Thank you…and you mentioned that this works correctly without map encryption? If so, could you describe how you run the test that confirms correct behavior?
Usually, if it’s an encryption issue the problem has to do with a missing configuration element. If you can confirm that all settings on all nodes match (and having reviewed the snippet you posted, nothing really jumped out at me) and the integration still fails with no map encryption, then it usually is a matter of replication failing somewhere. To better debug this, set the clearpass package debug level to TRACE and report back the exception stack. With AOP turned on, right now it’s hard to figure out where the failure comes from. (Or you could disable AOP and run through the test once, but that’s more complicated). The encrypted map decorator component seems like could really benefit from additional log statements. From: St Laurent, Mark [mailto:[email protected]] Sent: Friday, November 15, 2013 8:18 AM To: [email protected] Subject: RE: [cas-user] ClearPass with Load-Balanced CAS Here you go: https://gist.github.com/markstlaurent/7485914 Thanks, ---------------------------------- Mark St. Laurent Web Systems Administrator Yavapai College (928) 717-7654 http://www.yc.edu <http://www.yc.edu/> From: Misagh [mailto:[email protected]] Sent: Thursday, November 14, 2013 5:41 PM To: [email protected] Subject: RE: [cas-user] ClearPass with Load-Balanced CAS Mark could u please post relevant snippets of your clearpass and deployer config context xml files perhaps as github gists? On Nov 14, 2013 3:35 PM, "St Laurent, Mark" <[email protected]> wrote: Yeah, just got done trying it in the test environment, no effect. Thanks, ---------------------------------- Mark St. Laurent Web Systems Administrator Yavapai College (928) 717-7654 <tel:%28928%29%20717-7654> http://www.yc.edu -----Original Message----- From: Tom Poage [mailto:[email protected]] Sent: Thursday, November 14, 2013 4:14 PM To: [email protected] Subject: Re: [cas-user] ClearPass with Load-Balanced CAS On 11/14/2013 03:07 PM, Tom Poage wrote: > E.g. I see reference to SHA-512 in EncryptedMapDecorator.java and > suspect it may not be supported with the standard JCE policy. Nope, that's wrong: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest Tom. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
