[cas-user] Why we got stale TCP connections in CLOSE_WAIT status for a long time and how to resolve this?
To whom it may concern, We are using Apereo CAS 6.2.2 with CAS 2.0/3.0 and SAML 2.0 supported. >From time to time, maybe rotate after hours or day, we saw some stale TCP connections in CLOSE_WAIT status like the following: java74936 root 109u IPv65558780 0t0 TCP olc.wccnet.edu:39944->cust-64.79.132.101.switchnap.com:https (CLOSE_WAIT) java74936 root 113u IPv65667290 0t0 TCP olc.wccnet.edu:48712->server-65-8-49-109.ord52.r.cloudfront.net:https (CLOSE_WAIT) java74936 root 118u IPv65138832 0t0 TCP olc.wccnet.edu:45586->ec2-3-14-202-102.us-east-2.compute.amazonaws.com:https (CLOSE_WAIT) java74936 root 119u IPv65613790 0t0 TCP olc.wccnet.edu:50148->na07.alma.exlibrisgroup.com:https (CLOSE_WAIT) java74936 root 120u IPv65529494 0t0 TCP olc.wccnet.edu:54112->ec2-52-1-97-220.compute-1.amazonaws.com:https (CLOSE_WAIT) We suspect those might be used for SAML metadata connections or some other SAML related connections. I tried to use pktcap-uw to catch what's there, however it seemed that we got nothing in a short time window which could show us any network traffic related to those connections. Is there any new version of CAS software or any way to get this resolved ? Appreciate your help very much! Joe -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMr51Mdy83CGesFq454oyNceWz335ss_Zm8PAZe-8fBv_Zb_gA%40mail.gmail.com.
Re: [cas-user] ervice registration only allows set of IP addresses?
I have to concur; I knew where to look. Ray On Thu, 2022-12-01 at 14:16 -1000, Baron Fujimoto wrote: I guess my meta question is, how would I have found it if I didn't know it was there? The doc's search feature doesn't turn up anything that looks useful with search terms like "IP address". You can get to it from the navbar on the left, if you already have an idea of your destination, but that's not helpful in my experience if you don't already have some idea where something may be buried. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a70c76a7890ea44c3b130dd5373d645d92ec70a6.camel%40uvic.ca.
Re: [cas-user] Why is ovewriting configs not supported in all kind of configs?
Hi everyone, The issue with the configs seem to appear when we "seperate" the cas.authn.pac4j.saml[0] configs in different config files For example all the configs of the type cas.authn.pac4j.saml[0] that we use in cas are the below: cas.authn.pac4j.saml[0].keystorePassword=pac4j-demo-passwd cas.authn.pac4j.saml[0].privateKeyPassword=pac4j-demo-passwd cas.authn.pac4j.saml[0].serviceProviderEntityId=urn:mace:saml:pac4j.org cas.authn.pac4j.saml[0].serviceProviderMetadataPath=/etc/cas/config/sp-metadata.xml cas.authn.pac4j.saml[0].keystorePath=/etc/cas/config/samlKeystore.jks cas.authn.pac4j.saml[0].identityProviderMetadataPath=https://blablabla cas.authn.pac4j.saml[0].clientName=SAML2Client When we set up e.g. cas.authn.pac4j.saml[0].identityProviderMetadataPath in the file conf/cas_custom.properties and all the rest in the file conf/cas_base.properties, then the login does not work correctly. However, when we set up ALL the used cas.authn.pac4j.saml[0] configs in the config file (either cas_custom.properties or/and cas_base.properties) then the login is working as expected. So it looks like those kind of configs need to be read from the same file all together, else if they are read partially from different files, something is not working as expected. I am not sure if this kind of issue can happen in different config types as well. Thanks, Ria On Friday, December 2, 2022 at 11:50:09 AM UTC+2 Freedom K wrote: > Thank you Ray. > I will try it (in thelog4j2.xml?) and see if more information will be > visible. > If this is a spring config issue, can we use a bigger version of spring > for the cas version 5.2.9? > I see that the versions in the pom.xml is > 1.5.14.RELEASE > 4.3.17.RELEASE > > On Thursday, December 1, 2022 at 6:42:36 PM UTC+2 Ray Bon wrote: > >> Ria >> >> This sounds more like a spring config issue than a cas one. >> This logger may provide some details: >> >> >> >> Ray >> >> On Thu, 2022-12-01 at 07:10 -0800, Freedom K wrote: >> >> Notice: This message was sent from outside the University of Victoria >> email system. Please be cautious with links and sensitive information. >> >> >> Hi everyone, >> >> I am facing an issue when trying to create a config file hierarchy for >> cas. >> >> I am using something like the below arguments in the run line of cas >> >> --spring.config.location=conf/cas_base.properties,conf/cas_custom.properties >> >> so as to be able to have some hierarchy of configs based on some >> environment specific preferences. >> >> I have noticed that if I set for example >> logging.level.org.apereo.cas=DEBUG in the file cas_base.properties and no >> logging.level.org.apereo.cas is set to cas_custom.properties, it is read >> from cas and I can see the logs in debug mode, as expected. >> >> However, if I set cas.authn.pac4j.saml[0].clientName in >> cas_base.properties and not in cas_custom.properties, then the app does not >> read it and I cannot get redirected to the identity provider I wish (OKTA). >> >> Is there any differences between the different type of configs that >> prevents them from being able to work with a hierarchy type of config file >> reading? >> >> The CAS version I am using is 5.2.9 >> >> Thanks, >> Ria >> >> >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d68acdb1-ae26-4f78-bd57-e5c6d967efcdn%40apereo.org.
[cas-user] Re: Setup CAS-Management 6.2.x Dashboard
Hi there,
I have the exact same problem as in the previous post. Has anyone found the
source of this problem?
I use CAS 6.6.2 and CAS-management 6.6.0.
Thanks in advance.
Cordially,
Le jeudi 30 juin 2022 à 18:31:35 UTC+2, vtsu...@gmail.com a écrit :
> Would it be a problem for you to share your configs? Because I have a
> problem with displaying the dashboard, but I am able to:
>
> Resolve Attributes - i can resolve all atributes
> SSO Sessions - i can see all the session with creation time and a Username
> and uses
> Loggers - works but it is very slow
>
> Cache, Auditlog tab dont work
>
> But when i check dashboard its look like this :
> [image: sso.jpg]
>
> Same goes for CAS Info all values are empty. I will share my configs also,
> maybe someone point me where i do mistake.
>
> I did build cas with :
>
> implementation "org.apereo.cas:cas-server-core-api-configuration-model"
> implementation "org.apereo.cas:cas-server-webapp-init"
> implementation
> "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
> implementation
> "org.apereo.cas:cas-server-support-saml:${project.'cas.version'}"
> implementation
> "org.apereo.cas:cas-server-support-hazelcast-ticket-registry:${project.'cas.version'}"
> implementation
> "org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"
> implementation
> "org.apereo.cas:cas-server-support-saml-idp:${project.'cas.version'}"
> implementation
> "org.apereo.cas:cas-server-core-monitor:${project.'cas.version'}"
> implementation
> "org.apereo.cas:cas-server-support-reports:${project.'cas.version'}"
> implementation
> "org.apereo.cas:cas-server-support-discovery-profile:${project.'cas.version'}"
>
> I did't add nothing to cas-management
>
>
> Also did anyone manage to cluster management ?
>
>
> środa, 25 listopada 2020 o 17:25:49 UTC+1 Frédéric Lohier napisał(a):
>
>> Hello,
>>
>> For reference, in case this helps others in the community, I found out in
>> the source code of the cas-management project (6.2.3 tag) some properties
>> to setup CAS servers in the dashboard.
>>
>> In the management.properties file, I added the following properties :
>>
>> mgmt.casServers[0].name=your_cas_server_name
>> mgmt.casServers[0].url=https://your_domain/cas
>>
>> The "dashboard" and "CAS Info" tabs of the
>> https://my-domain/cas-management/dashboard are now populated with data
>> coming from my CAS server /health and /info actuators.
>> I had to enable the "show-details" of the health actuator to have the
>> dashboard tab working properly. you can enable it in the cas.properties
>> file of your CAS server with the following property :
>>
>> # display details in the /actuator/health endpoint. BE CAREFUL of the
>> property name, endpoint (without S), not endpoint*s* unlike the other
>> endpoints properties.
>> management.*endpoint*.health.show-details=ALWAYS
>>
>> However, the other tabs of the dashboard are currently not working as
>> intented :
>>
>> - "Cache" tab : I can click on the cache button, but nothing happens.
>> Maybe this is because I am missing some cache configuration on the CAS
>> server?
>> - "Resolve Attributes" tab : When I try to resolve a username, I get the
>> list of attributes, but they are not resolved, except for the username.
>> Could it be an authorization issue?
>> - "Release Attributes" tab : When I try to release attributes for a
>> username/service, it does not work and I get an AUTHENTICATION_FAILED error
>> in the cas_audit.log, even though I can log in to the service with this
>> user.
>> - "Audit log" tab : the list is empty and when I click on "download", I
>> get an empty file. Maybe some missing configuration to let the
>> CAS-Management know where it should fetch the CAS audit log?
>> - "SSO Sessions" : After I opened a session, I can see I have one item in
>> the list, but all the columns are empty (username, Created, Uses). Maybe
>> another authorization issue?
>> - "Loggers" tab : it works but it is very slow to load (maybe ~15 seconds
>> to load a list of 1835 loggers). The spring boot admin app can also list
>> all the loggers without any lag. Is there any plan to remove this loggers
>> tab from the CAS-management webapp or improve its performance?
>>
>> Any help or pointers are welcome, I am just trying to setup a proof of
>> concept in order to decide if we should switch to CAS or stick with
>> Shibboleth.
>>
>> Sorry for the long message but I though that at least this info would get
>> indexed on Google and it could be useful for others like who are trying to
>> setup CAS-Management :-).
>>
>> -Frederic
>>
>> On Monday, November 23, 2020 at 5:46:54 PM UTC+1 Frédéric Lohier wrote:
>>
>>> Hello,
>>>
>>> I am trying to setup the CAS Management dashboard in 6.2.x branch.
>>>
>>> I was initially trying to find the configuration of admin pages
>>> (dashboard) but I have read somewhere that admin pages (dashboard) was
>>>
Re: [cas-user] Why is ovewriting configs not supported in all kind of configs?
Thank you Ray. I will try it (in thelog4j2.xml?) and see if more information will be visible. If this is a spring config issue, can we use a bigger version of spring for the cas version 5.2.9? I see that the versions in the pom.xml is 1.5.14.RELEASE 4.3.17.RELEASE On Thursday, December 1, 2022 at 6:42:36 PM UTC+2 Ray Bon wrote: > Ria > > This sounds more like a spring config issue than a cas one. > This logger may provide some details: > > > > Ray > > On Thu, 2022-12-01 at 07:10 -0800, Freedom K wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > Hi everyone, > > I am facing an issue when trying to create a config file hierarchy for cas. > > I am using something like the below arguments in the run line of cas > > --spring.config.location=conf/cas_base.properties,conf/cas_custom.properties > > so as to be able to have some hierarchy of configs based on some > environment specific preferences. > > I have noticed that if I set for example > logging.level.org.apereo.cas=DEBUG in the file cas_base.properties and no > logging.level.org.apereo.cas is set to cas_custom.properties, it is read > from cas and I can see the logs in debug mode, as expected. > > However, if I set cas.authn.pac4j.saml[0].clientName in > cas_base.properties and not in cas_custom.properties, then the app does not > read it and I cannot get redirected to the identity provider I wish (OKTA). > > Is there any differences between the different type of configs that > prevents them from being able to work with a hierarchy type of config file > reading? > > The CAS version I am using is 5.2.9 > > Thanks, > Ria > > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8aed0e06-9775-432a-b114-3e755b467d11n%40apereo.org.
