Hy guys,
I am having problems with replication Ehcache and validation of ServiceTicket.
We have two nodes who are running CAS server 3.5.1 and EhCache 2.6.
One node create the serviceTicket and the second node attemps to validate the
ST.
I can see in the logs that the second node receive the ST via RMI but
CentralAuthenticationServiceImpl said that the ST does not exist.
Here are the logs of my two nodes :
NODE 1 :
=============================================================
WHO: LoginPasswordIPCredentials [lock=false, codeEtape=4, codeEtapeOld=0,
memoEtp=-3, wnEtp=4, levelError=0, wnNbPages=0, wnCryptedValue=null,
wnUrlRedirect=, wnNumerop
age=, wnKey=null, serviceWebNomade=, serviceWebNomadeEtape2=, testIp=true,
testIpLogin=true, rememberMe=false, alreadyAuthenticated=false,
editorCode=null, gaUser=false
, ip=160.92.7.69, uid=null, identifiant=null, memoPassword=, memoLogin=]
WHAT: TGT-1-xKfU9bUcrBfWgKmfJV46y5Hrb6tJzoGY4LdjYlWMoMpA3CYlwf-cas01.example.org
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Thu Jul 04 18:02:35 CEST 2013
CLIENT IP ADDRESS: 160.92.7.69
SERVER IP ADDRESS: unknown
=============================================================
>
2013-07-04 18:02:35,051 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Removed cookie
with name [CASPRIVACY]>
2013-07-04 18:02:35,051 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added cookie
with name [CASTGC] and value [TGT-1-xKfU9bUcrBfWgKmfJV46y5Hrb6
tJzoGY4LdjYlWMoMpA3CYlwf-cas01.example.org]>
2013-07-04 18:02:35,054 DEBUG [net.sf.ehcache.store.disk.Segment] - <fault
removed 0 from heap>
2013-07-04 18:02:35,058 DEBUG [net.sf.ehcache.store.disk.Segment] - <fault
added 0 on disk>
2013-07-04 18:02:35,072 DEBUG
[org.jasig.cas.ticket.registry.EhCacheTicketRegistry] - <Adding ticket granting
ticket
TGT-1-xKfU9bUcrBfWgKmfJV46y5Hrb6tJzoGY4LdjYlWMoMpA3CYlwf-cas01.example.org to
the cache org.jasig.cas.ticket.TicketGrantingTicket>
2013-07-04 18:02:35,072 DEBUG [net.sf.ehcache.store.disk.Segment] - <put added
0 on heap>
2013-07-04 18:02:35,075 DEBUG [net.sf.ehcache.store.disk.Segment] - <put
updated, deleted 0 on heap>
2013-07-04 18:02:35,075 DEBUG [net.sf.ehcache.store.disk.Segment] - <put
updated, deleted 0 on disk>
2013-07-04 18:02:35,075 DEBUG
[org.jasig.cas.ticket.registry.EhCacheTicketRegistry] - <Adding service ticket
ST-1-n3afABKuoOuvJ4tzCSSP-cas01.example.org to the cache>
2013-07-04 18:02:35,076 DEBUG
[net.sf.ehcache.distribution.RMICacheManagerPeerProvider] - <Lookup URL
//10.90.1.59:40001/org.jasig.cas.ticket.ServiceTicket>
2013-07-04 18:02:35,076 DEBUG [net.sf.ehcache.store.disk.Segment] - <fault
removed 0 from heap>
2013-07-04 18:02:35,076 DEBUG [net.sf.ehcache.store.disk.Segment] - <fault
added 0 on disk>
2013-07-04 18:02:35,276 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
<Granted service ticket [ST-1-n3afABKuoOuvJ4tzCSSP-cas01.example.org] for
service
[http://test-secureidpga.gestion-des-acces.fr/idp/SSO?shire=http%3A%2F%2Fqlf-jurisprudencechiffree.editions-legislatives.fr%2FShibboleth.sso%2FSAML%2FPOST&time=1372953737&target=cookie%3Aefd207d4&providerId=http%3A%2F%2Fqlf-jurisprudencechiffree.editions-legislatives.fr]
for user [ERP@@dpmtest]>
2013-07-04 18:02:35,277 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: ERP@@dpmtest
WHAT: ST-1-n3afABKuoOuvJ4tzCSSP-cas01.example.org for
http://test-secureidpga.gestion-des-acces.fr/idp/SSO?shire=http%3A%2F%2Fqlf-jurisprudencechiffree.editions-legislatives.fr%2FShibboleth.sso%2FSAML%2FPOST&time=1372953737&target=cookie%3Aefd207d4&providerId=http%3A%2F%2Fqlf-jurisprudencechiffree.editions-legislatives.fr
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Thu Jul 04 18:02:35 CEST 2013
CLIENT IP ADDRESS: 160.92.7.69
SERVER IP ADDRESS: unknown
=============================================================
NODE 2 :
2013-07-04 18:02:35,275 DEBUG [net.sf.ehcache.distribution.RMICachePeer] -
<RMICachePeer for cache org.jasig.cas.ticket.ServiceTicket: remote put
received. Element is: [ key = ST-1-n3afABKuoOuvJ4tzCSSP-cas01.example.org,
value=ST-1-n3afABKuoOuvJ4tzCSSP-cas01.example.org, version=1, hitCount=0,
CreationTime = 1372953756000, LastAccessTime = 1372953755272 ]>
2013-07-04 18:02:35,435 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor]
- <Extractor generated service for:
http://test-secureidpga.gestion-des-acces.fr/idp/SSO?shire=http%3A%2F%2Fqlf-jurisprudencechiffree.editions-legislatives.fr%2FShibboleth.sso%2FSAML%2FPOST&time=1372953737&target=cookie%3Aefd207d4&providerId=http%3A%2F%2Fqlf-jurisprudencechiffree.editions-legislatives.fr>
2013-07-04 18:02:35,457 DEBUG [net.sf.ehcache.store.disk.Segment] - <put added
0 on heap>
2013-07-04 18:02:35,458 DEBUG [net.sf.ehcache.distribution.RMICachePeer] -
<RMICachePeer for cache org.jasig.cas.ticket.TicketGrantingTicket: remote put
received. Element is: [ key =
TGT-1-xKfU9bUcrBfWgKmfJV46y5Hrb6tJzoGY4LdjYlWMoMpA3CYlwf-cas01.example.org,
value=TGT-1-xKfU9bUcrBfWgKmfJV46y5Hrb6tJzoGY4LdjYlWMoMpA3CYlwf-cas01.example.org,
version=1, hitCount=0, CreationTime = 1372953756000, LastAccessTime =
1372953755456 ]>
2013-07-04 18:02:35,461 DEBUG [net.sf.ehcache.store.disk.Segment] - <fault
removed 0 from heap>
2013-07-04 18:02:35,461 DEBUG [net.sf.ehcache.store.disk.Segment] - <fault
added 0 on disk>
2013-07-04 18:02:35,474 DEBUG [net.sf.ehcache.store.disk.Segment] - <put added
0 on heap>
2013-07-04 18:02:35,476 DEBUG [net.sf.ehcache.store.disk.Segment] - <put
updated, deleted 0 on heap>
2013-07-04 18:02:35,476 DEBUG [net.sf.ehcache.store.disk.Segment] - <put
updated, deleted 0 on disk>
2013-07-04 18:02:35,476 DEBUG [net.sf.ehcache.distribution.RMICachePeer] -
<RMICachePeer for cache org.jasig.cas.ticket.TicketGrantingTicket: remote put
received. Element is: [ key =
TGT-1-xKfU9bUcrBfWgKmfJV46y5Hrb6tJzoGY4LdjYlWMoMpA3CYlwf-cas01.example.org,
value=TGT-1-xKfU9bUcrBfWgKmfJV46y5Hrb6tJzoGY4LdjYlWMoMpA3CYlwf-cas01.example.org,
version=1, hitCount=0, CreationTime = 1372953756000, LastAccessTime =
1372953755474 ]>
2013-07-04 18:02:35,477 DEBUG [net.sf.ehcache.store.disk.Segment] - <fault
removed 0 from heap>
2013-07-04 18:02:35,477 DEBUG [net.sf.ehcache.store.disk.Segment] - <fault
added 0 on disk>
2013-07-04 18:02:35,482 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
<ServiceTicket [ST-1-n3afABKuoOuvJ4tzCSSP-cas01.example.org] does not exist.>
2013-07-04 18:02:35,487 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: ST-1-n3afABKuoOuvJ4tzCSSP-cas01.example.org
ACTION: SERVICE_TICKET_VALIDATE_FAILED
APPLICATION: CAS
WHEN: Thu Jul 04 18:02:35 CEST 2013
CLIENT IP ADDRESS: 193.108.167.33
SERVER IP ADDRESS: unknown
=============================================================
I attach the EhCache configuration files.
Someone have any idea what happens?
Thanks.
Etienne.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
<ehcache updateCheck="false"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:noNamespaceSchemaLocation="http://ehcache.sf.net/ehcache.xsd";>
<diskStore path="java.io.tmpdir/casEL" />
<cacheManagerPeerProviderFactory class="net.sf.ehcache.distribution.RMICacheManagerPeerProviderFactory"
properties="peerDiscovery=manual,rmiUrls=//10.90.1.59:40001/org.jasig.cas.ticket.ServiceTicket|//10.90.1.59:40001/org.jasig.cas.ticket.TicketGrantingTicket"/>
<cacheManagerPeerListenerFactory class="net.sf.ehcache.distribution.RMICacheManagerPeerListenerFactory"
properties="port=40001"/>
<defaultCache
maxElementsInMemory="10000"
eternal="false"
timeToIdleSeconds="300"
timeToLiveSeconds="300"
overflowToDisk="true"
maxElementsOnDisk="10000000"
diskPersistent="false"
diskExpiryThreadIntervalSeconds="120"
memoryStoreEvictionPolicy="LRU" />
</ehcache><ehcache updateCheck="false"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:noNamespaceSchemaLocation="http://ehcache.sf.net/ehcache.xsd";>
<diskStore path="java.io.tmpdir/casEL" />
<cacheManagerPeerProviderFactory class="net.sf.ehcache.distribution.RMICacheManagerPeerProviderFactory"
properties="peerDiscovery=manual,rmiUrls=//10.90.1.58:40001/org.jasig.cas.ticket.ServiceTicket|//10.90.1.58:40001/org.jasig.cas.ticket.TicketGrantingTicket"/>
<cacheManagerPeerListenerFactory class="net.sf.ehcache.distribution.RMICacheManagerPeerListenerFactory"
properties="port=40001"/>
<defaultCache
maxElementsInMemory="10000"
eternal="false"
timeToIdleSeconds="300"
timeToLiveSeconds="300"
overflowToDisk="true"
maxElementsOnDisk="10000000"
diskPersistent="false"
diskExpiryThreadIntervalSeconds="120"
memoryStoreEvictionPolicy="LRU" />
</ehcache>
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:p="http://www.springframework.org/schema/p";
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>
<description>
Configuration for the EhcacheTicketRegistry which stores the tickets in a cache that can be configured to be replicated
to other CAS servers to form a cluster. Each cache can be set up with its own entry expiration options.
</description>
<!-- Ticket Registry -->
<bean id="ticketRegistry" class="org.jasig.cas.ticket.registry.EhCacheTicketRegistry">
<property name="ticketGrantingTicketsCache" ref="ticketGrantingTicketsCache"/>
<property name="serviceTicketsCache" ref="serviceTicketsCache"/>
</bean>
<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
<property name="cacheManagerName" value="CAS.cacheManager" />
<property name="configLocation" value="classpath:/ehcache.xml" />
</bean>
<bean id="serviceTicketsCache" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager" ref="cacheManager" />
<property name="cacheName" value="org.jasig.cas.ticket.ServiceTicket" />
<property name="diskExpiryThreadIntervalSeconds" value="0" />
<property name="diskPersistent" value="false" />
<property name="eternal" value="false" />
<property name="maxElementsInMemory" value="10000" />
<property name="maxElementsOnDisk" value="0" />
<property name="memoryStoreEvictionPolicy" value="LRU" />
<property name="overflowToDisk" value="false" />
<!-- 300 seconds before service tickets are expired automatically -->
<property name="timeToLive" value="300" />
<property name="timeToIdle" value="0" />
<property name="cacheEventListeners">
<bean id="serviceTicketReplicator" class="net.sf.ehcache.distribution.RMISynchronousCacheReplicator">
<constructor-arg index="0" value="true"/> <!-- replicatePuts -->
<constructor-arg index="1" value="true"/> <!-- replicatePutsViaCopy -->
<constructor-arg index="2" value="true"/> <!-- replicateUpdates -->
<constructor-arg index="3" value="true"/> <!-- replicateUpdatesViaCopy -->
<constructor-arg index="4" value="true"/> <!-- replicateRemovals -->
</bean>
</property>
<property name="bootstrapCacheLoader">
<bean id="serviceTicketCacheBootstrapCacheLoader" class="net.sf.ehcache.distribution.RMIBootstrapCacheLoader">
<constructor-arg index="0" value="false"/> <!-- asynchronous -->
<constructor-arg index="1" value="5000000"/> <!-- maximumChunkSize -->
</bean>
</property>
</bean>
<bean id="ticketGrantingTicketsCache" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager" ref="cacheManager" />
<property name="cacheName" value="org.jasig.cas.ticket.TicketGrantingTicket" />
<property name="diskExpiryThreadIntervalSeconds" value="0" />
<property name="diskPersistent" value="false" />
<property name="eternal" value="false" />
<property name="maxElementsInMemory" value="10000" />
<property name="maxElementsOnDisk" value="0" />
<property name="memoryStoreEvictionPolicy" value="LRU" />
<property name="overflowToDisk" value="true" />
<property name="timeToLive" value="0" />
<!-- 2 hours of inactivity before ticket granting tickets are expired automatically -->
<property name="timeToIdle" value="7201" />
<property name="cacheEventListeners">
<bean id="ticketGrantingTicketReplicator" class="net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator">
<constructor-arg index="0" value="true"/> <!-- replicatePuts -->
<constructor-arg index="1" value="true"/> <!-- replicatePutsViaCopy -->
<constructor-arg index="2" value="true"/> <!-- replicateUpdates -->
<constructor-arg index="3" value="true"/> <!-- replicateUpdatesViaCopy -->
<constructor-arg index="4" value="false"/> <!-- replicateRemovals -->
<constructor-arg index="5" value="500"/> <!-- asynchronousReplicationInterval (default=1000)-->
<constructor-arg index="6" value="1"/> <!-- maximumBatchSize The maximum number of Element replication in single RMI message-->
</bean>
</property>
<property name="bootstrapCacheLoader">
<bean id="ticketGrantingTicketCacheBootstrapCacheLoader" class="net.sf.ehcache.distribution.RMIBootstrapCacheLoader">
<constructor-arg index="0" value="false"/> <!-- asynchronous -->
<constructor-arg index="1" value="5000000"/> <!-- maximumChunkSize -->
</bean>
</property>
</bean>
</beans>
