Hi Everyone,
I found that from CAS v6.1 commitment "fix APIs that do not explicitly
define an attribute capable of handli…" (commit sha
9d5b82784b34ff090bd0d58515a165c34a0025f0), changed attributes value to
ArrayList, it is not compatible with OIDC, because OIDC claims value are
String.
Is
Hi Ray et al
I put in the changes to my cas.properties config file and restarted tomcat.
Unfortunately the WARN entries continue.
Any other ideas?
Thank you,
Rod
On Monday, 28 February 2022 at 12:51:58 UTC-8 Ray Bon wrote:
> Rod,
>
> I also have these properties
>
>
Db, Schema has changed, not sure if it happened in 6.4.5 or another 6.4.x
version. Have you set your autoDll to drop and recreate the tables? I
believe all tickets are now stored in cas_tickets table.
-psv
On Wednesday, February 23, 2022 at 3:34:18 AM UTC-6 Vittore Zen wrote:
> Same problem.
Thanks Ray!
I'll give them a go and report back.
Thank you,
Rod
On Monday, 28 February 2022 at 12:51:58 UTC-8 Ray Bon wrote:
> Rod,
>
> I also have these properties
>
> cas.server.scope=local.uvic.ca
> cas.server.name=https://${cas.server.scope}
> cas.server.prefix=${cas.server.name}/cas
>
>
Gordon,
That sounds like a bug.
Cas should try all keys until one works. This is necessary for key rollover to
take place. As you mentioned, this SP does this on a yearly basis.
Hopefully one of the maintainers can comment on this.
Ray
On Mon, 2022-02-28 at 20:45 +, Gordon, Matthew
Morning,
The default for repeat-interval is 30s. You have it set for about 20d.
There are a few other properties that differ from the default values
(async-backup-count, backup-count, start-delay).
Are you sure you want those property values changed?
Try the defaults and see if the memory
Rod,
I also have these properties
cas.server.scope=local.uvic.ca
cas.server.name=https://${cas.server.scope}
cas.server.prefix=${cas.server.name}/cas
# --- TGC Settings --- #
cas.tgc.path=/cas/
cas.tgc.maxAge=-1
cas.tgc.domain=${cas.server.scope}
Ray
On Mon, 2022-02-28 at 10:24 -0800,
Hi Ray,
Thank you for the suggestion.
I am attempting to use that method already, but the two signing keys in there
metadata presents the problem. If I configure the service definition to pull
their metadata via the https URL, it works.
The problem is they sign their AuthN request and CAS is
Yan,
Since getTicketMapInstanceByMetadata returns IMap, you should
only need to add cas-server-core-api-ticket-6.4.4.2.jar (or whatever version
you are using).
Only one version of the library is necessary, Ticket interface is unlikely to
change much (but keep it up to date).
Ray
On Mon,
Matthew,
You can set SP metadataLocation to a URL,
https://apereo.github.io/cas/6.4.x/services/SAML2-Service-Management.html
Ray
On Mon, 2022-02-28 at 09:41 -0800, Matthew Gordon wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with
Hi Everyone,
I was wondering if someone could give us a hand with this warning. Since we
upgraded from 6.1.1 our catlina.out log is filled with
InvalidCookieException.
i.e:
2022-02-28 10:07:16,389 WARN
[org.apereo.cas.web.support.gen.CookieRetrievingCookieGenerator] -
We have a pretty
This is CAS HazelCastTicketRegistry code, it is writing to HZ IMap
object, with TGT object. I do not see any special code, it seems writing
the TGTTicketImpl object into Imap.
public void addTicketInternal(final Ticket ticket) {
val metadata = this.ticketCatalog.find(ticket);
Hi Ray,
Your help really means a lot to me.
Adding more info: As of now, we have these hazelcast properties in
production.
Please take a look & let me know if any of these configuration leads to
memory leak.
cas.ticket.registry.hazelcast.page-size=500
We have a SAML SP (3rd Party system) that has multiple signing keys in
their metadata. They rotate keys, yearly, from a Public Certificate
Authority. CAS picks either the first key or the one with the furthest
expiration date, I don't know which, but I do know it's picking the wrong
Yan Zhou,
I would think that cas prepares the tickets prior to sending them to hazelcast.
Hazelcast should not need to know about the specifics of the data being stored.
Ray
On Mon, 2022-02-28 at 08:45 -0800, Yan Zhou wrote:
Notice: This message was sent from outside the University of
Also note the schema changes for CAS 6.5, all is tickets are serialized to
one maybe two tables.
On Monday, February 28, 2022 at 10:11:44 AM UTC-6 Yan Zhou wrote:
> Hi there,
>
> Anyone having to deal with token/ticket storage that require serializing
> CAS objects like Hazelcast?
>
> For
Yan Zhou,
Are you creating a custom feature?
If so, you may have to include libraries from the main cas project; and others
as necessary.
If it is a custom ticket feature, you can structure it like the most similar
one from the cas project.
If not, you can add hazelcast ticket storage as per,
Thanks Ray for your response. Let me try this option & get back.
Regards,
Morning.
On Monday, February 28, 2022 at 10:10:47 PM UTC+5:30 Ray Bon wrote:
> Morning Star,
>
> Other than our site specific hazelcast settings, these are the only other
> settings. We have not experienced a memory
Hi,
I realize what maybe happening, the CAS documentation assumes embedded HZ,
HZ and CAS live in the same JVM and therefore having access to all CAS
jars.
But, our HZ is external to CAS, multiple CAS apps point to the same HZ
cluster running on separate VMs. How do I know which jars
The last error was at 11:46. I wonder if this was related to old
service tickets. As it's now 8:35 AM and we are getting quite a few logins
without that error.
Will update this thread if the errors return.
Cheers,
Rod
On Sunday, 27 February 2022 at 22:57:02 UTC-8 Rod B wrote:
> Hello,
>
>
Hi there,
Anyone having to deal with token/ticket storage that require serializing
CAS objects like Hazelcast?
For instance, TGT, ST, OIDC RT/AT all go to Hazelcast ticket registry,
which requires to serialize any objects put on IMap.
Would I have to package all jars containing these class
I'm using JPA with CAS 6.3.7.4. All is fine.
Upgrading to 6.4.5 causes a runtime exception:
2022-02-25 16:39:08,083 WARN [org.apereo.cas.web.CasWebApplicationContext]
-
CAS 6.4.5 is using
springBootVersion=2.5.4
and CAS 6.3.7.x is using
springBootVersion=2.3.7.RELEASE
Does something need
22 matches
Mail list logo
