Regarding Authentication I have ask a separate question to see if what I want to do is possible.
On Wednesday, 26 September 2018 08:14:00 UTC+10, Colin Wilkinson wrote: > > Hi Jérôme, > > I am not 100% sure, if it maybe a edge bug with CAS server itself. > Basically its an issue when serialising the session, there is no problem > when executing code only when trying to serialise the session and that made > the problem hard to track. Basically I had two beans that were session > scoped and proxy class targeted and the serialisation did not like one of > those session scope. > > The first session is about user information that is required to enable > talking between our Enterprise Service Bus (ESB) and our systems. We > configure this once and store it the session. This bean is still stored in > the session. > > The second session bean use to do a lot more that it does not and has been > reconfigured. Now it only configures the User Information and no longer > need to be stored in the session. The second session bean also stores a > reference to the first session bean and I think that is where the problem > lies. > > This beans a located in services module that is used across multiple > projects without a problem. > > I think there maybe a problem with CAS regarding authentication handlers. > I initially tried to add additional authentication handler that ran after > the main ClientAuthenticationHandler it did not fire. I will do some > testing today now that CAS is functioning and get back to if there is a > problem > > I have set cas.authn.policy.all.enabled=true as well > > Regards, > Colin > > On Tuesday, 25 September 2018 18:05:09 UTC+10, leleuj wrote: >> >> Hi, >> >> Was it a bug on your customization or something from the CAS server >> itself? >> Thanks. >> Best regards, >> Jérôme >> >> >> On Tue, Sep 25, 2018 at 4:37 AM Colin Wilkinson <[email protected]> >> wrote: >> >>> Hi, >>> >>> I have worked out what the issue was. It one of the scope session beans >>> being loaded after the initial request that was causing the issue. >>> >>> Regards, >>> >>> On Monday, 24 September 2018 15:59:52 UTC+10, Colin Wilkinson wrote: >>>> >>>> Hi, >>>> >>>> We at working are looking at implementing delegated authentication for >>>> facebook, google, twitter, etc but there seems to be a weird issue with >>>> it. >>>> A little bit of background we have extended the delegated authentication >>>> as >>>> we need to map the email associated with facebook for instance back to a >>>> staff or student account. If the email has no association then we navigate >>>> to a registration screen which the user input a user name and password >>>> otherwise it logs the staff or student in. If staff or student follow the >>>> flow as designed then all works fine and there is no issue. If the staff >>>> or >>>> student registers using the username and password provided I trigger the >>>> form authentication. >>>> >>>> The issue arises if the user does not navigate as expected, if when >>>> they get the registration screen they realised they have clicked the wrong >>>> client and decided to go back to the main login screen and choose the >>>> right >>>> client I am receiving >>>> >>>> org.springframework.web.util.NestedServletException: Handler dispatch >>>> failed; nested exception is java.lang.OutOfMemoryError: Java heap space >>>> >>>> >>>> I am certain its not the modifications I have made as its failing >>>> before the call to redirect to the client has happened the problem in the >>>> "DelegatedClientNavigationController" class with the following line, place >>>> debug statement proceeding the call and debug statement after the call. >>>> >>>> >>>> this.delegatedSessionCookieManager.store(webContext); >>>> >>>> The main dev cas server is running 16gb of ram as initially it was only >>>> running 8gb of ram. >>>> >>>> The possible steps to replicate the issue are as followings >>>> >>>> 1. Navigate to CAS >>>> 2. Click Facebook (Authentication must fail) >>>> 3. Redirected back to login screen (Upon redirecting back PAC4J >>>> clients list goes missing) >>>> 4. Navigate back to CAS so that clients are there >>>> 5. Click Facebook should get a heap space error. >>>> >>>> I have tried this with both 5.3.3 and 5.3.4-SNAPSHOT with no success. >>>> >>>> The dump statement where as follows >>>> >>>> LOGGER.debug("PRIOR TO CALLING DELEGTED SESSION COOKIE MANAGER STORE"); >>>> this.delegatedSessionCookieManager.store(webContext); >>>> LOGGER.debug("AFTER TO CALLING DELEGTED SESSION COOKIE MANAGER STORE"); >>>> >>>> >>>> Attached are is the success results and the heap space error results. >>>> >>>> I apologise if this does not make sense. >>>> >>>> Regards, >>>> Colin >>>> >>>> >>>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cbf7bd25-bc0d-44b8-92dd-40b8e7d653c3%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/cbf7bd25-bc0d-44b8-92dd-40b8e7d653c3%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/79ede174-7ffd-48f4-85da-2f35cdcb38a6%40apereo.org.
