Hi Anthony, I'm not sure that's the case sensitivity is issue in this case. I've narrowed it down to the ticket registry.
We've been using the Unicon HazelcastTicketRegistry for a couple of months in production without issue, but it appears to be the cause of this clearPass empty credentials problem we're seeing. As soon as I started using the default ticketRegistry.xml everything worked flawlessly. Does someone mind sharing their hazelcast XML configuration for those who use this registry? Thank you, Adam On Wed, Mar 11, 2015 at 2:28 PM, Anthony Colebourne < [email protected]> wrote: > Hi, > > It could be to do with case sensitivity of usernames. Portal will pass > whatever the user types, ldap (if your cas is using this) will query > insensitively, the clear pass cache will be keyed case sentisivly based on > the ldap response. > > I can dig out a patch I wrote if you think this could be the issue. > Assuming you actually don't care about the case? > > -- Anthony. > > Sent from my HTC > > ----- Reply message ----- > From: "Adam Causey" <[email protected]> > To: <[email protected]> > Subject: [cas-user] clearPass returning empty credentials > Date: Wed, Mar 11, 2015 17:48 > > I have setup clearPass for use with our portal, but during > load/integration testing have discovered that for around 10-15% of the test > user logins empty credentials are returned: > > <cas:clearPassResponse xmlns:cas='http://www.yale.edu/tp/cas'> >> <cas:clearPassSuccess> >> <cas:credentials></cas:credentials> >> </cas:clearPassSuccess> >> </cas:clearPassResponse> > > > The success xml response tells me the proxy mechanism is working properly > and the issue is most likely somewhere on the CAS server. > > Also, the issue is not user-specific - credentials are returned for a user > on certain requests but empty on other requests. > > Does anyone have experience with clearPass that can offer suggestions on > where to start looking? > > > Thanks, > > > Adam > VCU > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
