[cas-user] CAS 5.3.8 EhCache & DiskStorage Problem
Hi Community Currently we use the CAS in version 5.3.8. There are two instances which share tickets through the ehcache (version 2.10.5). The CAS gets his property data from the cas config server. The problem we are facing applies to the EhCache disk storage. Unfortunately the tickets are not saved to disk although disk overflow is configured. I have spent some time with debugging but currently I am not able to find the problem. The ehcache ticket registry works well in memory but as soon as the memory max ticket size is reached the tickets will be deleted from memory. the configured storage on disk stays empty without any cache file. here is the ehcache configuration from the cas config server: *## CAS EhCache Parameters* cas.ticket.registry.ehcache.replicateUpdatesViaCopy=true #cas.ticket.registry.ehcache.cacheManagerName=ehCacheTicketRegistryCache cas.ticket.registry.ehcache.cacheManagerName=ehcacheTicketCacheManager cas.ticket.registry.ehcache.replicatePuts=true cas.ticket.registry.ehcache.replicateUpdates=true cas.ticket.registry.ehcache.memoryStoreEvictionPolicy=LRU cas.ticket.registry.ehcache.configLocation=classpath:/xy/fakedomain/config/${environment.target}/${xy.fakedomain.node.id}/ehcache-replicated.xml cas.ticket.registry.ehcache.maximumBatchSize=100 cas.ticket.registry.ehcache.shared=true cas.ticket.registry.ehcache.replicationInterval=1 #cas.ticket.registry.ehcache.cacheTimeToLive=15724800 cas.ticket.registry.ehcache.diskExpiryThreadIntervalSeconds=240 cas.ticket.registry.ehcache.replicateRemovals=true cas.ticket.registry.ehcache.maxChunkSize=500 cas.ticket.registry.ehcache.maxElementsOnDisk=10 #cas.ticket.registry.ehcache.maxElementsInCache=5 cas.ticket.registry.ehcache.maxElementsInMemory=1 cas.ticket.registry.ehcache.eternal=false cas.ticket.registry.ehcache.loaderAsync=true cas.ticket.registry.ehcache.replicatePutsViaCopy=true #cas.ticket.registry.ehcache.cacheTimeToIdle=604800 cas.ticket.registry.ehcache.persistence=DISTRIBUTED cas.ticket.registry.ehcache.synchronousWrites=false *ehcache-replicated.xml (one of both files)* http://www.w3.org/2001/XMLSchema-instance; xsi:noNamespaceSchemaLocation="http://ehcache.org/ehcache.xsd;> *Logfile 1 - set to log net.sf.ehcache* attached as file ehcache.log *Logfile 2 - set to log * *org.apereo.cas.config.EhcacheTicketRegistryConfiguration* *org.apereo.cas.config.EhcacheTicketRegistryTicketCatalogConfiguration* *org.apereo.cas.ticket.registry* attached as file ehcacheCas.log Any help would be very appreciated Many thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/93ff7025-2a5d-4625-b864-58a7049c3931n%40apereo.org. 2020-09-14 11:47:22,248 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:22,624 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:22,624 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:22,624 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:22,625 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:22,625 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:22,625 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:22,625 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:22,625 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:22,625 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:26,198 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:26,222 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:26,222 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:26,222 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:26,222 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:26,222 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:26,222 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:26,222 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:26,222 DEBUG [org.apereo.cas.config.EhcacheTicketRegistryConfiguration] - 2020-09-14 11:47:26,222 DEBUG
[cas-user] CAS 6.0.2 - Missing Library in Maven Central Repository - as-server-webapp-config-security:jar:6.0.2
Hi Community Currently I'm not able to maven build the CAS 6.0.2 version because of missing *cas-server-webapp-config-security:jar:6.0.2 *in maven central repository. Does anybody also faces this problem? Is there a private repository where I can get the jar file from? http://nexus.hs.coop.ch/nexus/content/repositories/central/org/apereo/cas/cas-server-webapp-config-security/ Thanks in advance Artur -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6049ce23-6da7-4e22-a2ec-6e56e42e4655%40apereo.org.
[cas-user] CAS 4.1.6 and CAPTCHA
Hi all Currently we are using CAS 4.1.6. I was asked if there is a chance to implement CAPTCHA into the login page. I see that cas version 5.0 and higher supports Google reCAPTCHA. Does anyboday know or have implemented captcha on version 4.1.6? Thanks in advance -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3712abf6-0f51-4f98-92b0-f9ec9884e3fb%40apereo.org.
[cas-user] Cookies Problem in Clustered Environment
Hi Community We are facing the following problem with TGC cookies in clustered environment. 1. We have 2 active /active CAS nodes installed on Apache Tomcat 8.0. The tickets are synchronized through EhCache 2. Each tomcat is behind a Apache Webserver which does the proxy. 3. Both webserver are behind a load balancer. When the user logs in and gets a valid TGC from node 1 then in a next request the LoadBalancer sends him to node 2 the second CAS node throws a java.lang.IllegalStateException: Invalid cookie. Required remote address does not match "IP adress of node one" at org.jasig.cas.web.support.DefaultCasCookieValueManager.obtainCookieValue_aroundBody2(DefaultCasCookieValueManager.java:110) at org.jasig.cas.web.support.DefaultCasCookieValueManager$AjcClosure3.run(DefaultCasCookieValueManager.java:1) at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) at org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44) at org.jasig.cas.web.support.DefaultCasCookieValueManager.obtainCookieValue(DefaultCasCookieValueManager.java:89) at org.jasig.cas.web.support.CookieRetrievingCookieGenerator.retrieveCookieValue_aroundBody2(CookieRetrievingCookieGenerator.java:109) at org.jasig.cas.web.support.CookieRetrievingCookieGenerator$AjcClosure3.run_aroundBody0(CookieRetrievingCookieGenerator.java:1) at org.jasig.cas.web.support.CookieRetrievingCookieGenerator$AjcClosure3$AjcClosure1.run(CookieRetrievingCookieGenerator.java:1) at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) at org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44) at org.jasig.cas.web.support.CookieRetrievingCookieGenerator$AjcClosure3.run(CookieRetrievingCookieGenerator.java:1) at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149) at org.jasig.inspektr.aspect.TraceLogAspect.traceMethod(TraceLogAspect.java:44) at org.jasig.cas.web.support.CookieRetrievingCookieGenerator.retrieveCookieValue(CookieRetrievingCookieGenerator.java:107) at org.jasig.cas.web.flow.InitialFlowSetupAction.doExecute(InitialFlowSetupAction.java:91) at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) at org.springframework.webflow.execution.AnnotatedAction.execute(AnnotatedAction.java:145) at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) at org.springframework.webflow.engine.ActionList.execute(ActionList.java:154) at org.springframework.webflow.engine.Flow.start(Flow.java:526) at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140) at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:238) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:966) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:857) at javax.servlet.http.HttpServlet.service(HttpServlet.java:622) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:842) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jasig.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:296) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) at
Re: [cas-user] Redirect to Service Dependent Login Page
Thank you Misagh. How do I get/append the service parameter to de login endpoint? Can I ask the spring webflow framework to get the right login endpoint the user came from? Can you perhaps provide a short example? thank you Am Montag, 18. Januar 2016 18:09:45 UTC+1 schrieb Misagh Moayyed: > > As long as your redirect url has the correct service parameter appended to > the login endpoint, CAS will detect the associated theme and will render > the relevant view. > > > > *From:* cas-...@apereo.org [mailto:cas-...@apereo.org > ] *On Behalf Of *Artur Stöcklin > *Sent:* Monday, January 18, 2016 8:39 AM > *To:* CAS Community <cas-...@apereo.org > > *Subject:* [cas-user] Redirect to Service Dependent Login Page > > > > Hello Team > > > > We are using CAS 4.1.1 with Service Management. We have definied two > Services, are using the RegisteredServiceThemeBasedViewResolver and are > currently facing the following problem: > > > > > > 1. We have 2 CAS Clients with a set of views for each of them. Also the > casLoginView.jsp is different for every CAS Client. > > > > 2. User coming from CAS Client 1 receives the login page and enters his > login credentials > > 3. The responsible Handler throws let's say "AccountLockedException". > > 4. CAS redirects to defined accountLockedView.jsp > > 5. Now we want to display a button with the redirect URL to the CORRECT > casLoginView, depending on the primary CAS Client the user came from. > > > > The main question is here how to identify the correct casLoginView and > render the proper URL for redirecting to login page... > > > > > > Thanks in advance for any help. > > Regar > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org . > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
Re: [cas-user] JSON Service for CAS Client does not follow success message of required Handler
Hi Misagh Thank you for your reply. I do not understand. What is then the value of the "requiredHandlers" attribute in the service json file? In my case, if I define the requiredHandler as "hfcAuthenticationHandler*2*" which during authentication throws an AuthenticationException (login failed), but my other AuthenticationHandler "hfcAuthenticationHandler" returns success, the CAS Client user will be anyway logged in. What is then the sense of defining the requiredHandlers on the service itself? And how the requiredHandlers attribute cooperates with my RequiredHandlerAuthenticationPolicy defined in deployerConfigContext.xml which determinates, that "hfcAuthenticationHandler" is my required Handler for (as I understand) *direct login on CAS server without any CAS Client.* Thanks in advance Artur Am Dienstag, 1. Dezember 2015 19:53:56 UTC+1 schrieb Misagh Moayyed: > > I don’t think that actually works the way you describe. You are telling > CAS that the only way an authentication event can success is if handler X > succeeds. In your case, it never does. > > If your use case is, “I only want this handler to run for this service, > and that handler for that service”, then that does not exist in CAS yet. > It’s on the roadmap. > > https://wiki.jasig.org/display/CAS/CAS+4.3+Roadmap#CAS4.3Roadmap-AuthenticationPerService > > > - Misagh > > On Dec 1, 2015, at 9:43 AM, Artur Stöcklin <source...@gmail.com > > wrote: > > hello community > > I currently fight with the following problem: > > 1. in classpath:/services/service1.json I put the following file: > > { > "@class" : "org.jasig.cas.services.RegexRegisteredService", > "serviceId" : "^(http|https)://localhost.*", > "description" : "cool service", > "name" : "coolService", > "id" : 1, > "theme" : "testtheme", > "logoutType" : "BACK_CHANNEL", > "evaluationOrder" : 1, > "accessStrategy" : { > "@class" : > "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy", > "enabled" : true, > "ssoEnabled" : true > }, > "requiredHandlers" : [ "java.util.HashSet", [ > "hfcAuthenticationHandler2" ] ] > > } > > CAS reads the file and creates the associated service. I can see the > service in the JsonServiceRegistryDao. There is also the > "hfcAuthenticationHandler2" name in the Set of given requiredHandlers. > > > 2. The deployerConfigContext.xml file looks like this one: > > "org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> > > > > "proxyPrincipalResolver" /> > > > "primaryPrincipalResolver" /> > "primaryPrincipalResolver" /> > > > > > > > > "org.jasig.cas.authentication.RequiredHandlerAuthenticationPolicy" > c:requiredHandlerName="hfcAuthenticationHandler" >p:tryAll="false"/> > > > > > class="ch.cas.authentication.handler.HFCAuthenticationHandler" > p:name="hfcAuthenticationHandler"> > > > class="ch.cas.authentication.handler.HFCAuthenticationHandler2" > p:name="hfcAuthenticationHandler2"> > > >"org.jasig.cas.services.JsonServiceRegistryDao" > c:configDirectory="${service.registry.config.location}" /> > > When I request the CAS Login page with a CAS client (webapp) which uses > the defined CAS Service (Point 1) the required Handler > (hfcAuthenticationHandler2) is called and returns "success". But CAS still > returns "bad credentials" because the "hfcAuthenticationHandler" defined in > the authenticationPolicy returns "failed". > > When I read the documentation ( > http://jasig.github.io/cas/4.1.x/installation/Service-Management.html) I > understand that with the requiredHandlers parameter in the service json > file I can define which handler should return "success" for the given > service. If the defined service handler returns "success" the user should > be logged in. Only when I change the authenticationPolicy to " > c:requiredHandlerName="hfcAuthenticationHandler2"