>
>
> Does this log reveal the silver bullet that I just don't see?
I see a pretty clear sign of a client config problem that would explain the
behavior.
FD8A .|||=> CAS_Client::_readURL('
> https://myserver.mydomain.unf.edu/login/samlValidate?TARGET=https%3A%2F%2Fflorida.erezlife.co
Following the wiki and from my own personal experience I would highly highly
recommend against using oracle as a jpa ticket registry, especially if you
intend to put any sort of volume into your system.
I haven't tried with mysql, just jumped straight into ehcache. The biggest
issue we found wit
13:03:32.687 [scheduler_Worker-3] ERROR
o.h.util.JDBCExceptionReporter - ORA-01555: snapshot too old:
rollback segment number
The problem is related to the number of records affected in the scope of
a single transaction. I've seen a similar error that's related to
rollback segment size, and I
I'm running CAS 3.5.1 against an Oracle10 database. There are about 34,000
tickets in the ticketgrantingticket table. When the JPA ticket cleaner runs,
after about 90 seconds I see the following in the logs
13:03:32.687 [scheduler_Worker-3] ERROR o.h.util.JDBCExceptionReporter -
ORA-01555: snap
Yes--that was the problem. Also, I had to resolve a regEx pattern issue
for the property trustedIssuerDnPattern.
Thanks!
Thanks!
--
*Michael Colburn*
Human Resources Directorate
Interior Business Center
303-969-7427 (Office)
michael_a_colb...@nbc.gov
US
I have solved the problem.
First, for the particular X.509 certificates I am using (issued by GSA -
they are US Govt PIV card certs), it was necessary to add the following
properties:
bean
class="org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler">
Here is a copy of the logs from the client application. You can see about half
way down, that there's nothing in the response body. The vendor claims that
there should be attributes in this section and has sent me a log clip from
their test server that has this information there.
I enabled
Hi,
You can file a bug here:
http://issues.jasig.org
You can also create a pull request via GitHub (this will get the change in
faster :-)).
Thanks!
Scott
On Tue, Apr 30, 2013 at 4:19 AM, wrote:
> I've had a word with both David at Coova (for JRadius) and the FreeRADIUS
> guys, and accordi
It seems you're going to accept any certificate. I think this could be
resolved by setting the attribute maxPathLengthAllowUnspecified
(X509CredentialsAuthenticationHandler) to true.
Hope this helps
2013/4/30 mcolburn
> Here is an update to my problem: I have discovered in the cas.log the
> f
I've had a word with both David at Coova (for JRadius) and the FreeRADIUS guys,
and according to what we've been able to find and David's instruction, CAS
definitely should create a new instance of the EAPTTLSAuthenticator (i.e. the
RadiusAuthenticator inside JRadiusServerImpl) for each request.
Ok - great. Thank you Ben!
From: Ben Branch [mailto:bbra...@uco.edu]
Sent: Monday, April 29, 2013 10:13 AM
To: cas-user@lists.jasig.org
Subject: RE:[cas-user] First Install of CAS - recommendations?
Constance,
I have not tried to use OpenJDK instead of Sun Java, although I do plan to try
this i
Here is an update to my problem: I have discovered in the cas.log the
following:;
java.security.GeneralSecurityException: Unlimited certificate path length
not allowed by configuration.
at
org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler.vali
12 matches
Mail list logo