It's the bone stock one, with the following additions :

As an aside, I discovered another error during the interaction between 
"cas-server-support-radius" (which has a dependency that calls for 
net.sf.ehcache:ehcache:jar:1.5.0-beta2:compile) .. and 
"cas-server-support-ehcache" (which has a dependency that calls for 
net.sf.ehcache:ehcache-core:jar:2.6.0:compile) .. which is why you see I added 
the exclusion to the overlay.


The earlier version was loaded first and caused problems due to unsupported 
methods required in ehcache. Deleting the offending jar is short-term fix, the 
below is (I think) the correct method.


The clearpass dependency was already in there, so the customizations required 
for it's use were added per the wiki for versions > 3.5 (this is 3.6.0 of CAS 
with the RC5 mfa overlay).


Many thanks,


Michael Holstein

Cleveland State University


<dependency>

            <groupId>org.jasig.cas</groupId>

            <artifactId>cas-server-integration-ehcache</artifactId>

            <version>${cas.version}</version>

        </dependency>


        <dependency>

            <groupId>org.jasig.cas</groupId>

            <artifactId>cas-server-support-ldap</artifactId>

            <version>${cas.version}</version>

        </dependency>


        <dependency>

            <groupId>org.jasig.cas</groupId>

            <artifactId>cas-server-support-radius</artifactId>

            <version>${cas.version}</version>

                <exclusions>

                    <exclusion>

                        <groupId>net.sf.ehcache</groupId>

                        <artifactId>ehcache</artifactId>

                   </exclusion>

                </exclusions>

        </dependency>

        <dependency>

            <groupId>org.jasig.cas</groupId>

            <artifactId>cas-server-support-spnego</artifactId>

            <version>${cas.version}</version>

        </dependency>


________________________________
From: Misagh Moayyed <[email protected]>
Sent: Friday, July 17, 2015 12:34 PM
To: [email protected]
Subject: Re: [cas-user] mfa + any distributed cache = fail

Michael,

You may have done this already and I may have missed it, but if possible, you 
could put your overlay configuration somewhere on github that we can try and go 
through? This would help us determine if the problem is somewhere in the core 
mfa code or outside of it.

- Misagh

On Jul 17, 2015, at 12:05 PM, Michael O Holstein 
<[email protected]<mailto:[email protected]>> wrote:

I have built cas-mfa-overlay RC5 from fresh pull a couple of times now .. and 
as long as I use the default ticketManager, everything works fine.

As soon as I try and enable another cache manager (I've tried memcached and 
ehcache thus far) I get a failure mode whereby the first login to CAS or a CAS 
service works fine. The *NEXT* login to something (whereby the TGT should be 
verified from the cache) fails with a 500 web error and this exception thrown :

Jul 17, 2015 11:53:13 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [cas] in context with path [/cas] threw 
exception [Request processing failed; nested exception is 
org.springframework.webflow.execution.ActionExecutionException: Exception 
thrown executing org.jasig.cas.web.flow.InitialFlowSetupAction@30502819 in 
state 'null' of flow 'login' -- action execution attributes were 
'map[[empty]]'] with root cause

java.lang.ClassCastException: Cannot cast 
org.jasig.cas.ticket.registry.AbstractDistributedTicketRegistry$TicketGrantingTicketDelegator
 to org.jasig.cas.ticket.TicketGrantingTicketImpl

I've already dealt with the bug of competing classes between the ticket ehcache 
and the one that comes with support-radius using an exclusion in the overlay .. 
but regardless of what cache manager I use I always get the above error when 
trying to authenticate to the 2nd (and subsequent) service.

Actually it fails way before it even gets to looking up services, because 
something that normally would fail with not authorized like this :

https://my.cas.server/cas/login?TARGET=https://foo.bar .. still barfs with the 
"cannot cast" exception.

Anyone have any ideas on this? I've been through spring forums and Google and 
not found much to point me in the right direction.

Thanks,

Michael Holstein
Cleveland State University

--
You are currently subscribed to 
[email protected]<mailto:[email protected]> as: 
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user


--
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to