Can you verify that it is a session timeout that is causing the disconnect problem? Is the connection between the CAS server and the LDAP server idle for a very long time, and the next person that attempts to log in causes the error you have provided?
You can determine this by using tcpdump or some other packet capture utility on the systems involved. Ideally you should be able to sniff both sides, but depending on whether or not you manage both systems, that may not be possible. I am not familiar enough with Java's LDAP libraries to say whether or not you can configure the CAS server to use keepalives. -Phil -----Original Message----- From: [EMAIL PROTECTED] on behalf of Tarik Arrad Sent: Fri 2/22/2008 8:03 AM To: Yale CAS mailing list Subject: Re: openldap behind firewall the firewall is statuful, is there any special configuration to do on cas server or openldap? 2008/2/22, Tarik Arrad <[EMAIL PROTECTED]>: > > Thanks Phil i will check the logfile of the firewall (checkpoint). > > 2008/2/22, Ames, Phillip <[EMAIL PROTECTED]>: > > > > Is your firewall stateful? Does CAS open a persistent LDAP > > connection? If so, and it does not send any data through that connection > > for 'N' seconds where 'N' is the maximum idle time (when no packets are > > sent) before your firewall removes that session from its session table, you > > could be seeing a session expiration issue. The resulting effect would be > > that the firewall would drop all packets sent after 'N' idle seconds since > > it cannot find that session in its session table. CAS would need to > > reconnect to the LDAP server (going through the whole TCP 3-way handshake). > > > > In short, check your firewall logs to see if anything shows up involving > > the CAS server and your LDAP server. > > > > -Phil > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] on behalf of Tarik Arrad > > Sent: Thu 2/21/2008 5:08 PM > > To: [email protected] > > Subject: openldap behind firewall > > > > Hi all, > > i have a problem with my cas authentication, on my architecture i have 2 > > cas > > server 3.1 as front-end and 2 openldap server as back-end behind a > > firewall, > > everything works fine but from time to time i have this error message : > > > > ** > > *exception* > > > > org.springframework.web.util.NestedServletException: Request > > processing failed; nested exception is > > org.springframework.webflow.engine.ActionExecutionException: Exception > > thrown executing [EMAIL PROTECTED] targetAction = > > [EMAIL PROTECTED], > > attributes = map['method' -> 'submit']] in state 'submit' of flow > > 'login-webflow' -- action execution attributes were 'map['method' -> > > 'submit']'; nested exception is > > org.springframework.ldap.UncategorizedLdapException: Operation failed; > > nested exception is javax.naming.ServiceUnavailableException: > > 10.127.11.12:389; socket closed; remaining name 'dc=mooja,dc=ma' > > org.springframework.web.servlet.FrameworkServlet.processRequest( > > FrameworkServlet.java:487) > > org.springframework.web.servlet.FrameworkServlet.doPost( > > FrameworkServlet.java:440) > > javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > > javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > > org.jasig.cas.web.init.SafeDispatcherServlet.service( > > SafeDispatcherServlet.java:115) > > > > *cause mère* > > > > org.springframework.webflow.engine.ActionExecutionException: Exception > > thrown executing [EMAIL PROTECTED] targetAction = > > [EMAIL PROTECTED], > > attributes = map['method' -> 'submit']] in state 'submit' of flow > > 'login-webflow' -- action execution attributes were 'map['method' -> > > 'submit']'; nested exception is > > org.springframework.ldap.UncategorizedLdapException: Operation failed; > > nested exception is javax.naming.ServiceUnavailableException: > > 10.127.11.12:389; socket closed; remaining name 'dc=mooja,dc=ma' > > org.springframework.webflow.engine.ActionExecutor.execute( > > ActionExecutor.java:68) > > org.springframework.webflow.engine.ActionState.doEnter( > > ActionState.java:180) > > org.springframework.webflow.engine.State.enter(State.java:200) > > org.springframework.webflow.engine.Transition.execute( > > Transition.java:229) > > org.springframework.webflow.engine.TransitionableState.onEvent( > > TransitionableState.java:112) > > org.springframework.webflow.engine.Flow.onEvent(Flow.java:572) > > > > org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent > > (RequestControlContextImpl.java:208) > > org.springframework.webflow.engine.ActionState.doEnter( > > ActionState.java:185) > > org.springframework.webflow.engine.State.enter(State.java:200) > > org.springframework.webflow.engine.Transition.execute( > > Transition.java:229) > > org.springframework.webflow.engine.TransitionableState.onEvent( > > TransitionableState.java:112) > > org.springframework.webflow.engine.Flow.onEvent(Flow.java:572) > > > > org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent > > (RequestControlContextImpl.java:208) > > > > org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent( > > FlowExecutionImpl.java:214) > > org.springframework.webflow.executor.FlowExecutorImpl.resume( > > FlowExecutorImpl.java:245) > > > > org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest > > (FlowRequestHandler.java:115) > > > > org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal > > (FlowController.java:172) > > > > org.springframework.web.servlet.mvc.AbstractController.handleRequest( > > AbstractController.java:153) > > > > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle > > (SimpleControllerHandlerAdapter.java:48) > > org.springframework.web.servlet.DispatcherServlet.doDispatch( > > DispatcherServlet.java:857) > > org.springframework.web.servlet.DispatcherServlet.doService( > > DispatcherServlet.java:792) > > org.springframework.web.servlet.FrameworkServlet.processRequest( > > FrameworkServlet.java:475) > > org.springframework.web.servlet.FrameworkServlet.doPost( > > FrameworkServlet.java:440) > > javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > > javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > > org.jasig.cas.web.init.SafeDispatcherServlet.service( > > SafeDispatcherServlet.java:115) > > > > *cause mère* > > > > org.springframework.ldap.UncategorizedLdapException: Operation failed; > > nested exception is javax.naming.ServiceUnavailableException: > > 10.127.11.12:389; socket closed; remaining name 'dc=mooja,dc=ma' > > > > org.springframework.ldap.DefaultNamingExceptionTranslator.translate( > > DefaultNamingExceptionTranslator.java:93) > > org.springframework.ldap.LdapTemplate.search(LdapTemplate.java > > :287) > > org.springframework.ldap.LdapTemplate.search(LdapTemplate.java > > :314) > > > > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal > > (BindLdapAuthenticationHandler.java:67) > > > > org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.doAuthentication > > (AbstractUsernamePasswordAuthenticationHandler.java:56) > > > > org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate > > (AbstractPreAndPostProcessingAuthenticationHandler.java:58) > > > > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate( > > AuthenticationManagerImpl.java:84) > > > > org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket > > (CentralAuthenticationServiceImpl.java:383) > > org.jasig.cas.web.flow.AuthenticationViaFormAction.submit( > > AuthenticationViaFormAction.java:107) > > sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source) > > sun.reflect.DelegatingMethodAccessorImpl.invoke( > > DelegatingMethodAccessorImpl.java:25) > > java.lang.reflect.Method.invoke(Method.java:597) > > org.springframework.webflow.util.DispatchMethodInvoker.invoke( > > DispatchMethodInvoker.java:103) > > org.springframework.webflow.action.MultiAction.doExecute( > > MultiAction.java:136) > > org.springframework.webflow.action.AbstractAction.execute( > > AbstractAction.java:203) > > org.springframework.webflow.engine.AnnotatedAction.execute( > > AnnotatedAction.java:142) > > org.springframework.webflow.engine.ActionExecutor.execute( > > ActionExecutor.java:61) > > org.springframework.webflow.engine.ActionState.doEnter( > > ActionState.java:180) > > org.springframework.webflow.engine.State.enter(State.java:200) > > org.springframework.webflow.engine.Transition.execute( > > Transition.java:229) > > org.springframework.webflow.engine.TransitionableState.onEvent( > > TransitionableState.java:112) > > org.springframework.webflow.engine.Flow.onEvent(Flow.java:572) > > > > org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent > > (RequestControlContextImpl.java:208) > > org.springframework.webflow.engine.ActionState.doEnter( > > ActionState.java:185) > > org.springframework.webflow.engine.State.enter(State.java:200) > > org.springframework.webflow.engine.Transition.execute( > > Transition.java:229) > > org.springframework.webflow.engine.TransitionableState.onEvent( > > TransitionableState.java:112) > > org.springframework.webflow.engine.Flow.onEvent(Flow.java:572) > > > > org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent > > (RequestControlContextImpl.java:208) > > > > org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent( > > FlowExecutionImpl.java:214) > > org.springframework.webflow.executor.FlowExecutorImpl.resume( > > FlowExecutorImpl.java:245) > > > > org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest > > (FlowRequestHandler.java:115) > > > > org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal > > (FlowController.java:172) > > > > org.springframework.web.servlet.mvc.AbstractController.handleRequest( > > AbstractController.java:153) > > > > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle > > (SimpleControllerHandlerAdapter.java:48) > > org.springframework.web.servlet.DispatcherServlet.doDispatch( > > DispatcherServlet.java:857) > > org.springframework.web.servlet.DispatcherServlet.doService( > > DispatcherServlet.java:792) > > org.springframework.web.servlet.FrameworkServlet.processRequest( > > FrameworkServlet.java:475) > > org.springframework.web.servlet.FrameworkServlet.doPost( > > FrameworkServlet.java:440) > > javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > > javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > > org.jasig.cas.web.init.SafeDispatcherServlet.service( > > SafeDispatcherServlet.java:115) > > > > *cause mère* > > > > javax.naming.ServiceUnavailableException: 10.127.11.12:389; socket > > closed; remaining name 'dc=mooja,dc=ma' > > com.sun.jndi.ldap.Connection.readReply(Connection.java:416) > > com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611) > > com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534) > > com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1948) > > com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1810) > > com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1735) > > com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search( > > ComponentDirContext.java:368) > > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search( > > PartialCompositeDirContext.java:338) > > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search( > > PartialCompositeDirContext.java:321) > > javax.naming.directory.InitialDirContext.search( > > InitialDirContext.java:248) > > > > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler$1.executeSearch > > (BindLdapAuthenticationHandler.java:71) > > org.springframework.ldap.LdapTemplate.search(LdapTemplate.java > > :268) > > org.springframework.ldap.LdapTemplate.search(LdapTemplate.java > > :314) > > > > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal > > (BindLdapAuthenticationHandler.java:67) > > > > org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.doAuthentication > > (AbstractUsernamePasswordAuthenticationHandler.java:56) > > > > org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate > > (AbstractPreAndPostProcessingAuthenticationHandler.java:58) > > > > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate( > > AuthenticationManagerImpl.java:84) > > > > org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket > > (CentralAuthenticationServiceImpl.java:383) > > org.jasig.cas.web.flow.AuthenticationViaFormAction.submit( > > AuthenticationViaFormAction.java:107) > > sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source) > > sun.reflect.DelegatingMethodAccessorImpl.invoke( > > DelegatingMethodAccessorImpl.java:25) > > java.lang.reflect.Method.invoke(Method.java:597) > > org.springframework.webflow.util.DispatchMethodInvoker.invoke( > > DispatchMethodInvoker.java:103) > > org.springframework.webflow.action.MultiAction.doExecute( > > MultiAction.java:136) > > org.springframework.webflow.action.AbstractAction.execute( > > AbstractAction.java:203) > > org.springframework.webflow.engine.AnnotatedAction.execute( > > AnnotatedAction.java:142) > > org.springframework.webflow.engine.ActionExecutor.execute( > > ActionExecutor.java:61) > > org.springframework.webflow.engine.ActionState.doEnter( > > ActionState.java:180) > > org.springframework.webflow.engine.State.enter(State.java:200) > > org.springframework.webflow.engine.Transition.execute( > > Transition.java:229) > > org.springframework.webflow.engine.TransitionableState.onEvent( > > TransitionableState.java:112) > > org.springframework.webflow.engine.Flow.onEvent(Flow.java:572) > > > > org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent > > (RequestControlContextImpl.java:208) > > org.springframework.webflow.engine.ActionState.doEnter( > > ActionState.java:185) > > org.springframework.webflow.engine.State.enter(State.java:200) > > org.springframework.webflow.engine.Transition.execute( > > Transition.java:229) > > org.springframework.webflow.engine.TransitionableState.onEvent( > > TransitionableState.java:112) > > org.springframework.webflow.engine.Flow.onEvent(Flow.java:572) > > > > org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent > > (RequestControlContextImpl.java:208) > > > > org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent( > > FlowExecutionImpl.java:214) > > org.springframework.webflow.executor.FlowExecutorImpl.resume( > > FlowExecutorImpl.java:245) > > > > org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest > > (FlowRequestHandler.java:115) > > > > org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal > > (FlowController.java:172) > > > > org.springframework.web.servlet.mvc.AbstractController.handleRequest( > > AbstractController.java:153) > > > > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle > > (SimpleControllerHandlerAdapter.java:48) > > org.springframework.web.servlet.DispatcherServlet.doDispatch( > > DispatcherServlet.java:857) > > org.springframework.web.servlet.DispatcherServlet.doService( > > DispatcherServlet.java:792) > > org.springframework.web.servlet.FrameworkServlet.processRequest( > > FrameworkServlet.java:475) > > org.springframework.web.servlet.FrameworkServlet.doPost( > > FrameworkServlet.java:440) > > javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > > javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > > org.jasig.cas.web.init.SafeDispatcherServlet.service( > > SafeDispatcherServlet.java:115) > > > > I need your help > > Thanks. > > > > Tarik Arrad > > > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > >
<<winmail.dat>>
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
