I think I have managed to diagnose the problem, but even so, if you could attach DEBUG logs for org.springframework and org.jasig, that would be great. The fix will likely go into 4.1.1.
From: Nicolás [mailto:[email protected]] Sent: Wednesday, September 23, 2015 9:26 AM To: [email protected] Subject: Re: [cas-user] CAS returns to the main page instead of authenticating Unfortunately it seems that this isn't the only problem. I commented those out, now the error doesn't show up (and no other shows up) but I still get the same problem: after authentication, I get redirected to the main CAS page to enter login again. I think we will definitely switch to Hazelcast for ticketing, seems at this point the JPA driver is quite problematic in our case (only for ticketing, for service storage it works quite fine). I can provide more info if you're interested in debugging it, though. Regards, Nicolás. El 23/09/15 a las 16:49, Misagh Moayyed escribió: Yes, those should do it. From: Nicolás [mailto:[email protected]] Sent: Wednesday, September 23, 2015 8:44 AM To: [email protected] <mailto:[email protected]> Subject: Re: [cas-user] CAS returns to the main page instead of authenticating Hi Misagh, El 23/09/15 a las 11:29, Misagh Moayyed escribió: This seems to be an issue with annotation-based transactions. Try disabling transactions for now, or consider switching to a cache-based registry for better performance. Is it enough to comment out the transactionManager bean and <tx:annotation-driven transaction-manager="transactionManager" /> to disable transactions? Thanks. From: Nicolás [mailto:[email protected]] Sent: Tuesday, September 22, 2015 11:02 AM To: [email protected] <mailto:[email protected]> Subject: [cas-user] CAS returns to the main page instead of authenticating Hi, What can be generating the behavior described in the log below? Each time an application tries to authenticate with CAS, it just returns again to the CAS main page. No error, no warning, nothing. Just like if I just accessed /cas. Especially significant seems this line: 2015-09-22 18:28:26,233 ERROR [org.jasig.cas.ticket.registry.JpaTicketRegistry] - Error getting ticket [TGT-**********************************************Bd1falzoKR-mydomain.com , javax.persistence.TransactionRequiredException: no transaction is in progress] from registry. What can be the problem? I followed the guide for JPA at http://jasig.github.io/cas/4.1.x/installation/JPA-Ticket-Registry.html for CAS 4.1.x. 2015-09-22 18:28:26,123 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving argument [UsernamePasswordCredential] for audit> 2015-09-22 18:28:26,130 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: myuser+password WHAT: supplied credentials: [myuser+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Sep 22 18:28:26 WEST 2015 CLIENT IP ADDRESS: 192.168.1.X SERVER IP ADDRESS: 192.168.1.Y ============================================================= 2015-09-22 18:28:26,138 DEBUG [org.jasig.cas.ticket.registry.JpaTicketRegistry] - Added ticket [TGT-**********************************************Bd1falzoKR-mydomain.com ] to registry. 2015-09-22 18:28:26,138 DEBUG [org.jasig.cas.ticket.registry.JpaTicketRegistry] - <Added ticket [TGT-**********************************************Bd1falzoKR-mydomain.com ] to registry.> Hibernate: insert into TICKETGRANTINGTICKET (NUMBER_OF_TIMES_USED, CREATION_TIME, EXPIRATION_POLICY, LAST_TIME_USED, PREVIOUS_LAST_TIME_USED, ticketGrantingTicket_ID, AUTHENTICATION, EXPIRED, PROXIED_BY, SERVICES_GRANTED_ACCESS_TO, SUPPLEMENTAL_AUTHENTICATIONS, ID) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) Hibernate: update TICKETGRANTINGTICKET set NUMBER_OF_TIMES_USED=?, CREATION_TIME=?, EXPIRATION_POLICY=?, LAST_TIME_USED=?, PREVIOUS_LAST_TIME_USED=?, ticketGrantingTicket_ID=?, AUTHENTICATION=?, EXPIRED=?, PROXIED_BY=?, SERVICES_GRANTED_ACCESS_TO=?, SUPPLEMENTAL_AUTHENTICATIONS=? where ID=? 2015-09-22 18:28:26,193 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - <Resolving argument [UsernamePasswordCredential] for audit> 2015-09-22 18:28:26,195 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: myuser+password WHAT: TGT-**********************************************Bd1falzoKR-mydomain.com ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Tue Sep 22 18:28:26 WEST 2015 CLIENT IP ADDRESS: 192.168.1.X SERVER IP ADDRESS: 192.168.1.Y ============================================================= 2015-09-22 18:28:26,195 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: myuser+password WHAT: TGT-**********************************************Bd1falzoKR-mydomain.com ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Tue Sep 22 18:28:26 WEST 2015 CLIENT IP ADDRESS: 192.168.1.X SERVER IP ADDRESS: 192.168.1.Y ============================================================= 2015-09-22 18:28:26,203 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed cookie with name [CASPRIVACY] 2015-09-22 18:28:26,214 DEBUG [org.jasig.cas.web.support.DefaultCasCookieValueManager] - Encoding cookie value [TGT-**********************************************Bd1falzoKR-mydomain.com @192.168.1.X@Mozilla/5.0 <mailto:TGT-**********************************************Bd1falzoKR-mydom [email protected]@Mozilla/5.0> (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/44.0.2403.89 Chrome/44.0.2403.89 Safari/537.36] 2015-09-22 18:28:26,214 DEBUG [org.jasig.cas.web.support.DefaultCasCookieValueManager] - <Encoding cookie value [TGT-**********************************************Bd1falzoKR-mydomain.com @192.168.1.X@Mozilla/5.0 <mailto:TGT-**********************************************Bd1falzoKR-mydom [email protected]@Mozilla/5.0> (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/44.0.2403.89 Chrome/44.0.2403.89 Safari/537.36]> 2015-09-22 18:28:26,215 DEBUG [org.jasig.cas.util.DefaultCipherExecutor] - <Encrypting via [A128CBC-HS256]> 2015-09-22 18:28:26,219 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added cookie with name [TGC] and value [eyJhbGciOiJIUzUxMiJ9.ZXlKaGJHY2lPaUprYVhJaUxDSmxibU1pT2lKQk1USTRRMEpETFVo VE1qVTJJbjAuLnZoREdWdlo5ZFBwaUxrN0dobFE1T3cuQnpNaEtTM3EwNkVjYW4yNWROTkxyRX UwbDFWd2pIeUZGaW1rXy1xSzhXMGZkUGc5SFlvY3A1YUM4ZUNEaU1kYmVrV0NNMVlJQWFXdjNz bkM1eEp5dEtSS0VzWVA4OWE2aGpubkYxeXR5dHFnbTFNVnJjanlYRnQ4RlRNUG9zYXlBUW5OYV RjUVRWOFlpdjZTdll0NmFlRGd5TzljM0R4c3dkeUdoWjV5Y1MzdE5oZEU4V2FBRUtpMW45LUZN Qko1NlVudUU4SDNKb0JNUDF6RzNPSjNkWkd1Q3FvNnJ1dlJxNU92S3JGNkZ2MlZsbUk3Zl8tOW FzUWNJMC01VUFJWHk1bzNvUHJYMldySlp1YTdLTndqZUdYSVBCdGN3NE9hV1RWdTRsM2pfWUxZ MTZxZXpqT0RuNGN4UjRVdEpCZTUudUxMTmN3ejNSTXhlejk3c1J6ZVh4UQ.fQonmfjuy9o_Rce 6TpanOfL27J9oXmvcsivUQzBuEwf1GLhj_EhozFUAqUDITNvkwrj51eQU9IT5kJNYjND29g]> 2015-09-22 18:28:26,233 ERROR [org.jasig.cas.ticket.registry.JpaTicketRegistry] - Error getting ticket [TGT-**********************************************Bd1falzoKR-mydomain.com , javax.persistence.TransactionRequiredException: no transaction is in progress] from registry. 2015-09-22 18:28:26,240 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - Ticket [TGT-**********************************************Bd1falzoKR-mydomain.com ] by type [TicketGrantingTicket] cannot be found in the ticket registry. 2015-09-22 18:28:26,248 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Resolving argument [String] for audit 2015-09-22 18:28:26,250 ERROR [org.jasig.cas.ticket.registry.JpaTicketRegistry] - Error getting ticket [TGT-**********************************************Bd1falzoKR-mydomain.com , javax.persistence.TransactionRequiredException: no transaction is in progress] from registry. It's important to note that the ticket is indeed stored in the MySQL database. Thanks. -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
