So it turns out I already had the driver turned to debug, so no new
information there.  But I did up the verbosity level of MongoDB log to 5
and noticed that a write attempt for the TGT ticket wasn't even made
(subsequent fetches where made though).

I decided to try pulling down the latest maven overlay and move my settings
over one by one to see what would cause the problem, and culprit turned out
to be

cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=28800


If I comment that out, it writes the ticket no problem.  If I set it, it
fails creating the ticket and new writes it to or even attempts to write it
to Mongo.  I think this is an error in the ExpirationPolicy class as I have
also tried Redis and noticed it was writing the expiration time as -1.  -1
is not acceptable to Redis so it won't make the record.  I also tried
DynamoDB and noticed it was complaining about an empty string being written
(which for whatever reason Dynamo does not like empty strings at all).  I'm
thinking PostgreSQL didn't have a problem because the expiration policy is
stored as a large object and it probably doesn't care what it is.

--Mike K.

On Wed, Feb 7, 2018 at 5:51 AM, michael kromarek <mkroma...@gmail.com>
wrote:

> I'll give that a shot and let you know what I find.
>
> Thank you.
>
> On Wed, Feb 7, 2018 at 5:31 AM, David Curry <david.cu...@newschool.edu>
> wrote:
>
>> Ah - you just reminded me, and I should have mentioned this last time.
>> Try adding this to your log4j2.xml:
>>
>> <AsyncLogger name="org.mongodb.driver" level="debug" />
>>
>>
>> That's the actual Java driver.
>>
>> --Dave
>>
>>
>> --
>>
>> DAVID A. CURRY, CISSP
>> *DIRECTOR OF INFORMATION SECURITY*
>> INFORMATION TECHNOLOGY
>>
>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
>> +1 212 229-5300 x4728 <(212)%20229-5300> • david.cu...@newschool.edu
>>
>> [image: The New School]
>>
>> On Wed, Feb 7, 2018 at 8:25 AM, michael kromarek <mkroma...@gmail.com>
>> wrote:
>>
>>> Hi Dave,
>>>
>>> I actually tried those settings first (I was following your guide, but
>>> only having a single server instead of a cluster for mongo).
>>> Unfortunately, it fails in the same way with those settings too.  I might
>>> be able to eek out a little  more information if I set
>>>
>>> org.apereo.cas.ticket.registry.MongoDbTicketRegistry
>>>
>>> to debug in the logger, though I  already have org.apero.cas and
>>> com.mongo set to debug.
>>>
>>> --Mike K
>>>
>>> On Wed, Feb 7, 2018 at 5:15 AM, David Curry <david.cu...@newschool.edu>
>>> wrote:
>>>
>>>> Mike,
>>>>
>>>> The only thing that strikes me as odd in your settings is this one:
>>>>
>>>> cas.ticket.registry.mongo.collectionName=cas-ticket-registry
>>>>
>>>>
>>>> The Mongo ticket registry uses multiple collections:
>>>>
>>>> proxyGrantingTicketsCollection
>>>> proxyTicketsCollection
>>>> samlArtifactsCache
>>>> samlAttributeQueryCache
>>>> serviceTicketsCollection
>>>> ticketGrantingTicketsCollection
>>>>
>>>>
>>>> So while I'm not sure if that setting is having any impact on your
>>>> configuration at all, I suspect that if it _is_ having an impact, it's a
>>>> negative one. Although, I don't see anything in the logs to suggest that it
>>>> is -- the server seems to be using the "right" collection:
>>>>
>>>> 2018-02-07 00:46:30,159 DEBUG 
>>>> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry]
>>>> - <Locating collection name [ticketGrantingTicketsCollection] for
>>>> ticket definition [org.apereo.cas.ticket.Default
>>>> TicketDefinition@28556a8b[implementationClass=class
>>>> org.apereo.cas.ticket.TicketGrantingTicketImpl,prefix=TGT]]>
>>>> 2018-02-07 00:46:30,159 DEBUG 
>>>> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry]
>>>> - <Located MongoDb collection instance [ticketGrantingTicketsCollection
>>>> ]>
>>>> 2018-02-07 00:46:30,160 DEBUG [org.mongodb.driver.protocol.command] -
>>>> <Sending command {find : BsonString{value='ticketGranti
>>>> ngTicketsCollection'}} to database casdb on connection
>>>> [connectionId{localValue:6, serverValue:68}] to server localhost:27017>
>>>> 2018-02-07 00:46:30,161 DEBUG [org.mongodb.driver.protocol.command] -
>>>> <Command execution completed>
>>>>
>>>> For what it's worth, mine is working on 5.2.2 using these settings
>>>> (essentially the same as yours except I have a replica set):
>>>>
>>>> #
>>>> # Components of the MongoDB connection string broken out for ease of
>>>> editing.
>>>> # See https://docs.mongodb.com/manual/reference/connection-string/
>>>> #
>>>> mongo.db:                               casdb
>>>> mongo.rs:                               rs0
>>>> mongo.opts:                             &ssl=true
>>>> mongo.creds:                            mongocas:<redacted>
>>>> mongo.hosts:                            casdev-srv01-lid.newschool.edu
>>>> ,casdev-srv02-lid.newschool.edu,casdev-srv03-lid.newschool.edu
>>>>
>>>> #
>>>> # The connection string, assembled
>>>> #
>>>> mongo.uri:                              mongodb://${mongo.creds}@${mon
>>>> go.hosts}/${mongo.db}?replicaSet=${mongo.rs}${mongo.opts}
>>>>
>>>> #
>>>> # Ticket registry
>>>> #
>>>> cas.ticket.registry.mongo.clientUri:    ${mongo.uri}
>>>>
>>>> #
>>>> # Service registry
>>>> #
>>>> cas.serviceRegistry.mongo.clientUri:    ${mongo.uri}
>>>> cas.serviceRegistry.mongo.collection:   casServiceRegistry
>>>>
>>>>
>>>>
>>>> --Dave
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> DAVID A. CURRY, CISSP
>>>> *DIRECTOR OF INFORMATION SECURITY*
>>>> INFORMATION TECHNOLOGY
>>>>
>>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>>>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
>>>> +1 212 229-5300 x4728 <(212)%20229-5300> • david.cu...@newschool.edu
>>>>
>>>> [image: The New School]
>>>>
>>>> On Wed, Feb 7, 2018 at 4:03 AM, Mike Kromarek <mkroma...@gmail.com>
>>>> wrote:
>>>>
>>>>> I recently switched from the Postgresql JPA ticket registry to MongoDB
>>>>> and am having a strange issue.  The authentication succeeds, but then it
>>>>> fails to add the ticket to the mongo database, causing the process to fail
>>>>> and return to the login screen.
>>>>>
>>>>> -- cas.properties --
>>>>> cas.ticket.registry.mongo.host=localhost
>>>>> cas.ticket.registry.mongo.userId=<redacted>
>>>>> cas.ticket.registry.mongo.password=<redacted>
>>>>> cas.ticket.registry.mongo.databaseName=casdb
>>>>> cas.ticket.registry.mongo.collectionName=cas-ticket-registry
>>>>> cas.ticket.registry.mongo.dropCollection=false
>>>>> cas.ticket.registry.mongo.timeout=5000
>>>>> cas.ticket.registry.mongo.writeConcern=NORMAL
>>>>> cas.ticket.mongo.conns.lifetime=60000
>>>>> cas.ticket.mongo.conns.perHost=10
>>>>> cas.ticket.registry.mongo.idleTimeout=30000
>>>>>
>>>>>
>>>>> CAS connects to the database with the specified user, makes all the
>>>>> tables and seems like everything should be good.  Then it encodes the TGT,
>>>>> but fails to add it.
>>>>>
>>>>>
>>>>> 2018-02-07 00:46:30,024 DEBUG [org.apereo.cas.ticket.factory
>>>>> .DefaultTicketGrantingTicketFactory] - <Encoded ticket-granting
>>>>> ticket id [TGT-******************************************3wOfaglzGL-JN
>>>>> pegctV--qfA0S5-xCE-aws-stage-cas.highline.edu]>
>>>>> 2018-02-07 00:46:30,025 DEBUG 
>>>>> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry]
>>>>> - <Adding ticket [TGT-******************************************
>>>>> 3wOfaglzGL-JNpegctV--qfA0S5-xCE-aws-stage-cas.highline.edu]>
>>>>> 2018-02-07 00:46:30,118 ERROR 
>>>>> [org.apereo.cas.ticket.registry.MongoDbTicketRegistry]
>>>>> - <Failed adding [TGT-******************************************
>>>>> 3wOfaglzGL-JNpegctV--qfA0S5-xCE-aws-stage-cas.highline.edu]:
>>>>> [java.lang.NullPointerException]>
>>>>> 2018-02-07 00:46:30,118 DEBUG 
>>>>> [org.apereo.cas.AbstractCentralAuthenticationService]
>>>>> - <Publishing [org.apereo.cas.support.events
>>>>> .ticket.CasTicketGrantingTicketCreatedEvent@2c84b7f8[ticketG
>>>>> rantingTicket=TGT-******************************************
>>>>> 3wOfaglzGL-JNpegctV--qfA0S5-xCE-aws-stage-cas.highline.edu]]>
>>>>>
>>>>> Has anyone else ran into this?
>>>>>
>>>>> --Mike K
>>>>>
>>>>>
>>>>> --
>>>>> - Website: https://apereo.github.io/cas
>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>>> - Contributions: https://goo.gl/mh7qDG
>>>>> ---
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "CAS Community" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to cas-user+unsubscr...@apereo.org.
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/051a
>>>>> 23e8-bb02-48a3-ab26-86b9a2fa3c40%40apereo.org
>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/051a23e8-bb02-48a3-ab26-86b9a2fa3c40%40apereo.org?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>
>>>> --
>>>> - Website: https://apereo.github.io/cas
>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>> - Contributions: https://goo.gl/mh7qDG
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to cas-user+unsubscr...@apereo.org.
>>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>>> ereo.org/d/msgid/cas-user/CA%2Bd9XAPtgS2W5jqHcYROaymtCYyTnb2
>>>> FyjAJQhKCAOUH%2BvCNbQ%40mail.gmail.com
>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPtgS2W5jqHcYROaymtCYyTnb2FyjAJQhKCAOUH%2BvCNbQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/CALfsmq71-hfpdSXFe7nQZ5w0t4299jtOs
>>> wjGzkhBLgHJKFEcSg%40mail.gmail.com
>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALfsmq71-hfpdSXFe7nQZ5w0t4299jtOswjGzkhBLgHJKFEcSg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/ap
>> ereo.org/d/msgid/cas-user/CA%2Bd9XAOy%2B0pG-HA%2BbVTDbvUv0G
>> X%2Bnw0vhO3nK3Cgw%2BMPEzuLbA%40mail.gmail.com
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOy%2B0pG-HA%2BbVTDbvUv0GX%2Bnw0vhO3nK3Cgw%2BMPEzuLbA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALfsmq5iHbn%2BKAv6c9dF1Et988OHvXOXqwJTaQBuV1UDCbfBBw%40mail.gmail.com.

Reply via email to