Hi Dave, I actually tried those settings first (I was following your guide, but only having a single server instead of a cluster for mongo). Unfortunately, it fails in the same way with those settings too. I might be able to eek out a little more information if I set
org.apereo.cas.ticket.registry.MongoDbTicketRegistry to debug in the logger, though I already have org.apero.cas and com.mongo set to debug. --Mike K On Wed, Feb 7, 2018 at 5:15 AM, David Curry <[email protected]> wrote: > Mike, > > The only thing that strikes me as odd in your settings is this one: > > cas.ticket.registry.mongo.collectionName=cas-ticket-registry > > > The Mongo ticket registry uses multiple collections: > > proxyGrantingTicketsCollection > proxyTicketsCollection > samlArtifactsCache > samlAttributeQueryCache > serviceTicketsCollection > ticketGrantingTicketsCollection > > > So while I'm not sure if that setting is having any impact on your > configuration at all, I suspect that if it _is_ having an impact, it's a > negative one. Although, I don't see anything in the logs to suggest that it > is -- the server seems to be using the "right" collection: > > 2018-02-07 00:46:30,159 DEBUG > [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] > - <Locating collection name [ticketGrantingTicketsCollection] for ticket > definition [org.apereo.cas.ticket.DefaultTicketDefinition@ > 28556a8b[implementationClass=class org.apereo.cas.ticket. > TicketGrantingTicketImpl,prefix=TGT]]> > 2018-02-07 00:46:30,159 DEBUG > [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] > - <Located MongoDb collection instance [ticketGrantingTicketsCollection]> > 2018-02-07 00:46:30,160 DEBUG [org.mongodb.driver.protocol.command] - > <Sending command {find : BsonString{value='ticketGrantingTicketsCollection'}} > to database casdb on connection [connectionId{localValue:6, > serverValue:68}] to server localhost:27017> > 2018-02-07 00:46:30,161 DEBUG [org.mongodb.driver.protocol.command] - > <Command execution completed> > > For what it's worth, mine is working on 5.2.2 using these settings > (essentially the same as yours except I have a replica set): > > # > # Components of the MongoDB connection string broken out for ease of > editing. > # See https://docs.mongodb.com/manual/reference/connection-string/ > # > mongo.db: casdb > mongo.rs: rs0 > mongo.opts: &ssl=true > mongo.creds: mongocas:<redacted> > mongo.hosts: casdev-srv01-lid.newschool.edu > ,casdev-srv02-lid.newschool.edu,casdev-srv03-lid.newschool.edu > > # > # The connection string, assembled > # > mongo.uri: mongodb://${mongo.creds}@${ > mongo.hosts}/${mongo.db}?replicaSet=${mongo.rs}${mongo.opts} > > # > # Ticket registry > # > cas.ticket.registry.mongo.clientUri: ${mongo.uri} > > # > # Service registry > # > cas.serviceRegistry.mongo.clientUri: ${mongo.uri} > cas.serviceRegistry.mongo.collection: casServiceRegistry > > > > --Dave > > > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR OF INFORMATION SECURITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g> > +1 212 229-5300 x4728 <(212)%20229-5300> • [email protected] > > [image: The New School] > > On Wed, Feb 7, 2018 at 4:03 AM, Mike Kromarek <[email protected]> wrote: > >> I recently switched from the Postgresql JPA ticket registry to MongoDB >> and am having a strange issue. The authentication succeeds, but then it >> fails to add the ticket to the mongo database, causing the process to fail >> and return to the login screen. >> >> -- cas.properties -- >> cas.ticket.registry.mongo.host=localhost >> cas.ticket.registry.mongo.userId=<redacted> >> cas.ticket.registry.mongo.password=<redacted> >> cas.ticket.registry.mongo.databaseName=casdb >> cas.ticket.registry.mongo.collectionName=cas-ticket-registry >> cas.ticket.registry.mongo.dropCollection=false >> cas.ticket.registry.mongo.timeout=5000 >> cas.ticket.registry.mongo.writeConcern=NORMAL >> cas.ticket.mongo.conns.lifetime=60000 >> cas.ticket.mongo.conns.perHost=10 >> cas.ticket.registry.mongo.idleTimeout=30000 >> >> >> CAS connects to the database with the specified user, makes all the >> tables and seems like everything should be good. Then it encodes the TGT, >> but fails to add it. >> >> >> 2018-02-07 00:46:30,024 DEBUG [org.apereo.cas.ticket.factory >> .DefaultTicketGrantingTicketFactory] - <Encoded ticket-granting ticket >> id [TGT-******************************************3wOfaglzGL-JN >> pegctV--qfA0S5-xCE-aws-stage-cas.highline.edu]> >> 2018-02-07 00:46:30,025 DEBUG >> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] >> - <Adding ticket [TGT-****************************************** >> 3wOfaglzGL-JNpegctV--qfA0S5-xCE-aws-stage-cas.highline.edu]> >> 2018-02-07 00:46:30,118 ERROR >> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] >> - <Failed adding [TGT-****************************************** >> 3wOfaglzGL-JNpegctV--qfA0S5-xCE-aws-stage-cas.highline.edu]: >> [java.lang.NullPointerException]> >> 2018-02-07 00:46:30,118 DEBUG >> [org.apereo.cas.AbstractCentralAuthenticationService] >> - <Publishing [org.apereo.cas.support.events >> .ticket.CasTicketGrantingTicketCreatedEvent@2c84b7f8[ticketG >> rantingTicket=TGT-****************************************** >> 3wOfaglzGL-JNpegctV--qfA0S5-xCE-aws-stage-cas.highline.edu]]> >> >> Has anyone else ran into this? >> >> --Mike K >> >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/a/ap >> ereo.org/d/msgid/cas-user/051a23e8-bb02-48a3-ab26-86b9a2fa3c >> 40%40apereo.org >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/051a23e8-bb02-48a3-ab26-86b9a2fa3c40%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/CA%2Bd9XAPtgS2W5jqHcYROaymtCYyTnb > 2FyjAJQhKCAOUH%2BvCNbQ%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPtgS2W5jqHcYROaymtCYyTnb2FyjAJQhKCAOUH%2BvCNbQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALfsmq71-hfpdSXFe7nQZ5w0t4299jtOswjGzkhBLgHJKFEcSg%40mail.gmail.com.
