Re: [cas-user] Application Not Authorized to Use CAS, After authentication.
CAS v5.3.x On Sun, 17 Nov 2019 at 09:44, mohamed gamal wrote: > Mr Abdelrahman, thanks for your support. > which version are you using ? > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/d2798992-7c7e-469d-9283-6a2ba279aef1%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d2798992-7c7e-469d-9283-6a2ba279aef1%40apereo.org?utm_medium=email&utm_source=footer> > . > -- Best regards, *Abdelrahman Halawa* Teacher Assistant, Computer and Systems Department, Al-Azhar University +2 01008131693 <+2+01008131693> | abdelrahmanhal...@gmail.com | Skype: abdelrahmanhalawa <https://mail.google.com/mail/u/0/#> | Maadi, Cairo, Egypt <http://eg.linkedin.com/pub/abdelrahman-halawa/2b/689/886> <http://twitter.com/Abdelrahman_S_H> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHr-WtbVeSNdQa8i52iVKoUYeSGbfXS9xR%2BGsFDGcePtzrEMWw%40mail.gmail.com.
Re: [cas-user] Application Not Authorized to Use CAS, After authentication.
Hi Mohammed,
below is my JSON file, you are free to use it and try. but you must
configure the SharePoint to use UPN and mail claims as the JSON shows.
Hint: It is a must to use the *realmcas *certificate as the signing
certificate for SharePoint config.
{
"@class" : "org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
"serviceId" : "https://.xxx.xxx.*";,
"realm" : "urn:org:apereo:cas:ws:idp:realm-CAS",
"name" : "Simple WS fed test application",
"id" : "101",
"description" : "SharePoint",
"evaluationOrder" : 1,
"tokenType" : "
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";,
"attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.ws.idp.services.WSFederationClaimsReleasePolicy",
"allowedAttributes" : {
"@class" : "java.util.TreeMap",
"USER_PRINCIPAL_NAME_2005" : "upn",
"EMAIL_ADDRESS_2005" : "mail"
}
}
}
On Wed, 13 Nov 2019 at 16:09, mohamed gamal
wrote:
> Unfortunatly Mr Abdelrahman,
>>
>> we are still facing the same error
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/82015f25-f74b-46d6-8504-8c85c1f28a2e%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/82015f25-f74b-46d6-8504-8c85c1f28a2e%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
Best regards,
*Abdelrahman Halawa*
Teacher Assistant, Computer and Systems Department, Al-Azhar University
+2 01008131693 <+2+01008131693> | abdelrahmanhal...@gmail.com | Skype:
abdelrahmanhalawa <https://mail.google.com/mail/u/0/#> | Maadi, Cairo, Egypt
<http://eg.linkedin.com/pub/abdelrahman-halawa/2b/689/886>
<http://twitter.com/Abdelrahman_S_H>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHr-WtYcRMjViow_DSnge9CdL9zBr6WGgVxx0%2B71FUT8uuzGBg%40mail.gmail.com.
Re: [cas-user] Application Not Authorized to Use CAS, After authentication.
Hi Mohammed,
Everything looks good except you need to set the token type in JSON file to
be SAMLV1.1.
SharePoint supports SAMLV1.1 only and the default in CAS is SAMLv2.
Change your JSON file as below and try again
..
"evaluationOrder" : 2,
"tokenType" : "
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";,
..
.
On Tue, 12 Nov 2019 at 13:25, mohamed gamal
wrote:
> Dear Abdelrahman,
> Below you can find the configuration and ther service json.
> Thanks for your support
>
>
> cas.authn.wsfedIdp.idp.realm=urn:org:apereo:cas:ws:idp:realm-CAS
> cas.authn.wsfedIdp.idp.realmName=CAS
> cas.authn.wsfedIdp.sts.subjectNameIdFormat=unspecified
> cas.authn.wsfedIdp.sts.encryptTokens=false
> cas.authn.wsfedIdp.sts.signingKeystoreFile=file
> :/etc/cas/config/signing.jks
> cas.authn.wsfedIdp.sts.signingKeystorePassword=changeit
> cas.authn.wsfedIdp.sts.encryptionKeystoreFile=file
> :/etc/cas/config/encryption.jks
> cas.authn.wsfedIdp.sts.encryptionKeystorePassword=changeit
> cas.authn.wsfedIdp.sts.realm.keystoreFile=file
> :/etc/cas/config/realmcas.jks
> cas.authn.wsfedIdp.sts.realm.keystorePassword=changeit
> cas.authn.wsfedIdp.sts.realm.keystoreAlias=realmcas
> cas.authn.wsfedIdp.sts.realm.keyPassword=changeit
> cas.authn.wsfedIdp.sts.realm.issuer=CAS
> cas.authn.wsfedIdp.sts.crypto.signing.key=xx
> cas.authn.wsfedIdp.sts.crypto.signing.keySize=xxx
> cas.authn.wsfedIdp.sts.crypto.encryption.key=xx
> cas.authn.wsfedIdp.sts.crypto.encryption.keySize=xxx
> cas.authn.wsfedIdp.sts.crypto.enabled=true
>
>
> {
> "@class" : "org.apereo.cas.ws.idp.services.WSFederationRegisteredService",
> "serviceId" : "https://devsp.xxx.xxx.xxx/.*";,
> "realm" : "urn:org:apereo:cas:ws:idp:realm-CAS",
> "name" : "Simple WS fed test application",
> "id" : 101,
> "evaluationOrder" : 2,
> "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> },
> "accessStrategy" : {
> "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
> "enabled" : true,
> "ssoEnabled":true,
> "caseInsensitive":true
> }
> }
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/4795c1da-9100-4bdd-a3c3-d22be3a5c0ca%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/4795c1da-9100-4bdd-a3c3-d22be3a5c0ca%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
Best regards,
*Abdelrahman Halawa*
Teacher Assistant, Computer and Systems Department, Al-Azhar University
+2 01008131693 <+2+01008131693> | abdelrahmanhal...@gmail.com | Skype:
abdelrahmanhalawa <https://mail.google.com/mail/u/0/#> | Maadi, Cairo, Egypt
<http://eg.linkedin.com/pub/abdelrahman-halawa/2b/689/886>
<http://twitter.com/Abdelrahman_S_H>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHr-WtYUNPBcs6yuxnB6GaaokWGBf_0BMRy88GFkZMdiA9gndw%40mail.gmail.com.
Re: [cas-user] Application Not Authorized to Use CAS, After authentication.
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> ~[tomcat-embed-core-9.0.20.jar!/:9.0.20]
> │
> │ at java.lang.Thread.run(Thread.java:834) [?:?]
>
> │
> │2019-11-11 13:22:51,868 WARN
> [org.apache.cxf.sts.operation.TokenIssueOperation] - <>
>
> │
> │org.apache.cxf.ws.security.sts.provider.STSException: The specified
> request failed
> │
> │ at
> org.apache.cxf.sts.token.provider.SAMLTokenProvider.createToken(SAMLTokenProvider.java:181)
> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>│
> │ at
> org.apache.cxf.sts.operation.TokenIssueOperation.issueSingle(TokenIssueOperation.java:172)
> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
> │
> │ at
> org.apache.cxf.sts.operation.TokenIssueOperation.issue(TokenIssueOperation.java:85)
> ~[cxf-services-sts-core-3.3.2.jar!/:3.3.2]
>│
> │ at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) ~[?:?]
> │
> │ at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:?]
> │
> │ at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:?]
> │
> │ at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
>
> │
> │ at
> org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider.invoke(SecurityTokenServiceProvider.java:244)
> ~[cxf-rt-ws-security-3.3.2.jar!/:3.3.2]
> │
> │ at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) ~[?:?]
> │
> │ at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:?]
> │
> │
>
>
> On Monday, November 11, 2019 at 3:39:57 AM UTC+3, Steve Cheung wrote:
>>
>> Hi mohamed,
>>
>> Please try this whether can help to solve your problem.
>>
>> 1. Enable the service registry module in CAS
>> /etc/cas/config/cas.properties
>> cas.serviceRegistry.initFromJson=false
>> cas.serviceRegistry.json.location:file:/etc/cas/services
>>
>> 2. Place the enabled services file under /etc/cas/services
>>
>> File name: HTTPSandIMAPS-1001.json
>>
>> Json content sample which only allows https and imaps call:
>> {
>> "@class": "org.apereo.cas.services.RegexRegisteredService",
>> "serviceId": "^(https|imaps)://.*",
>> "name": "HTTPS and IMAPS",
>> "id": 1001,
>> "description": "This service definition authorizes all application urls
>> that support HTTPS and IMAPS protocols.",
>> "evaluationOrder": 1
>> }
>>
>>
>> Regards, Steve
>>
>>
>>
>>
>>
>>
>>
>> On Sun, Nov 10, 2019 at 2:36 AM mohamed gamal
>> wrote:
>>
>>> Hello everyone,
>>> I am trying to integrate cas with a share point application using
>>> WS-FED I added the service file and the application connects normally to
>>> cas. the app redirects the user to cas for authentication, the user is
>>> authenticated by cas and I can see in logs that the user is authenticated
>>> and everything looks fine. But after the authentication the user is shown a
>>> message "Application Not Authorized to Use CAS". I am using the git service
>>> registry could this be the problem ? any idea how to solve this ?
>>> kindest regards.
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b7414a7-b714-400d-a1ea-16ee001b7f56%40apereo.org
>>> <https
Re: [cas-user] CAS 3.5.x CPU utilization problem
Hi Kanedb, OK, I'm going to do, thank you for your help. On Tuesday, 30 July 2019 17:23:06 UTC+2, kanedb wrote: > > My production server uses CAS 5.3 with over 30k users and no high CPU > usage. > Apache (load balancer) with 3 JBoss instances, ldap auth and hazelcast for > web and ticket registry cache. > > I recommend you to start your jvm with CPU profiling tools (i like to use > JProfiler). With it, you can evaluate which methods are consuming your CPU > time and try to resolve your problem. > > []'s, > kanedb > > Em ter, 30 de jul de 2019 às 08:59, David Curry > escreveu: > >> Well, sure, that could explain it. But I wouldn't say it's positively the >> reason. >> >> -- >> >> DAVID A. CURRY, CISSP >> *DIRECTOR • INFORMATION SECURITY & PRIVACY* >> THE NEW SCHOOL • INFORMATION TECHNOLOGY >> >> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >> +1 646 909-4728 • david...@newschool.edu >> >> >> On Tue, Jul 30, 2019 at 6:44 AM abdelrahman halawa > > wrote: >> >>> Hi David, >>> >>> Thank you for cooperation. >>> Kindly, Could you tell me what is the maximum concurrent users can your >>> own CAS server (one CAS server) service them without any kind of errors? >>> >>> >>> On Tue, Jul 30, 2019 at 10:36 AM abdelrahman halawa < >>> abdelrah...@gmail.com > wrote: >>> >>>> Sorry, there is something I have to clarify it. The picture above is >>>> taken from load testing by Jmeter tool at 200 concurrent users for 5 >>>> minutes. >>>> My question was about, Is the high number of transactions/s explains >>>> why the CPU utilization is so high? >>>> >>>> >>>> On Mon, Jul 29, 2019 at 8:47 PM David Curry >>> > wrote: >>>> >>>>> Did you say 75 concurrent users? That does seem kind of high to me >>>>> unless they're all logging in at exactly the same time. You'll see >>>>> several >>>>> back-and-forths with the client each time someone logs in, but by >>>>> "several" >>>>> I mean 5 or 10 (depending on different conditions), not tens or hundreds. >>>>> >>>>> >>>>> -- >>>>> >>>>> DAVID A. CURRY, CISSP >>>>> *DIRECTOR • INFORMATION SECURITY & PRIVACY* >>>>> THE NEW SCHOOL • INFORMATION TECHNOLOGY >>>>> >>>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >>>>> +1 646 909-4728 • david...@newschool.edu >>>>> >>>>> >>>>> On Mon, Jul 29, 2019 at 10:39 AM abdelrahman halawa < >>>>> abdelrah...@gmail.com > wrote: >>>>> >>>>>> OK. Thanks for helping. >>>>>> >>>>>> Is the number of transactions in the picture is high, if yes, Does >>>>>> this explains the CPU utilization? >>>>>> [image: image.png] >>>>>> >>>>>> >>>>>> On Mon, Jul 29, 2019 at 2:32 PM David Curry >>>>> > wrote: >>>>>> >>>>>>> At the moment we're using Tomcat 8.5.x and Java 1.8.x (OpenJDK). >>>>>>> >>>>>>> I don't have Tomcat settings like the ones you show (property file >>>>>>> style), because I use an external Tomcat and it's configured with XML >>>>>>> files. The settings are the same as what's documented here: >>>>>>> >>>>>>> >>>>>>> https://dacurry-tns.github.io/deploying-apereo-cas/setup_tomcat_overview.html >>>>>>> >>>>>>> >>>>>>> The only performance-related changes there would be enabling >>>>>>> resource caching, enabling asynchronous requests (I don't believe CAS >>>>>>> will >>>>>>> work without this), and making sure that asynchronous logging is >>>>>>> enabled. >>>>>>> >>>>>>> The SSL configuration does enable a better-performing SSL library, >>>>>>> but I can't imagine that your problem lies there. (My reasons for >>>>>>> enabling >>>>>>> it were less for performance reasons and more for better support of >>>>>>> newer >>>>>>> ciphers, etc.) >>
Re: [cas-user] CAS 3.5.x CPU utilization problem
Hi david.curry, How are youCould you tell me the Tomcat version you use? Also, If you don't mind, reply to the previous email On Sun, Jul 28, 2019 at 6:36 PM abdelrahman halawa < abdelrahmanhal...@gmail.com> wrote: > Nice, I will try your JVM settings. > By the way, the CPU reaches about 100% only with Java (CAS). > Here my Tomcat configuration: > > server.max-http-header-size=2097152 > server.use-forward-headers=true > server.connection-timeout=2 > server.error.include-stacktrace=NEVER > server.compression.enabled=true > > server.compression.mime-types=application/javascript,application/json,application/xml,text/html,text/xml,text/plain > server.tomcat.max-http-post-size=2097152 > server.tomcat.min-spare-threads=20 > server.tomcat.max-threads=200 > server.tomcat.accept-count=1024 > server.tomcat.max-connections=1 > server.tomcat.port-header=X-Forwarded-Port > server.tomcat.protocol-header=X-Forwarded-Proto > server.tomcat.protocol-header-https-value=https > server.tomcat.remote-ip-header=X-FORWARDED-FOR > server.tomcat.uri-encoding=UTF-8 > > Could you share your Tomcat configuration with me? > I want to check if the CPU issue related to Tomcat misconfiguration or not > > > On Sun, Jul 28, 2019 at 5:47 PM David Curry > wrote: > >> Well, I'm not too knowledgeable about Windows Server, but that seems >> reasonable. Is the server in general at 90% CPU, or is it the actual Java >> process that's at 90%? >> >> I don't run the embedded server so don't know its defaults -- What's the >> Java heap size limited to? Should be less than the physical memory. What >> garbage collector is it using? On our 4-core 16GB Linux servers we run this: >> >> jsvc.exec -Dcatalina.home=/opt/tomcat/latest >> -Dcatalina.base=/opt/tomcat/latest -Djava.awt.headless=true >> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager >> -Djava.util.logging.config.file=/opt/tomcat/latest/conf/logging.properties >> -cp >> /opt/tomcat/latest/bin/commons-daemon.jar:/opt/tomcat/latest/bin/bootstrap.jar:/opt/tomcat/latest/bin/tomcat-juli.jar >> -pidfile /var/run/tomcat.pid -java-home /usr/lib/jvm/java-openjdk -user >> tomcat -Xms512M -Xmx8192M -XX:+DisableExplicitGC -XX:+UseConcMarkSweepGC >> -XX:+UseParNewGC -XX:MaxGCPauseMillis=500 -server >> org.apache.catalina.startup.Bootstrap >> >> which is enough for CAS with Hazelcast ticket registry and the management >> webapp (all in the same Tomcat process). We're also running a small mongod >> (2gb cache size) on each server which handles the services registry. Most >> of the time, the servers are idle or very close to it. >> >> Could you have something that takes a (relatively) long time that causing >> the server to block? A slow LDAP, or slow database query, or something? We >> had problems like that when we were using MongoDB as our ticket registry; >> under heavy activity Mongo was too slow and the CAS threads would block >> waiting on it to complete. It wasn't pretty. >> >> --Dave >> >> >> -- >> >> DAVID A. CURRY, CISSP >> *DIRECTOR • INFORMATION SECURITY & PRIVACY* >> THE NEW SCHOOL • INFORMATION TECHNOLOGY >> >> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >> +1 646 909-4728 • david.cu...@newschool.edu >> >> >> On Sun, Jul 28, 2019 at 11:00 AM abdelrahman halawa < >> abdelrahmanhal...@gmail.com> wrote: >> >>> How many CPUs? >>> *4X* Intel(R) Xeon(R) @ 2.40GHz, 2400 Mhz, 2 Core(s) >>> How much memory? >>> 16G >>> What operating system? >>> Windows Server 2012 >>> What else is running on the server (nothing, hopefully)? >>> Nothing >>> Is the server paging or swapping (you don't want it to be)? >>> The default of Windows Server >>> >>> >>> >>> On Sun, Jul 28, 2019 at 4:44 PM David Curry >>> wrote: >>> >>>> How many CPUs? >>>> How much memory? >>>> What operating system? >>>> What else is running on the server (nothing, hopefully)? >>>> Is the server paging or swapping (you don't want it to be)? >>>> If you're running on Linux VMs, do you have an entropy source for the >>>> crypto (you should)? >>>> >>>> >>>> -- >>>> >>>> DAVID A. CURRY, CISSP >>>> *DIRECTOR • INFORMATION SECURITY & PRIVACY* >>>> THE NEW SCHOOL • INFORMATION TECHNOLOGY >>>> >>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 1000
Re: [cas-user] CAS 3.5.x CPU utilization problem
Nice, I will try your JVM settings. By the way, the CPU reaches about 100% only with Java (CAS). Here my Tomcat configuration: server.max-http-header-size=2097152 server.use-forward-headers=true server.connection-timeout=2 server.error.include-stacktrace=NEVER server.compression.enabled=true server.compression.mime-types=application/javascript,application/json,application/xml,text/html,text/xml,text/plain server.tomcat.max-http-post-size=2097152 server.tomcat.min-spare-threads=20 server.tomcat.max-threads=200 server.tomcat.accept-count=1024 server.tomcat.max-connections=1 server.tomcat.port-header=X-Forwarded-Port server.tomcat.protocol-header=X-Forwarded-Proto server.tomcat.protocol-header-https-value=https server.tomcat.remote-ip-header=X-FORWARDED-FOR server.tomcat.uri-encoding=UTF-8 Could you share your Tomcat configuration with me? I want to check if the CPU issue related to Tomcat misconfiguration or not On Sun, Jul 28, 2019 at 5:47 PM David Curry wrote: > Well, I'm not too knowledgeable about Windows Server, but that seems > reasonable. Is the server in general at 90% CPU, or is it the actual Java > process that's at 90%? > > I don't run the embedded server so don't know its defaults -- What's the > Java heap size limited to? Should be less than the physical memory. What > garbage collector is it using? On our 4-core 16GB Linux servers we run this: > > jsvc.exec -Dcatalina.home=/opt/tomcat/latest > -Dcatalina.base=/opt/tomcat/latest -Djava.awt.headless=true > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager > -Djava.util.logging.config.file=/opt/tomcat/latest/conf/logging.properties > -cp > /opt/tomcat/latest/bin/commons-daemon.jar:/opt/tomcat/latest/bin/bootstrap.jar:/opt/tomcat/latest/bin/tomcat-juli.jar > -pidfile /var/run/tomcat.pid -java-home /usr/lib/jvm/java-openjdk -user > tomcat -Xms512M -Xmx8192M -XX:+DisableExplicitGC -XX:+UseConcMarkSweepGC > -XX:+UseParNewGC -XX:MaxGCPauseMillis=500 -server > org.apache.catalina.startup.Bootstrap > > which is enough for CAS with Hazelcast ticket registry and the management > webapp (all in the same Tomcat process). We're also running a small mongod > (2gb cache size) on each server which handles the services registry. Most > of the time, the servers are idle or very close to it. > > Could you have something that takes a (relatively) long time that causing > the server to block? A slow LDAP, or slow database query, or something? We > had problems like that when we were using MongoDB as our ticket registry; > under heavy activity Mongo was too slow and the CAS threads would block > waiting on it to complete. It wasn't pretty. > > --Dave > > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR • INFORMATION SECURITY & PRIVACY* > THE NEW SCHOOL • INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 646 909-4728 • david.cu...@newschool.edu > > > On Sun, Jul 28, 2019 at 11:00 AM abdelrahman halawa < > abdelrahmanhal...@gmail.com> wrote: > >> How many CPUs? >> *4X* Intel(R) Xeon(R) @ 2.40GHz, 2400 Mhz, 2 Core(s) >> How much memory? >> 16G >> What operating system? >> Windows Server 2012 >> What else is running on the server (nothing, hopefully)? >> Nothing >> Is the server paging or swapping (you don't want it to be)? >> The default of Windows Server >> >> >> >> On Sun, Jul 28, 2019 at 4:44 PM David Curry >> wrote: >> >>> How many CPUs? >>> How much memory? >>> What operating system? >>> What else is running on the server (nothing, hopefully)? >>> Is the server paging or swapping (you don't want it to be)? >>> If you're running on Linux VMs, do you have an entropy source for the >>> crypto (you should)? >>> >>> >>> -- >>> >>> DAVID A. CURRY, CISSP >>> *DIRECTOR • INFORMATION SECURITY & PRIVACY* >>> THE NEW SCHOOL • INFORMATION TECHNOLOGY >>> >>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >>> +1 646 909-4728 • david.cu...@newschool.edu >>> >>> >>> On Sun, Jul 28, 2019 at 7:51 AM abdelrahman halawa < >>> abdelrahmanhal...@gmail.com> wrote: >>> >>>> Hello all, >>>> >>>> I noticed that the CPU utilization of my CAS server reaches above 90% >>>> with only 75 concurrent users or maybe less. >>>> >>>> Has this happened with you as well? Any suggestions to overcome this? >>>> >>>> I use embedded Tomcat with default settings. >>>> >>>> Thanks in advance. >>>> >>>> -- &g
Re: [cas-user] CAS 3.5.x CPU utilization problem
How many CPUs? *4X* Intel(R) Xeon(R) @ 2.40GHz, 2400 Mhz, 2 Core(s) How much memory? 16G What operating system? Windows Server 2012 What else is running on the server (nothing, hopefully)? Nothing Is the server paging or swapping (you don't want it to be)? The default of Windows Server On Sun, Jul 28, 2019 at 4:44 PM David Curry wrote: > How many CPUs? > How much memory? > What operating system? > What else is running on the server (nothing, hopefully)? > Is the server paging or swapping (you don't want it to be)? > If you're running on Linux VMs, do you have an entropy source for the > crypto (you should)? > > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR • INFORMATION SECURITY & PRIVACY* > THE NEW SCHOOL • INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 646 909-4728 • david.cu...@newschool.edu > > > On Sun, Jul 28, 2019 at 7:51 AM abdelrahman halawa < > abdelrahmanhal...@gmail.com> wrote: > >> Hello all, >> >> I noticed that the CPU utilization of my CAS server reaches above 90% >> with only 75 concurrent users or maybe less. >> >> Has this happened with you as well? Any suggestions to overcome this? >> >> I use embedded Tomcat with default settings. >> >> Thanks in advance. >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+unsubscr...@apereo.org. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/fe73e941-cf70-4d77-a747-1f1c4d76a527%40apereo.org >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/fe73e941-cf70-4d77-a747-1f1c4d76a527%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPPO%3D_pb%3Dg7_f5T28aUWLWEkYpyTNn_p27cq5tZQqLcOw%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPPO%3D_pb%3Dg7_f5T28aUWLWEkYpyTNn_p27cq5tZQqLcOw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- Best regards, -------- [image: photo] *Abdelrahman Halawa* Teacher Assistant, Computer and Systems Department, Al-Azhar University +2 01008131693 <+2+01008131693> | abdelrahmanhal...@gmail.com | Skype: abdelrahmanhalawa <https://mail.google.com/mail/u/0/#> | Maadi, Cairo, Egypt <http://eg.linkedin.com/pub/abdelrahman-halawa/2b/689/886> <http://twitter.com/Abdelrahman_S_H> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMKQGEb5aaQ6-vNkqsC_XfZt8Y0HN5H%3D6iFwPC%3DeHsa9hPu2oA%40mail.gmail.com.
[cas-user] CAS 3.5.x CPU utilization problem
Hello all, I noticed that the CPU utilization of my CAS server reaches above 90% with only 75 concurrent users or maybe less. Has this happened with you as well? Any suggestions to overcome this? I use embedded Tomcat with default settings. Thanks in advance. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fe73e941-cf70-4d77-a747-1f1c4d76a527%40apereo.org.
[cas-user] CAS 3.3.x CPU utilization
Hello all, I noticed that the CPU utilization of my CAS server reaches above 90% with only 75 concurrent users or maybe less. Has this happened with you as well? Any suggestions to overcome this? I use embedded Tomcat with default settings. Thanks in advance. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/21451132-37ff-45bc-87bb-7caa42250c9f%40apereo.org.
Re: [cas-user] CAS 6.1.0-RC5-SNAPSHOT --- Management & Status Dashboard installition requirements
Hi,
The JSON files are good.
Below, my suggestion configurations:
cas.properties-
management.contextPath=/status
management.security.enabled=true
management.security.roles=ACTUATOR,ADMIN
management.security.sessions=if-required
cas.adminPagesSecurity.actuatorEndpointsEnabled=true
cas.monitor.endpoints.enabled=true
endpoints.enabled=true
cas.adminPagesSecurity.ip=127\\.0\\.0\\.1
cas.monitor.endpoints.sensitive=false
endpoints.sensitive=false
cas.adminPagesSecurity.loginUrl=${cas.server.prefix}/login
cas.adminPagesSecurity.service=${cas.server.prefix}/status/dashboard
cas.adminPagesSecurity.users=file:etc/cas/config/adminusers.properties
//file contains the authorized users, who will uses CAS
cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
--adminusers.properties--
casuser=notused,ROLE_ADMIN
Management.properties---
cas.server.name=https://xxx
cas.server.prefix=${cas.server.name}/cas
mgmt.adminRoles[0]=ROLE_ADMIN
mgmt.userPropertiesFile= file:etc/cas/config/adminusers.properties
mgmt.serverName=https://:8443
server.context-path=/cas-management
cas.serviceRegistry.json.location=file:xxx //path to the
folder, which contains JSON files
cas.serviceRegistry.initFromJson=true
On Wed, Jul 17, 2019 at 10:37 AM M.Pedis wrote:
> Hi
>
> *Abdelrahman , *I followed every steps but it couldn work for me , i
> think i miss something or configure wrong. Could you please share an
> example configuration for admin-dashboard ( also json file ) and
> cas-management compatible with cas-server 6.1.0-RC5-SNAPSHOT version?
> I wrote my cas properties below and services file ;
>
> cas.properties ; (it properly works )
>
>
> cas.server.name:https://cas.xxx.edu.tr:8443
> server.prefix=${server.name}/cas
>
> cas.authn.accept.users=
>
> logging.config: file:/etc/cas/config/log4j2.xml
>
> cas.tgc.secure:true
> #
> cas.tgc.crypto.encryption.key:r88iOMdbRMLOkITV54kax4WgadTdzUYSBXNhOp_oqS0
>
> cas.tgc.crypto.signing.key:bMpP_eHgIsL1kz_cnxEqYo9Bb384V70eZIvWctQ5V6xTO4P6wsQjFlglD9OSQNlFdb0mT2Q1E3qXdo05_tzrjQ
> cas.webflow.crypto.encryption.key:Kmj1JJSPOTSiagI4gCxhUA==
>
> cas.webflow.crypto.signing.key:hGapVlP6pCzIUo_CCboRszQpvWFPazmyuWsBUOoWYqUQqMKw55al5c_EGH6VBtjpIVUqEAXcvLQjQ8HaVBEmDw
> #
> cas.authn.ldap[0].type=AUTHENTICATED
>
> cas.authn.ldap[0].principalAttributeList=cn,givenName,userPrincipalName,description
> cas.authn.ldap[0].bindDn=cn=Users,DC=xxx,DC=edu,DC=tr
> cas.authn.ldap[0].ldapUrl=ldap://192.168.98.60:389
> #cas.authn.ldap[0].searchFilter=cn={user}
> cas.authn.ldap[0].searchFilter=(userPrincipalName={user})
> cas.authn.ldap[0].bindDn=cn=CAS ldap,cn=users,dc=,dc=edu,dc=tr
> cas.authn.ldap[0].bindCredential=
> cas.authn.ldap[0].baseDn=OU=Domain Users,DC=xxx,DC=edu,DC=tr
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].useSsl=false
> #
> #cas.mgmt.serverName:${cas.server.name}
>
> /etc/cas/services--- =
>
> CASAdminDashboard-1563349460.json
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "^
> https://cas.x.edu.tr:8443/cas/status/dashboard(\\z|/.*)",
> "name" : "CAS Admin Dashboard",
> "id" : 1563349460,
> "description" : "CAS dashboard and administrative endpoints",
> "evaluationOrder" : 5000
> }
>
> CASServiceManagement-1563352362.json
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "^https://cas.x.edu.tr:8443/cas-management(\\z|/.*)",
> "name" : "CAS Services Management",
> "id" : 1563352362,
> "description" : "CAS services management webapp",
> "evaluationOrder" : 5500
> }
>
>
>
> What do i need to add cas.properties , management.properties , users.json
> .. _?
>
> Thanks
>
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/b896eef0-c675-459e-b940-ef765014757c%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b896eef0-c675-459e-b940-ef765014757c%40apereo.org?utm_medium=email&utm_source=footer>
> .
Re: [cas-user] CAS 6.1.0-RC5-SNAPSHOT --- Management & Status Dashboard installition requirements
Follow the steps in this tutorial.
https://dacurry-tns.github.io/deploying-apereo-cas/building_svcmgmt_overview.html
On Tue, Jul 16, 2019 at 2:26 PM M.Pedis wrote:
>
> Hi Everyone ,
>
> I successfully deployed CAS 6.1.0-RC5-SNAPSHOT and i am able to login with
> ldap account. Everything works properly up to this point. I just want to
> deploy cas management for manage json-services but i could not deploy
> cas-management web ui.
> I added ldap and service-registry dependincies to build.gradle file , then
> it build cas-management.war successfully. (
> https://github.com/apereo/cas-management-overlay)
>
> build.gradle file ;
>
> dependencies {
> if (project.hasProperty("external"))
> {
> compile
> "org.apereo.cas:cas-mgmt-webapp:${project.'casmgmt.version'}"
> } else
> {
> compile
> "org.apereo.cas:cas-mgmt-webapp${project.appServer}:${project.'casmgmt.version'}"
> }
> compile
> "org.apereo.cas:cas-server-support-ldap:${project.'casmgmt.version'}"
> compile
> "org.apereo.cas:cas-server-support-json-service-registry:${project.'casmgmt.version'}"
> }
>
>
> Could someone help me about configuration of cas.properties and
> cas.management properties? What should i write in it to gain access for
> cas-management web page, and also cas-status dashboard?
>
> Thanks for all your help and guidence...
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f997b827-43f4-4421-8246-b52749c7e90c%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f997b827-43f4-4421-8246-b52749c7e90c%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
Best regards,
[image: photo]
*Abdelrahman Halawa*
Teacher Assistant, Computer and Systems Department, Al-Azhar University
+2 01008131693 <+2+01008131693> | abdelrahmanhal...@gmail.com | Skype:
abdelrahmanhalawa <https://mail.google.com/mail/u/0/#> | Maadi, Cairo, Egypt
<http://eg.linkedin.com/pub/abdelrahman-halawa/2b/689/886>
<http://twitter.com/Abdelrahman_S_H>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMKQGEbTM3AaeHTzy%3DuaD3axz3n%2BFo2Gjj3Faa7jnYEcAhC5Sg%40mail.gmail.com.
Re: [cas-user] cas jpa-ticket-registry with oauth-webflow javax.persistence.TransactionRequiredException
In general, don't use JPA for ticket registery it has errors; instead, use cache based ticket registery(such as, haselcast or me cache) it will perform well with you On Fri, Jul 12, 2019, 5:55 PM Ken Hopkins wrote: > I am trying to get a jpa-ticket-registry configured for CAS but I'm > getting a TransactionRequiredException in CAS when my application tries to > verify the login token with CAS. > > The exception is: > > javax.persistence.TransactionRequiredException: Executing an update/delete > query > at > org.hibernate.query.internal.AbstractProducedQuery.executeUpdate(AbstractProducedQuery.java:1496) > ~[hibernate-core-5.2.17.Final.jar!/:5.2.17.Final] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > ~[?:1.8.0_192] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:1.8.0_192] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:1.8.0_192] > at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192] > at > org.springframework.orm.jpa.SharedEntityManagerCreator$DeferredQueryInvocationHandler.invoke(SharedEntityManagerCreator.java:375) > ~[spring-orm-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at com.sun.proxy.$Proxy216.executeUpdate(Unknown Source) ~[?:?] > at > org.apereo.cas.ticket.registry.JpaTicketRegistry.deleteSingleTicket(JpaTicketRegistry.java:158) > ~[cas-server-support-jpa-ticket-registry-5.3.11.jar!/:5.3.11] > at > org.apereo.cas.ticket.registry.AbstractTicketRegistry.deleteTicket(AbstractTicketRegistry.java:121) > ~[cas-server-core-tickets-api-5.3.11.jar!/:5.3.11] > at > org.apereo.cas.ticket.registry.AbstractTicketRegistry.deleteTicket(AbstractTicketRegistry.java:98) > ~[cas-server-core-tickets-api-5.3.11.jar!/:5.3.11] > at > org.apereo.cas.ticket.registry.AbstractTicketRegistry$$FastClassBySpringCGLIB$$d3c67a11.invoke() > ~[cas-server-core-tickets-api-5.3.11.jar!/:5.3.11] > at > org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) > ~[spring-core-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:667) > ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.apereo.cas.ticket.registry.JpaTicketRegistry$$EnhancerBySpringCGLIB$$9000de6b.deleteTicket() > ~[cas-server-support-jpa-ticket-registry-5.3.11.jar!/:5.3.11] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > ~[?:1.8.0_192] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:1.8.0_192] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:1.8.0_192] > at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192] > at > org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) > ~[spring-core-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) > ~[spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) > ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at com.sun.proxy.$Proxy109.deleteTicket(Unknown Source) ~[?:?] > at > org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator.generate(OAuth20DefaultTokenGenerator.java:67) > ~[cas-server-support-oauth-5.3.11.jar!/:5.3.11] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > ~[?:1.8.0_192] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:1.8.0_192] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:1.8.0_192] > at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_192] > at > org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) > ~[spring-core-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:470) > ~[spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) > ~[spring-aop-4.3.20.RELEASE.jar!/:4.3.20.RELEASE] > at com.sun.proxy.$Proxy175.generate(Unknown Source) ~[?:?] > at > org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController.handleRequest(OAuth20AccessTokenEndpointController.java:119) > ~[cas-server-su
[cas-user] Re: CAS 5.3.x WS-Federation JPA ticket registry error
*here is my configuration:*
cas.authn.wsfedIdp.idp.realm=urn:org:apereo:cas:ws:idp:realm-CAS
cas.authn.wsfedIdp.idp.realmName=CAS
cas.authn.wsfedIdp.sts.subjectNameIdFormat=unspecified
cas.authn.wsfedIdp.sts.encryptTokens=false
cas.authn.wsfedIdp.sts.signingKeystoreFile=file:etc/cas/sts/ststrust.jks
cas.authn.wsfedIdp.sts.signingKeystorePassword=storepass
cas.authn.wsfedIdp.sts.encryptionKeystoreFile=file:etc/cas/sts/stsencrypt.jks
cas.authn.wsfedIdp.sts.encryptionKeystorePassword=storepass
cas.authn.wsfedIdp.sts.realm.keystoreFile=file:etc/cas/sts/stsrealm_a.jks
cas.authn.wsfedIdp.sts.realm.keystorePassword=storepass
cas.authn.wsfedIdp.sts.realm.keystoreAlias=realma
cas.authn.wsfedIdp.sts.realm.keyPassword=storepass
cas.authn.wsfedIdp.sts.realm.issuer=CAS
cas.authn.wsfedIdp.sts.crypto.signing.key=uPrx3XsirSbRMy1EjXGxx
cas.authn.wsfedIdp.sts.crypto.signing.keySize=512
cas.authn.wsfedIdp.sts.crypto.encryption.key=GBztWJMRrQucEV
cas.authn.wsfedIdp.sts.crypto.encryption.keySize=256
cas.authn.wsfedIdp.sts.crypto.enabled=true
Also when I was adding relying party in CAS I have to set appliesTo to null
(i.e I didn't use appliesTo)
Finally, I suggest using Hazelcast for Ticket registry instead of JPA.
On Tuesday, 2 July 2019 11:11:28 UTC+2, abdelrahman halawa wrote:
>
> Hello,
> *I'm using CAS v5.3.9. I want to use WS-federation feature so I added
> these dependencies into pom.xml*
>
>
> org.apereo.cas
> cas-server-support-ws-sts
> ${cas.version}
>
>
> org.apereo.cas
> cas-server-support-ws-idp
> ${cas.version}
>
>
> *After that, when I was adding JPA ticket registry* {
>
>
> org.apereo.cas
> cas-server-support-jpa-ticket-registry
> ${cas.version}
> }
>
> *I got this error*
>
> 2019-07-02 11:54:37,058 WARN [org.apereo.cas.web.CasWebApplicationContext]
> - attempt: org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'casBeanValidationPostProcessor' defined in class
> path resource [org/apereo/cas/config/CasCoreUtilConfiguration.class]:
> BeanPostProcessor before instantiation of bean failed; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name
> 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration':
>
> Initialization of bean failed; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name 'ticketTransactionManager' defined in class path
> resource [org/apereo/cas/config/JpaTicketRegistryConfiguration.class]:
> Unsatisfied dependency expressed through method 'ticketTransactionManager'
> parameter 0; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'ticketEntityManagerFactory' defined in class path resource
> [org/apereo/cas/config/JpaTicketRegistryConfiguration.class]: Invocation of
> init method failed; nested exception is org.hibernate.AnnotationException:
> No identifier specified for entity:
> org.apereo.cas.ticket.SecurityTokenTicket>
>
> Any help?
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/17efe336-cee3-4a0c-a4f2-a6a2e17e80ab%40apereo.org.
[cas-user] Hazelcast Ticket Registry best configuration recommendation
Hi all, I'm using Hazelcast for ticket registry and I noticed *Hazelcast* *consume CPU much*, I need to know if anything is wrong in my configuration, please? Here is my config: cas.ticket.registry.hazelcast.cluster.members=172.xx.xx.x1,172.xx.xx.x2,172.xx.xx.x3,172.xx.xx.x4 cas.ticket.registry.hazelcast.cluster.backupCount=0 cas.ticket.registry.hazelcast.cluster.asyncBackupCount=4 cas.ticket.registry.hazelcast.crypto.signing.key=gPuQ6dl5RNhigHTbND1UGuGBx cas.ticket.registry.hazelcast.crypto.signing.keySize=512 cas.ticket.registry.hazelcast.crypto.encryption.key=I2pnZDYzxxx cas.ticket.registry.hazelcast.crypto.encryption.keySize=16 cas.ticket.registry.hazelcast.crypto.enabled=true Hints: CAS version ->5.3.9 I have 4 CAS servers each has a Hazelcast I set the cas.ticket.registry.hazelcast.cluster.asyncBackupCount=4 to share the ticket with other CAS server with my best wishes, -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c22a4489-bae9-48be-8d9a-1e0a958ae3a9%40apereo.org.
[cas-user] Re: CAS 5.3.x WS-Federation JPA ticket registry error
By the way, I solved that error by myself. If anyone faced this issue I
will help him for free. Just send an email to me :)
On Tuesday, 2 July 2019 11:11:28 UTC+2, abdelrahman halawa wrote:
>
> Hello,
> *I'm using CAS v5.3.9. I want to use WS-federation feature so I added
> these dependencies into pom.xml*
>
>
> org.apereo.cas
> cas-server-support-ws-sts
> ${cas.version}
>
>
> org.apereo.cas
> cas-server-support-ws-idp
> ${cas.version}
>
>
> *After that, when I was adding JPA ticket registry* {
>
>
> org.apereo.cas
> cas-server-support-jpa-ticket-registry
> ${cas.version}
> }
>
> *I got this error*
>
> 2019-07-02 11:54:37,058 WARN [org.apereo.cas.web.CasWebApplicationContext]
> - attempt: org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'casBeanValidationPostProcessor' defined in class
> path resource [org/apereo/cas/config/CasCoreUtilConfiguration.class]:
> BeanPostProcessor before instantiation of bean failed; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name
> 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration':
>
> Initialization of bean failed; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name 'ticketTransactionManager' defined in class path
> resource [org/apereo/cas/config/JpaTicketRegistryConfiguration.class]:
> Unsatisfied dependency expressed through method 'ticketTransactionManager'
> parameter 0; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'ticketEntityManagerFactory' defined in class path resource
> [org/apereo/cas/config/JpaTicketRegistryConfiguration.class]: Invocation of
> init method failed; nested exception is org.hibernate.AnnotationException:
> No identifier specified for entity:
> org.apereo.cas.ticket.SecurityTokenTicket>
>
> Any help?
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e24e3595-cdc5-4372-a4f8-8e1b44caf390%40apereo.org.
[cas-user] CAS 5.3.x WS-Federation JPA ticket registry error
Hello,
*I'm using CAS v5.3.9. I want to use WS-federation feature so I added these
dependencies into pom.xml*
org.apereo.cas
cas-server-support-ws-sts
${cas.version}
org.apereo.cas
cas-server-support-ws-idp
${cas.version}
*After that, when I was adding JPA ticket registry* {
org.apereo.cas
cas-server-support-jpa-ticket-registry
${cas.version}
}
*I got this error*
2019-07-02 11:54:37,058 WARN [org.apereo.cas.web.CasWebApplicationContext]
-
Any help?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f6e16fe9-6cf0-4568-9a66-3886dae673b6%40apereo.org.
[cas-user] CAS 5.3.x WS-Federation fatal error
Hello,
*I'm using CAS v5.3.9. I want to use WS-federation feature so I added these
dependencies into pom.xml*
org.apereo.cas
cas-server-support-ws-sts
${cas.version}
org.apereo.cas
cas-server-support-ws-idp
${cas.version}
*After that, when I was adding JPA ticket registry* {
org.apereo.cas
cas-server-support-jpa-ticket-registry
${cas.version}
}
*I got this error*
2019-07-02 11:54:37,058 WARN [org.apereo.cas.web.CasWebApplicationContext]
-
Any help?
--
Best regards,
[image: photo]
*Abdelrahman Halawa*
Teacher Assistant, Computer and Systems Department, Al-Azhar University
+2 01008131693 <+2+01008131693> | abdelrahmanhal...@gmail.com | Skype:
abdelrahmanhalawa <https://mail.google.com/mail/u/0/#> | Maadi, Cairo, Egypt
<http://eg.linkedin.com/pub/abdelrahman-halawa/2b/689/886>
<http://twitter.com/Abdelrahman_S_H>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMKQGEaq-LMfVfStdfNwJ3CQka1qnW2Eg4CWjF-HM5o%2BvRLG4w%40mail.gmail.com.
