ServiceTicket to bootstrap from. Will wait up to 0ms for cache to join cluster. 2015-03-03 07:35:28,656 DEBUG [net.sf.ehcache.distribution.RMICacheManagerPeerListener] - 0 RMICachePeers bound in registry for RMI listener 2015-03-03 07:35:28,658 DEBUG [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL //cas-dev2.acs.utah.edu:40001/org.jasig.cas.ticket.ServiceTicket 2015-03-03 07:35:28,658 DEBUG [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL //cas-dev2.acs.utah.edu:40001/org.jasig.cas.ticket.ServiceTicket 2015-03-03 07:35:28,703 DEBUG [net.sf.ehcache.distribution.ManualRMICacheManagerPeerProvider] - Looking up rmiUrl //cas-dev2.acs.utah.edu:40001/org.jasig.cas.ticket.ServiceTicket through exception org.jasig.cas.ticket.ServiceTicket. This may be normal if a node has gone offline. Or it may indicate network connectivity difficulties java.rmi.NotBoundException: org.jasig.cas.ticket.ServiceTicket at sun.rmi.registry.RegistryImpl.lookup(RegistryImpl.java:136) at sun.rmi.registry.RegistryImpl_Skel.dispatch(Unknown Source) I can successfully telnet from cas-dev1 (where this log trace is from) to cas-dev2 port 40001. The “Will wait up to 0ms” concerns me I guess. So I am back to being lost. I will also try a Hazelcast configuration. -Bryan From: Marvin Addison [mailto:marvin.addi...@gmail.com] Sent: Monday, March 02, 2015 12:51 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] I am lost... And in desperate need of help With Prod 3.4.12 and MFA, don’t get the successful login page. I get “page not found” in the browser. Turn the org.jasig.casup to DEBUG and post (sanitized) logs corresponding to the 404 error you mentioned. The error goes away if I take one of the 2 CAS servers offline. Did you ever solve your ticket registry replication problems? I wouldn't think that a ticket not found error would cause authentication problems, but this sure sounds like some kind of HA config problem. M -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: bwoo...@acs.utah.edumailto:bwoo...@acs.utah.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] I am lost... And in desperate need of help
Bryan, welcome to the club of the happy Hazelcast users! ;-) Cheers, D. On Mar 3, 2015, at 11:24 AM, Bryan Wooten bryan.woo...@utah.edu wrote: I closing this issue down. I got everything to work with Hazelcast. So goodbye ehcache… It just isn’t worth trying figure out what is wrong with it. Thanks, Bryan From: Bryan Wooten [mailto:bryan.woo...@utah.edu mailto:bryan.woo...@utah.edu] Sent: Tuesday, March 03, 2015 8:21 AM To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org Subject: RE: [cas-user] I am lost... And in desperate need of help Thanks Marv, This issue has been fixed, the load balancer guy did something… I am not sure what. But now I am back to my registry replication problem. I see this in my logs: 2015-03-03 07:35:27,937 DEBUG [net.sf.ehcache.util.PropertyUtil] - Value found for peerDiscovery: manual 2015-03-03 07:35:27,937 DEBUG [net.sf.ehcache.util.PropertyUtil] - Value found for rmiUrls: //cas -dev2.acs.utah.edu http://dev2.acs.utah.edu/:40001/org.jasig.cas.ticket.ServiceTicket|//cas-dev2.acs.utah.edu http://cas-dev2.acs.utah.edu/:40001/org.jas ig.cas.ticket.TicketGrantingTicket But then later: 2015-03-03 07:35:28,003 DEBUG [net.sf.ehcache.distribution.RMICacheManagerPeerListener] - 0 RMICachePeers bound in registry for RMI listener And: 2015-03-03 07:35:28,655 DEBUG [net.sf.ehcache.distribution.RMIBootstrapCacheLoader] - Attempting to acquire cache peers for cache org.jasig.cas.ticket.ServiceTicket to bootstrap from. Will wait up to 0ms for cache to join cluster. 2015-03-03 07:35:28,656 DEBUG [net.sf.ehcache.distribution.RMICacheManagerPeerListener] - 0 RMICachePeers bound in registry for RMI listener 2015-03-03 07:35:28,658 DEBUG [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL //cas-dev2.acs.utah.edu http://cas-dev2.acs.utah.edu/:40001/org.jasig.cas.ticket.ServiceTicket 2015-03-03 07:35:28,658 DEBUG [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL //cas-dev2.acs.utah.edu http://cas-dev2.acs.utah.edu/:40001/org.jasig.cas.ticket.ServiceTicket 2015-03-03 07:35:28,703 DEBUG [net.sf.ehcache.distribution.ManualRMICacheManagerPeerProvider] - Looking up rmiUrl //cas-dev2.acs.utah.edu http://cas-dev2.acs.utah.edu/:40001/org.jasig.cas.ticket.ServiceTicket through exception org.jasig.cas.ticket.ServiceTicket. This may be normal if a node has gone offline. Or it may indicate network connectivity difficulties java.rmi.NotBoundException: org.jasig.cas.ticket.ServiceTicket at sun.rmi.registry.RegistryImpl.lookup(RegistryImpl.java:136) at sun.rmi.registry.RegistryImpl_Skel.dispatch(Unknown Source) I can successfully telnet from cas-dev1 (where this log trace is from) to cas-dev2 port 40001. The “Will wait up to 0ms” concerns me I guess. So I am back to being lost. I will also try a Hazelcast configuration. -Bryan From: Marvin Addison [mailto:marvin.addi...@gmail.com mailto:marvin.addi...@gmail.com] Sent: Monday, March 02, 2015 12:51 PM To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org Subject: Re: [cas-user] I am lost... And in desperate need of help With Prod 3.4.12 and MFA, don’t get the successful login page. I get “page not found” in the browser. Turn the org.jasig.casup to DEBUG and post (sanitized) logs corresponding to the 404 error you mentioned. The error goes away if I take one of the 2 CAS servers offline. Did you ever solve your ticket registry replication problems? I wouldn't think that a ticket not found error would cause authentication problems, but this sure sounds like some kind of HA config problem. M -- You are currently subscribed to cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org as: bwoo...@acs.utah.edu mailto:bwoo...@acs.utah.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org as: bryan.woo...@utah.edu mailto:bryan.woo...@utah.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org as: dkopyle...@unicon.net mailto:dkopyle...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] I am lost... And in desperate need of help
I closing this issue down. I got everything to work with Hazelcast. So goodbye ehcache… It just isn’t worth trying figure out what is wrong with it. Thanks, Bryan From: Bryan Wooten [mailto:bryan.woo...@utah.edu] Sent: Tuesday, March 03, 2015 8:21 AM To: cas-user@lists.jasig.org Subject: RE: [cas-user] I am lost... And in desperate need of help Thanks Marv, This issue has been fixed, the load balancer guy did something… I am not sure what. But now I am back to my registry replication problem. I see this in my logs: 2015-03-03 07:35:27,937 DEBUG [net.sf.ehcache.util.PropertyUtil] - Value found for peerDiscovery: manual 2015-03-03 07:35:27,937 DEBUG [net.sf.ehcache.util.PropertyUtil] - Value found for rmiUrls: //cas -dev2.acs.utah.edu:40001/org.jasig.cas.ticket.ServiceTicket|//cas-dev2.acs.utah.edu:40001/org.jas ig.cas.ticket.TicketGrantingTicket But then later: 2015-03-03 07:35:28,003 DEBUG [net.sf.ehcache.distribution.RMICacheManagerPeerListener] - 0 RMICachePeers bound in registry for RMI listener And: 2015-03-03 07:35:28,655 DEBUG [net.sf.ehcache.distribution.RMIBootstrapCacheLoader] - Attempting to acquire cache peers for cache org.jasig.cas.ticket.ServiceTicket to bootstrap from. Will wait up to 0ms for cache to join cluster. 2015-03-03 07:35:28,656 DEBUG [net.sf.ehcache.distribution.RMICacheManagerPeerListener] - 0 RMICachePeers bound in registry for RMI listener 2015-03-03 07:35:28,658 DEBUG [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL //cas-dev2.acs.utah.edu:40001/org.jasig.cas.ticket.ServiceTicket 2015-03-03 07:35:28,658 DEBUG [net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - Lookup URL //cas-dev2.acs.utah.edu:40001/org.jasig.cas.ticket.ServiceTicket 2015-03-03 07:35:28,703 DEBUG [net.sf.ehcache.distribution.ManualRMICacheManagerPeerProvider] - Looking up rmiUrl //cas-dev2.acs.utah.edu:40001/org.jasig.cas.ticket.ServiceTicket through exception org.jasig.cas.ticket.ServiceTicket. This may be normal if a node has gone offline. Or it may indicate network connectivity difficulties java.rmi.NotBoundException: org.jasig.cas.ticket.ServiceTicket at sun.rmi.registry.RegistryImpl.lookup(RegistryImpl.java:136) at sun.rmi.registry.RegistryImpl_Skel.dispatch(Unknown Source) I can successfully telnet from cas-dev1 (where this log trace is from) to cas-dev2 port 40001. The “Will wait up to 0ms” concerns me I guess. So I am back to being lost. I will also try a Hazelcast configuration. -Bryan From: Marvin Addison [mailto:marvin.addi...@gmail.com] Sent: Monday, March 02, 2015 12:51 PM To: cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org Subject: Re: [cas-user] I am lost... And in desperate need of help With Prod 3.4.12 and MFA, don’t get the successful login page. I get “page not found” in the browser. Turn the org.jasig.casup to DEBUG and post (sanitized) logs corresponding to the 404 error you mentioned. The error goes away if I take one of the 2 CAS servers offline. Did you ever solve your ticket registry replication problems? I wouldn't think that a ticket not found error would cause authentication problems, but this sure sounds like some kind of HA config problem. M -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: bwoo...@acs.utah.edumailto:bwoo...@acs.utah.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: bryan.woo...@utah.edumailto:bryan.woo...@utah.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Certificates and Active Directory
Im pretty sure its hostname verification errors because once I uploaded the certificate from the host and used that hostname instead of the ip it worked. And it was always the hostname error i would get. I thought the AllowAnyHostnameVerifier would work but not sure how to implement that. I'll try putting the different socket factory in the deployerConfigContext.xml and see what happens. Thanks, Jim On Mon, Mar 2, 2015 at 6:39 PM, Daniel Fisher dfis...@vt.edu wrote: On Mon, Mar 2, 2015 at 11:02 AM, Jim Price jwpr...@georgiasouthern.edu wrote: I'm not really a programmer and need a little guidance. Im guessing that ldaptive is brought in by maven as a dependency could you point me in a direction in how this could be overwritten or the method replaced. I'm not sure if you're tripping over trust errors or hostname verification errors. Ldaptive injects a custom socket factory if you're using LDAPS to perform hostname verification. If you want to change that behavior you can tell JNDI to use a specific SocketFactory. This should get you back to the behavior you had before: bean id=“socketFactory” class=org.ldaptive.ssl.TLSSocketFactory” / bean id=“providerConfig” class=org.ldaptive.provider.jndi.JndiProviderConfig” p:sslSocketFactory-ref=“socketFactory” / bean id=“provider” class=org.ldaptive.provider.jndi.JndiProvider” p:providerConfig-ref=“providerConfig / bean id=connectionFactory class=org.ldaptive.DefaultConnectionFactory p:connectionConfig-ref=connectionConfig p:provider-ref=“provider” / --Daniel Fisher -- You are currently subscribed to cas-user@lists.jasig.org as: jwpr...@georgiasouthern.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Trouble with Auditing Configuration
Hi, Thanks that did the trick I forgot to define the p-namespace. ___ Juan Quintanilla jquin...@fiu.edumailto:jquin...@fiu.edu From: Scott Battaglia scott.battag...@gmail.com Sent: Monday, March 2, 2015 9:16 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] Trouble with Auditing Configuration Did you define the p-namespace? http://docs.spring.io/spring/docs/current/spring-framework-reference/html/beans.html#beans-p-namespacehttps://urldefense.proofpoint.com/v2/url?u=http-3A__docs.spring.io_spring_docs_current_spring-2Dframework-2Dreference_html_beans.html-23beans-2Dp-2Dnamespaced=AwMFaQc=1QsCMERiq7JOmEnKpsSyjgr=NauC5-J1X4CCd25sdSxQCAm=NLXjHfY-o3jCcBE4JSE-p7ItiYog6EA-2MW74bpGRsss=be1eoNDEGksY7uXf3SMcgkdpV0d88g71pCUDD7EpND4e= Cheers, Scott On Mon, Mar 2, 2015 at 5:33 PM, Juan Quintanilla jquin...@fiu.edumailto:jquin...@fiu.edu wrote: Hi, Trying to configure auditing for CAS 3.5.3 to an oracle database, I configured the tables and modified the auditTrailContext.xml file to include the necessary lines but when I startup tomcat I encounter the following error: [/WEB-INF/spring-configuration/auditTrailContext.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 164; columnNumber: 110; The prefix p for attribute p:dataSource-ref associated with an element type bean is not bound. I verified that I have the dataSource bean defined in my deployer configuration, so I just wanted to see if someone has encountered a similar error. Below is a snippet of the auditTrailContext.xml file: bean id=inspektrTransactionManager class=org.springframework.jdbc.datasource.DataSourceTransactionManager p:dataSource-ref=dataSource / bean id=inspektrTransactionTemplate class=org.springframework.transaction.support.TransactionTemplate p:transactionManager-ref=inspektrTransactionManager p:isolationLevelName=ISOLATION_READ_COMMITTED p:propagationBehaviorName=PROPAGATION_REQUIRED / !-- For audit table cleaning -- bean id=auditTrailManager class=com.github.inspektr.audit.support.JdbcAuditTrailManager constructor-arg index=0 ref=inspektrTransactionTemplate / property name=dataSource ref=dataSource / property name=cleanupCriteria ref=auditCleanupCriteria / /bean bean id=auditCleanupCriteria class=com.github.inspektr.audit.support.MaxAgeWhereClauseMatchCriteria constructor-arg index=0 value=90 / /bean ___ Juan Quintanilla jquin...@fiu.edumailto:jquin...@fiu.edu You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: jquin...@fiu.edumailto:jquin...@fiu.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-userhttps://urldefense.proofpoint.com/v2/url?u=http-3A__www.ja-2Dsig.org_wiki_display_JSG_cas-2Duserd=AwMFaQc=1QsCMERiq7JOmEnKpsSyjgr=NauC5-J1X4CCd25sdSxQCAm=NLXjHfY-o3jCcBE4JSE-p7ItiYog6EA-2MW74bpGRsss=tF6pEhXMtdkbIzaS-45j5xch-hZSjqgDenjJc5e2vZwe= -- You are currently subscribed to cas-user@lists.jasig.orgmailto:cas-user@lists.jasig.org as: scott.battag...@gmail.commailto:scott.battag...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-userhttps://urldefense.proofpoint.com/v2/url?u=http-3A__www.ja-2Dsig.org_wiki_display_JSG_cas-2Duserd=AwMFaQc=1QsCMERiq7JOmEnKpsSyjgr=NauC5-J1X4CCd25sdSxQCAm=NLXjHfY-o3jCcBE4JSE-p7ItiYog6EA-2MW74bpGRsss=tF6pEhXMtdkbIzaS-45j5xch-hZSjqgDenjJc5e2vZwe= -- You are currently subscribed to cas-user@lists.jasig.org as: jquin...@fiu.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re:[cas-user] Can we use sAMAAcountName for single-step authentication without needing to know DN
Thanks. I might not get to work on this for a few weeks, but will post back when I have some results. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Certificates and Active Directory
On Tue, Mar 3, 2015 at 8:23 AM, Jim Price jwpr...@georgiasouthern.edu wrote: Im pretty sure its hostname verification errors because once I uploaded the certificate from the host and used that hostname instead of the ip it worked. And it was always the hostname error i would get. I thought the AllowAnyHostnameVerifier would work but not sure how to implement that. I'll try putting the different socket factory in the deployerConfigContext.xml and see what happens. I inferred you are using LDAPS for your connections, if you're using startTLS that's a whole different kettle of fish. --Daniel Fisher -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Certificates and Active Directory
The useStartTLS property is set to false. Jim On Tue, Mar 3, 2015 at 8:56 AM, Daniel Fisher dfis...@vt.edu wrote: On Tue, Mar 3, 2015 at 8:23 AM, Jim Price jwpr...@georgiasouthern.edu wrote: Im pretty sure its hostname verification errors because once I uploaded the certificate from the host and used that hostname instead of the ip it worked. And it was always the hostname error i would get. I thought the AllowAnyHostnameVerifier would work but not sure how to implement that. I'll try putting the different socket factory in the deployerConfigContext.xml and see what happens. I inferred you are using LDAPS for your connections, if you're using startTLS that's a whole different kettle of fish. --Daniel Fisher -- You are currently subscribed to cas-user@lists.jasig.org as: jwpr...@georgiasouthern.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user