I came across this same issue when testing clearPass in our environment.
Is there a solution that I can implement to fix this issue so that I can
use clearPass in a clustered environment?
Root cause: javax.crypto.BadPaddingException: Given final block not
> properly padded
>
Thank you,
Adam
On
> are suggesting at this time that IV values are somehow accessible from any
> node (e.g. saved to decoratedMap/memcachedMap?)
I'm working on a couple unrelated problems at present and the NIST
docs make it pretty clear that the IV generally should be unique for
each cleartext encrypted under the
inal Message-
From: St Laurent, Mark
Sent: Tuesday, November 19, 2013 10:20 AM
To: cas-user@lists.jasig.org
Subject: RE: [cas-user] ClearPass with Load-Balanced CAS
>From my Java developer:
For the mailing list, see if the following information is what they're looking
for (it appear
to:mmoay...@unicon.net]
Sent: Monday, November 18, 2013 4:56 PM
To: cas-user@lists.jasig.org
Subject: RE: [cas-user] ClearPass with Load-Balanced CAS
Next suspect is encryption cipher and/or key algorithm. The defaults are
"AES/CBC/PKCS5Padding" and "PBKDF2WithHmacSHA1".
Can you tr
hms
> -Original Message-
> From: St Laurent, Mark [mailto:mark.stlaur...@yc.edu]
> Sent: Monday, November 18, 2013 12:16 PM
> To: cas-user@lists.jasig.org
> Subject: RE: [cas-user] ClearPass with Load-Balanced CAS
>
> Tried this, produces the same error.
>
> --
-user@lists.jasig.org
Subject: RE: [cas-user] ClearPass with Load-Balanced CAS
Lets remove other variables: what happens when you test without the salt and
the secret key from all nodes, relying on the defaults?
> -Original Message-
> From: St Laurent, Mark [mailto:mark.stlaur...@
ai College
(928) 717-7654
http://www.yc.edu
-Original Message-
From: Misagh Moayyed [mailto:mmoay...@unicon.net]
Sent: Friday, November 15, 2013 6:30 PM
To: cas-user@lists.jasig.org
Subject: RE: [cas-user] ClearPass with Load-Balanced CAS
Lets remove other variables: what happens when you test wi
ts.jasig.org
> Subject: RE: [cas-user] ClearPass with Load-Balanced CAS
>
> Yes, there are only two hosts in the cluster and their clearpass-
> configuration.xml files are identical.
>
> --
> Mark St. Laurent
> Web Systems Administrator
>
[mailto:marvin.addi...@gmail.com]
Sent: Friday, November 15, 2013 12:00 PM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] ClearPass with Load-Balanced CAS
> I added the exception stack to the gist.
Root cause: javax.crypto.BadPaddingException: Given final block not properly
padded
I believe you
> I added the exception stack to the gist.
Root cause: javax.crypto.BadPaddingException: Given final block not
properly padded
I believe you can get that failure mode when attempting to decrypt
ciphertext with the wrong key. I'm certain it could happen in the case
of data truncation, but that's
s-user@lists.jasig.org
Subject: RE: [cas-user] ClearPass with Load-Balanced CAS
You could create a new logger element, and set the package name to
“org.jasig.cas.clearpass” and the level to TRACE.
From: St Laurent, Mark [mailto:mark.stlaur...@yc.edu]
Sent: Friday, November 15, 2013 9:41 AM
To: ca
You could create a new logger element, and set the package name to
“org.jasig.cas.clearpass” and the level to TRACE.
From: St Laurent, Mark [mailto:mark.stlaur...@yc.edu]
Sent: Friday, November 15, 2013 9:41 AM
To: cas-user@lists.jasig.org
Subject: RE: [cas-user] ClearPass with Load-Balanced
:mmoay...@unicon.net]
Sent: Friday, November 15, 2013 9:22 AM
To: cas-user@lists.jasig.org
Subject: RE: [cas-user] ClearPass with Load-Balanced CAS
Thank you…and you mentioned that this works correctly without map encryption?
If so, could you describe how you run the test that confirms correct be
statements.
From: St Laurent, Mark [mailto:mark.stlaur...@yc.edu]
Sent: Friday, November 15, 2013 8:18 AM
To: cas-user@lists.jasig.org
Subject: RE: [cas-user] ClearPass with Load-Balanced CAS
Here you go:
https://gist.github.com/markstlaurent/7485914
Thanks
, 2013 5:41 PM
To: cas-user@lists.jasig.org
Subject: RE: [cas-user] ClearPass with Load-Balanced CAS
Mark could u please post relevant snippets of your clearpass and deployer
config context xml files perhaps as github gists?
On Nov 14, 2013 3:35 PM, "St Laurent, Mark"
mailto:mark.
t.
>
> Thanks,
>
> --
> Mark St. Laurent
> Web Systems Administrator
> Yavapai College
> (928) 717-7654
> http://www.yc.edu
>
> -Original Message-
> From: Tom Poage [mailto:tfpo...@ucdavis.edu]
> Sent: Thursday, November 14, 2013 4:14 PM
> To: cas-user@lists.
, November 14, 2013 4:14 PM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] ClearPass with Load-Balanced CAS
On 11/14/2013 03:07 PM, Tom Poage wrote:
> E.g. I see reference to SHA-512 in EncryptedMapDecorator.java and
> suspect it may not be supported with the standard JCE policy.
Nope,
On 11/14/2013 03:07 PM, Tom Poage wrote:
> E.g. I see reference to SHA-512 in EncryptedMapDecorator.java and
> suspect it may not be supported with the standard JCE policy.
Nope, that's wrong:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest
Tom.
On 11/14/2013 12:50 PM, St Laurent, Mark wrote:
> Still having issues with this. We’ve narrowed it down to the
> EncryptedMapDecorator. If we implement it without the encryption it
> works, but then the ClearPass credentials are stored in clear text,
> which isn’t an acceptable solution. If anyone
day, November 12, 2013 7:51 AM
To: cas-user@lists.jasig.org
Subject: RE:[cas-user] ClearPass with Load-Balanced CAS
Really having problems with this. If anyone out there has ever made ClearPass
work in a load-balanced environment I'd really appreciate it if I could get
some h
-7654
http://www.yc.edu<http://www.yc.edu/>
From: St Laurent, Mark
Sent: Friday, November 08, 2013 4:36 PM
To: cas-user@lists.jasig.org
Subject: RE:[cas-user] ClearPass with Load-Balanced CAS
So, I have made some progress. I've discovered that if I change the key prefix
from clearPass_ to
du/>
From: St Laurent, Mark
Sent: Friday, November 08, 2013 8:16 AM
To: cas-user@lists.jasig.org
Subject: RE:[cas-user] ClearPass with Load-Balanced CAS
After more testing last night, I discovered that it is leaving an error message
in the CAS log
After more testing last night, I discovered that it is leaving an error message
in the CAS log:
2013-11-07 19:40:55,307 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
authenticated [username: anaylor]
2013-
23 matches
Mail list logo
