> -----Original Message-----
> From: Marvin S. Addison [mailto:[email protected]]
> Sent: Thursday, August 8, 2013 10:02 AM
> To: [email protected]
> Subject: Re: [cas-user] MemcacheTicketRegistry documentation question
>
> > I'm following the docs at
> > https://wiki.jasig.org/display/CASUM/MemcacheTicketRegistry to
> > implement an memcached ticket registry.
>
> Check out the following:
> http://jasig.github.io/cas/installation/Memcached-Ticket-Registry.html
>
> Although that's targeted at CAS 4.0, the configuration for memcached
> components hasn't changed from 3.5.x.
>
.
>
> Reads like you've got malformed XML. Hopefully the documentation cited
> above will help. If you're still running into problems like above, post
> the file (redacted) and I'll take a look.
>
> M
>
Thanks for your help. Between that and what Jesse Banning sent me I'm close to
being in business. If I comment out the <property name='hashAlg'> section
below:
<bean id="memcachedClient"
class="net.spy.memcached.spring.MemcachedClientFactoryBean"
p:servers="${memcached.servers}"
p:protocol="${memcached.protocol}"
p:locatorType="${memcached.locatorType}"
p:failureMode="${memcached.failureMode}"
p:transcoder-ref="kryoTranscoder">
<-!-- <property name="hashAlg">
<util:constant
static-field="net.spy.memcached.DefaultHashAlgorithm.${memcached.hashAlgorithm}"
/>
</property> -->
</bean>
Then what I get is it seems to work -- at least, it's putting values in
memcached if memcached is there. But if I quit the browser and try to login in
again, it prompts for reauth, even if I'm careful to hit the same cas machine
each time. Also, if I stop memcached, it still lets me log it. Does it fall
back to the native ticket registry somehow?
If I uncomment the property name, I get this in cas.log:
The Spring ContextLoaderListener we wrap threw on contextInitialized.
But for our having caught this error, the web application context would not
have initialized.
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 52
in XML document from ServletContext resource
[/WEB-INF/spring-configuration/ticketRegistry.xml] is invalid; nested exception
is org.xml.sax.SAXParseException; lineNumber: 52; columnNumber: 104; The prefix
"util" for element "util:constant" is not bound.
Thanks again,
Aaron
Here's my redacted cas.properties and ticketRegistry.xml:
##
# Services Management Web UI Security
server.name=https://cas-cluster.clarku.edu:8443
server.prefix=${server.name}/cas
cas.securityContext.serviceProperties.service=${server.prefix}/services/j_acegi_cas_security_check
# Names of roles allowed to access the CAS service manager
cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN
cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${server.prefix}/login
cas.securityContext.ticketValidator.casServerUrlPrefix=${server.prefix}
# IP address or CIDR subnet allowed to access the /status URI of CAS that
exposes health check information
cas.securityContext.status.allowedSubnet=[redacted]/25
#Ldap
ldap.pool.minIdle=3
ldap.pool.maxIdle=5
ldap.pool.maxSize=10
# Maximum time in ms to wait for connection to become available
# under pool exhausted condition.
ldap.pool.maxWait=10000
# memcached ticket registry
memcached.servers=server1.clarku.edu:11211,server2.clarku.edu:11211
memcached.protocol=BINARY
memcached.locatorType=ARRAY_MOD
memcached.failureMode=Redistribute
memcached.hashAlgorithm=FNV1_64_HASH
memcached.transcoder.initBufSize=12288
expiration.policy.tgt.validity_period=${tgt.maxTimeToLiveInSeconds}
expiration.policy.st.validity_period=${st.timeToKillInSeconds}
# == Evictor configuration ==
# Period in ms at which evictor process runs.
ldap.pool.evictionPeriod=600000
# Maximum time in ms at which connections can remain idle before
# they become liable to eviction.
ldap.pool.idleTime=1200000
# == Connection testing settings ==
# Set to true to enable connection liveliness testing on evictor
# process runs. Probably results in best performance.
ldap.pool.testWhileIdle=true
# Set to true to enable connection liveliness testing before every
# request to borrow an object from the pool.
ldap.pool.testOnBorrow=false
cas.themeResolver.defaultThemeName=cas-theme-default
cas.viewResolver.basename=default_views
##
# Unique CAS node name
# host.name is used to generate unique Service Ticket IDs and SAMLArtifacts.
This is usually set to the specific
# hostname of the machine running the CAS node, but it could be any label so
long as it is unique in the cluster.
host.name=cas-cluster.clarku.edu
##
# Database flavors for Hibernate
#
# One of these is needed if you are storing Services or Tickets in an RDBMS via
JPA.
#
# database.hibernate.dialect=org.hibernate.dialect.OracleDialect
# database.hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect
# database.hibernate.dialect=org.hibernate.dialect.HSQLDialect
##
# CAS Logout Behavior
# WEB-INF/cas-servlet.xml
#
# Specify whether CAS should redirect to the specifyed service parameter on
/logout requests
# cas.logout.followServiceRedirects=false
##
# Single Sign-On Session Timeouts
# Defaults sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml
#
# Maximum session timeout - TGT will expire in maxTimeToLiveInSeconds
regardless of usage
tgt.maxTimeToLiveInSeconds=28800
#
# Idle session timeout - TGT will expire sooner than maxTimeToLiveInSeconds if
no further requests
# for STs occur within timeToKillInSeconds
tgt.timeToKillInSeconds=7200
##
# Service Ticket Timeout
# Default sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml
#
# Service Ticket timeout - typically kept short as a control against replay
attacks, default is 10s. You'll want to
# increase this timeout if you are manually testing service ticket
creation/validation via tamperdata or similar tools
st.timeToKillInSeconds=10
##
# Single Logout Out Callbacks
# Default sourced from
WEB-INF/spring-configuration/argumentExtractorsConfiguration.xml
#
# To turn off all back channel SLO requests set slo.disabled to true
# slo.callbacks.disabled=false
##
# Service Registry Periodic Reloading Scheduler
# Default sourced from WEB-INF/spring-configuration/applicationContext.xml
#
# Force a startup delay of 2 minutes.
# service.registry.quartz.reloader.startDelay=120000
#
# Reload services every 2 minutes
# service.registry.quartz.reloader.repeatInterval=120000
##
# Log4j
# Default sourced from WEB-INF/spring-configuration/log4jConfiguration.xml:
#
# It is often time helpful to externalize log4j.xml to a system path to
preserve settings between upgrades.
# e.g. log4j.config.location=/etc/cas/log4j.xml
# log4j.config.location=classpath:log4j.xml
#
# log4j refresh interval in millis
# log4j.refresh.interval=60000
Ticketregistry:
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:p="http://www.springframework.org/schema/p";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd";>
<description>
Configuration for the MemCacheTicketRegistry
</description>
<bean id="ticketRegistry"
class="org.jasig.cas.ticket.registry.MemCacheTicketRegistry">
<constructor-arg index="0" ref="memcachedClient" />
<!-- TGT timeout in seconds -->
<constructor-arg index="1" value="${expiration.policy.tgt.validity_period}"
/>
<!-- ST timeout in seconds -->
<constructor-arg index="2" value="${expiration.policy.st.validity_period}" />
</bean>
<!--
NOTE: Changing the transcoder implementation is not required, but Kryo
provides for more
efficient serialization which significantly improves throughput and storage
footprint.
See http://code.google.com/p/spymemcached/wiki/SpringIntegration for more
info on options
for various property values.
-->
<bean id="memcachedClient"
class="net.spy.memcached.spring.MemcachedClientFactoryBean"
p:servers="${memcached.servers}"
p:protocol="${memcached.protocol}"
p:locatorType="${memcached.locatorType}"
p:failureMode="${memcached.failureMode}"
p:transcoder-ref="kryoTranscoder">
<property name="hashAlg">
<util:constant
static-field="net.spy.memcached.DefaultHashAlgorithm.${memcached.hashAlgorithm}"
/>
</property>
</bean>
<bean id="kryoTranscoder"
class="org.jasig.cas.ticket.registry.support.kryo.KryoTranscoder"
init-method="initialize">
<!-- initialBufferSize -->
<constructor-arg index="0" value="8192" />
</bean>
</beans>
Thanks,
Aaron
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
