Re: [cas-user] Compiling and running CAS 3.5.2
I'm not sure I am reading this right:
[INFO] [dependency:tree {execution: default-cli}]
[INFO] edu.university.cas:local-cas:war:1.0-SNAPSHOT
[INFO] +- org.jasig.cas:cas-server-webapp:war:3.5.2:runtime
[INFO] +- c3p0:c3p0:jar:0.9.1.2:runtime
[INFO] \- org.hibernate:hibernate-entitymanager:jar:4.3.4.Final:compile
[INFO]+- org.jboss.logging:jboss-logging:jar:3.1.3.GA:compile
[INFO]+-
org.jboss.logging:jboss-logging-annotations:jar:1.2.0.Beta1:compile
[INFO]+- org.hibernate:hibernate-core:jar:4.3.4.Final:compile
[INFO]| +- antlr:antlr:jar:2.7.7:compile
[INFO]| \- org.jboss:jandex:jar:1.1.0.Final:compile
[INFO]+- dom4j:dom4j:jar:1.6.1:compile
[INFO]| \- xml-apis:xml-apis:jar:1.0.b2:compile
[INFO]+-
org.hibernate.common:hibernate-commons-annotations:jar:4.0.4.Final:compile
[INFO]+-
org.hibernate.javax.persistence:hibernate-jpa-2.1-api:jar:1.0.0.Final:compile
[INFO]+-
org.jboss.spec.javax.transaction:jboss-transaction-api_1.2_spec:jar:1.0.0.Final:compile
[INFO]\- org.javassist:javassist:jar:3.18.1-GA:compile
I'm not seeing any duplicates.
Jeff
On Tue, Aug 26, 2014 at 2:02 PM, Ajay Madhavan ajayma...@gmail.com wrote:
Or simply look at your jar file (manual process) and see the duplicates
included. mvn dependency:tree is the way to go.
And then in your cas-server pom add something like this
build
plugins
plugin
artifactIdmaven-war-plugin/artifactId
configuration
warNamecas/warName
packagingExcludesinclude the name and
version you want to exclude.jar,
Include all the jars that you want to
exclude.
/packagingExcludes
/configuration
/plugin
..
I had gone through something similar while integrating with 3.5.2
Regards
Ajay
On Tue, Aug 26, 2014 at 10:58 AM, Misagh Moayyed mmoay...@unicon.net
wrote:
I’ll try to get this looked at today and help where I can. By the looks
of it, it seems like you have a lot of conflicts and duplicate JARs in your
overlay that might be causing this issue.
Try running “mvn dependency:tree” at the root and output the result into
a file, and review all duplicates. Exclude where needed.
*From:* Jeff Chapin [mailto:jeff.cha...@uni.edu]
*Sent:* Tuesday, August 26, 2014 8:43 AM
*To:* cas-user@lists.jasig.org
*Subject:* Re: [cas-user] Compiling and running CAS 3.5.2
Sure can. Here is the whole thing, attached.
Jeff
On Tue, Aug 26, 2014 at 10:17 AM, Misagh Moayyed mmoay...@unicon.net
wrote:
Jeff, could you post your entire log output? It gets cut off right when
it’s about to get interesting:
Invocation of init method failed; nested exception is
java.lang.IncompatibleClassChangeError: Implementing class….??
*From:* Jeff Chapin [mailto:jeff.cha...@uni.edu]
*Sent:* Tuesday, August 26, 2014 7:59 AM
*To:* cas-user@lists.jasig.org
*Subject:* Re: [cas-user] Compiling and running CAS 3.5.2
Looks like it's not the tomcat version. I was able to get the same errors
on 6.0.29 and 7.0.55. I'm clearly missing something fairly fundamental
here, but I have not got a clue as to what it could be.
Jeff
On Wed, Aug 20, 2014 at 10:11 AM, Jeff Chapin jeff.cha...@uni.edu
wrote:
Looks like I have Tomcat 6 installed. I will give Tomcat 7 a shot later
today.
Jeff
On Tue, Aug 19, 2014 at 10:38 AM, John Gasper jgas...@unicon.net wrote:
Hi Jeff,
I've not had any issues with any Tomcat 6 or Tomcat 7 versions that I've
used. I have not tried Tomcat 8 yet.
John
--
*John Gasper*
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef
On 8/18/14 7:06 AM, Jeff Chapin wrote:
The version of java used by Tomcat is the same one as is used to build
CAS ( its all installed on one machine, and I only have one Java
installed).
Is CAS incompatible with some versions of Tomcat?
Jeff
On Fri, Aug 15, 2014 at 6:31 PM, Chris Peck crp...@email.wm.edu wrote:
I may try whacking the webserver, I think that's a 4.x thing.
On Aug 15, 2014 7:09 PM, Jeff Chapin jeff.cha...@uni.edu wrote:
I've managed to reduce my dependencies to the following:
dependencies
?? dependency
?? ?? groupIdorg.jasig.cas/groupId
?? ?? artifactIdcas-server-webapp/artifactId
?? ?? version${cas.version}/version
?? ?? typewar/type
?? ?? scoperuntime/scope
?? /dependency
?? dependency
?? ?? groupIdc3p0/groupId
?? ?? artifactIdc3p0/artifactId
?? ?? version0.9.1.2/version
?? ?? scoperuntime/scope
?? /dependency
?? dependency
?? ?? ?? groupIdorg.hibernate/groupId
?? ?? ?? artifactIdhibernate-entitymanager/artifactId
?? ?? ?? version${hibernate.core.version}/version
?? /dependency
At this point, I get the error from before. If I remove any of these
dependencies, I get
Re: [cas-user] Compiling and running CAS 3.5.2
You two appear to have me moving on the right direction. I went through the
WEB-INF/lib dir and added the older copies of all the duplicates to the
exclude, and I am not getting
Error creating bean with name
'org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter#3e894e8e'
defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]:
Instantiation of bean failed; nested exception is
org.springframework.beans.BeanInstantiationException: Could not instantiate
bean class [org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter]:
Constructor threw exception; nested exception is
java.lang.NoClassDefFoundError: org/hibernate/engine/jndi/JndiNameException
Working through this error now, but I think that this looks like progress!
Thanks a ton!
On Wed, Aug 27, 2014 at 10:21 AM, Misagh Moayyed mmoay...@unicon.net
wrote:
Inside your CAS.war file under the target directory, look into WEB-INF\lib
and you’ll see a whole bunch of duplicate dependencies. Here’s a small
sample of what your overlay produces:
*From:* Jeff Chapin [mailto:jeff.cha...@uni.edu]
*Sent:* Wednesday, August 27, 2014 8:15 AM
*To:* cas-user@lists.jasig.org
*Subject:* Re: [cas-user] Compiling and running CAS 3.5.2
I'm not sure I am reading this right:
[INFO] [dependency:tree {execution: default-cli}]
[INFO] edu.university.cas:local-cas:war:1.0-SNAPSHOT
[INFO] +- org.jasig.cas:cas-server-webapp:war:3.5.2:runtime
[INFO] +- c3p0:c3p0:jar:0.9.1.2:runtime
[INFO] \- org.hibernate:hibernate-entitymanager:jar:4.3.4.Final:compile
[INFO]+- org.jboss.logging:jboss-logging:jar:3.1.3.GA:compile
[INFO]+-
org.jboss.logging:jboss-logging-annotations:jar:1.2.0.Beta1:compile
[INFO]+- org.hibernate:hibernate-core:jar:4.3.4.Final:compile
[INFO]| +- antlr:antlr:jar:2.7.7:compile
[INFO]| \- org.jboss:jandex:jar:1.1.0.Final:compile
[INFO]+- dom4j:dom4j:jar:1.6.1:compile
[INFO]| \- xml-apis:xml-apis:jar:1.0.b2:compile
[INFO]+-
org.hibernate.common:hibernate-commons-annotations:jar:4.0.4.Final:compile
[INFO]+-
org.hibernate.javax.persistence:hibernate-jpa-2.1-api:jar:1.0.0.Final:compile
[INFO]+-
org.jboss.spec.javax.transaction:jboss-transaction-api_1.2_spec:jar:1.0.0.Final:compile
[INFO]\- org.javassist:javassist:jar:3.18.1-GA:compile
I'm not seeing any duplicates.
Jeff
On Tue, Aug 26, 2014 at 2:02 PM, Ajay Madhavan ajayma...@gmail.com
wrote:
Or simply look at your jar file (manual process) and see the duplicates
included. mvn dependency:tree is the way to go.
And then in your cas-server pom add something like this
build
plugins
plugin
artifactIdmaven-war-plugin/artifactId
configuration
warNamecas/warName
packagingExcludesinclude the name and
version you want to exclude.jar,
Include all the jars that you want to
exclude.
/packagingExcludes
/configuration
/plugin
..
I had gone through something similar while integrating with 3.5.2
Regards
Ajay
On Tue, Aug 26, 2014 at 10:58 AM, Misagh Moayyed mmoay...@unicon.net
wrote:
I’ll try to get this looked at today and help where I can. By the looks of
it, it seems like you have a lot of conflicts and duplicate JARs in your
overlay that might be causing this issue.
Try running “mvn dependency:tree” at the root and output the result into a
file, and review all duplicates. Exclude where needed.
*From:* Jeff Chapin [mailto:jeff.cha...@uni.edu]
*Sent:* Tuesday, August 26, 2014 8:43 AM
*To:* cas-user@lists.jasig.org
*Subject:* Re: [cas-user] Compiling and running CAS 3.5.2
Sure can. Here is the whole thing, attached.
Jeff
On Tue, Aug 26, 2014 at 10:17 AM, Misagh Moayyed mmoay...@unicon.net
wrote:
Jeff, could you post your entire log output? It gets cut off right when
it’s about to get interesting:
Invocation of init method failed; nested exception is
java.lang.IncompatibleClassChangeError: Implementing class….??
*From:* Jeff Chapin [mailto:jeff.cha...@uni.edu]
*Sent:* Tuesday, August 26, 2014 7:59 AM
*To:* cas-user@lists.jasig.org
*Subject:* Re: [cas-user] Compiling and running CAS 3.5.2
Looks like it's not the tomcat version. I was able to get the same errors
on 6.0.29 and 7.0.55. I'm clearly missing something fairly fundamental
here, but I have not got a clue as to what it could be.
Jeff
On Wed, Aug 20, 2014 at 10:11 AM, Jeff Chapin jeff.cha...@uni.edu wrote:
Looks like I have Tomcat 6 installed. I will give Tomcat 7 a shot later
today.
Jeff
On Tue, Aug 19, 2014 at 10:38 AM, John Gasper jgas...@unicon.net wrote:
Hi Jeff,
I've not had any issues with any Tomcat 6 or Tomcat 7 versions that I've
used. I
Re: [cas-user] Compiling and running CAS 3.5.2
Looks like it's not the tomcat version. I was able to get the same errors
on 6.0.29 and 7.0.55. I'm clearly missing something fairly fundamental
here, but I have not got a clue as to what it could be.
Jeff
On Wed, Aug 20, 2014 at 10:11 AM, Jeff Chapin jeff.cha...@uni.edu wrote:
Looks like I have Tomcat 6 installed. I will give Tomcat 7 a shot later
today.
Jeff
On Tue, Aug 19, 2014 at 10:38 AM, John Gasper jgas...@unicon.net wrote:
Hi Jeff,
I've not had any issues with any Tomcat 6 or Tomcat 7 versions that I've
used. I have not tried Tomcat 8 yet.
John
--
*John Gasper*
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef
On 8/18/14 7:06 AM, Jeff Chapin wrote:
The version of java used by Tomcat is the same one as is used to build
CAS ( its all installed on one machine, and I only have one Java
installed).
Is CAS incompatible with some versions of Tomcat?
Jeff
On Fri, Aug 15, 2014 at 6:31 PM, Chris Peck crp...@email.wm.edu wrote:
I may try whacking the webserver, I think that's a 4.x thing.
On Aug 15, 2014 7:09 PM, Jeff Chapin jeff.cha...@uni.edu wrote:
I've managed to reduce my dependencies to the following:
dependencies
?? dependency
?? ?? groupIdorg.jasig.cas/groupId
?? ?? artifactIdcas-server-webapp/artifactId
?? ?? version${cas.version}/version
?? ?? typewar/type
?? ?? scoperuntime/scope
?? /dependency
?? dependency
?? ?? groupIdc3p0/groupId
?? ?? artifactIdc3p0/artifactId
?? ?? version0.9.1.2/version
?? ?? scoperuntime/scope
?? /dependency
?? dependency
?? ?? ?? groupIdorg.hibernate/groupId
?? ?? ?? artifactIdhibernate-entitymanager/artifactId
?? ?? ?? version${hibernate.core.version}/version
?? /dependency
At this point, I get the error from before. If I remove any of these
dependencies, I get different errors that indicate I am missing one of the
above.
On Fri, Aug 15, 2014 at 1:05 PM, Jeff Chapin jeff.cha...@uni.edu
wrote:
I'm all for paring it down if that will help. I may have
misunderstood, but most of those made it in because they were required for
the features we are using -- I may have been overzealous adding them in,
though.
I added the recommended dependency, and see no large change in
behavior.
I believe that I followed that document -- I applied the changes
from the??CAS 3.3.5 to CAS 3.4 section, and??CAS 3.4.x to CAS 3.4.10 did
not seem to apply.??
I have attached my??deployerConfigContext.xml.??
Thanks for your help!
On Fri, Aug 15, 2014 at 12:09 PM, Al Krinker al.krin...@gmail.com
wrote:
There is a lot of stuff in that pom indeed... I almost want to try to
remove part of it to just get it to deploy properly and then add
dependencies one by one to see when it would break. Before we do that,
can
you add commons-dbcp. You might play with version a little bit...
!-- For the connection pool to the db --
dependency
groupIdcommons-dbcp/groupId
artifactIdcommons-dbcp/artifactId
version1.4/version
scoperuntime/scope
/dependency
Also, have you followed this document:
https://wiki.jasig.org/display/CASUM/Upgrading. You would need to
change few things around in deploymentConfigContext, etc. Maybe you are
using old bean names. Could you also provide us with a copy of your
deployerConfigContext.xml?
On Fri, Aug 15, 2014 at 11:03 AM, Jeff Chapin jeff.cha...@uni.edu
wrote:
Sure thing. Since it's a bit long, I put it in a pastebin here:??
http://pastebin.com/KgYD79aN
Thanks for looking!
Jeff
On Fri, Aug 15, 2014 at 9:55 AM, Al Krinker al.krin...@gmail.com
wrote:
Seems like spring version/jar conflict.??Could you post your
pom.xml file?
On Friday, August 15, 2014, Jeff Chapin jeff.cha...@uni.edu
wrote:
All,
I am working on getting CAS 3.5.2 configured and compiled. We
previously had a working 3.3.5 install, and I used the existing
documentation as a starting point, and adapted it to address the
changes
between the two versions. I can successfully build with Maven, with no
issues.
When I deploy this to Tomcat, I am seeing the following error in
the logs. It looks like I might have a version issue in the
dependencies,
but I am unclear how to get this resolved.
2014-08-06 13:26:57,987 ERROR
[org.springframework.web.context.ContextLoader] - Context
initialization
failed
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'servicesManager' defined in ServletContext
resource [/WEB-INF/spring-configuration/applicationContext.xml]:
Cannot
resolve reference to bean 'serviceRegistryDao' while setting
constructor
argument; nested exception is
org.springframework.beans.factory.BeanCreationException: Error
creating
bean with name 'serviceRegistryDao' defined in ServletContext resource
[/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean
'entityManagerFactory' while setting bean property
Re: [cas-user] Compiling and running CAS 3.5.2
Sure can. Here is the whole thing, attached.
Jeff
On Tue, Aug 26, 2014 at 10:17 AM, Misagh Moayyed mmoay...@unicon.net
wrote:
Jeff, could you post your entire log output? It gets cut off right when
it’s about to get interesting:
Invocation of init method failed; nested exception is
java.lang.IncompatibleClassChangeError: Implementing class….??
*From:* Jeff Chapin [mailto:jeff.cha...@uni.edu]
*Sent:* Tuesday, August 26, 2014 7:59 AM
*To:* cas-user@lists.jasig.org
*Subject:* Re: [cas-user] Compiling and running CAS 3.5.2
Looks like it's not the tomcat version. I was able to get the same errors
on 6.0.29 and 7.0.55. I'm clearly missing something fairly fundamental
here, but I have not got a clue as to what it could be.
Jeff
On Wed, Aug 20, 2014 at 10:11 AM, Jeff Chapin jeff.cha...@uni.edu wrote:
Looks like I have Tomcat 6 installed. I will give Tomcat 7 a shot later
today.
Jeff
On Tue, Aug 19, 2014 at 10:38 AM, John Gasper jgas...@unicon.net wrote:
Hi Jeff,
I've not had any issues with any Tomcat 6 or Tomcat 7 versions that I've
used. I have not tried Tomcat 8 yet.
John
--
*John Gasper*
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef
On 8/18/14 7:06 AM, Jeff Chapin wrote:
The version of java used by Tomcat is the same one as is used to build CAS
( its all installed on one machine, and I only have one Java installed).
Is CAS incompatible with some versions of Tomcat?
Jeff
On Fri, Aug 15, 2014 at 6:31 PM, Chris Peck crp...@email.wm.edu wrote:
I may try whacking the webserver, I think that's a 4.x thing.
On Aug 15, 2014 7:09 PM, Jeff Chapin jeff.cha...@uni.edu wrote:
I've managed to reduce my dependencies to the following:
dependencies
?? dependency
?? ?? groupIdorg.jasig.cas/groupId
?? ?? artifactIdcas-server-webapp/artifactId
?? ?? version${cas.version}/version
?? ?? typewar/type
?? ?? scoperuntime/scope
?? /dependency
?? dependency
?? ?? groupIdc3p0/groupId
?? ?? artifactIdc3p0/artifactId
?? ?? version0.9.1.2/version
?? ?? scoperuntime/scope
?? /dependency
?? dependency
?? ?? ?? groupIdorg.hibernate/groupId
?? ?? ?? artifactIdhibernate-entitymanager/artifactId
?? ?? ?? version${hibernate.core.version}/version
?? /dependency
At this point, I get the error from before. If I remove any of these
dependencies, I get different errors that indicate I am missing one of the
above.
On Fri, Aug 15, 2014 at 1:05 PM, Jeff Chapin jeff.cha...@uni.edu wrote:
I'm all for paring it down if that will help. I may have misunderstood,
but most of those made it in because they were required for the features we
are using -- I may have been overzealous adding them in, though.
I added the recommended dependency, and see no large change in behavior.
I believe that I followed that document -- I applied the changes from
the??CAS 3.3.5 to CAS 3.4 section, and??CAS 3.4.x to CAS 3.4.10 did not
seem to apply.??
I have attached my??deployerConfigContext.xml.??
Thanks for your help!
On Fri, Aug 15, 2014 at 12:09 PM, Al Krinker al.krin...@gmail.com wrote:
There is a lot of stuff in that pom indeed... I almost want to try to
remove part of it to just get it to deploy properly and then add
dependencies one by one to see when it would break. Before we do that, can
you add commons-dbcp. You might play with version a little bit...
!-- For the connection pool to the db --
dependency
groupIdcommons-dbcp/groupId
artifactIdcommons-dbcp/artifactId
version1.4/version
scoperuntime/scope
/dependency
Also, have you followed this document:
https://wiki.jasig.org/display/CASUM/Upgrading. You would need to change
few things around in deploymentConfigContext, etc. Maybe you are using old
bean names. Could you also provide us with a copy of your
deployerConfigContext.xml?
On Fri, Aug 15, 2014 at 11:03 AM, Jeff Chapin jeff.cha...@uni.edu wrote:
Sure thing. Since it's a bit long, I put it in a pastebin here:??
http://pastebin.com/KgYD79aN
Thanks for looking!
Jeff
On Fri, Aug 15, 2014 at 9:55 AM, Al Krinker al.krin...@gmail.com wrote:
Seems like spring version/jar conflict.??Could you post your pom.xml file?
On Friday, August 15, 2014, Jeff Chapin jeff.cha...@uni.edu wrote:
All,
I am working on getting CAS 3.5.2 configured and compiled. We previously
had a working 3.3.5 install, and I used the existing documentation as a
starting point, and adapted it to address the changes between the two
versions. I can successfully build with Maven, with no issues.
When I deploy this to Tomcat, I am seeing the following error in the logs.
It looks like I might have a version issue in the dependencies, but I am
unclear how to get this resolved.
2014-08-06 13:26:57,987 ERROR
[org.springframework.web.context.ContextLoader] - Context initialization
failed
Re: [cas-user] Compiling and running CAS 3.5.2
Looks like I have Tomcat 6 installed. I will give Tomcat 7 a shot later
today.
Jeff
On Tue, Aug 19, 2014 at 10:38 AM, John Gasper jgas...@unicon.net wrote:
Hi Jeff,
I've not had any issues with any Tomcat 6 or Tomcat 7 versions that I've
used. I have not tried Tomcat 8 yet.
John
--
*John Gasper*
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef
On 8/18/14 7:06 AM, Jeff Chapin wrote:
The version of java used by Tomcat is the same one as is used to build CAS
( its all installed on one machine, and I only have one Java installed).
Is CAS incompatible with some versions of Tomcat?
Jeff
On Fri, Aug 15, 2014 at 6:31 PM, Chris Peck crp...@email.wm.edu wrote:
I may try whacking the webserver, I think that's a 4.x thing.
On Aug 15, 2014 7:09 PM, Jeff Chapin jeff.cha...@uni.edu wrote:
I've managed to reduce my dependencies to the following:
dependencies
?? dependency
?? ?? groupIdorg.jasig.cas/groupId
?? ?? artifactIdcas-server-webapp/artifactId
?? ?? version${cas.version}/version
?? ?? typewar/type
?? ?? scoperuntime/scope
?? /dependency
?? dependency
?? ?? groupIdc3p0/groupId
?? ?? artifactIdc3p0/artifactId
?? ?? version0.9.1.2/version
?? ?? scoperuntime/scope
?? /dependency
?? dependency
?? ?? ?? groupIdorg.hibernate/groupId
?? ?? ?? artifactIdhibernate-entitymanager/artifactId
?? ?? ?? version${hibernate.core.version}/version
?? /dependency
At this point, I get the error from before. If I remove any of these
dependencies, I get different errors that indicate I am missing one of the
above.
On Fri, Aug 15, 2014 at 1:05 PM, Jeff Chapin jeff.cha...@uni.edu
wrote:
I'm all for paring it down if that will help. I may have misunderstood,
but most of those made it in because they were required for the features we
are using -- I may have been overzealous adding them in, though.
I added the recommended dependency, and see no large change in
behavior.
I believe that I followed that document -- I applied the changes from
the??CAS 3.3.5 to CAS 3.4 section, and??CAS 3.4.x to CAS 3.4.10 did not
seem to apply.??
I have attached my??deployerConfigContext.xml.??
Thanks for your help!
On Fri, Aug 15, 2014 at 12:09 PM, Al Krinker al.krin...@gmail.com
wrote:
There is a lot of stuff in that pom indeed... I almost want to try to
remove part of it to just get it to deploy properly and then add
dependencies one by one to see when it would break. Before we do that, can
you add commons-dbcp. You might play with version a little bit...
!-- For the connection pool to the db --
dependency
groupIdcommons-dbcp/groupId
artifactIdcommons-dbcp/artifactId
version1.4/version
scoperuntime/scope
/dependency
Also, have you followed this document:
https://wiki.jasig.org/display/CASUM/Upgrading. You would need to
change few things around in deploymentConfigContext, etc. Maybe you are
using old bean names. Could you also provide us with a copy of your
deployerConfigContext.xml?
On Fri, Aug 15, 2014 at 11:03 AM, Jeff Chapin jeff.cha...@uni.edu
wrote:
Sure thing. Since it's a bit long, I put it in a pastebin here:??
http://pastebin.com/KgYD79aN
Thanks for looking!
Jeff
On Fri, Aug 15, 2014 at 9:55 AM, Al Krinker al.krin...@gmail.com
wrote:
Seems like spring version/jar conflict.??Could you post your
pom.xml file?
On Friday, August 15, 2014, Jeff Chapin jeff.cha...@uni.edu wrote:
All,
I am working on getting CAS 3.5.2 configured and compiled. We
previously had a working 3.3.5 install, and I used the existing
documentation as a starting point, and adapted it to address the
changes
between the two versions. I can successfully build with Maven, with no
issues.
When I deploy this to Tomcat, I am seeing the following error in
the logs. It looks like I might have a version issue in the
dependencies,
but I am unclear how to get this resolved.
2014-08-06 13:26:57,987 ERROR
[org.springframework.web.context.ContextLoader] - Context
initialization
failed
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'servicesManager' defined in ServletContext
resource [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot
resolve reference to bean 'serviceRegistryDao' while setting
constructor
argument; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'serviceRegistryDao' defined in ServletContext resource
[/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean
'entityManagerFactory' while setting bean property
'entityManagerFactory';
nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'entityManagerFactory' defined in ServletContext
resource
[/WEB-INF/deployerConfigContext.xml]: Invocation of init method failed;
nested exception
Re: [cas-user] Compiling and running CAS 3.5.2
The version of java used by Tomcat is the same one as is used to build CAS
( its all installed on one machine, and I only have one Java installed).
Is CAS incompatible with some versions of Tomcat?
Jeff
On Fri, Aug 15, 2014 at 6:31 PM, Chris Peck crp...@email.wm.edu wrote:
I may try whacking the webserver, I think that's a 4.x thing.
On Aug 15, 2014 7:09 PM, Jeff Chapin jeff.cha...@uni.edu wrote:
I've managed to reduce my dependencies to the following:
dependencies
dependency
groupIdorg.jasig.cas/groupId
artifactIdcas-server-webapp/artifactId
version${cas.version}/version
typewar/type
scoperuntime/scope
/dependency
dependency
groupIdc3p0/groupId
artifactIdc3p0/artifactId
version0.9.1.2/version
scoperuntime/scope
/dependency
dependency
groupIdorg.hibernate/groupId
artifactIdhibernate-entitymanager/artifactId
version${hibernate.core.version}/version
/dependency
At this point, I get the error from before. If I remove any of these
dependencies, I get different errors that indicate I am missing one of the
above.
On Fri, Aug 15, 2014 at 1:05 PM, Jeff Chapin jeff.cha...@uni.edu wrote:
I'm all for paring it down if that will help. I may have misunderstood,
but most of those made it in because they were required for the features we
are using -- I may have been overzealous adding them in, though.
I added the recommended dependency, and see no large change in behavior.
I believe that I followed that document -- I applied the changes from
the CAS 3.3.5 to CAS 3.4 section, and CAS 3.4.x to CAS 3.4.10 did not seem
to apply.
I have attached my deployerConfigContext.xml.
Thanks for your help!
On Fri, Aug 15, 2014 at 12:09 PM, Al Krinker al.krin...@gmail.com
wrote:
There is a lot of stuff in that pom indeed... I almost want to try to
remove part of it to just get it to deploy properly and then add
dependencies one by one to see when it would break. Before we do that, can
you add commons-dbcp. You might play with version a little bit...
!-- For the connection pool to the db --
dependency
groupIdcommons-dbcp/groupId
artifactIdcommons-dbcp/artifactId
version1.4/version
scoperuntime/scope
/dependency
Also, have you followed this document:
https://wiki.jasig.org/display/CASUM/Upgrading. You would need to
change few things around in deploymentConfigContext, etc. Maybe you are
using old bean names. Could you also provide us with a copy of your
deployerConfigContext.xml?
On Fri, Aug 15, 2014 at 11:03 AM, Jeff Chapin jeff.cha...@uni.edu
wrote:
Sure thing. Since it's a bit long, I put it in a pastebin here:
http://pastebin.com/KgYD79aN
Thanks for looking!
Jeff
On Fri, Aug 15, 2014 at 9:55 AM, Al Krinker al.krin...@gmail.com
wrote:
Seems like spring version/jar conflict. Could you post your pom.xml
file?
On Friday, August 15, 2014, Jeff Chapin jeff.cha...@uni.edu wrote:
All,
I am working on getting CAS 3.5.2 configured and compiled. We
previously had a working 3.3.5 install, and I used the existing
documentation as a starting point, and adapted it to address the changes
between the two versions. I can successfully build with Maven, with no
issues.
When I deploy this to Tomcat, I am seeing the following error in the
logs. It looks like I might have a version issue in the dependencies,
but I
am unclear how to get this resolved.
2014-08-06 13:26:57,987 ERROR
[org.springframework.web.context.ContextLoader] - Context
initialization
failed
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'servicesManager' defined in ServletContext
resource [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot
resolve reference to bean 'serviceRegistryDao' while setting constructor
argument; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'serviceRegistryDao' defined in ServletContext resource
[/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean
'entityManagerFactory' while setting bean property
'entityManagerFactory';
nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'entityManagerFactory' defined in ServletContext resource
[/WEB-INF/deployerConfigContext.xml]: Invocation of init method failed;
nested exception is java.lang.IncompatibleClassChangeError: Implementing
class
Thanks for any help,
Jeff
--
Jeff Chapin,
Assistant Systems/Applications Administrator
ITS-IS, University of Northern Iowa
Phone: 319-273-3162 Email: jeff.cha...@uni.edu
--
You are currently subscribed to cas-user@lists.jasig.org as:
al.krin...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org
[cas-user] Compiling and running CAS 3.5.2
All, I am working on getting CAS 3.5.2 configured and compiled. We previously had a working 3.3.5 install, and I used the existing documentation as a starting point, and adapted it to address the changes between the two versions. I can successfully build with Maven, with no issues. When I deploy this to Tomcat, I am seeing the following error in the logs. It looks like I might have a version issue in the dependencies, but I am unclear how to get this resolved. 2014-08-06 13:26:57,987 ERROR [org.springframework.web.context.ContextLoader] - Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'servicesManager' defined in ServletContext resource [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot resolve reference to bean 'serviceRegistryDao' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'serviceRegistryDao' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean 'entityManagerFactory' while setting bean property 'entityManagerFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Invocation of init method failed; nested exception is java.lang.IncompatibleClassChangeError: Implementing class Thanks for any help, Jeff -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Compiling and running CAS 3.5.2
Sure thing. Since it's a bit long, I put it in a pastebin here: http://pastebin.com/KgYD79aN Thanks for looking! Jeff On Fri, Aug 15, 2014 at 9:55 AM, Al Krinker al.krin...@gmail.com wrote: Seems like spring version/jar conflict. Could you post your pom.xml file? On Friday, August 15, 2014, Jeff Chapin jeff.cha...@uni.edu wrote: All, I am working on getting CAS 3.5.2 configured and compiled. We previously had a working 3.3.5 install, and I used the existing documentation as a starting point, and adapted it to address the changes between the two versions. I can successfully build with Maven, with no issues. When I deploy this to Tomcat, I am seeing the following error in the logs. It looks like I might have a version issue in the dependencies, but I am unclear how to get this resolved. 2014-08-06 13:26:57,987 ERROR [org.springframework.web.context.ContextLoader] - Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'servicesManager' defined in ServletContext resource [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot resolve reference to bean 'serviceRegistryDao' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'serviceRegistryDao' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean 'entityManagerFactory' while setting bean property 'entityManagerFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Invocation of init method failed; nested exception is java.lang.IncompatibleClassChangeError: Implementing class Thanks for any help, Jeff -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -- You are currently subscribed to cas-user@lists.jasig.org as: al.krin...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: jeff.cha...@uni.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Compiling and running CAS 3.5.2
I'm all for paring it down if that will help. I may have misunderstood, but most of those made it in because they were required for the features we are using -- I may have been overzealous adding them in, though. I added the recommended dependency, and see no large change in behavior. I believe that I followed that document -- I applied the changes from the CAS 3.3.5 to CAS 3.4 section, and CAS 3.4.x to CAS 3.4.10 did not seem to apply. I have attached my deployerConfigContext.xml. Thanks for your help! On Fri, Aug 15, 2014 at 12:09 PM, Al Krinker al.krin...@gmail.com wrote: There is a lot of stuff in that pom indeed... I almost want to try to remove part of it to just get it to deploy properly and then add dependencies one by one to see when it would break. Before we do that, can you add commons-dbcp. You might play with version a little bit... !-- For the connection pool to the db -- dependency groupIdcommons-dbcp/groupId artifactIdcommons-dbcp/artifactId version1.4/version scoperuntime/scope /dependency Also, have you followed this document: https://wiki.jasig.org/display/CASUM/Upgrading. You would need to change few things around in deploymentConfigContext, etc. Maybe you are using old bean names. Could you also provide us with a copy of your deployerConfigContext.xml? On Fri, Aug 15, 2014 at 11:03 AM, Jeff Chapin jeff.cha...@uni.edu wrote: Sure thing. Since it's a bit long, I put it in a pastebin here: http://pastebin.com/KgYD79aN Thanks for looking! Jeff On Fri, Aug 15, 2014 at 9:55 AM, Al Krinker al.krin...@gmail.com wrote: Seems like spring version/jar conflict. Could you post your pom.xml file? On Friday, August 15, 2014, Jeff Chapin jeff.cha...@uni.edu wrote: All, I am working on getting CAS 3.5.2 configured and compiled. We previously had a working 3.3.5 install, and I used the existing documentation as a starting point, and adapted it to address the changes between the two versions. I can successfully build with Maven, with no issues. When I deploy this to Tomcat, I am seeing the following error in the logs. It looks like I might have a version issue in the dependencies, but I am unclear how to get this resolved. 2014-08-06 13:26:57,987 ERROR [org.springframework.web.context.ContextLoader] - Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'servicesManager' defined in ServletContext resource [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot resolve reference to bean 'serviceRegistryDao' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'serviceRegistryDao' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean 'entityManagerFactory' while setting bean property 'entityManagerFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Invocation of init method failed; nested exception is java.lang.IncompatibleClassChangeError: Implementing class Thanks for any help, Jeff -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -- You are currently subscribed to cas-user@lists.jasig.org as: al.krin...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: jeff.cha...@uni.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -- You are currently subscribed to cas-user@lists.jasig.org as: al.krin...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: jeff.cha...@uni.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user?xml version=1.0 encoding=UTF-8? !-- Licensed to Jasig under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information
Re: [cas-user] Compiling and running CAS 3.5.2
I've managed to reduce my dependencies to the following:
dependencies
dependency
groupIdorg.jasig.cas/groupId
artifactIdcas-server-webapp/artifactId
version${cas.version}/version
typewar/type
scoperuntime/scope
/dependency
dependency
groupIdc3p0/groupId
artifactIdc3p0/artifactId
version0.9.1.2/version
scoperuntime/scope
/dependency
dependency
groupIdorg.hibernate/groupId
artifactIdhibernate-entitymanager/artifactId
version${hibernate.core.version}/version
/dependency
At this point, I get the error from before. If I remove any of these
dependencies, I get different errors that indicate I am missing one of the
above.
On Fri, Aug 15, 2014 at 1:05 PM, Jeff Chapin jeff.cha...@uni.edu wrote:
I'm all for paring it down if that will help. I may have misunderstood,
but most of those made it in because they were required for the features we
are using -- I may have been overzealous adding them in, though.
I added the recommended dependency, and see no large change in behavior.
I believe that I followed that document -- I applied the changes from
the CAS 3.3.5 to CAS 3.4 section, and CAS 3.4.x to CAS 3.4.10 did not seem
to apply.
I have attached my deployerConfigContext.xml.
Thanks for your help!
On Fri, Aug 15, 2014 at 12:09 PM, Al Krinker al.krin...@gmail.com wrote:
There is a lot of stuff in that pom indeed... I almost want to try to
remove part of it to just get it to deploy properly and then add
dependencies one by one to see when it would break. Before we do that, can
you add commons-dbcp. You might play with version a little bit...
!-- For the connection pool to the db --
dependency
groupIdcommons-dbcp/groupId
artifactIdcommons-dbcp/artifactId
version1.4/version
scoperuntime/scope
/dependency
Also, have you followed this document:
https://wiki.jasig.org/display/CASUM/Upgrading. You would need to change
few things around in deploymentConfigContext, etc. Maybe you are using old
bean names. Could you also provide us with a copy of your
deployerConfigContext.xml?
On Fri, Aug 15, 2014 at 11:03 AM, Jeff Chapin jeff.cha...@uni.edu
wrote:
Sure thing. Since it's a bit long, I put it in a pastebin here:
http://pastebin.com/KgYD79aN
Thanks for looking!
Jeff
On Fri, Aug 15, 2014 at 9:55 AM, Al Krinker al.krin...@gmail.com
wrote:
Seems like spring version/jar conflict. Could you post your pom.xml
file?
On Friday, August 15, 2014, Jeff Chapin jeff.cha...@uni.edu wrote:
All,
I am working on getting CAS 3.5.2 configured and compiled. We
previously had a working 3.3.5 install, and I used the existing
documentation as a starting point, and adapted it to address the changes
between the two versions. I can successfully build with Maven, with no
issues.
When I deploy this to Tomcat, I am seeing the following error in the
logs. It looks like I might have a version issue in the dependencies, but
I
am unclear how to get this resolved.
2014-08-06 13:26:57,987 ERROR
[org.springframework.web.context.ContextLoader] - Context initialization
failed
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'servicesManager' defined in ServletContext
resource [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot
resolve reference to bean 'serviceRegistryDao' while setting constructor
argument; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'serviceRegistryDao' defined in ServletContext resource
[/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean
'entityManagerFactory' while setting bean property 'entityManagerFactory';
nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'entityManagerFactory' defined in ServletContext resource
[/WEB-INF/deployerConfigContext.xml]: Invocation of init method failed;
nested exception is java.lang.IncompatibleClassChangeError: Implementing
class
Thanks for any help,
Jeff
--
Jeff Chapin,
Assistant Systems/Applications Administrator
ITS-IS, University of Northern Iowa
Phone: 319-273-3162 Email: jeff.cha...@uni.edu
--
You are currently subscribed to cas-user@lists.jasig.org as:
al.krin...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
jeff.cha...@uni.edu
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
Jeff Chapin,
Assistant Systems/Applications Administrator
ITS-IS, University of Northern Iowa
Phone: 319-273-3162 Email: jeff.cha...@uni.edu
--
You are currently subscribed to cas-user@lists.jasig.org as:
al.krin...@gmail.com
To unsubscribe, change settings or access archives, see
http
[cas-user] URL encoding and CAS
All, We have an enterprise reporting tool we have operating behind CAS. This service has URLs that have 'special' characters in it -- ampersands, slashes, question marks, spaces, etc. This service handles some URL encoding just fine -- it does not mind replacing ' ' with %20, for instance. When this application is placed behind CAS, however, CAS is modifying the URL -- it is URL encoding strangely. For instance, if I wanted to hit: https://example.com/analytics/saw.dll?dashboardPortalPath=%2Fshared%2Deans%2C%20Directors%2C%20Department%20Heads%2F_portal%2FAdmissions%20for%20DDDH CAS is properly authing the user, and then releasing them to: https://example.com/analytics/saw.dll?dashboard%26PortalPath%3d%252Fshared%252FDeans%252C%2520Directors%252C%2520Department%2520Heads%252F_portal%252FAdmissions%2520for%2520DDDH If you look, it appears that CAS took the already URL encoded service URL, and encoded it again -- %20 becomes %2520 -- the encoding for '%' followed by the '20'. For some reason, CAS is smart enough to encode, but not decode on the way back out. Due to the nature of the service, it *has* spaces in the URLs generated, as well as question marks, ampersands, and slashes -- and who knows what else? It appears that the application is smart enough to decode %20 when it comes in, but not %2520, so these links break, and anytime you are prompted to log in through CAS, you get a 404 error. Subsequent connections (with an existing CAS session) work just fine, with no re-writing of the URLs. Does anyone know of a work around, a setting we can change, or even a section of code to look into in order to fix this behavior? Due to the nature of these reports, and their user base (Deans, Directors, and Department Heads) I am under a decent amount of added incentive to find a fix to this issue... Thanks, Jeff -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] LPPE configuration issues
All,
I am attempting to configure CAS 3.5.0 to operate in our environment and to
fit our needs. We are currently using a modified version of 3.3.5, and it
is working just fine.
One of the requirements we have is the LPPE functionality. I am currently
working to configure this functionality, but it appears something is
missing -- and I think I see where it is missing. We use Oracle OID as our
ldap source, and this seems to be working just fine for authentication, but
it appears that LPPE is not triggering correctly. When I configure the
warnDays, I can successfully get the warning to fire, display the proper
page for the users informing them that their password will expire in the
near future.
The problem appears to be some of the ldap return codes that should trigger
a password reset. When we administratively reset a password, we require
that the user change their password on next login. Using ldapsearch, I can
see this:
$ ${ORACLE_HOME}/bin/ldapsearch -h ${HOST} -p ${PORT} -D
cn=chapinj,cn=Users,${BASE_DN} -w ${PASSWORD} -b ${BASE_DN} cn=chapinj
ldap_search: DSA is unwilling to perform
ldap_search: additional info: Password Policy Error :9009:
GSL_PWDMUSTCHANGE_EXCP :Your Password has been reset; You must change your
password before performing other operations.
As you can see, ldapsearch recognizes that the password must change... but
binding alone does not trigger that:
$ ${ORACLE_HOME}/bin/ldapbind -h localhost -p 389 -D
cn=chapinj,cn=Users,${BASE_DN} -w ${PASSWORD}
bind successful
Even updating lppe-configuration.xml with the proper return code of 9009
for mustChangePassword does not trigger the user to change the password.
Looking at the logging, even after cranking up the logging
for org.jasig.cas.adaptors.ldap I don't see anything in the logs indicating
that CAS thinks this account has issues. I am *guessing* that since the
bean is of class org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler,
the issue is that we are looking only at a bind, which is not returning the
error code. Is there any way to test this, or fix this?
Thanks,
Jeff
--
Jeff Chapin,
Assistant Systems/Applications Administrator
ITS-IS, University of Northern Iowa
Phone: 319-273-3162 Email: jeff.cha...@uni.edu
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] LPPE configuration issues
Well, shoot. I'll have to look into that. I was hoping it would be as easy
as configuring the authentication handler to use a search, rather than a
bind.
Jeff
On Tue, Sep 11, 2012 at 12:41 PM, Misagh Moayyed mmoay...@unicon.netwrote:
If the ldap authentication does not throw that error back to CAS, LPPE
will not be able to detect the error code. You’d likely need to augment the
authN handler and do a direct lookup on the attribute that specifies the
password behavior, and throw the exception yourself.
** **
*-*Misagh*
*
** **
*From:* Jeff Chapin [mailto:jeff.cha...@uni.edu]
*Sent:* Tuesday, September 11, 2012 9:17 AM
*To:* cas-user@lists.jasig.org
*Subject:* [cas-user] LPPE configuration issues
** **
All,
** **
I am attempting to configure CAS 3.5.0 to operate in our environment and
to fit our needs. We are currently using a modified version of 3.3.5, and
it is working just fine.
** **
One of the requirements we have is the LPPE functionality. I am currently
working to configure this functionality, but it appears something is
missing -- and I think I see where it is missing. We use Oracle OID as our
ldap source, and this seems to be working just fine for authentication, but
it appears that LPPE is not triggering correctly. When I configure the
warnDays, I can successfully get the warning to fire, display the proper
page for the users informing them that their password will expire in the
near future.
** **
The problem appears to be some of the ldap return codes that should
trigger a password reset. When we administratively reset a password, we
require that the user change their password on next login. Using
ldapsearch, I can see this:
$ ${ORACLE_HOME}/bin/ldapsearch -h ${HOST} -p ${PORT} -D
cn=chapinj,cn=Users,${BASE_DN} -w ${PASSWORD} -b ${BASE_DN} cn=chapinj
ldap_search: DSA is unwilling to perform
ldap_search: additional info: Password Policy Error :9009:
GSL_PWDMUSTCHANGE_EXCP :Your Password has been reset; You must change your
password before performing other operations.
** **
As you can see, ldapsearch recognizes that the password must change... but
binding alone does not trigger that:
** **
** **
$ ${ORACLE_HOME}/bin/ldapbind -h localhost -p 389 -D
cn=chapinj,cn=Users,${BASE_DN} -w ${PASSWORD}
bind successful
** **
Even updating lppe-configuration.xml with the proper return code of 9009
for mustChangePassword does not trigger the user to change the password.
Looking at the logging, even after cranking up the logging
for org.jasig.cas.adaptors.ldap I don't see anything in the logs indicating
that CAS thinks this account has issues. I am *guessing* that since the
bean is of class org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler,
the issue is that we are looking only at a bind, which is not returning the
error code. Is there any way to test this, or fix this?
** **
Thanks,
Jeff
** **
--
Jeff Chapin,
Assistant Systems/Applications Administrator
ITS-IS, University of Northern Iowa
Phone: 319-273-3162 Email: jeff.cha...@uni.edu
** **
--
You are currently subscribed to cas-user@lists.jasig.org as:
mmoay...@unicon.net
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
jeff.cha...@uni.edu
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
Jeff Chapin,
Assistant Systems/Applications Administrator
ITS-IS, University of Northern Iowa
Phone: 319-273-3162 Email: jeff.cha...@uni.edu
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Monitoring with Nagios
Thanks for this info. I will use this to help put pressure on getting our CAS install updated to 3.5.0 as soon as possible. At this point in time, one of my coworkers has written a new check that we are using, and is adequate for several of our hosts -- it both supports /cas/login, as well as accessing CAS protected resources and validating that they are loading correctly. As soon as we get the approvals to release the code, I will upload it to the wiki. Jeff On Mon, Jul 16, 2012 at 8:25 AM, Marvin Addison marvin.addi...@gmail.comwrote: I am attempting to get the check_nagios.pl plugin for nagios to work. I found this plugin on the CAS wiki (https://wiki.jasig.org/display/CASUM/Nagios+plugins). I have a feeling that most if not all of the problem lies in the Perl script. I briefly reviewed it, and one thing is certain: the viewStatistics page is simply an inappropriate target for enterprise monitoring. That page requires an authenticated view and special authorization by the viewer; having to deal with credentials in your health checks is a bad practice at best. There is a new status URI in CAS 3.5.0, /stats, that has been designed for enterprise monitoring. You can simply authorize an IP/netblock and hit the URI and it will report on meaningful statistics in easily parsable plain text. It has support for memory stats, LDAP pool health, and ticket registry stats for some registries at present. More to come for the next release. The only downside is that it's poorly documented, but maybe your post will pressure me to document the feature sooner than later. Take a look at the healthCheckMonitor bean in the deployerConfigContext.xml that ships with 3.5.0 [1] for starters. M [1] https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml -- You are currently subscribed to cas-user@lists.jasig.org as: jeff.cha...@uni.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Monitoring with Nagios
All, I am attempting to get the check_nagios.pl plugin for nagios to work. I found this plugin on the CAS wiki ( https://wiki.jasig.org/display/CASUM/Nagios+plugins). I have had to make a few modifications to the regex to get it to work, but now when I run it, I get the following error from the plugin: CRITICAL - Cannot access to CAS authentication result page (HTTP/1.1 500 Internal Server Error) Looking in the localhost.log on my tomcat server housing CAS, I am seeing something even more disturbing: Jul 12, 2012 2:29:02 PM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet cas threw exception java.io.StreamCorruptedException: unexpected EOF in middle of data block Anyone able to help be debug this and figure out what is going wrong? Thanks, Jeff -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Casifying .net application
As for the question Do I need SSL even thought this is over a private network the answer should be YES!! regardless of CAS. Any time you send credentials over a network, any network, you should be encrypting it. An infected or compromised machine on that network could do a lot of damage. Jeff On Fri, Aug 26, 2011 at 7:37 AM, William G. Thompson, Jr. wgt...@gmail.com wrote: On Thu, Aug 25, 2011 at 10:14 PM, Faisal Memon fmemo...@gmail.com wrote: Hello Everyone, I followed the instructions and i think i got quiet far 1. CAS server was succesfully installed on a windows server 2. .net Portal was successfully casified Now when i click on link to get login screen i get redirected to CAS server home which is good. But 1. I see the message that i will need SSL to do Single Signon; however all the three servers, portal and CAS server are communicating using computer name (basically they are all on private network and using internal ip to communicate). 2. Another issue is that i enter the student username and password on the CAS server login screen and get a message that The credentials you provided cannot be determined to be authentic. How can i login using the student username and password. You have to configure an AuthenticationHandler in deployConfigContent.xml that matches your primary means of authentication. https://wiki.jasig.org/display/CASUM/Authentication 3. I enter the default Netid and Password and get a message that You are currently accessing CAS over a non-secure connection. Single Sign on WILL NOT WORK. In order to have single sign on work, you MUST log in over HTTPS. Do i need a SSL even though i am communicating over private network Yes. I will appreciate any help that can be provided, while i continue my research Thanks On Tue, Aug 23, 2011 at 8:24 AM, Scott M. Holodak sholo...@princeton.edu wrote: Hi, I’m not familiar with CMC’s portal software. However, if it uses Forms Authentication it should be straightforward to integrate without any code changes to their portal. See here: https://wiki.jasig.org/display/CASC/.Net+Cas+Client If their portal software doesn’t use Forms Authentication but supports bypassing their authentication logic, you may still have some luck with this method: https://wiki.jasig.org/pages/viewpage.action?pageId=35389878 To see if whether or not they are using Forms Authentication, look inside web.config at the root of the application: ?xml version=1.0 encoding=UTF-8? configuration ... system.web ... authentication mode=Forms forms ... -Scott From: Faisal Memon [mailto:fmemo...@gmail.com] Sent: Tuesday, August 23, 2011 1:08 AM To: cas-user@lists.jasig.org Cc: Angel Nieves Subject: [cas-user] Casifying .net application Hello Everyone, We are implementing Moodle for one of our clients and they have a need for SSO from student portal to moodle. Their current student portal is provided by CMC and is built on .net. I would like to know if we casify their portal, will it also impact the process of student logging in to portal. Students are authenticated to portal database running on Ms SQL 2008 r2. tHANKS -- You are currently subscribed to cas-user@lists.jasig.org as: sholo...@princeton.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: fmemo...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: wgt...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: jeff.cha...@uni.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] CAS and SSO
Dmitry, I believe that we are operating in a similar environment as you regarding SSL offloading. We use Tomcat here, and I am willing to help you figure out how to get this working if you are interested. Jeff On Wed, Aug 24, 2011 at 11:39 AM, Dmitry Kudrenko dmi...@ardas.dp.ua wrote: Thank you very much for quick and very helpful answers. I will check. -- Regards, Dmitry 2011/8/24 Marvin Addison marvin.addi...@gmail.com Does it mean that if all my applications accessible over HTTPS even on different domains SSO will work? The CAS clients can be on any number of domains; but there's no way to scope the CAS SSO cookie to anything other than the domain where the CAS server lives. I have network configuration, where I have firewall and balancer which receives https:// but in internal network redirect via http. Do you think it can be a problem or not? The only requirement is that the hosts _think_ they are over a secure channel. The definitive test is that http://download.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#isSecure%28%29 returns true for a Java application. I don't operate in this kind of environment, but I believe there are configuration knobs you can turn to make the host to believe it's secure even if the server connection handler isn't terminating SSL. Is it possible in test mode switch off secure flag? Yes, see the SSL section of https://wiki.jasig.org/display/CASUM/Securing+Your+New+CAS+Server. M -- You are currently subscribed to cas-user@lists.jasig.org as: dmi...@ardas.dp.ua To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: jeff.cha...@uni.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] trusting another CAS server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I assume there is a reason you have not looked into this, but you did not mention it, so I thought I would ask: Why not simply tie App B to CAS A and be done with it? This is the route we are taking at UNI with the one application we have that shipped with it's own CAS server, and it is working out fantastically. Jeff On 08/01/2011 09:12 AM, John Field wrote: Hi all, I am currently running CAS 3.4.8, and I would like to have my CAS server trust the login performed at another CAS server (3.4.2). That is: App A trusts CAS A (3.4.8). App B trusts CAS B (3.4.2). I would like to have CAS A accept a service ticket issued by CAS B, as proof of good authentication, and then have CAS A issue a TGT/ST for application A. Is there any native support for this type of deployment? i.e. can I accomplish this entirely through configuration, or would this require writing custom code? We can make the simplifying assumption that the user population is the same, i.e. both CAS servers share a common OpenLDAP back end, so there is no worry about username collisions. Thanks, John Field - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4/+yQACgkQQiaEUfQoY7QaPwCeJkoceLKB4r30C8/J34XW9GVy 8YoAn1QUW4juTfdeW7k7FAozHA2PoSYg =iB3R -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Fwd: MEMFIS, SIS, and Access non-production down
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This includes non-production CAS, and many other services. Jeff - Original Message Subject: MEMFIS, SIS, and Access non-production down Date: Thu, 21 Jul 2011 11:53:08 -0500 From: Nathaniel N. Petersen nathaniel.peter...@uni.edu To: it-al...@uni.edu The non-production SAN has experienced a hard fault. This is impacting a great many non-production services. We are in route to the array to address this issue. - -Nick - -- Sent from my phone. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk4oWeUACgkQQiaEUfQoY7QLrQCgxNdaNatjS+at0KI5gZdQESsy 1QwAoLihxrrShW9oHSWGQCJIinh3Zxte =1+kG -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] x-forwarded-for
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Let me clarify: I added the dependency for inspektyor-common to the pom.xml in my overlay, and added the correct version to maven and recompiled, but that does not seem to be logging what I expect. I suspect that I added this module incorrectly -- or need to include some of the additional jar files... Jeff Jeff Chapin wrote: Scott, Is there documentation on how to test this? Sorry i have been so swamped lately. Jeff Scott Battaglia wrote: I put some code into the Inspektr code base if you want to try it out. You'd have to build the code from source and replace the jar in the CAS distribution. Cheers, Scott On Fri, May 28, 2010 at 1:42 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: http://github.com/dima767/inspektr/issues/issue/4 Thanks very much -- this would be a wonderful feature to have! Jeff Scott Battaglia wrote: If you can log an issue into the Inspektr issue tracker for this I can get it into the 1.0.1 release of Inspektr. http://github.com/dima767/inspektr/issues On Fri, May 28, 2010 at 12:37 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: Is it possible to easily configure CAS to log the x-forwarded-for IP into COM_AUDIT_TRAIL in the AUD_CLIENT_IP table, rather than the IP? We are behind a load balancer and are currently only logging the balancer's IP to the log tables. Thanks, Jeff - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkwRDQQACgkQQiaEUfQoY7TxcQCdFi/BSKh8COf0PBmy+Ga3oLZa wJ0An2Ie1UzroVYjQG/l0RZ7FvPwqmDA =wHWP -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] x-forwarded-for
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://github.com/dima767/inspektr/issues/issue/4 Thanks very much -- this would be a wonderful feature to have! Jeff Scott Battaglia wrote: If you can log an issue into the Inspektr issue tracker for this I can get it into the 1.0.1 release of Inspektr. http://github.com/dima767/inspektr/issues On Fri, May 28, 2010 at 12:37 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: Is it possible to easily configure CAS to log the x-forwarded-for IP into COM_AUDIT_TRAIL in the AUD_CLIENT_IP table, rather than the IP? We are behind a load balancer and are currently only logging the balancer's IP to the log tables. Thanks, Jeff - -- You are currently subscribed to cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org as: scott.battag...@gmail.com mailto:scott.battag...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: jeff.cha...@uni.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkwAAGkACgkQQiaEUfQoY7T5DgCfY5ruMHzuDfOkSd+9MRa+bYQb leQAniFk3btnH3wSoxmWMmcBR1SgLQQZ =rttN -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] multiple CAS server environments
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'll second this. Marvin Addison wrote: The benefit of the method described in the Clustering docs is that you pull the configuration out of the war file, and make it host specific, and you can roll the same war file to all servers in the cluster. +1 for this approach. We are _very_ happy using a single deployable across 6 servers (2 for each of dev, pprd, prod). M - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvhpfsACgkQQiaEUfQoY7TNTgCgmy33Sr8oHOSB2rJJ6mVbFMBM yxwAnR+hV1EBxGzfeuJs/+5geZcnSyHR =UPDh -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] multiple CAS server environments
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
STOP READING MY SOURCE CODE.
Ok, it's open source, so carry on -- in fact, I would like to share.
I did not like using localhost for the services console, so I made the
following changes:
cas.securityContext.serviceProperties.service=${protocol.http}://${host.name}${port}/cas/services/j_acegi_cas_security_check
These hosts are clustered behind an F5, and
${protocol.http}://${host.name}${port} is ACLed so that only my team's
machines can access it.
This was depreciated before we ever launched, as we wrote a DB-side
registry management application. We are already looking at close to 300
Service IDs each for test, stage and prod -- this works out much better
for us.
Jeff
Marvin Addison wrote:
No. The host.name property is used in at least a couple of places and
should be the valid FQDN of the server.
It shouldn't be. We always named ours cas1 and cas2 :-)
You're right. I grepped through the source and the only configuration
references deal with ticket ID:
cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/uniqueIdGenerators.xml:
index=1
value=${host.name} /
cas-server-webapp/src/main/webapp/WEB-INF/cas-servlet.xml:
p:casTicketSuffix=${host.name}
For some reason I thought it also influenced the hostname used for the
services management app.
M
- --
Jeff Chapin,
Assistant Systems/Applications Administrator
ITS-IS, University of Northern Iowa
Phone: 319-273-3162 Email: jeff.cha...@uni.edu
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvhxJ4ACgkQQiaEUfQoY7Te4QCffHLLFENBDkthOTGIEISmFwuI
CesAnR4V8426s21bF4t0sbdCAlFxDur7
=MgQr
-END PGP SIGNATURE-
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] multiple CAS server environments
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We handle deployment to our servers as follows:
We have 8 servers total 2 dev (cas dev use only), 2 test (developer
dev/test), 2 stage (development stage), 2 prod (self explainitory). I
set an environment variable (TIER) on each tier appropriately, and I use
the external config options to include config files *OUTSIDE* the WAR
that hold the DB connect passwords, the LDAP server names, etc --
anything that varies between tier.
We have a shared filesystem mounted on all hosts: /shared_data.
Every host has tomcat installed (pretty much untar the apache tar file),
and the dev hosts have maven and the cas source.
Once a version of CAS is ready to start deploying, the cas.war is copied
to /shared_data/cas/`date -I`/ from the dev hosts. (I also copy all the
files modifed for the overlay, so I can revert to a point in time if
needed).
I then modify symlinks to point from /shared_data/cas/${TIER} to a given
version of our cas.war. Once that is done for a tier, I can run a quick
script that copies from /shared_data/cas/${TIER} to
${TOMCAT_HOME}/webapps, and restarts tomcat.
This works out *very* slick, as we can update test, stage, and prod as
testing completes, and allows us to see in a glance what versions are
deployed where -- and by backing up symlinks before I update them, I can
also track the history of what was moved when -- and rollbacks are a
breeze -- just restore the symlink of the version that works, and re-run
the script.
I like this for a few reasons:
1) I only have the build tools installed where they are absolutely needed
2) I only maintain 1 version of the code in one location, which means
that it is easier to ensure everything is identical inside CAS
3) This allows me to crank logging on dev/test as high as I wish, and
not worry about accidentally exposing production passwords.
4) I can *change* values with a simple restart of the nodes, rather than
a full rebuild, if I need to adjust a config option such as log levels,
or db connect info or pool sizes, etc.
Jeff
Raymond D Walker wrote:
Our institution's ¢2:
We currently use the Maven 2 overlay, but have opted to modify the pom.xml
and add a few properties files to allow for multiple environments. This is
done via enabling a particular build profile that would filter multiple
environment specific variables accordingly.
We also run 3 environments (2 servers prd, 2 servers test, 1 server dev)
where the deployment procedure involves locally pulling down the codebase
from a local repository, building specifically for the env via the procedure
mentioned above, then deploying. Speeds up things greatly.
Raymond Walker
Software Systems Engineer Sr.
ITS Northern Arizona University
On May 5, 2010, at 10:08 AM, Jeff Chapin wrote:
I'll second this.
Marvin Addison wrote:
The benefit of the method described in the Clustering docs is that you
pull
the configuration out of the war file, and make it host specific, and you
can roll the same war file to all servers in the cluster.
+1 for this approach. We are _very_ happy using a single deployable
across 6 servers (2 for each of dev, pprd, prod).
M
- --
You are currently subscribed to cas-user@lists.jasig.org as:
ray.wal...@nau.edu
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
- --
Jeff Chapin,
Assistant Systems/Applications Administrator
ITS-IS, University of Northern Iowa
Phone: 319-273-3162 Email: jeff.cha...@uni.edu
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvh2fsACgkQQiaEUfQoY7Sp9gCgh8c41LSvq6wWxUV3DMTgknLm
v/4AoIsxkhvUHX/f7wY2gb8pNYKHMtL9
=2/d+
-END PGP SIGNATURE-
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Perl Modules on AccessProd Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Any update on the AuthCAS perl module and installation? Jeff - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvgGgAACgkQQiaEUfQoY7T63ACfWCrT2WiZBwVzHskOet5iYFR1 VJYAnju2RDKYYY0PYU8dFyXzma5IZ9/F =PHa9 -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Perl Modules on AccessProd Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm sorry, please ignore this. It was sent to the wrong address. Jeff Chapin wrote: Any update on the AuthCAS perl module and installation? Jeff - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvgK+0ACgkQQiaEUfQoY7TjewCeKKWsJvgpqYxVLyFYkHawr0uR SlQAni/Vg+x8LpcVZYk0OfL+D6dkPmSN =DT2e -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Redirecting loop and service tickets not being consumed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am working with a developer of a client application, and we are having trouble getting his application CASified. Currently when you try to log in, IE and Firefox eventually time out in with an 'endless redirect' type error. I am seeing the following in my cas logs: 2010-05-04 13:16:11,379 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-1741-eYWMbUfRxbigaMYJlZEf-prodcasas1.admin.uni.edu] for service [https://access.uni.edu/cgi-bin/tmp/accessCasAuthTest1.cgi] for u ser [chapinj] 2010-05-04 13:16:11,384 INFO [org.jasig.cas.web.flow.PasswordWarningCheckAction] - checking account status-- 2010-05-04 13:16:11,384 INFO [org.jasig.cas.web.flow.PasswordWarningCheckAction] - Not a login attempt, skipping PasswordWarnCheck 2010-05-04 13:16:11,491 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-1742-PRu5ZdexBJM2MXmQuAux-prodcasas1.admin.uni.edu] for service [https://access.uni.edu/cgi-bin/tmp/accessCasAuthTest1.cgi] for u ser [chapinj] 2010-05-04 13:16:11,497 INFO [org.jasig.cas.web.flow.PasswordWarningCheckAction] - checking account status-- 2010-05-04 13:16:11,497 INFO [org.jasig.cas.web.flow.PasswordWarningCheckAction] - Not a login attempt, skipping PasswordWarnCheck 2010-05-04 13:16:11,644 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-1743-DaeSa2nPyMrH3ubHsu2d-prodcasas1.admin.uni.edu] for service [https://access.uni.edu/cgi-bin/tmp/accessCasAuthTest1.cgi] for u ser [chapinj] 2010-05-04 13:16:11,650 INFO [org.jasig.cas.web.flow.PasswordWarningCheckAction] - checking account status-- 2010-05-04 13:16:11,650 INFO [org.jasig.cas.web.flow.PasswordWarningCheckAction] - Not a login attempt, skipping PasswordWarnCheck 2010-05-04 13:16:11,775 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-1744-IdPtQBfY53CRhywfvfIf-prodcasas1.admin.uni.edu] for service [https://access.uni.edu/cgi-bin/tmp/accessCasAuthTest1.cgi] for u ser [chapinj] 2010-05-04 13:16:11,797 INFO [org.jasig.cas.web.flow.PasswordWarningCheckAction] - checking account status-- 2010-05-04 13:16:11,797 INFO [org.jasig.cas.web.flow.PasswordWarningCheckAction] - Not a login attempt, skipping PasswordWarnCheck 2010-05-04 13:16:11,925 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-1745-rdvkmfBYMSNvKD7dkeYo-prodcasas1.admin.uni.edu] for service [https://access.uni.edu/cgi-bin/tmp/accessCasAuthTest1.cgi] for u ser [chapinj] Eventually, I see the tickets expiring and being cleaned up. My suspicion is that the application is not redeeming the service ticket, and is instead requesting a new service ticket endlessly. Both the CAS server and the client code were working on different hosts (i.e. I moved the cas server from casstage.example.edu to cas.example.edu, and the apps from appstage.example.edu to apps.example.edu), and this code previously made the change from dev-test and test- stage with no trouble. Any ideas what is wrong, or why this is occurring? Thanks, Jeff - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvgb/oACgkQQiaEUfQoY7QQNgCfeBFpJTW+4RKFIUZ16xfxgBAF EWoAnRi0EFBjKjdODAF5f+zR50Lv3rPs =izbH -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] ServiceTicket Registry in a database
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I have my ticketRegistry configured to use a database, and I am seeing my TGTs showing up in the database -- but I am not seeing the STs showing up in the database. The tickets are still being issued, as I can still access the servers, and I am seeing the log messages saying they were issued. Any ideas where to look to find out why the ST are not being logged into the database? - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvbI5sACgkQQiaEUfQoY7RHngCaAzbiAm/gDlY5jdZbniSxM+g5 nAQAn3Qu5QU8HmvjuJuOPKe/K62QMavY =Q3/z -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] ServiceTicket Registry in a database
Well then, that explains that. Thanks for clarifying my misunderstanding! Marvin Addison marvin.addi...@gmail.com wrote: Any ideas where to look to find out why the ST are not being logged into the database? It's very likely the STs are issued (INSERTed) and then validated (DELETEd) before you can observe them in the database. If your clients can authenticate successfully against CAS with the JpaTicketRegistry turned on, then that's all the proof you need the service tickets are being managed in the DB correctly. Additionally, it would be highly unusual for TGT storage to work while ST storage is broken. M -- You are currently subscribed to cas-user@lists.jasig.org as: jeff.cha...@uni.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Enabling LDAP Password Policy Enforcement
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thank you so very much. I will be looking into this ASAP. Jeff Ahsan Imam wrote: Hi Jeff, In Eclipse import the CAS source and Pwd expiration source. http://docs.codehaus.org/display/GFS/howto+import+project+into+eclipse Good source for importing projects into eclipse Then you can attach to the debugger In eclipse click on Run - Debug Configurations - Remote Java Applications Click NEW Then add the hostname and port and then click on debug. The project which you imported must appear otherwise the eclipse will not attach If everything goes well your debugger will be attached. Switch to debug mode Window - Open Perspective - Debug In the project you imported you will have to set a break point in a file. Look for the file LdapPasswordWarningCheck.java and go the method getPasswordWarning. Inside this method find a line of code e.g. (List attributeList = new ArrayList(); ) Then from the men Run- Toggle Breakpoint Now go to your browser and start the login process and when the code hit the break point it will stop. Then you step through the code. Hope this helps Ahsan On Tue, Apr 20, 2010 at 3:39 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: Anyone know of any good documentation on how to use a debugger with cas/tomcat? I found some documentation on how to run tomcat and listen for incoming connections, and I tried that, as well as opened the network ACLs to allow traffic, and then attempted to attach an install of eclipse to the tomcat host now what? I'm not a java dev and have simply been using vi on the server to develop and install cas, so I am stumped. Jeff Jeff Chapin wrote: I am making slow progress. I am now seeing the following error in localhost-`date`.out: SEVERE: Servlet.service() for servlet cas threw exception java.lang.InstantiationException at sun.reflect.InstantiationExceptionConstructorAccessorImpl.newInstance(InstantiationExceptionConstructorAccessorImpl.java:30) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100) at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:78) at org.springframework.web.servlet.view.UrlBasedViewResolver.buildView(UrlBasedViewResolver.java:431) at org.springframework.web.servlet.view.UrlBasedViewResolver.loadView(UrlBasedViewResolver.java:412) at org.springframework.web.servlet.view.AbstractCachingViewResolver.createView(AbstractCachingViewResolver.java:159) at org.springframework.web.servlet.view.UrlBasedViewResolver.createView(UrlBasedViewResolver.java:378) at org.springframework.web.servlet.view.AbstractCachingViewResolver.resolveViewName(AbstractCachingViewResolver.java:78) at org.springframework.web.servlet.DispatcherServlet.resolveViewName(DispatcherServlet.java:1215) at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1164) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:902) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109
Re: [cas-user] Enabling LDAP Password Policy Enforcement
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have managed to get this working. It appears that I somehow skipped a step I had documented. Jeff Jeff Chapin wrote: Thank you so very much. I will be looking into this ASAP. Jeff Ahsan Imam wrote: Hi Jeff, In Eclipse import the CAS source and Pwd expiration source. http://docs.codehaus.org/display/GFS/howto+import+project+into+eclipse Good source for importing projects into eclipse Then you can attach to the debugger In eclipse click on Run - Debug Configurations - Remote Java Applications Click NEW Then add the hostname and port and then click on debug. The project which you imported must appear otherwise the eclipse will not attach If everything goes well your debugger will be attached. Switch to debug mode Window - Open Perspective - Debug In the project you imported you will have to set a break point in a file. Look for the file LdapPasswordWarningCheck.java and go the method getPasswordWarning. Inside this method find a line of code e.g. (List attributeList = new ArrayList(); ) Then from the men Run- Toggle Breakpoint Now go to your browser and start the login process and when the code hit the break point it will stop. Then you step through the code. Hope this helps Ahsan On Tue, Apr 20, 2010 at 3:39 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: Anyone know of any good documentation on how to use a debugger with cas/tomcat? I found some documentation on how to run tomcat and listen for incoming connections, and I tried that, as well as opened the network ACLs to allow traffic, and then attempted to attach an install of eclipse to the tomcat host now what? I'm not a java dev and have simply been using vi on the server to develop and install cas, so I am stumped. Jeff Jeff Chapin wrote: I am making slow progress. I am now seeing the following error in localhost-`date`.out: SEVERE: Servlet.service() for servlet cas threw exception java.lang.InstantiationException at sun.reflect.InstantiationExceptionConstructorAccessorImpl.newInstance(InstantiationExceptionConstructorAccessorImpl.java:30) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100) at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:78) at org.springframework.web.servlet.view.UrlBasedViewResolver.buildView(UrlBasedViewResolver.java:431) at org.springframework.web.servlet.view.UrlBasedViewResolver.loadView(UrlBasedViewResolver.java:412) at org.springframework.web.servlet.view.AbstractCachingViewResolver.createView(AbstractCachingViewResolver.java:159) at org.springframework.web.servlet.view.UrlBasedViewResolver.createView(UrlBasedViewResolver.java:378) at org.springframework.web.servlet.view.AbstractCachingViewResolver.resolveViewName(AbstractCachingViewResolver.java:78) at org.springframework.web.servlet.DispatcherServlet.resolveViewName(DispatcherServlet.java:1215) at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1164) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:902) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke
[cas-user] $ in usernames
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is not something that we *need*, or even *want*, but it's strange
behavior, so I thought I would report it.
One of my coworkers was stress-testing our CAS install, and for some
reason the tool he was using was passing '${username}' as the actual
username to log in, and not expanding it.
This resulted in the CAS is unavailable' error, and not the 'Unable to
authenticate you' message I would have expected.
Just passing on a report in case someone wants to look into this.
Thanks for the excellent software!
Jeff
- --
Jeff Chapin,
Assistant Systems/Applications Administrator
ITS-IS, University of Northern Iowa
Phone: 319-273-3162 Email: jeff.cha...@uni.edu
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvMYToACgkQQiaEUfQoY7RBIgCfbSRbu0OsTGRJhQeIKwztRQ1G
kdAAn07DyEjUzXdlUGd2lbuvRQq3RZmC
=SRuV
-END PGP SIGNATURE-
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Cannot insert NULL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am getting the following error -- I assume it is because I have something configured wrong, as the database schema was setup by CAS: Exception in thread pool-2-thread-174783 org.springframework.dao.DataIntegrityViolationException: PreparedStatementCallback; SQL [Insert into COM_AUDIT_TRAIL(AUD_USER, AUD_CLIENT_IP, AUD_SERVER_IP, AUD_RESOURCE, AUD_ACTION, APPLIC_CD, AUD_DATE) Values(?, ?, ?, ?, ?, ?, ?)]; ORA-01400: cannot insert NULL into (CAS_CONFIG_HATHOR.COM_AUDIT_TRAIL.AUD_USER) ; nested exception is java.sql.SQLException: ORA-01400: cannot insert NULL into (CAS_CONFIG_HATHOR.COM_AUDIT_TRAIL.AUD_USER) at org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTranslator.doTranslate(SQLErrorCodeSQLExceptionTranslator.java:228) at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:72) at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:607) at org.springframework.jdbc.core.JdbcTemplate.update(JdbcTemplate.java:792) at org.springframework.jdbc.core.JdbcTemplate.update(JdbcTemplate.java:850) at org.springframework.jdbc.core.JdbcTemplate.update(JdbcTemplate.java:858) at org.springframework.jdbc.core.simple.SimpleJdbcTemplate.update(SimpleJdbcTemplate.java:237) at org.inspektr.audit.support.JdbcAuditTrailManager$LoggingTask$1.doInTransactionWithoutResult(JdbcAuditTrailManager.java:96) at org.springframework.transaction.support.TransactionCallbackWithoutResult.doInTransaction(TransactionCallbackWithoutResult.java:33) at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:127) at org.inspektr.audit.support.JdbcAuditTrailManager$LoggingTask.run(JdbcAuditTrailManager.java:89) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:619) Caused by: java.sql.SQLException: ORA-01400: cannot insert NULL into (CAS_CONFIG_HATHOR.COM_AUDIT_TRAIL.AUD_USER) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:331) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:288) at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:743) at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:216) at oracle.jdbc.driver.T4CPreparedStatement.executeForRows(T4CPreparedStatement.java:955) at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1168) at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3285) at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:3368) at com.mchange.v2.c3p0.impl.NewProxyPreparedStatement.executeUpdate(NewProxyPreparedStatement.java:105) at org.springframework.jdbc.core.JdbcTemplate$2.doInPreparedStatement(JdbcTemplate.java:798) at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:591) Any ideas how to fix this ? - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvMag8ACgkQQiaEUfQoY7TaGgCeMT17NBiiiNzy92mh4idv4Jei CDIAmwZY6lFAUJCAIg89+YSYiApYdqpq =sP4v -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] 3.4.2 and cas-server-support-ldap-pwd-expiration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Does the module for cas 3.3.5 work with 3.4.2 on this module? Anyone have any experiences with this? - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvMmToACgkQQiaEUfQoY7QuEwCdHMgDu/Wrt5Hi1XmvSS090Y8U rncAnRuZ/24lUUaAiZibDSBLqXfjvtAc =Pz/E -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] CAS 3.4.2 and
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Has anyone worked with CAS 3.4.2 and LDAP Password Policy Enforcement (http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement) yet? I am wondering if the module for 3.3.5 worked, or if much customization was required. Thanks, Jeff - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvHXMoACgkQQiaEUfQoY7Sz/ACcDGt0R4hi2F0BR8UJFP3kHqkr adwAn1v0XBOl02hy0DHcPe+XKo5iULRZ =G/WZ -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] SSL Error
Key_Encipherment ] ] Algorithm: [SHA1withRSA] Signature: : A6 08 8E C8 79 FF D9 41 15 BB A4 05 B4 22 BA 06 y..A... 0010: 33 FC 34 59 C4 74 9A 98 AC 64 43 F9 C1 F0 D0 7E 3.4Y.t...dC. 0020: B6 73 1D 21 B9 8F 6A 4C 79 70 4A E1 70 E5 89 34 .s.!..jLypJ.p..4 0030: FB E2 7E 67 2B 1A 73 23 74 D8 08 08 A3 69 9D 94 ...g+.s#ti.. 0040: 1B C8 0F D1 67 E2 44 4C 01 36 00 92 76 95 A5 23 g.DL.6..v..# 0050: 9B 9B 39 63 21 1E 91 C3 7E C4 DE 9F 15 D2 48 27 ..9c!.H' 0060: 4F 4D 43 AB FE 30 1F 9F 99 7E CA 03 F6 EC DC CF OMC..0.. 0070: 74 FF BE 0E 92 AF 0A 1A DA 94 73 CA 0B 76 75 E4 t.s..vu. 0080: 5D E8 EA 51 D4 F3 50 C8 E2 35 3D A1 78 3E B5 87 ]..Q..P..5=.x.. 0090: FA F0 B7 A7 9E 40 2E 15 CD AE 9E 79 B5 04 F4 AC .@.y 00A0: 97 57 3C 1A AD 22 26 CD 73 28 91 AC D8 3D BF DA .W...s(...=.. 00B0: AC DB 2A F4 1E 8B 44 10 0A A6 4B A0 94 3E 50 C5 ..*...D...K..P. 00C0: E6 9A 8F 96 1E F1 42 34 47 D8 E2 45 69 B0 2D FF ..B4G..Ei.-. 00D0: 1E 14 26 EF D8 41 B1 E1 94 E7 F2 55 75 F5 60 F1 A.Uu.`. 00E0: 73 EC D3 89 45 3E 2E F5 D9 A5 A8 C3 BF D9 88 D5 s...E.. 00F0: 50 A1 40 13 C0 A6 43 F0 81 58 E2 05 FB FE 00 CA p...@...c..x.. ] That's the cert chain immediately before the PKIX validation error. The chain appears truncated since in the previous SSL/TLS handshakes in the log, the full chain from *.uni.edu down to entrust is shown. Hopefully knowing you're not sending the full chain in some cases is enough of a hint to point you in the right direction. M - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvDSroACgkQQiaEUfQoY7QQ0ACfRbyS18+FKGg3RQI0c6TjeIEX 248Ani+Bq2ZTHsGxkYCiekOs5MV6jVRW =F9An -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Enabling LDAP Password Policy Enforcement
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yes, we are using a maven overlay. I will see if I can figure out a way to run a debugger on this. I don't do much java development, and the fact that this is on a unix host, combined with the ACLs we have in place to protect some of the resources might make debugging an interesting challenge. Thanks for the advice. Jeff Ahsan Imam wrote: Hi Jeff, I am not sure if this will help but you can start tomcat in debug mode and then attach a debugger (I used eclipse) to see what is happening. When I was having issues I set my debug statement (LdapPasswordWarningCheck.java) in the method getPasswordWarning. Some other keys files to look through are PasswordWarningCheckAction.java PasswordWarningDynamicViewSelector.java (webflow) AuthenticationViaFormAction.java Stepping through the code gave me pretty good indication of what was happening. Debugging prompted to modify properties files which I neglected to update. Also we made some modifications to add more functionality if a users password expired. Also are you using cas maven overlay method? Ahsan On Wed, Apr 7, 2010 at 12:09 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: To make things even more fun, the instance I have with LdapBind and an attempt at the ldap-pwd module is letting locked users log in, but an instance with FastBind is not. I most definitely have something broken. Jeff Jeff Chapin wrote: I know I am grave digging, but I am working on getting this module working still. I have gotten LdapBind working, and I have the password working information getting initialized: This is from catalina.out: 2010-04-06 16:42:18,580 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - LDAP Search Base: 'cn=Users,dc=Collab,dc=uni,dc=edu' 2010-04-06 16:42:18,597 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Search Filter: 'cn=%u' 2010-04-06 16:42:18,597 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - warnAll: 'true' 2010-04-06 16:42:18,597 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Date format: 'MMddHHmmss'z'' 2010-04-06 16:42:18,597 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - warningCheckType: 'change' 2010-04-06 16:42:18,597 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Date Attribute: 'pwdchangedtime' 2010-04-06 16:42:18,597 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Warning Days Attribute: 'passwordwarningdays' 2010-04-06 16:42:18,597 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Valid Days Attribute: 'passwordexpiredays' 2010-04-06 16:42:18,598 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Default Warning Days: '300' 2010-04-06 16:42:18,598 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Password Max Age (in days): '1' Those are the correct values I entered -- but that is the last sign I see of the module being run. Nothing is logged, nor am I warned that I need to change my password -- even though I have warn set to true. I followed the guide here: http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement and I made the following changes to my default_view, as advised on this thread: ## Expired Password Error message casExpiredPassView.(class)=org.springframework.web.servlet.view.JstlView casExpiredPassView.url=/WEB-INF/view/jsp/default/ui/casExpiredPassView.jsp ### Locked Account Error message casAccountLockedView.(class)=org.springframework.web.servlet.view.JstlView casAccountLockedView.url=/WEB-INF/view/jsp/default/ui/casAccountLockedView.jsp ### Disabled Account Error message casAccountDisabledView.(class)=org.springframework.web.servlet.view.JstlView casAccountDisabledView.url=/WEB-INF/view/jsp/default/ui/casAccountDisabledView.jsp ### Password Expiration Warning message (logged in, PasswordWarningCheck=true) casWarnPassView.(class)=org.springframework.web.servlet.view.JstlView casWarnPassView.url=/WEB-INF/view/jsp/default/ui/casWarnPassView.jsp I *am* getting the following error when I try to log into /cas/services to test: 2010-04-06 16:43:08,245 DEBUG [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - Performing LDAP bind with credential: cn=chapinj,cn=Users,dc=collab,dc=uni,dc=edu Exception in thread Thread-14 java.security.ProviderException: update() failed 2010-04-06 16:43:08,299 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: chapinj] at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:557) at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:457) at javax.crypto.Cipher.update(DashoA13
[cas-user] Reducing hibernate verbosity
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 How do I eliminate or reduce the following type of messages in my log files? - ---Hibernate: select allowedatt0_.RegisteredServiceImpl_id as Register1_0_, allowedatt0_.a_name as a2_0_, allowedatt0_.a_id as a3_0_ from rs_attributes allowedatt0_ where allowedatt0_.RegisteredServiceImpl_id=? - --- I have tried setting the following in my log4j.properties - --- log4j.logger.org.hibernate=info - --- Thanks, Jeff - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAku+LSoACgkQQiaEUfQoY7RZSQCfUteQyyiBjA5gHZNTkjRN1Zlc GvQAn2MYMzmYMQPpcyJDFL5TGfYno4Mz =wMzj -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Reducing hibernate verbosity
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 That did it! Thanks! John King wrote: Look for: property name=showSql value=true / change it to: property name=showSql value=false / I think both of these files make reference to showSql by default: cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketRegistry.xml cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml I made this same change recently for our implementation. I can't say I know enough about CAS to promise this is the only (or best) way to do it :) John On 4/8/2010 3:23 PM, Jeff Chapin wrote: How do I eliminate or reduce the following type of messages in my log files? ---Hibernate: select allowedatt0_.RegisteredServiceImpl_id as Register1_0_, allowedatt0_.a_name as a2_0_, allowedatt0_.a_id as a3_0_ from rs_attributes allowedatt0_ where allowedatt0_.RegisteredServiceImpl_id=? --- I have tried setting the following in my log4j.properties --- log4j.logger.org.hibernate=info --- Thanks, Jeff - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAku+O0oACgkQQiaEUfQoY7QNewCeP+Kerz1nGvmfXlGH0KlzB9YC NkYAn1NKL3m0sdQiNJvxPJpbX0BVaKkx =1+eM -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] SSL Error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In catalina.out2, the line the error starts on is immediately following the SQL error. The line starts with 2010-04-06 15:23:41,306 Jeff Scott Battaglia wrote: I don't see any SSL errors in the catalina.out Did I miss it? On Tue, Apr 6, 2010 at 5:05 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: Is that related to the SSL issue? That error started when we began logging to the database, and I have not had time to address thant one -- it is believed that the SSL error is much more critical. Jeff Scott Battaglia wrote: The error is this: Exception in thread pool-2-thread-1 org.springframework.dao.DataIntegrityViolationException: PreparedStatementCallback; SQL [Insert into COM_AUDIT_TRAIL(AUD_USER, AUD_CLIENT_IP, AUD_SERVER_IP, AUD_RESOURCE, AUD_ACTION, APPLIC_CD, AUD_DATE) Values(?, ?, ?, ?, ?, ?, ?)]; ORA-01400: cannot insert NULL into (CAS_CONFIG.COM_AUDIT_TRAIL.AUD_USER) ; nested exception is java.sql.SQLException: ORA-01400: cannot insert NULL into (CAS_CONFIG.COM_AUDIT_TRAIL.AUD_USER) This looks like you tried to do something and there was no user available for auditing purposes. On Tue, Apr 6, 2010 at 4:47 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: We fixed our SSL naming issue and are still getting the error. The sssl debug log files are attached, as requested. I created the error twice, once in each log. Thanks, Jeff Marvin Addison wrote: Looking at that cacerts file, it appears that the DigiCert Global CA is in there... Next step is to produce an SSL trace and attach it. http://www.ja-sig.org/wiki/display/CASUM/SSL+Troubleshooting+and+Reference+Guide has instructions if you need them. M - -- You are currently subscribed to cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org as: scott.battag...@gmail.com mailto:scott.battag...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: jeff.cha...@uni.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAku8lskACgkQQiaEUfQoY7Qx5wCgrnlmTDa8ji8s4uyPdpp6lt/3 uYoAoI8oXTBZ3rtYtvGZoVfHkZY7VTD2 =2SzN -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Enabling LDAP Password Policy Enforcement
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To make things even more fun, the instance I have with LdapBind and an attempt at the ldap-pwd module is letting locked users log in, but an instance with FastBind is not. I most definitely have something broken. Jeff Jeff Chapin wrote: I know I am grave digging, but I am working on getting this module working still. I have gotten LdapBind working, and I have the password working information getting initialized: This is from catalina.out: 2010-04-06 16:42:18,580 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - LDAP Search Base: 'cn=Users,dc=Collab,dc=uni,dc=edu' 2010-04-06 16:42:18,597 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Search Filter: 'cn=%u' 2010-04-06 16:42:18,597 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - warnAll: 'true' 2010-04-06 16:42:18,597 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Date format: 'MMddHHmmss'z'' 2010-04-06 16:42:18,597 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - warningCheckType: 'change' 2010-04-06 16:42:18,597 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Date Attribute: 'pwdchangedtime' 2010-04-06 16:42:18,597 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Warning Days Attribute: 'passwordwarningdays' 2010-04-06 16:42:18,597 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Valid Days Attribute: 'passwordexpiredays' 2010-04-06 16:42:18,598 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Default Warning Days: '300' 2010-04-06 16:42:18,598 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Password Max Age (in days): '1' Those are the correct values I entered -- but that is the last sign I see of the module being run. Nothing is logged, nor am I warned that I need to change my password -- even though I have warn set to true. I followed the guide here: http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement and I made the following changes to my default_view, as advised on this thread: ## Expired Password Error message casExpiredPassView.(class)=org.springframework.web.servlet.view.JstlView casExpiredPassView.url=/WEB-INF/view/jsp/default/ui/casExpiredPassView.jsp ### Locked Account Error message casAccountLockedView.(class)=org.springframework.web.servlet.view.JstlView casAccountLockedView.url=/WEB-INF/view/jsp/default/ui/casAccountLockedView.jsp ### Disabled Account Error message casAccountDisabledView.(class)=org.springframework.web.servlet.view.JstlView casAccountDisabledView.url=/WEB-INF/view/jsp/default/ui/casAccountDisabledView.jsp ### Password Expiration Warning message (logged in, PasswordWarningCheck=true) casWarnPassView.(class)=org.springframework.web.servlet.view.JstlView casWarnPassView.url=/WEB-INF/view/jsp/default/ui/casWarnPassView.jsp I *am* getting the following error when I try to log into /cas/services to test: 2010-04-06 16:43:08,245 DEBUG [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - Performing LDAP bind with credential: cn=chapinj,cn=Users,dc=collab,dc=uni,dc=edu Exception in thread Thread-14 java.security.ProviderException: update() failed 2010-04-06 16:43:08,299 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: chapinj] at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:557) at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:457) at javax.crypto.Cipher.update(DashoA13*..) at com.sun.net.ssl.internal.ssl.CipherBox.encrypt(CipherBox.java:141) at com.sun.net.ssl.internal.ssl.OutputRecord.encrypt(OutputRecord.java:197) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecordInternal(SSLSocketImpl.java:733) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:722) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.sendAlert(SSLSocketImpl.java:1720) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1606) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1574) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1538) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1483) at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:86) at java.io.BufferedInputStream.fill(BufferedInputStream.java:218) at java.io.BufferedInputStream.read1(BufferedInputStream.java:258) at java.io.BufferedInputStream.read(BufferedInputStream.java:317) at com.sun.jndi.ldap.Connection.run(Connection.java:805) at java.lang.Thread.run(Thread.java
Re: [cas-user] CAS crashing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, the crashes are still occuring. I have set up a workaround for our other SSL issues, and this bug is still around. Any other suggestions on what to check? Jeff Jeff Chapin wrote: We are still deploying and moving towards launch. At the moment we do *not* have a cluster running. That is slated for phase 2 of the process, and is the first feature to be added once the single node install is working correctly. I have redeployed, and modified the servers.xml file for tomcat to no longer listen on 8080, 8443, or 443, and to no longer list 443 as the secure port for 80. This was actually something I had done a while back that had not been applied to this environment yet. So far, so good -- no crashes yet. *knocks on wood* Jeff Corey Scholefield wrote: As far as having the F5 front the CAS servers (assuming a CAS cluster of 2 in your stack?) and perform the SSL termination, I gather that this is a common way to offer the CAS service. As CAS newbies, we are just building out our CAS deployment here, with an SSL-offload configuration with our F5 much like you describe. I'd be interested in hearing that this is indeed a common approach thanks! Corey S. Corey Scholefield Identity Access Mgmt. Team Lead UVic Online | University Systems University of Victoria | Victoria, BC, Canada cor...@uvic.ca | +1.250.472.4549 Jeff Chapin wrote: Offloading. We have a BigIP F5 that is accepting the SSL connections, stripping off the SSL portion, and forwarding to port 80 on the CAS box. I will double check the config on the test box to make sure that all SSL ports are closed on that machine. Thanks! Patrick Berry wrote: A first glance, it looks like something to do with SSL perhaps. Are you using Tomcat? Are you offloading SSL or is you container handling it? On Thu, Apr 1, 2010 at 7:57 AM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: I have rolled an instance of CAS 3.3.5 into a test instance. We have started to tie a few apps to this instance, and CAS has begun randomly crashing, sometimes as often as several times a day, and not always when under load much load. As little as one user logging in can kill it, or it can wait for as many as several hundred login attempts. When I check catalina.out, I see the following error. It is the same error each time -- with pkcs11_softtoken. This is running on Sparc hardware, running Solaris 10 in a zone. Any suggestions? # # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0xfbc58404, pid=13993, tid=405 # # JRE version: 6.0_16-b01 # Java VM: Java HotSpot(TM) Server VM (14.2-b01 mixed mode solaris-sparc ) # Problematic frame: # C [pkcs11_softtoken.so.1+0x38404] # # An error report file with more information is saved as: # /home/ascass/hs_err_pid13993.log # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # Thanks, Jeff - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAku889QACgkQQiaEUfQoY7RNugCgvfX5dXByFfcM2H+ynvSb3Px+ e68AoJVkoMYcb0tw/ymBiBKQk+eN+l85 =8L5x -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] SSL Error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Actually, late last night I stumbled on something that may be related, and I am following up on that. It appears that the SSL certificate was improperly issued. It is a wildcard with the following alternative domains: server.domain.edu.domain.edu and *.domain.edu. It is likely that Java is upset by the first bit, but Firefox and other browsers are satisfied by the star.domain.edu. Either way, I am not devoting any more time to this issue until this error is resolved. Thanks much, Jeff Marvin Addison wrote: Looking at that cacerts file, it appears that the DigiCert Global CA is in there... Next step is to produce an SSL trace and attach it. http://www.ja-sig.org/wiki/display/CASUM/SSL+Troubleshooting+and+Reference+Guide has instructions if you need them. M - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAku7RrMACgkQQiaEUfQoY7TvoACdEHIidj7aSlsXZ3AUUtHsijbx j8QAoIyW4NEW6VlPtJXsvPiCBlgRSTCC =jLzZ -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Changing the location of log4j.properties
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The method I did, which did not use an XML configuration file, did not
require editing pom.xml at all. The snippit I gave was the only change
- -- in addition to moving the log4j.properties file to a new location --
which existed prior to redeploying on a host.
Patrick Berry wrote:
On Thu, Apr 1, 2010 at 12:28 PM, Marvin Addison
marvin.addi...@gmail.com mailto:marvin.addi...@gmail.com wrote:
I would like to place the config file log4j.properties outside the war
file
You'll want something like the following in your web.xml:
context-param
param-namelog4jConfigLocation/param-name
param-valuefile://${cas.home}/log4j.xml/param-value
/context-param
where cas.home is a property that points to the full path of our CAS
application home directory.
M
Assuming that you're using the maven overlay method, you also need to
have to exclude WEB-INF/classes/log4j.xml in your pom.xml, right? I'm
doing this, but it gives these errors on the console:
INFO: Deploying web application archive cas.war
log4j:WARN No appenders could be found for logger
(org.apache.commons.digester.Digester.sax).
log4j:WARN Please initialize the log4j system properly.
I assume that these can be safely ignored because it does pick up my
log4j.xml outside of the container and uses those settings?
--
You are currently subscribed to cas-user@lists.jasig.org as:
jeff.cha...@uni.edu
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
- --
Jeff Chapin,
Assistant Systems/Applications Administrator
ITS-IS, University of Northern Iowa
Phone: 319-273-3162 Email: jeff.cha...@uni.edu
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAku7i84ACgkQQiaEUfQoY7TMcgCdE5SQ6ycIX9Acj2zs3d5ICNMh
OgEAnAj2qnM6wJN/yxEYuvLzMoHBzi8r
=N329
-END PGP SIGNATURE-
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] SSL Error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is that related to the SSL issue? That error started when we began logging to the database, and I have not had time to address thant one -- it is believed that the SSL error is much more critical. Jeff Scott Battaglia wrote: The error is this: Exception in thread pool-2-thread-1 org.springframework.dao.DataIntegrityViolationException: PreparedStatementCallback; SQL [Insert into COM_AUDIT_TRAIL(AUD_USER, AUD_CLIENT_IP, AUD_SERVER_IP, AUD_RESOURCE, AUD_ACTION, APPLIC_CD, AUD_DATE) Values(?, ?, ?, ?, ?, ?, ?)]; ORA-01400: cannot insert NULL into (CAS_CONFIG.COM_AUDIT_TRAIL.AUD_USER) ; nested exception is java.sql.SQLException: ORA-01400: cannot insert NULL into (CAS_CONFIG.COM_AUDIT_TRAIL.AUD_USER) This looks like you tried to do something and there was no user available for auditing purposes. On Tue, Apr 6, 2010 at 4:47 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: We fixed our SSL naming issue and are still getting the error. The sssl debug log files are attached, as requested. I created the error twice, once in each log. Thanks, Jeff Marvin Addison wrote: Looking at that cacerts file, it appears that the DigiCert Global CA is in there... Next step is to produce an SSL trace and attach it. http://www.ja-sig.org/wiki/display/CASUM/SSL+Troubleshooting+and+Reference+Guide has instructions if you need them. M - -- You are currently subscribed to cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org as: scott.battag...@gmail.com mailto:scott.battag...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAku7ogMACgkQQiaEUfQoY7QJJwCgrdr2vrrAIokJXky2r1icpgyI MZkAoKqwmUmk3TpqaxLhaRR7ZnwNB7Mv =MeE0 -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Enabling LDAP Password Policy Enforcement
went wrong or managed to break things. This is java 1.6.0, cas 3.3.5, and Solaris 10. Any suggestions before I go bald? Thanks, Jeff Jeff Chapin wrote: I had actually been barking up that tree -- using BindLdap, and not FastBind, but had to move in different directions. I will try to replicate your results in the morning and see what I can come up with. Thanks for the pointers! Jeff Vitty, Paul wrote: Jeff/Ahsan, I've been working on this issue this evening and have gotten to the point where I am seeing the output you expect to see. I'm not sure, maybe you know this already, but the password about to expire message is only shown when you request a service ticket, it's not shown when only a ticket granting ticket is requested. Another thing I worked out is that you need to use the org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler for your LDAP authentication handler in deployerConfigContext.xml, where as before we were using the Fast Bind class. Not sure if that helps you out, but it's got me this far. Paul On 15 Feb 2010, at 22:16, Jeff Chapin wrote: No, I have not got this to work yet. I moved focus to other issues on my plate. I will look into this again further tomorrow, but this appears to be the *EXACT* same experience I am having -- so we appear to be on the same page, at least. Jeff Ahsan Imam wrote: Jeff, Did you ever get the module to work? Are you still have issues? After the documentation was updated on Feb 10, I changed my configuration setting specified for passwordWarningcheck.xml. I am getting no warning message and there is nothing in the logs. Logging is set to: log4j.logger.org.jasig.cas.services=INFO log4j.logger.org.jasig.cas.web.flow=DEBUG log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG log4j.logger.org.jasig.cas.adaptors=DEBUG I set warnAll to true and I should see a message Show Warning (WarnALL is TRUE!) -- The password for + userID + will expire in + Math.round(DateDiff / Timer.ONE_DAY) + days based on the code. I do not see and message in the browser or the logs. I wonder if I am missing something Sincerely, Ahsan On Fri, Feb 12, 2010 at 7:55 AM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: You guys rock! Only problem I have is I am still not seeing anything new in my logs. I am seeing the same behavior as with the last version. Thank you so much for the assistance. Jeff Scott Battaglia wrote: I think Eric made an update to the page. Not sure if that will help or not. On Thu, Feb 11, 2010 at 10:29 AM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: I believe that log line came from this bean: bean id=PasswordWarningCheckAction class=org.jasig.cas.web.flow.PasswordWarningCheckAction property name=passwordWarningCheck ref=passwordWarningCheck / /bean This was documented in the link below. Am I off base? I am still learning how this setup works and feeling my way around. Jeff Scott Battaglia wrote: I don't know much about it but there's no reason it shouldn't work. It doesn't look like there any instructions to tell you to add it to the web flow though. On Wed, Feb 10, 2010 at 12:03 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: Hello, I am using CAS 3.3.5, and I have tried to get LDAP password policy enforcement running, as per http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement. I have cranked logging as follows: log4j.logger.org.jasig.cas.services=INFO log4j.logger.org.jasig.cas.web.flow=DEBUG log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG log4j.logger.org.jasig.cas.adaptors=DEBUG , other than that, the logging is identical to the Logging page on the wiki. Here are the only logs that are currently appearing: 2010-02-10 10:58:58,550 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Search Filter: 'cn=%u' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Expire Date Attribute: 'pwdchangedtime' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Warning Days Attribute: 'passwordwarningdays' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Default Warning Days: '-1' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Date format: 'MMddHHmmss'z'' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - LDAP Search Base: 'cn=Users,dc=collab,dc=uni,dc=edu' 2010-02-10 10:58:58,553 DEBUG [org.jasig.cas.web.flow.PasswordWarningCheckAction] - inited with passwordWarningChecker
Re: [cas-user] SSL Error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We have not deliberately set javax.net.ssl.trustStore. Looking at that cacerts file, it appears that the DigiCert Global CA is in there... I'll keep digging, thanks. Jeff Marvin Addison wrote: I will assume you're not using a custom truststore via the javax.net.ssl.trustStore system property, which means the system key/truststore is $JAVA_HOME/jre/lib/security/cacerts. Import the DigiCert CA cert into that file and try again. I've never used the .keystore in the user directory, although colleagues have used that with success. http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#CustomizingStores has more to say about JRE keystore/truststore search strategy. M - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAku6U8wACgkQQiaEUfQoY7Q7DwCgtpmD9mCNzP2/c53bY7Na7Qbv GNMAnR30uY14pUKuGNfxJacZ/lFcoouE =FdWw -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Changing the location of log4j.properties
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marvin,
Thanks for your (as always) helpful email.
I ended up making the following change to the file
src/main/webapp/WEB-INF/web.xml
context-param
param-namelog4jConfigLocation/param-name
param-valuefile://${CONFIG_HOME}/log4j.properties/param-value
/context-param
CONFIG_HOME is an environmental variable we have set, and this works
wonderfully.
Marvin Addison wrote:
I would like to place the config file log4j.properties outside the war
file
You'll want something like the following in your web.xml:
context-param
param-namelog4jConfigLocation/param-name
param-valuefile://${cas.home}/log4j.xml/param-value
/context-param
where cas.home is a property that points to the full path of our CAS
application home directory.
M
- --
Jeff Chapin,
Assistant Systems/Applications Administrator
ITS-IS, University of Northern Iowa
Phone: 319-273-3162 Email: jeff.cha...@uni.edu
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAku2GqwACgkQQiaEUfQoY7TUmQCdEraOMvSp/rZswoGTmGj+rDzV
hLYAniLazbLH95oxe9z/q0/glpyh4IdY
=OKY4
-END PGP SIGNATURE-
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] SSL Error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am getting the top error from this page: http://www.ja-sig.org/wiki/display/CASUM/SSL+Troubleshooting+and+Reference+Guide In this cas the client is the AuthCAS perl module, and we are using DigiCert as our CA, so this is not a self signed certificate. I am running into a lot of trouble trying to pin this error down, as it appears that the cabundle we are passing to AuthCAS includes the DigiCert CA. Is there any other place to look to resolve this issue? Thanks Actuall error follows: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:904) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230) at org.jasig.cas.util.HttpClient$MessageSender.call(HttpClient.java:195) at org.jasig.cas.util.HttpClient$MessageSender.call(HttpClient.java:160) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) at java.util.concurrent.FutureTask.run(FutureTask.java:138) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:619) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014) ... 18 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) ... 24 more - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAku2TaUACgkQQiaEUfQoY7SgmACguaSCDHcXPNH3SOvaen4vlwzM ADQAniYt9HY84BBh6NF1mEmyyxBqTzrJ =sDZn -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] CAS crashing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have rolled an instance of CAS 3.3.5 into a test instance. We have started to tie a few apps to this instance, and CAS has begun randomly crashing, sometimes as often as several times a day, and not always when under load much load. As little as one user logging in can kill it, or it can wait for as many as several hundred login attempts. When I check catalina.out, I see the following error. It is the same error each time - -- with pkcs11_softtoken. This is running on Sparc hardware, running Solaris 10 in a zone. Any suggestions? # # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0xfbc58404, pid=13993, tid=405 # # JRE version: 6.0_16-b01 # Java VM: Java HotSpot(TM) Server VM (14.2-b01 mixed mode solaris-sparc ) # Problematic frame: # C [pkcs11_softtoken.so.1+0x38404] # # An error report file with more information is saved as: # /home/ascass/hs_err_pid13993.log # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # Thanks, Jeff - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAku0tG4ACgkQQiaEUfQoY7RNVQCglixGA9AjktyLEmvWBvMWGjW6 5JIAnRIHYlB1FNhA76GSitQ0pIIGr1b6 =oLsN -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] CAS crashing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We are still deploying and moving towards launch. At the moment we do *not* have a cluster running. That is slated for phase 2 of the process, and is the first feature to be added once the single node install is working correctly. I have redeployed, and modified the servers.xml file for tomcat to no longer listen on 8080, 8443, or 443, and to no longer list 443 as the secure port for 80. This was actually something I had done a while back that had not been applied to this environment yet. So far, so good -- no crashes yet. *knocks on wood* Jeff Corey Scholefield wrote: As far as having the F5 front the CAS servers (assuming a CAS cluster of 2 in your stack?) and perform the SSL termination, I gather that this is a common way to offer the CAS service. As CAS newbies, we are just building out our CAS deployment here, with an SSL-offload configuration with our F5 much like you describe. I'd be interested in hearing that this is indeed a common approach thanks! Corey S. Corey Scholefield Identity Access Mgmt. Team Lead UVic Online | University Systems University of Victoria | Victoria, BC, Canada cor...@uvic.ca | +1.250.472.4549 Jeff Chapin wrote: Offloading. We have a BigIP F5 that is accepting the SSL connections, stripping off the SSL portion, and forwarding to port 80 on the CAS box. I will double check the config on the test box to make sure that all SSL ports are closed on that machine. Thanks! Patrick Berry wrote: A first glance, it looks like something to do with SSL perhaps. Are you using Tomcat? Are you offloading SSL or is you container handling it? On Thu, Apr 1, 2010 at 7:57 AM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: I have rolled an instance of CAS 3.3.5 into a test instance. We have started to tie a few apps to this instance, and CAS has begun randomly crashing, sometimes as often as several times a day, and not always when under load much load. As little as one user logging in can kill it, or it can wait for as many as several hundred login attempts. When I check catalina.out, I see the following error. It is the same error each time -- with pkcs11_softtoken. This is running on Sparc hardware, running Solaris 10 in a zone. Any suggestions? # # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0xfbc58404, pid=13993, tid=405 # # JRE version: 6.0_16-b01 # Java VM: Java HotSpot(TM) Server VM (14.2-b01 mixed mode solaris-sparc ) # Problematic frame: # C [pkcs11_softtoken.so.1+0x38404] # # An error report file with more information is saved as: # /home/ascass/hs_err_pid13993.log # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # Thanks, Jeff - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAku05lQACgkQQiaEUfQoY7SeRwCgkom/gjNnsOoLQA1WWdy3nXmq IEQAoKJM4BlgpTVkNd2eqJC3vCxH0S0D =rLan -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Switching from FastBind to BindLdap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am trying to get BindLdap working so I can look the Ldap password policy enforcement module, and am running into a snag. I followed the documentation here to make the changes: http://www.ja-sig.org/wiki/display/CASUM/LDAP When I go to log in, I get the following error, with nothing in the logs: CAS is Unavailable There was an error trying to complete your request. Please notify your support desk or try again. This occurs *after*entering a valid username/password. Any suggestions on what logging to increase or where to start digging? Thanks, Jeff - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkuP5/AACgkQQiaEUfQoY7TifwCeKwFqA0tyOV+Gbr9M6zuAoBrD 2RsAni5CWJpkHaNKhppvjogpXw1KEbMO =PHE9 -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Switching from FastBind to BindLdap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 i already have this block in my logger: log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG log4j.logger.org.jasig.cas.adaptors.ldap=DEBUG log4j.logger.org.jasig.cas.ticket=DEBUG log4j.logger.org.jasig.cas=DEBUG I know it is redundant, but it... grew.. this way. Jeff Marvin Addison wrote: Any suggestions on what logging to increase or where to start digging? Turn the ldap logger to DEBUG in the log4j.properties file: log4j.logger.org.jasig.cas.adaptors.ldap=DEBUG If that doesn't provide anything helpful, put org.jasig.cas in DEBUG and try again. M - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkuP8NoACgkQQiaEUfQoY7ThTQCfX1YNj2yp0ncCPBS6Xsmnnybk eeAAmwWlZ7qlXn7EyLaZdMR1bFjyHHRH =VtE1 -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Switching from FastBind to BindLdap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am seeing lots of output -- just no errors when I get that to show on the webpage. Marvin Addison wrote: log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG log4j.logger.org.jasig.cas.adaptors.ldap=DEBUG log4j.logger.org.jasig.cas.ticket=DEBUG log4j.logger.org.jasig.cas=DEBUG With those loggers you should see lots of output in the cas.log file on authentication. If not, something is wrong with your log4j config. M - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkuP9AYACgkQQiaEUfQoY7T8QwCffW5RC+ZGzRKIMrDOJc/hnRpa /P8AoKODexprfDo6pluXPOXm+0nm4Hw+ =1FZN -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Enabling LDAP Password Policy Enforcement
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It's taken me quite a while longer than I wanted to get back to this. Is there really any reason this cannot work with FastBind? I can try and switch to that, but in the long run FastBind will work much better in my environment. I am currently using FastBind, and I am seeing nothing in the logs like I would expect past the initialization messages. Jeff Vitty, Paul wrote: Hi Jeff, I think a wiki update to highlight that it only works with BindLdap rather than FastBind as it's not immediately obvious. Paul Vitty Apache/MySQL Web Platform Engineer Application Platform Delivery Information Services Directorate University of Ulster Tel: 02890 366273 Email: p.vi...@ulster.ac.uk Web: http://www.ulster.ac.uk/staff/p.vitty.html On 15 Feb 2010, at 22:28, Jeff Chapin jeff.cha...@uni.edu wrote: I had actually been barking up that tree -- using BindLdap, and not FastBind, but had to move in different directions. I will try to replicate your results in the morning and see what I can come up with. Thanks for the pointers! Jeff Vitty, Paul wrote: Jeff/Ahsan, I've been working on this issue this evening and have gotten to the point where I am seeing the output you expect to see. I'm not sure, maybe you know this already, but the password about to expire message is only shown when you request a service ticket, it's not shown when only a ticket granting ticket is requested. Another thing I worked out is that you need to use the org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler for your LDAP authentication handler in deployerConfigContext.xml, where as before we were using the Fast Bind class. Not sure if that helps you out, but it's got me this far. Paul On 15 Feb 2010, at 22:16, Jeff Chapin wrote: No, I have not got this to work yet. I moved focus to other issues on my plate. I will look into this again further tomorrow, but this appears to be the *EXACT* same experience I am having -- so we appear to be on the same page, at least. Jeff Ahsan Imam wrote: Jeff, Did you ever get the module to work? Are you still have issues? After the documentation was updated on Feb 10, I changed my configuration setting specified for passwordWarningcheck.xml. I am getting no warning message and there is nothing in the logs. Logging is set to: log4j.logger.org.jasig.cas.services=INFO log4j.logger.org.jasig.cas.web.flow=DEBUG log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck= DEBUG log4j.logger.org.jasig.cas.adaptors=DEBUG I set warnAll to true and I should see a message Show Warning (WarnALL is TRUE!) -- The password for + userID + will expire in + Math.round(DateDiff / Timer.ONE_DAY) + days based on the code. I do not see and message in the browser or the logs. I wonder if I am missing something Sincerely, Ahsan On Fri, Feb 12, 2010 at 7:55 AM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: You guys rock! Only problem I have is I am still not seeing anything new in my logs. I am seeing the same behavior as with the last version. Thank you so much for the assistance. Jeff Scott Battaglia wrote: I think Eric made an update to the page. Not sure if that will help or not. On Thu, Feb 11, 2010 at 10:29 AM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: I believe that log line came from this bean: bean id=PasswordWarningCheckAction class=org.jasig.cas.web.flow.PasswordWarningCheckAction property name=passwordWarningCheck ref=passwordWarningCheck / /bean This was documented in the link below. Am I off base? I am still learning how this setup works and feeling my way around. Jeff Scott Battaglia wrote: I don't know much about it but there's no reason it shouldn't work. It doesn't look like there any instructions to tell you to add it to the web flow though. On Wed, Feb 10, 2010 at 12:03 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: Hello, I am using CAS 3.3.5, and I have tried to get LDAP password policy enforcement running, as per http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement . I have cranked logging as follows: log4j.logger.org.jasig.cas.services=INFO log4j.logger.org.jasig.cas.web.flow=DEBUG log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck= DEBUG log4j.logger.org.jasig.cas.adaptors=DEBUG , other than that, the logging is identical to the Logging page on the wiki. Here are the only logs that are currently appearing: 2010-02-10 10:58:58,550 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Search Filter: 'cn=%u' 2010-02-10 10:58:58,551 INFO
[cas-user] Load Balancers and IP headers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We are running a Big IP load balancer, and our current setup is for the load balancer to replace the requesting IP with it's own IP, and places the original IP into into an 'x-forwarded-for' header added to the packet. We are looking to implement inspektr based database logging, as well as throttling, and we would like to make sure that the correct IP is logged, and not the F5 IP. Is this a feature already in CAS that I am just missing, or is this something we will need to build into an extension? Thanks, Jeff - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkt5w18ACgkQQiaEUfQoY7QL1wCeOqzuzwLlJOAcpbXkjEYDIKSY Nc8AoK1Q5Gn0Kb2gku5Lp0GyvtFEJAoM =pNpU -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Enabling LDAP Password Policy Enforcement
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 No, I have not got this to work yet. I moved focus to other issues on my plate. I will look into this again further tomorrow, but this appears to be the *EXACT* same experience I am having -- so we appear to be on the same page, at least. Jeff Ahsan Imam wrote: Jeff, Did you ever get the module to work? Are you still have issues? After the documentation was updated on Feb 10, I changed my configuration setting specified for passwordWarningcheck.xml. I am getting no warning message and there is nothing in the logs. Logging is set to: log4j.logger.org.jasig.cas.services=INFO log4j.logger.org.jasig.cas.web.flow=DEBUG log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG log4j.logger.org.jasig.cas.adaptors=DEBUG I set warnAll to true and I should see a message Show Warning (WarnALL is TRUE!) -- The password for + userID + will expire in + Math.round(DateDiff / Timer.ONE_DAY) + days based on the code. I do not see and message in the browser or the logs. I wonder if I am missing something Sincerely, Ahsan On Fri, Feb 12, 2010 at 7:55 AM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: You guys rock! Only problem I have is I am still not seeing anything new in my logs. I am seeing the same behavior as with the last version. Thank you so much for the assistance. Jeff Scott Battaglia wrote: I think Eric made an update to the page. Not sure if that will help or not. On Thu, Feb 11, 2010 at 10:29 AM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: I believe that log line came from this bean: bean id=PasswordWarningCheckAction class=org.jasig.cas.web.flow.PasswordWarningCheckAction property name=passwordWarningCheck ref=passwordWarningCheck / /bean This was documented in the link below. Am I off base? I am still learning how this setup works and feeling my way around. Jeff Scott Battaglia wrote: I don't know much about it but there's no reason it shouldn't work. It doesn't look like there any instructions to tell you to add it to the web flow though. On Wed, Feb 10, 2010 at 12:03 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: Hello, I am using CAS 3.3.5, and I have tried to get LDAP password policy enforcement running, as per http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement. I have cranked logging as follows: log4j.logger.org.jasig.cas.services=INFO log4j.logger.org.jasig.cas.web.flow=DEBUG log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG log4j.logger.org.jasig.cas.adaptors=DEBUG , other than that, the logging is identical to the Logging page on the wiki. Here are the only logs that are currently appearing: 2010-02-10 10:58:58,550 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Search Filter: 'cn=%u' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Expire Date Attribute: 'pwdchangedtime' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Warning Days Attribute: 'passwordwarningdays' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Default Warning Days: '-1' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Date format: 'MMddHHmmss'z'' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - LDAP Search Base: 'cn=Users,dc=collab,dc=uni,dc=edu' 2010-02-10 10:58:58,553 DEBUG [org.jasig.cas.web.flow.PasswordWarningCheckAction] - inited with passwordWarningChecker='org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck' As well as a mention to the bean in the following line. 2010-02-10 10:58:58,771 INFO [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Pre-instantiating singletons in org.springframework.beans.factory.support.defaultlistablebeanfact...@3052ce: It appears to me that the PasswordWarningCheck is not even firing -- I would expect much more logging output that this. As an aside, I put -1 as the Warning days, as out LDAP server (Oracle OID) currently only reports the time the password was last changed, not when it expires. I have tried positive values with no difference in the results. Am I missing something, or is this code simply incompatible with the current CAS version? Thanks, Jeff - -- You are currently subscribed to cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org as: efere...@gmail.com mailto:efere...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org
Re: [cas-user] Inserting NULL into a non-null column
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I commented out my modified handlerMappingB from my cas-servlet.xml and restored the original, and got the same error visiting '/cas/logout' and not on '/cas/login', which caused me to check my original statement. When I enabled my original config, it appears to be happening on *logoutS*. Jeff Scott Battaglia wrote: That would imply that your user is NULL. Does this happen if you don't enable the throttling login attempts? The throttling login attempts, if you're doing it by user, defaults to the normal field for userName on the form. On Mon, Feb 15, 2010 at 5:03 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: I have recently configured CAS as per http://www.ja-sig.org/wiki/display/CASUM/Auditing+and+Statistics+Via+Inspektr and http://www.ja-sig.org/wiki/display/CASUM/Throttling+Login+Attempts When my user logs in, I am seeing to following error in the cas.log -- but the log-in is still behaving normally. Is this an error worth following up with? According to the schema for inspektr found at http://code.google.com/p/inspektr/wiki/DatabaseTables these tables should *NOT* be accepting NULL, so I am not sure what the error is. Exception in thread pool-2-thread-1 org.springframework.dao.DataIntegrityViolationException: PreparedStatementCallback; SQL [Insert into COM_AUDIT_TRAIL(AUD_USER, AUD_CLIENT_IP, AUD_SERVER_IP, AUD_RESOURCE, AUD_ACTION, APPLIC_CD, AUD_D ATE) Values(?, ?, ?, ?, ?, ?, ?)]; ORA-01400: cannot insert NULL into (CAS_CONFIG_DEVEL.COM_AUDIT_TRAIL.AUD_USER) ; nested exception is java.sql.SQLException: ORA-01400: cannot insert NULL into (CAS_CONFIG_DEVEL.COM_AUDIT_TRAIL.AUD_USER) at org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTranslator.doTranslate(SQLErrorCodeSQLExceptionTranslator.java:228) at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:72) at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:607) at org.springframework.jdbc.core.JdbcTemplate.update(JdbcTemplate.java:792) at org.springframework.jdbc.core.JdbcTemplate.update(JdbcTemplate.java:850) at org.springframework.jdbc.core.JdbcTemplate.update(JdbcTemplate.java:858) at org.springframework.jdbc.core.simple.SimpleJdbcTemplate.update(SimpleJdbcTemplate.java:237) at org.inspektr.audit.support.JdbcAuditTrailManager$LoggingTask$1.doInTransactionWithoutResult(JdbcAuditTrailManager.java:96) at org.springframework.transaction.support.TransactionCallbackWithoutResult.doInTransaction(TransactionCallbackWithoutResult.java:33) at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128) at org.inspektr.audit.support.JdbcAuditTrailManager$LoggingTask.run(JdbcAuditTrailManager.java:89) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:619) Caused by: java.sql.SQLException: ORA-01400: cannot insert NULL into (CAS_CONFIG_DEVEL.COM_AUDIT_TRAIL.AUD_USER) - -- You are currently subscribed to cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org as: scott.battag...@gmail.com mailto:scott.battag...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: jeff.cha...@uni.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkt5ybgACgkQQiaEUfQoY7Sr+QCeJnNPbI1eefUqwKVYI1NuVa5E mJAAn3+bvwSVwm5hjfTUZrLJPScSuEFM =EhO+ -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Load Balancers and IP headers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Could you clarify for me -- is this a Tomcat filter, or something inside CAS? Thanks for all your hard work! Jeff Scott Battaglia wrote: It all depends on what Tomcat and the Servlet spec say should happen. CAS merely reads from the request object. If the default doesn't do what you want, you can provide your own filter to make the ClientInfo object available. Cheers, Scott On Mon, Feb 15, 2010 at 4:57 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: We are running a Big IP load balancer, and our current setup is for the load balancer to replace the requesting IP with it's own IP, and places the original IP into into an 'x-forwarded-for' header added to the packet. We are looking to implement inspektr based database logging, as well as throttling, and we would like to make sure that the correct IP is logged, and not the F5 IP. Is this a feature already in CAS that I am just missing, or is this something we will need to build into an extension? Thanks, Jeff - -- You are currently subscribed to cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org as: scott.battag...@gmail.com mailto:scott.battag...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: jeff.cha...@uni.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkt5ylsACgkQQiaEUfQoY7TBNgCgxMT4HZ1LK15dWcglncxgls3S Av0AoLP4JisLgIXbxlZvcmHLWcirnsTw =o7+1 -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Enabling LDAP Password Policy Enforcement
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I had actually been barking up that tree -- using BindLdap, and not FastBind, but had to move in different directions. I will try to replicate your results in the morning and see what I can come up with. Thanks for the pointers! Jeff Vitty, Paul wrote: Jeff/Ahsan, I've been working on this issue this evening and have gotten to the point where I am seeing the output you expect to see. I'm not sure, maybe you know this already, but the password about to expire message is only shown when you request a service ticket, it's not shown when only a ticket granting ticket is requested. Another thing I worked out is that you need to use the org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler for your LDAP authentication handler in deployerConfigContext.xml, where as before we were using the Fast Bind class. Not sure if that helps you out, but it's got me this far. Paul On 15 Feb 2010, at 22:16, Jeff Chapin wrote: No, I have not got this to work yet. I moved focus to other issues on my plate. I will look into this again further tomorrow, but this appears to be the *EXACT* same experience I am having -- so we appear to be on the same page, at least. Jeff Ahsan Imam wrote: Jeff, Did you ever get the module to work? Are you still have issues? After the documentation was updated on Feb 10, I changed my configuration setting specified for passwordWarningcheck.xml. I am getting no warning message and there is nothing in the logs. Logging is set to: log4j.logger.org.jasig.cas.services=INFO log4j.logger.org.jasig.cas.web.flow=DEBUG log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG log4j.logger.org.jasig.cas.adaptors=DEBUG I set warnAll to true and I should see a message Show Warning (WarnALL is TRUE!) -- The password for + userID + will expire in + Math.round(DateDiff / Timer.ONE_DAY) + days based on the code. I do not see and message in the browser or the logs. I wonder if I am missing something Sincerely, Ahsan On Fri, Feb 12, 2010 at 7:55 AM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: You guys rock! Only problem I have is I am still not seeing anything new in my logs. I am seeing the same behavior as with the last version. Thank you so much for the assistance. Jeff Scott Battaglia wrote: I think Eric made an update to the page. Not sure if that will help or not. On Thu, Feb 11, 2010 at 10:29 AM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: I believe that log line came from this bean: bean id=PasswordWarningCheckAction class=org.jasig.cas.web.flow.PasswordWarningCheckAction property name=passwordWarningCheck ref=passwordWarningCheck / /bean This was documented in the link below. Am I off base? I am still learning how this setup works and feeling my way around. Jeff Scott Battaglia wrote: I don't know much about it but there's no reason it shouldn't work. It doesn't look like there any instructions to tell you to add it to the web flow though. On Wed, Feb 10, 2010 at 12:03 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: Hello, I am using CAS 3.3.5, and I have tried to get LDAP password policy enforcement running, as per http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement. I have cranked logging as follows: log4j.logger.org.jasig.cas.services=INFO log4j.logger.org.jasig.cas.web.flow=DEBUG log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG log4j.logger.org.jasig.cas.adaptors=DEBUG , other than that, the logging is identical to the Logging page on the wiki. Here are the only logs that are currently appearing: 2010-02-10 10:58:58,550 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Search Filter: 'cn=%u' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Expire Date Attribute: 'pwdchangedtime' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Warning Days Attribute: 'passwordwarningdays' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Default Warning Days: '-1' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Date format: 'MMddHHmmss'z'' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - LDAP Search Base: 'cn=Users,dc=collab,dc=uni,dc=edu' 2010-02-10 10:58:58,553 DEBUG [org.jasig.cas.web.flow.PasswordWarningCheckAction] - inited with passwordWarningChecker='org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck' As well as a mention to the bean in the following line
Re: [cas-user] Load Balancers and IP headers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A quick google answered this. Sorry. Jeff Chapin wrote: Could you clarify for me -- is this a Tomcat filter, or something inside CAS? Thanks for all your hard work! Jeff Scott Battaglia wrote: It all depends on what Tomcat and the Servlet spec say should happen. CAS merely reads from the request object. If the default doesn't do what you want, you can provide your own filter to make the ClientInfo object available. Cheers, Scott On Mon, Feb 15, 2010 at 4:57 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: We are running a Big IP load balancer, and our current setup is for the load balancer to replace the requesting IP with it's own IP, and places the original IP into into an 'x-forwarded-for' header added to the packet. We are looking to implement inspektr based database logging, as well as throttling, and we would like to make sure that the correct IP is logged, and not the F5 IP. Is this a feature already in CAS that I am just missing, or is this something we will need to build into an extension? Thanks, Jeff - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkt5y9wACgkQQiaEUfQoY7SxAgCfdgP/RIVwiyGu4widD9tg6EOL uj8AoI0N8oUynyfRiAUDrIaRdL+jAO0+ =sDvn -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Enabling LDAP Password Policy Enforcement
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You guys rock! Only problem I have is I am still not seeing anything new in my logs. I am seeing the same behavior as with the last version. Thank you so much for the assistance. Jeff Scott Battaglia wrote: I think Eric made an update to the page. Not sure if that will help or not. On Thu, Feb 11, 2010 at 10:29 AM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: I believe that log line came from this bean: bean id=PasswordWarningCheckAction class=org.jasig.cas.web.flow.PasswordWarningCheckAction property name=passwordWarningCheck ref=passwordWarningCheck / /bean This was documented in the link below. Am I off base? I am still learning how this setup works and feeling my way around. Jeff Scott Battaglia wrote: I don't know much about it but there's no reason it shouldn't work. It doesn't look like there any instructions to tell you to add it to the web flow though. On Wed, Feb 10, 2010 at 12:03 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: Hello, I am using CAS 3.3.5, and I have tried to get LDAP password policy enforcement running, as per http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement. I have cranked logging as follows: log4j.logger.org.jasig.cas.services=INFO log4j.logger.org.jasig.cas.web.flow=DEBUG log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG log4j.logger.org.jasig.cas.adaptors=DEBUG , other than that, the logging is identical to the Logging page on the wiki. Here are the only logs that are currently appearing: 2010-02-10 10:58:58,550 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Search Filter: 'cn=%u' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Expire Date Attribute: 'pwdchangedtime' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Warning Days Attribute: 'passwordwarningdays' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Default Warning Days: '-1' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Date format: 'MMddHHmmss'z'' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - LDAP Search Base: 'cn=Users,dc=collab,dc=uni,dc=edu' 2010-02-10 10:58:58,553 DEBUG [org.jasig.cas.web.flow.PasswordWarningCheckAction] - inited with passwordWarningChecker='org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck' As well as a mention to the bean in the following line. 2010-02-10 10:58:58,771 INFO [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Pre-instantiating singletons in org.springframework.beans.factory.support.defaultlistablebeanfact...@3052ce: It appears to me that the PasswordWarningCheck is not even firing -- I would expect much more logging output that this. As an aside, I put -1 as the Warning days, as out LDAP server (Oracle OID) currently only reports the time the password was last changed, not when it expires. I have tried positive values with no difference in the results. Am I missing something, or is this code simply incompatible with the current CAS version? Thanks, Jeff - -- You are currently subscribed to cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org as: scott.battag...@gmail.com mailto:scott.battag...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: jeff.cha...@uni.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkt1a90ACgkQQiaEUfQoY7TsrQCffpVeM8BQFyjUqafvHx1WkLDx 0cgAn3FJGU4HWG/gdtUpj03f+kdLBjn9 =fmiC -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Including config files from outside the WAR file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is it possible to reference files outside the war file? I would like to store some configuration options on each host, things like hostname, database to connect to, etc, in a file such as /cas_config/local_options, and simply copy the same .war file around to different machines. Is this possible, or does every file referenced need to be in the overlay? Thanks, - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkt1ezoACgkQQiaEUfQoY7QcqgCfcbJ77TAKC5Hg2L9000VbhTtG PrcAoIKZoIoOKxZRlBTiasNSF75z7ssF =4BR2 -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Including config files from outside the WAR file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 As soon as I sent that, I found this: bean id=placeholderConfig class=org.springframework.beans.factory.config.PropertyPlaceholderConfigurer property name=locations list valuefile:/apps/local/share/etc/host.properties/value /list /property /bean So I answered my own question. Sorry. Jeff Jeff Chapin wrote: Is it possible to reference files outside the war file? I would like to store some configuration options on each host, things like hostname, database to connect to, etc, in a file such as /cas_config/local_options, and simply copy the same .war file around to different machines. Is this possible, or does every file referenced need to be in the overlay? Thanks, - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkt1e/oACgkQQiaEUfQoY7RMfwCfR/LvLlzwcrftQ65Y7wgvOVx+ l/MAoKN/bKdnzInopJhl5uUIc+J8VU+2 =x5FV -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Including config files from outside the WAR file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I spoke too soon, it appears. This is not working as I had hoped. Jeff Jeff Chapin wrote: As soon as I sent that, I found this: bean id=placeholderConfig class=org.springframework.beans.factory.config.PropertyPlaceholderConfigurer property name=locations list valuefile:/apps/local/share/etc/host.properties/value /list /property /bean So I answered my own question. Sorry. Jeff Jeff Chapin wrote: Is it possible to reference files outside the war file? I would like to store some configuration options on each host, things like hostname, database to connect to, etc, in a file such as /cas_config/local_options, and simply copy the same .war file around to different machines. Is this possible, or does every file referenced need to be in the overlay? Thanks, - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkt1fPMACgkQQiaEUfQoY7TWswCgjJ3/K2EwyIS2hEUK14iEGeAG G9AAn2i6tPMlHp/RjjnDI8UntIPLzOKY =K5pJ -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Enabling LDAP Password Policy Enforcement
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I believe that log line came from this bean: bean id=PasswordWarningCheckAction class=org.jasig.cas.web.flow.PasswordWarningCheckAction property name=passwordWarningCheck ref=passwordWarningCheck / /bean This was documented in the link below. Am I off base? I am still learning how this setup works and feeling my way around. Jeff Scott Battaglia wrote: I don't know much about it but there's no reason it shouldn't work. It doesn't look like there any instructions to tell you to add it to the web flow though. On Wed, Feb 10, 2010 at 12:03 PM, Jeff Chapin jeff.cha...@uni.edu mailto:jeff.cha...@uni.edu wrote: Hello, I am using CAS 3.3.5, and I have tried to get LDAP password policy enforcement running, as per http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement. I have cranked logging as follows: log4j.logger.org.jasig.cas.services=INFO log4j.logger.org.jasig.cas.web.flow=DEBUG log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG log4j.logger.org.jasig.cas.adaptors=DEBUG , other than that, the logging is identical to the Logging page on the wiki. Here are the only logs that are currently appearing: 2010-02-10 10:58:58,550 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Search Filter: 'cn=%u' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Expire Date Attribute: 'pwdchangedtime' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Warning Days Attribute: 'passwordwarningdays' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Default Warning Days: '-1' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Date format: 'MMddHHmmss'z'' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - LDAP Search Base: 'cn=Users,dc=collab,dc=uni,dc=edu' 2010-02-10 10:58:58,553 DEBUG [org.jasig.cas.web.flow.PasswordWarningCheckAction] - inited with passwordWarningChecker='org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck' As well as a mention to the bean in the following line. 2010-02-10 10:58:58,771 INFO [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Pre-instantiating singletons in org.springframework.beans.factory.support.defaultlistablebeanfact...@3052ce: It appears to me that the PasswordWarningCheck is not even firing -- I would expect much more logging output that this. As an aside, I put -1 as the Warning days, as out LDAP server (Oracle OID) currently only reports the time the password was last changed, not when it expires. I have tried positive values with no difference in the results. Am I missing something, or is this code simply incompatible with the current CAS version? Thanks, Jeff - -- You are currently subscribed to cas-user@lists.jasig.org mailto:cas-user@lists.jasig.org as: scott.battag...@gmail.com mailto:scott.battag...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: jeff.cha...@uni.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkt0Ik8ACgkQQiaEUfQoY7ROYQCbBUfnwCJjTqo2mCZ1++Dev1QB wP8An1pEmJtluSC06/R1QCHPxI+Y5KQn =dAWJ -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Enabling LDAP Password Policy Enforcement
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I am using CAS 3.3.5, and I have tried to get LDAP password policy enforcement running, as per http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement. I have cranked logging as follows: log4j.logger.org.jasig.cas.services=INFO log4j.logger.org.jasig.cas.web.flow=DEBUG log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG log4j.logger.org.jasig.cas.adaptors=DEBUG , other than that, the logging is identical to the Logging page on the wiki. Here are the only logs that are currently appearing: 2010-02-10 10:58:58,550 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Search Filter: 'cn=%u' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Expire Date Attribute: 'pwdchangedtime' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Warning Days Attribute: 'passwordwarningdays' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Default Warning Days: '-1' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - Date format: 'MMddHHmmss'z'' 2010-02-10 10:58:58,551 INFO [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - LDAP Search Base: 'cn=Users,dc=collab,dc=uni,dc=edu' 2010-02-10 10:58:58,553 DEBUG [org.jasig.cas.web.flow.PasswordWarningCheckAction] - inited with passwordWarningChecker='org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck' As well as a mention to the bean in the following line. 2010-02-10 10:58:58,771 INFO [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Pre-instantiating singletons in org.springframework.beans.factory.support.defaultlistablebeanfact...@3052ce: It appears to me that the PasswordWarningCheck is not even firing -- I would expect much more logging output that this. As an aside, I put -1 as the Warning days, as out LDAP server (Oracle OID) currently only reports the time the password was last changed, not when it expires. I have tried positive values with no difference in the results. Am I missing something, or is this code simply incompatible with the current CAS version? Thanks, Jeff - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkty5uQACgkQQiaEUfQoY7Tq3wCgwearzWIF2Mfo61pzzulHQxUs auUAnRW6MJSGWdSDn4681GiEHYmwy4Yr =WiAt -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Database setup for Service Management
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think confirmation that CAS can, and will create the tables needed might be enough. If not, I will get back to you. Thank you very much. Jeff Marvin Addison wrote: The problem is that my DBA wants me to tell him the requirements for the database, so he can set up a schema for me We use Oracle in production for both service management and ticket storage. There are minimal storage requirements for both in most cases; for ticket storage there can be significant requirements for transactional speed, but that's not an issue for service management alone. You do not need to pre-create the schema, although you can; CAS is configured by default to use Hibernate DDL machinery to create the proper schema provided the Oracle user has CREATE TABLE privileges. I'd be happy to share our DDL if your DBA wants to create the schema by hand. If you need any further information that might help complete your requirements, let me know. M -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktqre0ACgkQQiaEUfQoY7TCkQCfTPreF18zDa3/lgzt5jb+AIwq F9MAmwdGNNzr9qs5ZwjiVTf+cwtYd5EW =OHVD -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Database setup for Service Management
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We are looking to implement CAS, and would like to utilize an Oracle Database to store the Service Management data. The problem is that my DBA wants me to tell him the requirements for the database, so he can set up a schema for me, and I am having a hard time finding documentation for database requirements. can anyone point me in the right direction? Thanks! - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktp5WUACgkQQiaEUfQoY7QIoQCfTr0wHqYUeX1cuBJ59MlHsEvL NKAAn1bT22oBfiqtc0axwNrNO8KENlbo =3cVW -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Compatibility matrix for CAS ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I can second that Oracle Internet Directory works with no issues, that I have seen. Jeff Nathan Kopp wrote: Just yesterday I tested Oracle Internet Directory (Oracle's LDAP) and it worked with no problems. It probably wouldn't be too hard for someone to put a matrix/list on the wiki and let people fill in the boxes for successful tests. -Nathan -Original Message- From: Marvin Addison [mailto:marvin.addi...@gmail.com] Sent: Wednesday, February 03, 2010 9:04 AM To: cas-user@lists.jasig.org Subject: Re: [cas-user] Compatibility matrix for CAS ? I want to know that is there any compatibily matrix for CAS that could clearly specify the compatibilty of CAS with different OS, web serves, directory servers etc. I'm not aware of any such matrix. I suspect no one has bothered because the CAS server can run on any platform that supports Java 1.5. I'm confident it would run fine on any reasonably modern servlet container. As far as directory servers, we have confirmed support for OpenLDAP, Active Directory, and ApacheDS. I fully expect Sun's directory server (whatever they're calling it today) and Novell eDirectory would work fine. M - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktp52cACgkQQiaEUfQoY7Tx8QCfeD4t75tj1q20XrId+5rMjSe8 GtoAoJ1HDi9lSK/go58SyjM5kirmHd8t =RB7n -END PGP SIGNATURE- -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
