You're right, I overlooked the stack trace (mea culpa):
===
DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not
generate service.
DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - Extractor did not
generate service.
DEBUG [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - Performing
LDAP bind with credential: [... elided ...],ou=People,dc=hawaii,dc=edu
DEBUG [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - [LDAP:
error code 49 - Invalid Credentials]; nested exception is
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
org.springframework.ldap.AuthenticationException: [LDAP: error code 49 -
Invalid Credentials]; nested exception is javax.naming.AuthenticationException:
[LDAP: error code 49 - Invalid Credentials]
===
Though now the question is why does the LDAP bind fail only when the service
registry database is unavailable?
I think these are the relevant config from deployerConfigContext.xml:
===
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean
class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver">
<!-- The Principal resolver form the credentials -->
<property name="credentialsToPrincipalResolver">
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
</property>
<!--
The query made to find the Principal ID.
"%u" will be replaced by the resolved Principal
-->
<property name="filter" value="(uid=%u)" />
<!-- The attribute used to define the new Principal ID -->
<property name="principalAttributeName" value="uid" />
<!--
<property name="searchBase"
value="ou=people,dc=hawaii,dc=edu" />
-->
<property name="searchBase" value="${ldap.searchBase}" />
<property name="contextSource" ref="contextSource" />
<property name="attributeRepository">
<ref bean="attributeRepository" />
</property>
</bean>
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
/>
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
p:filter="uid=%u"
p:searchBase="${ldap.searchBase}"
p:contextSource-ref="contextSource"
p:searchContextSource-ref="pooledContextSource" />
</list>
</property>
</bean>
===
-baron
On Tue, Dec 24, 2013 at 07:51:37AM -0700, Misagh Moayyed wrote:
>The DEBUG entries are likely not the cause of error. There probably is a
>stacktrace or another indicator in the logs as an ERROR that explains what
>went wrong.
>
>----- Original Message -----
>
>From: "Baron Fujimoto" <[email protected]>
>To: [email protected]
>Sent: Monday, December 23, 2013 6:25:53 PM
>Subject: [cas-user] CAS is Unavailable: Extractor did not generate service
>
>We have had CAS server 3.4.11 deployed for some time, and it seemed to be
>working as expected. We recently encountered the following error in the
>UI however when the MySQL database for our service registry was taken down
>for maintenance:
>
>===
>CAS is Unavailable
>
>There was an error trying to complete your request. Please notify your support
>desk or try again.
>===
>
>With the corresponding cas.log entries:
>
>===
>DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not
>generate service.
>DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - Extractor did not
>generate service.
>===
>
>This caught us by surprise, since I expected CAS to keep going using its
>in-memory copy of the service registry based on the feature described
>here:
>
><https://wiki.jasig.org/display/CASUM/Configuring#Configuring-NotesontheavailabilityofServicesManagementApplicationDatabase>
>
>
>I could have sworn I have previously tested this feature, though I am now
>perhaps questioning my recollection based on current behaviour (though it
>may have been an earlier version of CAS3).
>
>Any assistance or suggestions would be greatly appreciated.
>
>I believe this is the relevant configuration from
>deployerConfigContext.xml:
>
><!--
>Define the Service Registry
>-->
><bean id="serviceRegistryDao"
>class="org.jasig.cas.services.JpaServiceRegistryDaoImpl"
>p:entityManagerFactory-ref="entityManagerFactory" />
>
><!-- Persistent Service Registry: mysql -->
><!-- This is the EntityManagerFactory configuration for Hibernate -->
><bean id="entityManagerFactory"
>class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
><property name="dataSource" ref="dataSource"/>
><property name="jpaVendorAdapter">
><bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
><property name="generateDdl" value="true"/>
><property name="showSql" value="true" />
></bean>
></property>
><property name="jpaProperties">
><props>
><prop key="hibernate.dialect">${database.hibernate.dialect}</prop>
><prop key="hibernate.hbm2ddl.auto">update</prop>
></props>
></property>
></bean>
>
><bean id="transactionManager"
>class="org.springframework.orm.jpa.JpaTransactionManager">
><property name="entityManagerFactory" ref="entityManagerFactory"/>
></bean>
>
><tx:annotation-driven transaction-manager="transactionManager"/>
>
><bean
>id="dataSource"
>class="org.apache.commons.dbcp.BasicDataSource"
>p:driverClassName="com.mysql.jdbc.Driver"
>p:url="${service.registry.url}"
>p:username="${service.registry.username}"
>p:password="${service.registry.password}" />
>===
>
>${database.hibernate.dialect} is defined in cas.properties as:
>database.hibernate.dialect=org.hibernate.dialect.MySQLDialect
>
>and pom.xml contains:
>
>===
><!-- Dependencies for database classes -->
><!--
>Apache Commons DBCP
>-->
><dependency>
><groupId>commons-dbcp</groupId>
><artifactId>commons-dbcp</artifactId>
><version>1.4</version>
><scope>runtime</scope>
></dependency>
>
><!--
>Hibernate Entities
>-->
><dependency>
><groupId>org.hibernate</groupId>
><artifactId>hibernate-entitymanager</artifactId>
><version>3.5.0-CR-2</version>
></dependency>
>
><!--
>MySQL Connector
>-->
><dependency>
><groupId>mysql</groupId>
><artifactId>mysql-connector-java</artifactId>
><version>5.1.20</version>
></dependency>
>
><!-- End Dependencies for database jars -->
>===
--
Baron Fujimoto <[email protected]> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
