[cas-user] Removing TicketRegistry database tables
We are trying to remove all database dependencies from our CAS installation, and I noticed that a couple of tables related to the ticket registry are getting created in the database on startup - lock, SERVICETICKET, and TICKETGRANTINGTICKET. We now use the Hazelcast ticket registry, so these aren't being used. Where can I safely remove the references to these tables? We are using the WAR overlay method. Thanks! -Adam -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Removing TicketRegistry database tables
You might want to check and delete any traces of ‘entityManagerFactory’, ‘dataSource’ bean definitions from your overlay’s app ctx configs, etc. D. On Mar 23, 2015, at 11:17 AM, Adam Causey apcau...@vcu.edu wrote: We are trying to remove all database dependencies from our CAS installation, and I noticed that a couple of tables related to the ticket registry are getting created in the database on startup - lock, SERVICETICKET, and TICKETGRANTINGTICKET. We now use the Hazelcast ticket registry, so these aren't being used. Where can I safely remove the references to these tables? We are using the WAR overlay method. Thanks! -Adam -- You are currently subscribed to cas-user@lists.jasig.org as: dkopyle...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] Extractor did not generate service -- is this an error?
It means the request could not identify the target application because none was specified. From: Zico [mailto:mailz...@gmail.com] Sent: Saturday, March 21, 2015 11:27 AM To: cas-user@lists.jasig.org Subject: Re: [cas-user] Extractor did not generate service -- is this an error? Thanks Misagh for quick answer. Appreciated! :) Just out of curiosity, what is the meaning of this error? I mean, I can see my services are loading and then again those messages... On Sat, Mar 21, 2015 at 1:03 PM, Misagh Moayyed mmoay...@unicon.net mailto:mmoay...@unicon.net wrote: It's not an error. You can turn off DEBUG logs for that particular package. From: Zico [mailto:mailz...@gmail.com mailto:mailz...@gmail.com ] Sent: Saturday, March 21, 2015 10:40 AM To: cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org Subject: [cas-user] Extractor did not generate service -- is this an error? Hi, I am little bit confused about one issue in my CAS server. I am repeatedly getting below DEBUG messages here in my cas log. Is it really an error? I mean, CAS login is happening but I do see these things as well. Any best practice to stop this or any hint? 2015-03-21 13:35:01,661 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting path for cookies to: /cas/ 2015-03-21 13:35:01,661 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting path for cookies to: /cas/ 2015-03-21 13:35:01,664 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not generate service. 2015-03-21 13:35:01,665 DEBUG [org.jasig.cas.support.saml.web.support.SamlArgumentExtractor] - Extractor did not generate service. 2015-03-21 13:35:03,644 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not generate service. 2015-03-21 13:35:03,644 DEBUG [org.jasig.cas.support.saml.web.support.SamlArgumentExtractor] - Extractor did not generate service. 2015-03-21 13:35:03,673 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - No properties file found for [classpath:custom_messages_en] - neither plain properties nor XML 2015-03-21 13:35:03,674 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - No properties file found for [classpath:custom_messages] - neither plain properties nor XML 2015-03-21 13:35:03,674 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - No properties file found for [classpath:messages_en] - neither plain properties nor XML 2015-03-21 13:35:03,674 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - Loading properties [messages.properties] with encoding 'UTF-8' -- Best, Zico -- You are currently subscribed to cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org as: mmoay...@unicon.net mailto:mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org as: mailz...@gmail.com mailto:mailz...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- Best, Zico -- You are currently subscribed to cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org as: mmoay...@unicon.net mailto:mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Troubles with password policy: all successful authentications get successWithWarnings state
Hello list. We are using cas server 4.0.0 and OpenLDAP, with password policy support enabled, limited to password quality settings sofar. This morning we activated password expiration, by setting explicit values for pwdMaxAge and pwdExpireWarning attributes. Everything was working as expected during our tests, but we quickly ran into problems in production: whereas users whose password is about to expire are correctly redirected to a warning page with correct explanations, all other users are forcefuly redirected to the same warning page, without any explanations... Actually, it turns out than as soon as at least one user gets a successWithWarnings state upon authentication, all others users also get this state, and get redirected to the casLoginMessageView View, even if actual message list is empty. The problem is reproductible with this scenario: - userA has a valid password, and is not subject to expiration warnings - userB has a valid password, and is subject to expiration warnings Resulting in the following events sequence: a) userA logs successfully: he is redirected to target application b) userB logs successfully: he is redirected to CAS server warning page, with a correct message c) userA logs successfully: he is redirected to CAS server warning page, without any message Restarting the tomcat server is enough to reset the situation. I initially supposed the issue was in the DefaultAccountStateHandler class, and was related to undefined vs empty list of warning messages. However, enabling debug log level doesn't show any significative difference between attmpt (a) and (c): Attempt (a): DEBUG [...DefaultAccountStateHandler] - Account state not defined DEBUG [...DefaultAccountStateHandler] - Handling null DEBUG [...DefaultAccountStateHandler] - No LDAP error mapping defined for null DEBUG [...DefaultAccountStateHandler] - Account state warning not defined Attempt (c): DEBUG [...DefaultAccountStateHandler] - Account state not defined DEBUG [...DefaultAccountStateHandler] - Handling null DEBUG [...DefaultAccountStateHandler] - No LDAP error mapping defined for null DEBUG [...DefaultAccountStateHandler] - Account state warning not defined .ie, in both case, handleWarning() method is called with a null warning parameter, which is consistant with ldaptive documentation: AccountState.getWarning() returns null if no warnings exist. I guess the issue is rather located in AuthenticationViaFormAction class, somehwere in this loop: for (final Map.EntryString, HandlerResult entry : tgt.getAuthentication().getSuccesses().entrySet()) { for (final Message message : entry.getValue().getWarnings()) { addWarningToContext(messageContext, message); } } if (this.hasWarningMessages) { return newEvent(SUCCESS_WITH_WARNINGS); } return newEvent(SUCCESS); I guess something is pushing an empty of undefined message in the context, which is enough to set hasWarningMessages flag. Should I open a ticket ? -- Guillaume Rousse INRIA, Direction des systèmes d'information Domaine de Voluceau Rocquencourt - BP 105 78153 Le Chesnay Tel: 01 39 63 58 31 smime.p7s Description: Signature cryptographique S/MIME
RE: [cas-user] Troubles with password policy: all successful authentications get successWithWarnings state
This is already fixed in master. The problem is here: https://github.com/Jasig/cas/blob/4.0.x/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationViaFormAction.java The hasWarningMessages, once set to true, will always remain true. Your workaround work now would be to download the above file into your overlay and reset the flag to false before each attempt. -Original Message- From: Guillaume Rousse [mailto:guillaume.rou...@inria.fr] Sent: Monday, March 23, 2015 9:02 AM To: cas-user@lists.jasig.org Subject: [cas-user] Troubles with password policy: all successful authentications get successWithWarnings state Hello list. We are using cas server 4.0.0 and OpenLDAP, with password policy support enabled, limited to password quality settings sofar. This morning we activated password expiration, by setting explicit values for pwdMaxAge and pwdExpireWarning attributes. Everything was working as expected during our tests, but we quickly ran into problems in production: whereas users whose password is about to expire are correctly redirected to a warning page with correct explanations, all other users are forcefuly redirected to the same warning page, without any explanations... Actually, it turns out than as soon as at least one user gets a successWithWarnings state upon authentication, all others users also get this state, and get redirected to the casLoginMessageView View, even if actual message list is empty. The problem is reproductible with this scenario: - userA has a valid password, and is not subject to expiration warnings - userB has a valid password, and is subject to expiration warnings Resulting in the following events sequence: a) userA logs successfully: he is redirected to target application b) userB logs successfully: he is redirected to CAS server warning page, with a correct message c) userA logs successfully: he is redirected to CAS server warning page, without any message Restarting the tomcat server is enough to reset the situation. I initially supposed the issue was in the DefaultAccountStateHandler class, and was related to undefined vs empty list of warning messages. However, enabling debug log level doesn't show any significative difference between attmpt (a) and (c): Attempt (a): DEBUG [...DefaultAccountStateHandler] - Account state not defined DEBUG [...DefaultAccountStateHandler] - Handling null DEBUG [...DefaultAccountStateHandler] - No LDAP error mapping defined for null DEBUG [...DefaultAccountStateHandler] - Account state warning not defined Attempt (c): DEBUG [...DefaultAccountStateHandler] - Account state not defined DEBUG [...DefaultAccountStateHandler] - Handling null DEBUG [...DefaultAccountStateHandler] - No LDAP error mapping defined for null DEBUG [...DefaultAccountStateHandler] - Account state warning not defined .ie, in both case, handleWarning() method is called with a null warning parameter, which is consistant with ldaptive documentation: AccountState.getWarning() returns null if no warnings exist. I guess the issue is rather located in AuthenticationViaFormAction class, somehwere in this loop: for (final Map.EntryString, HandlerResult entry : tgt.getAuthentication().getSuccesses().entrySet()) { for (final Message message : entry.getValue().getWarnings()) { addWarningToContext(messageContext, message); } } if (this.hasWarningMessages) { return newEvent(SUCCESS_WITH_WARNINGS); } return newEvent(SUCCESS); I guess something is pushing an empty of undefined message in the context, which is enough to set hasWarningMessages flag. Should I open a ticket ? -- Guillaume Rousse INRIA, Direction des systèmes d'information Domaine de Voluceau Rocquencourt - BP 105 78153 Le Chesnay Tel: 01 39 63 58 31 -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Troubles with password policy: all successful authentications get successWithWarnings state
Le 23/03/2015 17:15, Misagh Moayyed a écrit : This is already fixed in master. The problem is here: https://github.com/Jasig/cas/blob/4.0.x/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationViaFormAction.java The hasWarningMessages, once set to true, will always remain true. Your workaround work now would be to download the above file into your overlay and reset the flag to false before each attempt. I'd rather revert this commit, in this case: https://github.com/Jasig/cas/commit/74ac80408dc6ef4909b7cb6964b52db67ebe81bf -- Guillaume Rousse INRIA, Direction des systèmes d'information Domaine de Voluceau Rocquencourt - BP 105 78153 Le Chesnay Tel: 01 39 63 58 31 smime.p7s Description: Signature cryptographique S/MIME