Is your firewall stateful? Does CAS open a persistent LDAP connection? If so, and it does not send any data through that connection for 'N' seconds where 'N' is the maximum idle time (when no packets are sent) before your firewall removes that session from its session table, you could be seeing a session expiration issue. The resulting effect would be that the firewall would drop all packets sent after 'N' idle seconds since it cannot find that session in its session table. CAS would need to reconnect to the LDAP server (going through the whole TCP 3-way handshake).
In short, check your firewall logs to see if anything shows up involving the CAS server and your LDAP server. -Phil -----Original Message----- From: [EMAIL PROTECTED] on behalf of Tarik Arrad Sent: Thu 2/21/2008 5:08 PM To: [email protected] Subject: openldap behind firewall Hi all, i have a problem with my cas authentication, on my architecture i have 2 cas server 3.1 as front-end and 2 openldap server as back-end behind a firewall, everything works fine but from time to time i have this error message : ** *exception* org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.webflow.engine.ActionExecutionException: Exception thrown executing [EMAIL PROTECTED] targetAction = [EMAIL PROTECTED], attributes = map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' -- action execution attributes were 'map['method' -> 'submit']'; nested exception is org.springframework.ldap.UncategorizedLdapException: Operation failed; nested exception is javax.naming.ServiceUnavailableException: 10.127.11.12:389; socket closed; remaining name 'dc=mooja,dc=ma' org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:487) org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440) javax.servlet.http.HttpServlet.service(HttpServlet.java:710) javax.servlet.http.HttpServlet.service(HttpServlet.java:803) org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115) *cause mère* org.springframework.webflow.engine.ActionExecutionException: Exception thrown executing [EMAIL PROTECTED] targetAction = [EMAIL PROTECTED], attributes = map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' -- action execution attributes were 'map['method' -> 'submit']'; nested exception is org.springframework.ldap.UncategorizedLdapException: Operation failed; nested exception is javax.naming.ServiceUnavailableException: 10.127.11.12:389; socket closed; remaining name 'dc=mooja,dc=ma' org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:68) org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180) org.springframework.webflow.engine.State.enter(State.java:200) org.springframework.webflow.engine.Transition.execute(Transition.java:229) org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112) org.springframework.webflow.engine.Flow.onEvent(Flow.java:572) org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208) org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185) org.springframework.webflow.engine.State.enter(State.java:200) org.springframework.webflow.engine.Transition.execute(Transition.java:229) org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112) org.springframework.webflow.engine.Flow.onEvent(Flow.java:572) org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208) org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:214) org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:245) org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115) org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:172) org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153) org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48) org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:857) org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792) org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:475) org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440) javax.servlet.http.HttpServlet.service(HttpServlet.java:710) javax.servlet.http.HttpServlet.service(HttpServlet.java:803) org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115) *cause mère* org.springframework.ldap.UncategorizedLdapException: Operation failed; nested exception is javax.naming.ServiceUnavailableException: 10.127.11.12:389; socket closed; remaining name 'dc=mooja,dc=ma' org.springframework.ldap.DefaultNamingExceptionTranslator.translate(DefaultNamingExceptionTranslator.java:93) org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:287) org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:314) org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal(BindLdapAuthenticationHandler.java:67) org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHandler.java:56) org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:58) org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:84) org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:383) org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaFormAction.java:107) sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:597) org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethodInvoker.java:103) org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:136) org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:203) org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.java:142) org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:61) org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180) org.springframework.webflow.engine.State.enter(State.java:200) org.springframework.webflow.engine.Transition.execute(Transition.java:229) org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112) org.springframework.webflow.engine.Flow.onEvent(Flow.java:572) org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208) org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185) org.springframework.webflow.engine.State.enter(State.java:200) org.springframework.webflow.engine.Transition.execute(Transition.java:229) org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112) org.springframework.webflow.engine.Flow.onEvent(Flow.java:572) org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208) org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:214) org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:245) org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115) org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:172) org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153) org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48) org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:857) org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792) org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:475) org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440) javax.servlet.http.HttpServlet.service(HttpServlet.java:710) javax.servlet.http.HttpServlet.service(HttpServlet.java:803) org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115) *cause mère* javax.naming.ServiceUnavailableException: 10.127.11.12:389; socket closed; remaining name 'dc=mooja,dc=ma' com.sun.jndi.ldap.Connection.readReply(Connection.java:416) com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611) com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534) com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1948) com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1810) com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1735) com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368) com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338) com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321) javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248) org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler$1.executeSearch(BindLdapAuthenticationHandler.java:71) org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:268) org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:314) org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal(BindLdapAuthenticationHandler.java:67) org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHandler.java:56) org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:58) org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:84) org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:383) org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaFormAction.java:107) sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:597) org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethodInvoker.java:103) org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:136) org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:203) org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.java:142) org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:61) org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180) org.springframework.webflow.engine.State.enter(State.java:200) org.springframework.webflow.engine.Transition.execute(Transition.java:229) org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112) org.springframework.webflow.engine.Flow.onEvent(Flow.java:572) org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208) org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185) org.springframework.webflow.engine.State.enter(State.java:200) org.springframework.webflow.engine.Transition.execute(Transition.java:229) org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112) org.springframework.webflow.engine.Flow.onEvent(Flow.java:572) org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208) org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:214) org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:245) org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115) org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:172) org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153) org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48) org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:857) org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792) org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:475) org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440) javax.servlet.http.HttpServlet.service(HttpServlet.java:710) javax.servlet.http.HttpServlet.service(HttpServlet.java:803) org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115) I need your help Thanks. Tarik Arrad
<<winmail.dat>>
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
