For the Duo dependency, spring updated their use for artifacts in their repo and now libs-release (and probably libs-snapshot) is no longer available publicly
https://spring.io/blog/2020/10/29/notice-of-permissions-changes-to-repo-spring-io-fall-and-winter-2020 On Wednesday, January 27, 2021 at 8:52:32 PM UTC-5 richard.frovarp wrote: > For the Duo jar, you should put them in your own local repo? Or maybe the > cache dir? I know that by default it feels like you have to hunt through a > variety of external repos to find that dependency. I run a local Nexus > install for us so I only have to hunt down once. > > For the LDAP problems, I think on the Shib list they say don't use the > JNDI LDAP connector, in particular with JDK 11. But even then, I don't > think the 1.8 JNDI provider is that great. So, you may be able to move over > to the UnboundID provider and have better success? To determine what > version is being used, I would recommend looking at what is in your > resulting build artifact. I'm building to a war, and therefore the place > for me to look to see what is being placed in the war file. So if the file > is present in the lib dir where you are running it, it might be using. I > don't remember if there is an authoritative way the JRE loads libs or not. > I generally assume that if there are two in the classpath, it is going to > randomly load out of one of them. It's probably deterministic in some way, > but if you have to ask about load order, you're probably in a space you > don't want to be in. > > I know that with overlays I've had trouble getting the version I want to > be the only one. I don't think the normal Maven rules for dependency > versions fully apply for overlays. You're best off putting excludes in to > ensure the version you don't want is excluded. > > You can also exclude out of the overlay, and I see that I'm doing that. I > just don't remember why I'm doing that. I have spring and log4j in those > excludes. I'm excluding Duo out of a normal dependency section. I have a > different GAV bringing that dependency in. > > We're using the UnboundID provider. > ------------------------------ > *From:* [email protected] <[email protected]> on behalf of Baron > Fujimoto <[email protected]> > *Sent:* Wednesday, January 27, 2021 19:06 > *To:* CAS Users <[email protected]> > *Subject:* [cas-user] CAS 5.0.x newer ldaptive? > > I'm working with Oracle to troubleshoot a bug we've encountered with their > JDK (1.8u231+) and LDAP errors. According to their analysis, they're > claiming that the problem lies with the ldaptive library being used by this > old (I know) version of CAS. More specifically that the subsequent JDKs > adhere to spec, and the ldaptive library appears to be testing for > unspecified behaviour. They are recommending I try a newer version of the > ldaptive library which does not appear to have the same code. > > I added the following to our pom.xml: > > <dependency> > <groupId>org.ldaptive</groupId> > <artifactId>ldaptive</artifactId> > <version>2.0.1</version> > </dependency> > > When I ran "mvn clean package" I think it looked like it was including the > 2.0.1 version of ldaptive in the build. However, it seems like I'm still > seeing LDAP problems. When I try to login, it will often result in the > errors such as the following being logged: > > 2021-01-27 12:10:56,974 DEBUG > [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Attempting > LDAP authentication for baron> > 2021-01-27 12:10:56,986 WARN [org.ldaptive.pool.BlockingConnectionPool] - > <connection failed check out validation: > org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@4b6106ff> > 2021-01-27 12:10:56,989 ERROR > [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - > <LdapAuthenticationHandler: Unexpected LDAP error (Details: Validation of > connection failed)> > > Eventually the validation succeeds, then so does the authentication. > > How can I verify which version of ldaptive is being used by CAS? I don't > think I saw anything indicating this in the logs. If I search for ldaptive > in my overlay work directory I find the following: > > ===== > $ grep -ilr ldaptive . > ./target/cas.war > > ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/classes/log4j2.xml > > ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/person-directory-impl-1.8.4.jar > > ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-1.2.0.jar > > ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-beans-1.2.0.jar > ./target/cas/WEB-INF/classes/log4j2.xml > ./target/cas/WEB-INF/lib/person-directory-impl-1.8.4.jar > ./target/cas/WEB-INF/lib/ldaptive-1.2.0.jar > ./target/cas/WEB-INF/lib/ldaptive-beans-1.2.0.jar > ./target/cas/WEB-INF/lib/ldaptive-beans-2.0.1.jar > ./target/cas/WEB-INF/lib/ldaptive-2.0.1.jar > ./pom.xml > ./etc/cas/config/log4j2.xml > ===== > > I see an ldaptive-2.0.1.jar and ldaptive-beans-2.0.1.jar, but > also ldaptive-1.2.0.jar and ldaptive-beans-1.2.0.jar. The 1.2.0 versions > are always present after the build even if I delete them first, so > something must be re-including them. How can I ensure that the new ldaptive > is used in place of the old one? > > Unrelated, but I'm also seeing the following errors in the build now that > weren't present when I originally built this long ago: > > Downloading: > https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/-SNAPSHOT/maven-metadata.xml > [WARNING] Could not transfer metadata > com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to > spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > [WARNING] Failure to transfer > com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from > https://repo.spring.io/libs-snapshot was cached in the local repository, > resolution will not be reattempted until the update interval of > spring-libs-snapshots has elapsed or updates are forced. Original error: > Could not transfer metadata > com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to > spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > Downloading: > https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client/-SNAPSHOT/maven-metadata.xml > [WARNING] Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml > > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > [WARNING] Failure to transfer > com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml > > from https://repo.spring.io/libs-snapshot was cached in the local > repository, resolution will not be reattempted until the update interval of > spring-libs-snapshots has elapsed or updates are forced. Original error: > Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml > > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > Downloading: > https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-example-admin/-SNAPSHOT/maven-metadata.xml > [WARNING] Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml > > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > [WARNING] Failure to transfer > com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml > > from https://repo.spring.io/libs-snapshot was cached in the local > repository, resolution will not be reattempted until the update interval of > spring-libs-snapshots has elapsed or updates are forced. Original error: > Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml > > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > Downloading: > https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client-all/-SNAPSHOT/maven-metadata.xml > [WARNING] Could not transfer metadata > com.github.duosecurity.duo_client_java:duo-client-all:-SNAPSHOT/maven-metadata.xml > > from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not > authorized , ReasonPhrase:Unauthorized. > > It seems prudent to resolve these build errors as well. > -- > Baron Fujimoto <[email protected]> :: UH Information Technology Services > minutas cantorum, minutas balorum, minutas carboratum desendus pantorum > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL20VkUPAgFORD_Jb-nNaoNK_EiZb3uc_BfN8KF8gSyThg%40mail.gmail.com > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL20VkUPAgFORD_Jb-nNaoNK_EiZb3uc_BfN8KF8gSyThg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5a361cc6-a099-4a45-86c6-d479db055159n%40apereo.org.
