Thanks again Scott, One last followup:
My understanding is that there’s really only 2 protocols available for me to use here for login: CAS2.0 or SAML1.1. If that’s the case, and both the CAS and SAML argument extractors are *both* reporting that they don’t detects anything matching their respective protocols, then wouldn’t this mean that my CAS server isn’t implementing *any* protocols?!?! If so, how is my CAS server even working right now? I do have users logging in and successfully working inside of authenticated apps all day long... is my CAS instance “pretending” to work when in fact it really isn’t!?! Please advise, and thanks again! From: Scott Battaglia [mailto:[email protected]] Sent: Monday, June 09, 2014 7:25 AM To: [email protected] Subject: Re: [cas-user] Heartbeat messages or bad configs on my end? Hi, At debug level, each argument extractor indicates whether they detected anything that matches the protocol they are designed to detect. "Extractor did not generate service" merely means that the extractor did not detect anything that would indicate that it can handle the protocol that you're using. So for example, if you've got the CAS 2.0 protocol extractor and the SAML 1.1 extractor configured, and you just go to /login without anything, neither of those would be able to create a "service" request. Its a helpful debug message if you are testing protocols, but can be alarming if seen frequently :-) LT-* are the login tokens used to allow you to transition from /login (GET) to /login (POST) and ensure that credentials are not being RE-POSTED. They are lightweight and nothing to worry about. On Mon, Jun 9, 2014 at 7:19 AM, Zac Harvey <[email protected]<mailto:[email protected]>> wrote: Thanks Scott, This is a dev server and we wanted the log level to be DEBUG to potentially catch anything from getting into production. Our prod server is INFO as you suggested. When you say I could use our own “access logs” to confirm, what logs are you talking about? I’m pretty new to CAS and haven’t configured any special logs in addition to the log4j settings that CAS ships with. Most importantly, I’m pretty sure these are just heartbeats, because there’s no way anyone was logging in yesterday on 6/08. Just no way. What I’m worried about is the fact that one message seems to indicate a failure (“Extractor did not generate service”), while another message seems to indicate a heavyweight object being created (“Generated login ticket LT-293949j...”). For the former I’m worried its indicative that something isn’t configured correctly, and for the latter I’m also worried that something isn’t configured correctly and that my CAS server is chewing up unnecessary memory… From: Scott Battaglia [mailto:[email protected]<mailto:[email protected]>] Sent: Monday, June 09, 2014 7:14 AM To: [email protected]<mailto:[email protected]> Subject: Re: [cas-user] Heartbeat messages or bad configs on my end? I don't know if its a pulse/heartbeat off the top of my head (you could probably use your own access logs to confirm), but if this is your production server, you may want to set logging to INFO level or above. On Mon, Jun 9, 2014 at 7:01 AM, Zac Harvey <[email protected]<mailto:[email protected]>> wrote: I noticed that our cas.log was growing quite large and took a look at it. Every few seconds I see log messages that look like: 2014-06-08 18:52:06,506 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] – Extractor did not generate service. 2014-06-08 18:52:06,507 DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] – Extractor did not generate service. 2014-06-08 18:52:06,508 DEBUG [org.jasig.cas.web.flow.GenerateLoginTicketAction] – Generated login ticket LT-29348-393849393493jdiejdiejf498 2014-06-08 18:52:06,508 DEBUG [org.jasig.cas.web.flow.GenerateLoginTicketAction] – Generated login ticket LT-29348-393849393493jdiejdiejf498 2014-06-08 18:52:07,791 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] – Extractor did not generate service. 2014-06-08 18:52:07,791 DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] – Extractor did not generate service. ... etc. 2014-06-08 18:52:08,280 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] – Reloading registered services. I’m seeing this at all hours of the day, even when the internal users that use our CAS SSO system have gone home for the day and cannot access the server. It looks like it’s some sort of heartbeat/pulse log message, but due to the nature of the messages, I can’t tell if perhaps I’ve misconfigured something. Ideas? Thanks in advance! -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
