Hi Dave , Thanks for your reply . I have tested if it works or not with as you mentioned before , but it didnt work. Also i have newly errors about other sites . Briefly explain my env. ;
- I have two CAS -- casuno.example.edu.tr and casdos.example.edu.tr and one virtual ip behind netscaler LB - casnlb.xxxxx.edu.tr ( they have proper DNS A records , they are all in same subnet/vlan ,their ufw has disabled -- their OS Ubuntu 1804 ) ; - Both they have openjdk 11.0.4 2019-07-16 and tomcat 9.0.26 , with https: - ssl 8443 and http : 8080 - Both they have ; nginx ; i use them as reverse proxy ; casuno.example.edu.tr:8443 redirects https://casnlb.example.edu.tr ( casnlb has virtual ip behind netscaler LB , and roundrobin tcp 443 - ) - Both they have ; cas-overlay--- build.gradle -- - compile "org.apereo.cas:cas-server-support-ldap:${casServerVersion}" - compile "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}" - compile "org.apereo.cas:cas-server-support-hazelcast-ticket-registry:${casServerVersion} - Both they have ; cas-management-overlay--- build.gradle -- ( default ) *Below my cas.properties ; ( differences between are just crypto keys ! ) * # cas.server.name:https://casnlb.xxxx.edu.tr server.prefix=${server.name}/cas logging.config: file:/etc/cas/config/log4j2.xml cas.authn.accept.users= ##########################################TGC-Secure########################################################################### cas.tgc.secure:true cas.tgc.crypto.encryption.key:MXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXs cas.tgc.crypto.signing.key:BXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXQ cas.webflow.crypto.encryption.key:jXXXXXXXXXXXXXXXXXXXXXXXX== cas.webflow.crypto.signing.key:MXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXA ##########################################LDAP################################################################################# cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].principalAttributeList=cn,givenName,userPrincipalName,description #cas.authn.ldap[0].bindDn=cn=Users,DC=example,DC=edu,DC=tr cas.authn.ldap[0].ldapUrl=ldap://adc.example.edu.tr:389 #cas.authn.ldap[0].searchFilter=cn={user} cas.authn.ldap[0].searchFilter=(userPrincipalName={user}) cas.authn.ldap[0].bindDn=cn=CAS ldap,cn=users,dc=xxxx,dc=edu,dc=tr cas.authn.ldap[0].bindCredential=HXXXXXXXXHHH cas.authn.ldap[0].baseDn=OU=Users,DC=xxxxxxxxx,DC=edu,DC=tr cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].useSsl=false ##########################################Services############################################################################## cas.serviceRegistry.json.location=file:/etc/cas/services ##########################################Hazelcast############################################################################# cas.ticket.registry.hazelcast.cluster.members: casuno.xxxxx.edu.tr,casdos.xxxxx.edu.tr cas.ticket.registry.hazelcast.cluster.asyncBackupCount: 1 cas.ticket.registry.hazelcast.cluster.backupCount: 0 cas.ticket.registry.hazelcast.cluster.port: 5701 cas.ticket.registry.hazelcast.cluster.portAutoIncrement:false cas.ticket.registry.hazelcast.crypto.encryption.key: KXxxXXXXXXXXXXXXXXXXXx== cas.ticket.registry.hazelcast.crypto.signing.key: oXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxxxxxxxxxxxXXXxfSkw cas.ticket.registry.hazelcast.crypto.enabled: true *Below management.properties; ( both same , casuno and casdos ) * cas.server.name=https://casnlb.xxxx.edu.tr cas.server.prefix=${cas.server.name}:/cas mgmt.serverName=https://casnlb.xxxxx.edu.tr/cas-management mgmt.adminRoles[0]=ROLE_ADMIN mgmt.userPropertiesFile=file:/etc/cas/config/users.json logging.config=file:/etc/cas/config/log4j2-management.xml *Below cas/services --- cas-management web app json --- ( both same casuno and casdos , json names are different , their id s are different ) * { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^https://casnlb.xxxxx.edu.tr/cas-management/*";, "name" : "CAS Services Management", "id" : xxxxxxxxxxxxxxx, "description" : "CAS Services Management Webapp", "evaluationOrder" : 10 } ---------------------------------------------------------------------------- 1. Start an incognito/private mode browser so there are no cookies ( Done ) 2. Log in to Application 1 through CAS (Done ) 3. Check the CAS logs to figure out which server handled my login ( -- casuno has grab/handle request and i successfully login via my domain account ... https://casuno.xxx.edu.tr/cas --- login successfull ) 4. Shut that CAS server down (Done) 5. Go back to the browser and access another CAS-protected service -- if it lets me in without username/password then Hazelcast is at least nominally working; if I get prompted again, then something is wrong First Error Log ; ( both cas server have same ) 07-Nov-2019 05:57:51.789 WARNING [main] com.hazelcast.instance.HazelcastInstanceFactory.null Hazelcast is starting in a Java modular environment (Java 9 and newer) but without proper access to required Java packages. Use additional Java arguments to provide Hazelcast access to Java internal API. The internal API access is used to get the best performance results. Arguments to be used: --add-modules java.se --add-exports java.base/jdk.internal.ref=ALL-UNNAMED --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.nio=ALL-UNNAMED --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.management/sun.management=ALL-UNNAMED --add-opens jdk.management/com.sun.management.internal=ALL-UNNAMED 2019-11-07 05:57:51,879 WARN [com.hazelcast.instance.AddressPicker] - <[LOCAL] [dev] [3.12.3] You configured your member address as host name. Please be aware of that your dns can be spoofed. Make sure that your dns configurations are correct.> 2019-11-07 05:57:51,881 WARN [com.hazelcast.instance.AddressPicker] - <[LOCAL] [dev] [3.12.3] You configured your member address as host name. Please be aware of that your dns can be spoofed. Make sure that your dns configurations are correct.> WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.hazelcast.internal.networking.nio.SelectorOptimizer (file:/opt/tomcat/webapps/cas/WEB-INF/lib/hazelcast-3.12.3.jar) to field sun.nio.ch.SelectorImpl.selectedKeys WARNING: Please consider reporting this to the maintainers of com.hazelcast.internal.networking.nio.SelectorOptimizer WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Second Error Log --- ( after login attemp via LB domain name -- casnlb.xxx.edu.tr/cas ) https://casnlb.xxxx.edu.tr/cas/login?exception.message=Error+decoding+flow+execution ( on browser it writes , ) 2019-11-07 06:02:21,471 ERROR [org.apereo.cas.web.flow.executor.EncryptedTranscoder] - <Null input buffer> java.lang.IllegalArgumentException: Null input buffer at javax.crypto.Cipher.doFinal(Cipher.java:2198) ~[?:?] at org.apereo.cas.util.cipher.BaseBinaryCipherExecutor.decode(BaseBinaryCipherExecutor.java:92) ~[cas-server-core-util-api-6.2.0-SNAPSHOT.jar:6.2.0-SNAPSHOT] at org.apereo.cas.util.cipher.BaseBinaryCipherExecutor.decode(BaseBinaryCipherExecutor.java:33) ~[cas-server-core-util-api-6.2.0-SNAPSHOT.jar:6.2.0-SNAPSHOT] at org.apereo.cas.util.crypto.CipherExecutor.decode(CipherExecutor.java:105) ~[cas-server-core-api-util-6.2.0-SNAPSHOT.jar:6.2.0-SNAPSHOT] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:279) ~[spring-core-5.2.1.RELEASE.jar:5.2.1.RELEASE] at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.0.RC1.jar:2.2.0.RC1] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.1.RELEASE.jar:5.2.1.RELEASE] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.1.RELEASE.jar:5.2.1.RELEASE] at com.sun.proxy.$Proxy333.decode(Unknown Source) ~[?:?] at org.apereo.cas.web.flow.executor.WebflowCipherBean.decrypt(WebflowCipherBean.java:35) ~[cas-server-core-webflow-api-6.2.0-SNAPSHOT.jar:6.2.0-SNAPSHOT] at org.apereo.cas.web.flow.executor.EncryptedTranscoder.decode(EncryptedTranscoder.java:103) ~[cas-server-core-webflow-api-6.2.0-SNAPSHOT.jar:6.2.0-SNAPSHOT] at org.apereo.cas.web.flow.executor.ClientFlowExecutionRepository.getFlowExecution(ClientFlowExecutionRepository.java:75) ~[cas-server-core-webflow-api-6.2.0-SNAPSHOT.jar:6.2.0-SNAPSHOT] at org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:167) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:279) ~[spring-core-5.2.1.RELEASE.jar:5.2.1.RELEASE] at org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499) ~[spring-cloud-context-2.2.0.RC1.jar:2.2.0.RC1] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.2.1.RELEASE.jar:5.2.1.RELEASE] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.2.1.RELEASE.jar:5.2.1.RELEASE] at com.sun.proxy.$Proxy371.resumeExecution(Unknown Source) ~[?:?] at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:254) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE] at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040) ~[spring-webmvc-5.2.1.RELEASE.jar:5.2.1.RELEASE] at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943) ~[spring-webmvc-5.2.1.RELEASE.jar:5.2.1.RELEASE] at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.2.1.RELEASE.jar:5.2.1.RELEASE] at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909) ~[spring-webmvc-5.2.1.RELEASE.jar:5.2.1.RELEASE] it forces me login again . Third Error --- ( when we atttemp to import service json or create new one via cas-management web interface -UI ) 2019-11-07 06:38:53,144 ERROR [org.springframework.boot.web.servlet.support.ErrorPageFilter] - <Forwarding to error page from request [/api/services/] due to exception [repository not found: /etc/cas/services-repo/.git]> org.eclipse.jgit.errors.RepositoryNotFoundException: repository not found: /etc/cas/services-repo/.git at org.eclipse.jgit.storage.file.FileRepositoryBuilder.build(FileRepositoryBuilder.java:90) ~[org.eclipse.jgit-5.3.1.201904271842-r.jar:5.3.1.201904271842-r] at org.apereo.cas.mgmt.GitUtil.initializeGitRepository(GitUtil.java:1264) ~[cas-mgmt-support-version-control-6.1.0-RC4.jar:6.1.0-RC4] at org.apereo.cas.mgmt.GitUtil.<init>(GitUtil.java:108) ~[cas-mgmt-support-version-control-6.1.0-RC4.jar:6.1.0-RC4] at org.apereo.cas.mgmt.factory.RepositoryFactory.buildGitUtil(RepositoryFactory.java:82) ~[cas-mgmt-support-version-control-6.1.0-RC4.jar:6.1.0-RC4] at org.apereo.cas.mgmt.factory.RepositoryFactory.masterRepository(RepositoryFactory.java:72) ~[cas-mgmt-support-version-control-6.1.0-RC4.jar:6.1.0-RC4] at org.apereo.cas.mgmt.factory.VersionControlManagerFactory.createNewManager(VersionControlManagerFactory.java:129) ~[cas-mgmt-support-version-control-6.1.0-RC4.jar:6.1.0-RC4] at org.apereo.cas.mgmt.factory.VersionControlManagerFactory.getManagementServicesManager(VersionControlManagerFactory.java:114) ~[cas-mgmt-support-version-control-6.1.0-RC4.jar:6.1.0-RC4] at org.apereo.cas.mgmt.factory.VersionControlManagerFactory.from(VersionControlManagerFactory.java:97) ~[cas-mgmt-support-version-control-6.1.0-RC4.jar:6.1.0-RC4] at org.apereo.cas.mgmt.factory.VersionControlManagerFactory.from(VersionControlManagerFactory.java:40) ~[cas-mgmt-support-version-control-6.1.0-RC4.jar:6.1.0-RC4] at org.apereo.cas.mgmt.controller.ServiceController.saveService(ServiceController.java:107) ~[cas-mgmt-core-6.1.0-RC4.jar:6.1.0-RC4] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] I really dont know how will i continue? Any suggest or advice for me? Just i want to build a running HA CAS app . Thanks for your all help and guidence. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a28c3353-ce1f-410f-8f77-ffb90d2a1c67%40apereo.org.
