RE: [cas-user] JVM Heap Kept Growing every day

[Tom O'Neill]

RJ,

I could be missing something but your most recent summary of the heap behavior 
sounds pretty normal.
Your arguments have the JVM heap initializing at 2 GB and maxing out at 4 GB.

When garbage collection occurs, some of the memory used by the heap should be 
freed up.
Sometimes this doesn’t work properly when there is a memory leak or an issue 
with the cleanup processes within the application.

When garbage collection runs how much of the memory is typically getting 
recovered?

Thanks,

Tom O’Neill

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of RJ
Sent: Monday, August 28, 2017 7:25 PM
To: cas-user@apereo.org
Subject: Re: [cas-user] JVM Heap Kept Growing every day

Here is another take at this:

Started CAS with  -Xms2048m -Xmx4096m about 12 days ago.

Interesting things from stats file is that jvm.memory.heap.committed & 
jvm.memory.heap.init haven't changed since beginning. 2147483648 is the same 
value from the beginning.  jvm.memory.heap.usage has varied from 5% to 40%.

jvm.memory.heap.committed, value=2147483648
jvm.memory.heap.init, value=2147483648
jvm.memory.heap.max, value=4294967296
jvm.memory.heap.usage, value=0.33496101573109627
jvm.memory.heap.used, value=1438646608

Weirdest observation (free -m)

12 days ago (when started)
Mem:   64722257 749  4821613851
Swap:  4095   04095

now:
Mem:   64723561 749  4821612547
Swap:  4095   04095

Used memory started from 2257 to 3561m.

top -> m
  694 javauser20   0 7381748 3.263g  17792 S  0.8 51.6 288:34.34 java

So, top command tells that jvm takes 3.263g.  I was thinking that JVM takes 
only 2G {2147483648 of jvm.memory.heap.committed}.

Does this make any sense ? Thoughts?

On Sat, Aug 19, 2017 at 5:20 AM, 
> wrote:
OK,

there is a significant memory leak in the version of Thymeleaf layout dialect 
used by versions of CAS prior to 5.0.7. Since 5.0.7 it's been updated to the 
layout dialect version containing the memory leak fix.

This is most likely what you are experiencing.

Cheers,
D.



On Sat, Aug 19, 2017 at 4:53 AM -0400, "David Malia" 
> wrote:
It probably is a good idea to move Hazelcast to its own jvm at a minimum.  It 
looks like the default behavior is to fill the cache until its at 85% of heap 
space.
  I got this by looking at
https://apereo.github.io/cas/5.0.x/installation/Configuration-Properties.html#hazelcast-ticket-registry,
so I could be wrong.


On Fri, Aug 18, 2017 at 10:51 AM, Oschwald Robert 
> wrote:
You can get the amount of objects in Hazelcast using Hazelcast Management 
Center or VM tools like visualvm.
I’m not sure if Hazelcast Management Center is available for Open Source 
License usage, or in Hazelcast Enterprise, only.

I strongly recommend to NOT use the Hazelcast  embedded mode, as it is not 
optimal for production.
Better to setup a hazelcast Cluster, so run a Hazelcast “Client Plus Member” 
Topology.

See https://hazelcast.com/resources/hazelcast-deployment-operations-guide/

Robert

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/E1910550-B266-448A-A09B-3C32FFB0A59A%40gmail.com.

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAL3JkELjWgjBjsVsCru9FRSZGRdWgp%3D%2B5M%3DRrcxBo%3D8tVjEdSw%40mail.gmail.com.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: 

[cas-user] Re: SAML metadata problem when upgrade from 5.2.0-RC1 to 5.2.0-RC2

[Andy Ng]

Thanks for the reply, Misagh!

Since the release of RC3 is coming, I think I will wait till then and then 
try upgrading to RC3, and report back whether the problem is solved or not.

I don't upgrade now is because now upgrading to RC3-SNAPSHOT I see lots 
"cannot find symbol" error in my maven and I don't want to & I don't have 
time to fix them now.

For now I will revert back to RC1, as that version have all the essential 
feature for my project.

Thanks again!
Andy

On Monday, 28 August 2017 18:16:45 UTC+8, Andy Ng wrote:
>
> Hi all, here's my problem:
> _
> Background:
> Version: CAS 5.2.0-RC2
> Topic: SAML 2.0
> 
> Problem:
>
>
> When I tried to upgrade from CAS 5.2.0-RC1 to CAS 5.2.0-RC2 (CAS 5.2.0-RC1 
> works completely fine). I have some error with 
> "scopedTarget.defaultSamlRegisteredServiceCachingMetadataResolver". I tried 
> to remove my idp-metadata.xml and tried again, but then CAS 5.2.0-RC2 was 
> not able to create a new idp-metadata.xml
>
> I see in the update note that "
> https://apereo.github.io/2017/08/04/520rc2-release/#saml2-metadata-expiration;
>  
> there's are update on metadata expiration, but idk what that is to do with 
> my problem.
>
> I also see that:
> "
> https://github.com/apereo/cas/blob/v5.2.0-RC2/support/cas-server-support-saml-idp/src/main/java/org/apereo/cas/support/saml/services/idp/metadata/cache/SamlRegisteredServiceCachingMetadataResolver.java
> "
> Compare to 
> "
> https://github.com/apereo/cas/blob/v5.2.0-RC1/support/cas-server-support-saml-idp/src/main/java/org/apereo/cas/support/saml/services/idp/metadata/cache/SamlRegisteredServiceCachingMetadataResolver.java
> "
>
> I saw that the ChainingMetadataResolver is changed to MetadataResolver, 
> and after that I am totally lost...
>
> Would like to know if you guys can give me some guidance on where I should 
> look at to fix my problem?
> _
> Relavent properties:
> cas.authn.samlIdp.entityId=https://${cas.host.name}/idp
> cas.authn.samlIdp.scope=${cas.host.name}
>
>  cas.authn.samlIdp.metadata.cacheExpirationMinutes=30
>  cas.authn.samlIdp.metadata.failFast=true
>  
> cas.authn.samlIdp.metadata.location=file:///etc/cas/saml
>
>  cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
> cas.authn.samlIdp.metadata.requireValidMetadata=true
>
>
>  cas.authn.samlIdp.logout.forceSignedLogoutRequests=false
>  cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled=false
>
>  cas.authn.samlIdp.response.skewAllowance=0
>  cas.authn.samlIdp.response.signError=false
>  cas.authn.samlIdp.response.useAttributeFriendlyName=true
>
> __
> Logs:
>
> 2017-08-28 17:51:52,006 ERROR [org.springframework.boot.SpringApplication] 
> - 
> org.springframework.beans.factory.BeanCreationException: Error creating 
> bean with name 
> 'scopedTarget.defaultSamlRegisteredServiceCachingMetadataResolver' defined 
> in class path resource 
> [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean 
> instantiation via factory method failed; nested exception is 
> org.springframework.beans.BeanInstantiationException: Failed to instantiate 
> [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver]:
>  
> Factory method 'defaultSamlRegisteredServiceCachingMetadataResolver' threw 
> exception; nested exception is java.lang.NoSuchMethodError: 
> com.github.benmanes.caffeine.cache.Caffeine.expireAfter(Lcom/github/benmanes/caffeine/cache/Expiry;)Lcom/github/benmanes/caffeine/cache/Caffeine;
> at 
> org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599)
>  
> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
> at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1173)
>  
> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
> at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1067)
>  
> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
> at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:513)
>  
> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
> at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
>  
> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
> at 
> org.springframework.beans.factory.support.AbstractBeanFactory$2.getObject(AbstractBeanFactory.java:345)
>  
> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
> at 
> org.springframework.cloud.context.scope.GenericScope$BeanLifecycleWrapper.getBean(GenericScope.java:359)
>  
> 

Re: [cas-user] JVM Heap Kept Growing every day

[RJ]

Here is another take at this:

Started CAS with  -Xms2048m -Xmx4096m about 12 days ago.

Interesting things from stats file is that jvm.memory.heap.committed &
jvm.memory.heap.init haven't changed since beginning. 2147483648 is the
same value from the beginning.  jvm.memory.heap.usage has varied from 5% to
40%.

jvm.memory.heap.committed, value=2147483648
jvm.memory.heap.init, value=2147483648
jvm.memory.heap.max, value=4294967296
jvm.memory.heap.usage, value=0.33496101573109627
jvm.memory.heap.used, value=1438646608

Weirdest observation (free -m)

12 days ago (when started)
Mem:   64722257 749  482161
3851
Swap:  4095   04095

now:
Mem:   64723561 749  482161
2547
Swap:  4095   04095

Used memory started from 2257 to 3561m.

top -> m
  694 javauser20   0 7381748 3.263g  17792 S  0.8 51.6 288:34.34 java

So, top command tells that jvm takes 3.263g.  I was thinking that JVM takes
only 2G {2147483648 of jvm.memory.heap.committed}.

Does this make any sense ? Thoughts?

On Sat, Aug 19, 2017 at 5:20 AM,  wrote:

> OK,
>
> there is a significant memory leak in the version of Thymeleaf layout
> dialect used by versions of CAS prior to 5.0.7. Since 5.0.7 it's been
> updated to the layout dialect version containing the memory leak fix.
>
> This is most likely what you are experiencing.
>
> Cheers,
> D.
>
>
>
>
> On Sat, Aug 19, 2017 at 4:53 AM -0400, "David Malia" 
> wrote:
>
> It probably is a good idea to move Hazelcast to its own jvm at a minimum.
>> It looks like the default behavior is to fill the cache until its at 85% of
>> heap space.
>>   I got this by looking at
>> https://apereo.github.io/cas/5.0.x/installation/
>> Configuration-Properties.html#hazelcast-ticket-registry,
>> so I could be wrong.
>>
>>
>> On Fri, Aug 18, 2017 at 10:51 AM, Oschwald Robert <
>> robertoschw...@gmail.com> wrote:
>>
>>> You can get the amount of objects in Hazelcast using Hazelcast
>>> Management Center or VM tools like visualvm.
>>> I’m not sure if Hazelcast Management Center is available for Open Source
>>> License usage, or in Hazelcast Enterprise, only.
>>>
>>> I strongly recommend to NOT use the Hazelcast  embedded mode, as it is
>>> not optimal for production.
>>> Better to setup a hazelcast Cluster, so run a Hazelcast “Client Plus
>>> Member” Topology.
>>>
>>> See https://hazelcast.com/resources/hazelcast-deployment-
>>> operations-guide/
>>>
>>> Robert
>>>
>>> --
>>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>>> - CAS mailing list guidelines: https://apereo.github.io/cas/M
>>> ailing-Lists.html
>>> - CAS documentation website: https://apereo.github.io/cas
>>> - CAS project website: https://github.com/apereo/cas
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/E1910550-B266-448A-A09B-3C32FFB0A5
>>> 9A%40gmail.com.
>>>
>>
>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines: https://apereo.github.io/cas/
>> Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/
>> apereo.org/d/msgid/cas-user/CAL3JkELjWgjBjsVsCru9FRSZGRdWg
>> p%3D%2B5M%3DRrcxBo%3D8tVjEdSw%40mail.gmail.com
>> 
>> .
>>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/
> Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/D5BBD223FBD5BCE6.C72A3F6A-
> 13CE-41A8-9121-A06158620A74%40mail.outlook.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: 

Re: [cas-user] Re: How to embed the login form in the client page?

[Ray Bon]

If application B is acting on behalf of the user, then proxying is what you are 
looking for.
https://apereo.github.io/cas/5.1.x/installation/Configuring-Proxy-Authentication.html

If application B is running background tasks, then the one 'special' user in 
application B can use CAS REST api to log in to application A.

Ray

On Mon, 2017-08-28 at 11:17 -0700, SOPHIE Fang wrote:
 Totally agree...
 i already have cold-feet as i am reading more into it
As I am customizing the login page, i will probably accept your suggestion.:)
May i ask another question?
I have an Application A which is Java based and Application B which is Python 
based. Application B calls Application A quite a lot by calling A's API; e.x. 
http://applicationA.corp.com/TaskManager?taskId=1&=true

Since i turned on SSO, right now Application A is https and unless someone 
logged in, it's not possible to make the call anymore as it's a 
application-to-application interaction. Do you have something in mind thus i 
can keep this behavior normal as before?
I would say millions of thank you. And i hope people who is struggling like me 
can benefit from all this!

在 2017年8月28日星期一 UTC-4下午1:41:46，rbon写道：
Sophie,

CAS definitely has a lot of moving parts. Patience, small steps and lots of 
testing.

If I understand correctly, your client application has a login form. You should 
be able to use REST to pass that user's credentials to the CAS server without 
having to redirect.
If that is the route you choose, you will have to keep track of the user's 
session and associate it with the TGT. You may also have to manage session 
expiration. This sounds like a lot of work.
If your client application does not have a login form, you will have to 
retrieve the user's login name and password from somewhere. This sounds risky.

Is there a reason why you do not want to go through the redirect?

If the user is already logged in through CAS the redirect will be very fast, 
the user will not notice. If you are concerned about the look of the login 
page, that can be customized to look like your application.

Ray

On Mon, 2017-08-28 at 10:01 -0700, SOPHIE Fang wrote:
Thank you for the speedy answer! Really Appreciate it!!
My questions might sound pretty silly to someone already quite familiar with 
the CAS Protocal. But still newbie as i am, may i ask..:
Why the REST Protocol sounds like it's for application-to-application 
authentication. Will it really help my case?
 What i am trying to do-- Instead of redirecting to the cas login page 
everytime user hit my client application, user can just stay in my client 
application and hit login then somehow get authenticated via CAS while staying 
in the same page.  Do you know the step by step how to achieve this? As i know 
about CAS so far, there is no baby sitting step by step. It's more like playing 
a puzzles gathering people's experience here and there.

在 2017年8月28日星期一 UTC-4上午11:44:05，rbon写道：
Is this what you are looking for?
https://apereo.github.io/cas/5.1.x/protocol/REST-Protocol.html

Ray

On Mon, 2017-08-28 at 07:21 -0700, SOPHIE Fang wrote:
Did you find the way to do it?
Thx!

在 2017年3月21日星期二 UTC-4上午10:24:34，Hao Wu写道：
Hello all,
I want to embed the login form in the client page, without reidrection, have 
googled for some solutions about 3.x or 4.x, is there any solutions for 5.x? 
Thanks



--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 023 | rb...@uvic.ca


--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 023 | rb...@uvic.ca


--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 023 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1503954526.2080.28.camel%40uvic.ca.

[cas-user] Re: MFA Gauth registry fails to register multiple users

[Mark Klinchin]

I have the same situation with CAS 5.1.3 with both JSON and MongoDB. 

Somewhat related question is whether I can use container managed datasource 
(java:comp/env/jdbc/...) instead of database URL (with login and password) 
to store Google Authenticator registrations?

Thank you
Mark

On Thursday, July 20, 2017 at 11:40:55 AM UTC-4, Bertrand Carlier wrote:
>
> hello all,
>
> I cannot register multiple users on Google Auth mfa method:
> - using the JSON registry will only record the first user, the second one 
> fails
> - using the MongoDB registry will only record the last registering user 
> removing the (only) previous record.
>
> with a JSONI get an exception regarding an ArrayList not being castable to 
> a java.lang.Comparable :
>
> 2017-07-20 14:36:39,011 DEBUG 
> [org.apereo.cas.otp.repository.credentials.BaseJsonOneTimeTokenCredentialRepository]
>  
> - 
> 2017-07-20 14:36:39,012 DEBUG 
> [org.apereo.cas.otp.repository.credentials.BaseJsonOneTimeTokenCredentialRepository]
>  
> - 
> 2017-07-20 14:36:39,013 DEBUG 
> [org.apereo.cas.otp.repository.credentials.BaseJsonOneTimeTokenCredentialRepository]
>  
> - 
> 2017-07-20 14:36:39,014 DEBUG 
> [org.apereo.cas.otp.repository.credentials.BaseJsonOneTimeTokenCredentialRepository]
>  
> - 
> 2017-07-20 14:36:39,015 ERROR 
> [org.apereo.cas.otp.repository.credentials.BaseJsonOneTimeTokenCredentialRepository]
>  
> - 
> java.lang.ClassCastException: java.util.ArrayList cannot be cast to 
> java.lang.Comparable
>
>
> anyone was succeeded in registering multiple users with either JSON or 
> MongeDB registry? (does not seem to be the same bug though, MongoDB seems 
> to be an issue with an initialized id, never overridden at 
> https://github.com/apereo/cas/blob/8a7289a6e5b506bf92ad6a639cbb7f5990f0f0fc/support/cas-server-support-otp-mfa/src/main/java/org/apereo/cas/otp/repository/credentials/OneTimeTokenAccount.java#L40
> )
>
> thanks.
>
> (version 5.1.2)
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ec42c629-1eaa-482f-a1d8-b8f3d38175f9%40apereo.org.

Re: [cas-user] Re: How to embed the login form in the client page?

[SOPHIE Fang]

 Totally agree...
 i already have cold-feet as i am reading more into it
As I am customizing the login page, i will probably accept your 
suggestion.:)
May i ask another question?
I have an Application A which is Java based and Application B which is 
Python based. Application B calls Application A quite a lot by calling A's 
API; e.x. 
http://applicationA.corp.com/TaskManager?taskId=1&=true

Since i turned on SSO, right now Application A is https and unless someone 
logged in, it's not possible to make the call anymore as it's a 
application-to-application interaction. Do you have something in mind thus 
i can keep this behavior normal as before?
I would say millions of thank you. And i hope people who is struggling like 
me can benefit from all this!

在 2017年8月28日星期一 UTC-4下午1:41:46，rbon写道：
>
> Sophie,
>
> CAS definitely has a lot of moving parts. Patience, small steps and lots 
> of testing.
>
> If I understand correctly, your client application has a login form. You 
> should be able to use REST to pass that user's credentials to the CAS 
> server without having to redirect.
> If that is the route you choose, you will have to keep track of the user's 
> session and associate it with the TGT. You may also have to manage session 
> expiration. This sounds like a lot of work.
> If your client application does not have a login form, you will have to 
> retrieve the user's login name and password from somewhere. This sounds 
> risky.
>
> Is there a reason why you do not want to go through the redirect?
>
> If the user is already logged in through CAS the redirect will be very 
> fast, the user will not notice. If you are concerned about the look of the 
> login page, that can be customized to look like your application.
>
> Ray
>
> On Mon, 2017-08-28 at 10:01 -0700, SOPHIE Fang wrote:
>
> Thank you for the speedy answer! Really Appreciate it!!
> My questions might sound pretty silly to someone already quite familiar 
> with the CAS Protocal. But still newbie as i am, may i ask..: 
> Why the REST Protocol sounds like it's for application-to-application 
> authentication. Will it really help my case?
>  What i am trying to do-- Instead of redirecting to the cas login page 
> everytime user hit my client application, user can just stay in my client 
> application and hit login then somehow get authenticated via CAS while 
> staying in the same page.  Do you know the step by step how to achieve 
> this? As i know about CAS so far, there is no baby sitting step by step. 
> It's more like playing a puzzles gathering people's experience here and 
> there.
>
> 在 2017年8月28日星期一 UTC-4上午11:44:05，rbon写道： 
>
> Is this what you are looking for?
> https://apereo.github.io/cas/5.1.x/protocol/REST-Protocol.html
>
> Ray
>
> On Mon, 2017-08-28 at 07:21 -0700, SOPHIE Fang wrote:
>
> Did you find the way to do it? 
> Thx!
>
> 在 2017年3月21日星期二 UTC-4上午10:24:34，Hao Wu写道： 
>
> Hello all,
> I want to embed the login form in the client page, without reidrection, 
> have googled for some solutions about 3.x or 4.x, is there any solutions 
> for 5.x? Thanks
>
>
> -- 
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 023 | rb...@uvic.ca
>
>
> -- 
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 023 | rb...@uvic.ca 
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1fafe227-adbf-4977-ac07-b5760fdb3cf4%40apereo.org.

Re: [cas-user] Re: How to embed the login form in the client page?

[Ray Bon]

Sophie,

CAS definitely has a lot of moving parts. Patience, small steps and lots of 
testing.

If I understand correctly, your client application has a login form. You should 
be able to use REST to pass that user's credentials to the CAS server without 
having to redirect.
If that is the route you choose, you will have to keep track of the user's 
session and associate it with the TGT. You may also have to manage session 
expiration. This sounds like a lot of work.
If your client application does not have a login form, you will have to 
retrieve the user's login name and password from somewhere. This sounds risky.

Is there a reason why you do not want to go through the redirect?

If the user is already logged in through CAS the redirect will be very fast, 
the user will not notice. If you are concerned about the look of the login 
page, that can be customized to look like your application.

Ray

On Mon, 2017-08-28 at 10:01 -0700, SOPHIE Fang wrote:
Thank you for the speedy answer! Really Appreciate it!!
My questions might sound pretty silly to someone already quite familiar with 
the CAS Protocal. But still newbie as i am, may i ask..:
Why the REST Protocol sounds like it's for application-to-application 
authentication. Will it really help my case?
 What i am trying to do-- Instead of redirecting to the cas login page 
everytime user hit my client application, user can just stay in my client 
application and hit login then somehow get authenticated via CAS while staying 
in the same page.  Do you know the step by step how to achieve this? As i know 
about CAS so far, there is no baby sitting step by step. It's more like playing 
a puzzles gathering people's experience here and there.

在 2017年8月28日星期一 UTC-4上午11:44:05，rbon写道：
Is this what you are looking for?
https://apereo.github.io/cas/5.1.x/protocol/REST-Protocol.html

Ray

On Mon, 2017-08-28 at 07:21 -0700, SOPHIE Fang wrote:
Did you find the way to do it?
Thx!

在 2017年3月21日星期二 UTC-4上午10:24:34，Hao Wu写道：
Hello all,
I want to embed the login form in the client page, without reidrection, have 
googled for some solutions about 3.x or 4.x, is there any solutions for 5.x? 
Thanks



--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 023 | rb...@uvic.ca


--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 023 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1503942102.2080.21.camel%40uvic.ca.

Re: [cas-user] Re: How to embed the login form in the client page?

[SOPHIE Fang]

Thank you for the speedy answer! Really Appreciate it!!
My questions might sound pretty silly to someone already quite familiar 
with the CAS Protocal. But still newbie as i am, may i ask..:
Why the REST Protocol sounds like it's for application-to-application 
authentication. Will it really help my case?
 What i am trying to do-- Instead of redirecting to the cas login page 
everytime user hit my client application, user can just stay in my client 
application and hit login then somehow get authenticated via CAS while 
staying in the same page.  Do you know the step by step how to achieve 
this? As i know about CAS so far, there is no baby sitting step by step. 
It's more like playing a puzzles gathering people's experience here and 
there.

在 2017年8月28日星期一 UTC-4上午11:44:05，rbon写道：
>
> Is this what you are looking for?
> https://apereo.github.io/cas/5.1.x/protocol/REST-Protocol.html
>
> Ray
>
> On Mon, 2017-08-28 at 07:21 -0700, SOPHIE Fang wrote:
>
> Did you find the way to do it? 
> Thx!
>
> 在 2017年3月21日星期二 UTC-4上午10:24:34，Hao Wu写道： 
>
> Hello all,
> I want to embed the login form in the client page, without reidrection, 
> have googled for some solutions about 3.x or 4.x, is there any solutions 
> for 5.x? Thanks
>
>
> -- 
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 023 | rb...@uvic.ca 
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5c646e7c-576e-4ce5-860a-441418064e4d%40apereo.org.

[cas-user] CAS 5.2.0-RC3-SNAPSHOT handle authentication exception

[Fabio Martelli]

Hi, what are the best practices to handle a Ldap authentication exception?

I need to successfully authenticate active directory disabled users. 
Where can I act?


Thank you in advance for your help.

BR,

F.

--
Fabio Martelli
https://it.linkedin.com/pub/fabio-martelli/1/974/a44
http://blog.tirasa.net/author/fabio/index.html

Tirasa - Open Source Excellence
http://www.tirasa.net/index.html?pk_campaign=email_kwd=fm

Apache Syncope PMC
http://people.apache.org/~fmartelli/

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/503cc53f-97b0-753a-0b10-9ddfeeeaddc7%40gmail.com.

Re: [cas-user] Re: How to embed the login form in the client page?

[Ray Bon]

Is this what you are looking for?
https://apereo.github.io/cas/5.1.x/protocol/REST-Protocol.html

Ray

On Mon, 2017-08-28 at 07:21 -0700, SOPHIE Fang wrote:
Did you find the way to do it?
Thx!

在 2017年3月21日星期二 UTC-4上午10:24:34，Hao Wu写道：
Hello all,
I want to embed the login form in the client page, without reidrection, have 
googled for some solutions about 3.x or 4.x, is there any solutions for 5.x? 
Thanks



--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 023 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1503935041.2080.3.camel%40uvic.ca.

[cas-user] Re: How to embed the login form in the client page?

[SOPHIE Fang]

Did you find the way to do it?
Thx!

在 2017年3月21日星期二 UTC-4上午10:24:34，Hao Wu写道：
>
> Hello all,
> I want to embed the login form in the client page, without reidrection, 
> have googled for some solutions about 3.x or 4.x, is there any solutions 
> for 5.x? Thanks
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/31ff0693-f958-47c2-bbad-731a5a7e0de8%40apereo.org.

[cas-user] Thread count keeps growing at tomcat 8.5 with CAS 5.1

[Song, Doe-Hyun]

Good Morning All,

Since we go to production with CAS 5.1, we keep having growing Thread counts.

We use ehcache for HA implementation and ldap for authentication.

Two types of threads - Timer and pool-3-thread - keep growing as time goes.

Any suggestion to debug this issue?

Thread dump :


Full thread dump OpenJDK 64-Bit Server VM (25.101-b13 mixed mode):

"Timer-73" #512 daemon prio=5 os_prio=0 tid=0x7f0520033000 nid=0x8041 in 
Object.wait() [0x7f0509b5c000]
   java.lang.Thread.State: TIMED_WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
at java.util.TimerThread.mainLoop(Timer.java:552)
- locked <0xafb48f10> (a java.util.TaskQueue)
at java.util.TimerThread.run(Timer.java:505)

"Timer-72" #509 daemon prio=5 os_prio=0 tid=0x7f0520019800 nid=0x7fbc in 
Object.wait() [0x7f050a469000]
   java.lang.Thread.State: TIMED_WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
at java.util.TimerThread.mainLoop(Timer.java:552)
- locked <0xafa333a0> (a java.util.TaskQueue)
at java.util.TimerThread.run(Timer.java:505)

"pool-3-thread-23" #508 prio=5 os_prio=0 tid=0x7f05180b3000 nid=0x7f36 
waiting on condition [0x7f0509d6]
   java.lang.Thread.State: WAITING (parking)
at sun.misc.Unsafe.park(Native Method)
- parking to wait for  <0xa7f17930> (a 
java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
at java.util.concurrent.locks.LockSupport.park(LockSupport.java:175)
at 
java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:2039)
at 
java.util.concurrent.LinkedBlockingQueue.take(LinkedBlockingQueue.java:442)
at 
java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1067)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1127)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

"Timer-71" #507 daemon prio=5 os_prio=0 tid=0x7f05180b8800 nid=0x7f35 in 
Object.wait() [0x7f0509f62000]
   java.lang.Thread.State: TIMED_WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
at java.util.TimerThread.mainLoop(Timer.java:552)
- locked <0xaf974c00> (a java.util.TaskQueue)
at java.util.TimerThread.run(Timer.java:505)

"Timer-70" #506 daemon prio=5 os_prio=0 tid=0x7f05506ba000 nid=0x7eb4 in 
Object.wait() [0x7f0509e61000]
   java.lang.Thread.State: TIMED_WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
at java.util.TimerThread.mainLoop(Timer.java:552)
- locked <0xaf8cf808> (a java.util.TaskQueue)
at java.util.TimerThread.run(Timer.java:505)

"pool-3-thread-22" #496 prio=5 os_prio=0 tid=0x7f05180b7800 nid=0x79dd 
waiting on condition [0x7f050a063000]
   java.lang.Thread.State: WAITING (parking)
at sun.misc.Unsafe.park(Native Method)
- parking to wait for  <0xa7f17930> (a 
java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
at java.util.concurrent.locks.LockSupport.park(LockSupport.java:175)
at 
java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:2039)
at 
java.util.concurrent.LinkedBlockingQueue.take(LinkedBlockingQueue.java:442)
at 
java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1067)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1127)

Thanks,
Doe




The information contained in this e-mail and any attachments is confidential and
intended only for the recipient. If you are not the intended recipient, the
information contained in this message may not be used, copied, or forwarded to
third parties or otherwise distributed for any other purpose. Please notify the
sender if you received this e-mail in error and delete the e-mail and its
attachments promptly.  Nothing in this e-mail may be used or deemed to form the
basis of a contractual or any other legally binding obligation unless separately
confirmed in writing by an authorized representative of ARMADA.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7C27C94EB0F1AD41BB2FA62533E661E201DA8382D0%40MailS01P.hub1.com.

Re: [cas-user] Mongodb x509 authentification

[Misagh Moayyed]

> I have a mongodb cluster (version 3.4.7) and it configures to use x509
> authentification (mode : requireSSL).

> I read apereo cas documentation, but I didn't find anything about the
> configuration CAS with x509 authentification of mongodb cluster.

> Information :

> I use version 5.1.1 of CAS.

> Moreover, I use the plugin MFA for mongodb too.

> Is it possible ? and how ?

If you're asking whether there is support for that kind of thing today, then 
I'd guess no. 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1220372141.19621.1503919162301.JavaMail.zimbra%40unicon.net.

Re: [cas-user] SAML metadata problem when upgrade from 5.2.0-RC1 to 5.2.0-RC2

[Misagh Moayyed]

Switch to RC3 SNAPSHOT please. You likely have duplicate caffein dependencies, 
and RC3 should fix that. 

> From: "Andy Ng" 
> To: "CAS Community" 
> Sent: Monday, August 28, 2017 3:16:45 AM
> Subject: [cas-user] SAML metadata problem when upgrade from 5.2.0-RC1 to
> 5.2.0-RC2

> Hi all, here's my problem:
> _
> Background:
> Version: CAS 5.2.0-RC2
> Topic: SAML 2.0
> 
> Problem:

> When I tried to upgrade from CAS 5.2.0-RC1 to CAS 5.2.0-RC2 (CAS 5.2.0-RC1 
> works
> completely fine). I have some error with
> "scopedTarget.defaultSamlRegisteredServiceCachingMetadataResolver". I tried to
> remove my idp-metadata.xml and tried again, but then CAS 5.2.0-RC2 was not 
> able
> to create a new idp-metadata.xml

> I see in the update note that
> "https://apereo.github.io/2017/08/04/520rc2-release/#saml2-metadata-expiration;
> there's are update on metadata expiration, but idk what that is to do with my
> problem.

> I also see that:
> "https://github.com/apereo/cas/blob/v5.2.0-RC2/support/cas-server-support-saml-idp/src/main/java/org/apereo/cas/support/saml/services/idp/metadata/cache/SamlRegisteredServiceCachingMetadataResolver.java;
> Compare to
> "https://github.com/apereo/cas/blob/v5.2.0-RC1/support/cas-server-support-saml-idp/src/main/java/org/apereo/cas/support/saml/services/idp/metadata/cache/SamlRegisteredServiceCachingMetadataResolver.java;

> I saw that the ChainingMetadataResolver is changed to MetadataResolver, and
> after that I am totally lost...

> Would like to know if you guys can give me some guidance on where I should 
> look
> at to fix my problem?
> _
> Relavent properties:
> cas.authn.samlIdp.entityId=https://${cas.host.name}/idp
> cas.authn.samlIdp.scope=${cas.host.name}

> cas.authn.samlIdp.metadata.cacheExpirationMinutes=30
> cas.authn.samlIdp.metadata.failFast=true
> cas.authn.samlIdp.metadata.location=file:///etc/cas/saml

> cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
> cas.authn.samlIdp.metadata.requireValidMetadata=true

> cas.authn.samlIdp.logout.forceSignedLogoutRequests=false
> cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled=false

> cas.authn.samlIdp.response.skewAllowance=0
> cas.authn.samlIdp.response.signError=false
> cas.authn.samlIdp.response.useAttributeFriendlyName=true

> __
> Logs:

> 2017-08-28 17:51:52,006 ERROR [org.springframework.boot.SpringApplication] -
> 
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'scopedTarget.defaultSamlRegisteredServiceCachingMetadataResolver'
> defined in class path resource
> [org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean instantiation
> via factory method failed; nested exception is
> org.springframework.beans.BeanInstantiationException: Failed to instantiate
> [org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver]:
> Factory method 'defaultSamlRegisteredServiceCachingMetadataResolver' threw
> exception; nested exception is java.lang.NoSuchMethodError:
> com.github.benmanes.caffeine.cache.Caffeine.expireAfter(Lcom/github/benmanes/caffeine/cache/Expiry;)Lcom/github/benmanes/caffeine/cache/Caffeine;
> at
> org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599)
> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1173)
> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1067)
> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:513)
> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
> at
> org.springframework.beans.factory.support.AbstractBeanFactory$2.getObject(AbstractBeanFactory.java:345)
> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
> at
> org.springframework.cloud.context.scope.GenericScope$BeanLifecycleWrapper.getBean(GenericScope.java:359)
> ~[spring-cloud-context-1.2.3.RELEASE.jar:1.2.3.RELEASE]
> at
> org.springframework.cloud.context.scope.GenericScope.get(GenericScope.java:176)
> ~[spring-cloud-context-1.2.3.RELEASE.jar:1.2.3.RELEASE]
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:340)
> ~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
> at
> 

[cas-user] SAML metadata problem when upgrade from 5.2.0-RC1 to 5.2.0-RC2

[Andy Ng]

Hi all, here's my problem:
_
Background:
Version: CAS 5.2.0-RC2
Topic: SAML 2.0

Problem:


When I tried to upgrade from CAS 5.2.0-RC1 to CAS 5.2.0-RC2 (CAS 5.2.0-RC1 
works completely fine). I have some error with 
"scopedTarget.defaultSamlRegisteredServiceCachingMetadataResolver". I tried 
to remove my idp-metadata.xml and tried again, but then CAS 5.2.0-RC2 was 
not able to create a new idp-metadata.xml

I see in the update note that 
"https://apereo.github.io/2017/08/04/520rc2-release/#saml2-metadata-expiration; 
there's are update on metadata expiration, but idk what that is to do with 
my problem.

I also see that:
"https://github.com/apereo/cas/blob/v5.2.0-RC2/support/cas-server-support-saml-idp/src/main/java/org/apereo/cas/support/saml/services/idp/metadata/cache/SamlRegisteredServiceCachingMetadataResolver.java;
Compare to 
"https://github.com/apereo/cas/blob/v5.2.0-RC1/support/cas-server-support-saml-idp/src/main/java/org/apereo/cas/support/saml/services/idp/metadata/cache/SamlRegisteredServiceCachingMetadataResolver.java;

I saw that the ChainingMetadataResolver is changed to MetadataResolver, and 
after that I am totally lost...

Would like to know if you guys can give me some guidance on where I should 
look at to fix my problem?
_
Relavent properties:
cas.authn.samlIdp.entityId=https://${cas.host.name}/idp
cas.authn.samlIdp.scope=${cas.host.name}

 cas.authn.samlIdp.metadata.cacheExpirationMinutes=30
 cas.authn.samlIdp.metadata.failFast=true
 
cas.authn.samlIdp.metadata.location=file:///etc/cas/saml

 cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
cas.authn.samlIdp.metadata.requireValidMetadata=true


 cas.authn.samlIdp.logout.forceSignedLogoutRequests=false
 cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled=false

 cas.authn.samlIdp.response.skewAllowance=0
 cas.authn.samlIdp.response.signError=false
 cas.authn.samlIdp.response.useAttributeFriendlyName=true

__
Logs:

2017-08-28 17:51:52,006 ERROR [org.springframework.boot.SpringApplication] 
- 
org.springframework.beans.factory.BeanCreationException: Error creating 
bean with name 
'scopedTarget.defaultSamlRegisteredServiceCachingMetadataResolver' defined 
in class path resource 
[org/apereo/cas/config/SamlIdPMetadataConfiguration.class]: Bean 
instantiation via factory method failed; nested exception is 
org.springframework.beans.BeanInstantiationException: Failed to instantiate 
[org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver]:
 
Factory method 'defaultSamlRegisteredServiceCachingMetadataResolver' threw 
exception; nested exception is java.lang.NoSuchMethodError: 
com.github.benmanes.caffeine.cache.Caffeine.expireAfter(Lcom/github/benmanes/caffeine/cache/Expiry;)Lcom/github/benmanes/caffeine/cache/Caffeine;
at 
org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599)
 
~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1173)
 
~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1067)
 
~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:513)
 
~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
at 
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
 
~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
at 
org.springframework.beans.factory.support.AbstractBeanFactory$2.getObject(AbstractBeanFactory.java:345)
 
~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
at 
org.springframework.cloud.context.scope.GenericScope$BeanLifecycleWrapper.getBean(GenericScope.java:359)
 
~[spring-cloud-context-1.2.3.RELEASE.jar:1.2.3.RELEASE]
at 
org.springframework.cloud.context.scope.GenericScope.get(GenericScope.java:176) 
~[spring-cloud-context-1.2.3.RELEASE.jar:1.2.3.RELEASE]
at 
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:340)
 
~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
at 
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
 
~[spring-beans-4.3.10.RELEASE.jar:4.3.10.RELEASE]
at 
org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1078)
 
~[spring-context-4.3.10.RELEASE.jar:4.3.10.RELEASE]
at 

Re: [cas-user] cas5.1.1 + cas-services-management-overlay

[sesharaju sv]

Hello Jérémie

I think you have missed to configure the cas-management application in
CAS Server services.  Please do add the CAS Management application URL
in your services registry and try log you should be able to login.

Thanks
Seshu

On 27 August 2017 at 22:27, Jérémie Pilette  wrote:
> Hello,
>
> I installed "cas-services-management-overlay".
> When I connect to the url "https://myurl/cas-management;, I have the page
> that indicate :
>
> Application Not Authorized to Use CAS
>
> The services registry of CAS is empty and has no service definitions.
> Applications that wish to authenticate with CAS must explicitly be defined
> in the services registry.
>
>
> Could you help me please ?
>
> ==management.properties==
> # CAS server that management app will authenticate with
> # This server will authenticate for any app (service) and you can login as
> casuser/Mellon
> cas.server.name: https://myurl
> cas.server.prefix: https://myurl/cas
>
> cas.mgmt.adminRoles=ROLE_ADMIN
> cas.mgmt.userPropertiesFile=file:/etc/cas/config/users.properties
>
> # Update this URL to point at server running this management app
> cas.mgmt.serverName=https://myurl
>
> server.context-path=/cas-management
> server.port=443
>
> spring.thymeleaf.mode=HTML
> logging.config=file:/etc/cas/config/log4j2-management.xml
>
> ==cas.properties==
> cas.server.name=https://myurl
> cas.server.prefix=https://myurl/cas
>
> cas.adminPagesSecurity.ip=127\.0\.0\.1
> logging.config=file:/etc/cas/config/log4j2.xml
> # cas.serviceRegistry.config.location: classpath:/services
> cas.authn.accept.users=
>
> Thanks a lot
>
> Jérémie
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/dec52428-deaa-4913-ade8-d730f64edd8b%40apereo.org.



-- 
Venkata S Sadhu (Seshu)
India (Mobile) : +91 7032638062 (WhatsApp)
INDIA

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAABZGc20S4hw7jm1eASneSm51P873uSDZpAHdvU9k6qgg%2B-MGA%40mail.gmail.com.