Re: [cas-user] Re: Migrating services from version 5 to 6
But i meant tables for service registry. What is the best method to migrate all services stored on mysql db from 5.3 to 6.6. I know we can export each service to json format and probably (maybe some changes is required) we can import them to 6.6. We can do it from cas management dashboards or put services json file into cas services directory and it will imported automatically. The question is precisely and clearly is: How we can migrate all services defined in cas 5.3 under mysql service registry to cas 6.6 mysql db. because table schema has been changed. On Thu, Mar 31, 2022 at 7:02 PM Pablo Vidaurri wrote: > There is no need to migrate the data. These tables are for various type of > tickets. Worst case when you cut over to v6.4 your users will have to login > again. > > -psv > > > On Wednesday, March 30, 2022 at 9:43:58 AM UTC-5 fjan...@gmail.com wrote: > >> Hi, >> >> I need to migrate JPA service registry from Apereo CAS 5.2.2 to 6.4, >> but in this last version , data structures seem to have been replaced by >> just one table with flat JSON field in a column : no more relationnal >> structure, or I missed something. >> Has anyone here observe the same ? >> If the JPA migration is not possible, does it mean I have to use JSON in >> any way ? >> >> The best hit had met my searches till now is this page : >> https://fawnoos.com/2021/01/19/cas53-service-registry-migration-to-cas63/ >> But its content is pretty elliptic and I don't see where to apply the >> snippet showed in it : I have an installation based on cas-overlay, >> there is no java file named RegisteredServicesReportController to >> override... >> >> In short my purpose is as follow : migration services from JPA to JSON >> >> Does anyone faced the same issue ? >> >> Thanks a lot for any clue. >> >> >> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/133c5bb4-c6cd-4ec6-bf46-e1deaad1ffc4n%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/133c5bb4-c6cd-4ec6-bf46-e1deaad1ffc4n%40apereo.org?utm_medium=email_source=footer> > . > -- Seyyed Mohsen Saeedi سید محسن سعیدی -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAE0qWrx2%3D1%3DsE1F0wABjmS-gX%3DJBwMCkQtnCGAT-PaK7s2H7jA%40mail.gmail.com.
[cas-user] Re: CAS Management 6.6.4 run tasks failed with cas-server-ldap-support
I checkout to version 6.4 and run it successfully with same
management.properties and same dependencies.
But version 6.5 and 6.6 have return same error on tasks run:
2023-12-23 16:22:14,742 WARN
[org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext]
-
2023-12-23 16:22:19,896 ERROR
[org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter] - <
On Saturday, December 23, 2023 at 5:27:20 PM UTC+3:30 mohsen saeedi wrote:
> I use Apereo CAS from 3.x version. I decide to switch from CAS 5.3.x to
> 6.6.x.
> We use multiple dependencies for our service such as LDAP. We don't have
> any problem to build and run CAS 6.6.14 and we change all property from
> 5.3.x to 6.6.14 and everything is working very well.
>
> But for CAS Management we have one problem. after use ./gradlew run with
> the below config we got a error like this. I think CAS management docs are
> not updated according to 6.6.x version. Also they are very short.
>
> 2023-12-23 16:22:14,742 WARN
> [org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext]
>
> - attempt: org.springframework.beans.factory.UnsatisfiedDependencyException:
> Error creating bean with name
> 'ldapAuthenticationEventExecutionPlanConfigurer' defined in class path
> resource
> [org/apereo/cas/config/LdapAuthenticationConfiguration$LdapAuthenticationPlanConfiguration.class]:
>
> Unsatisfied dependency expressed through method
> 'ldapAuthenticationEventExecutionPlanConfigurer' parameter 1; nested
> exception is
> org.springframework.beans.factory.NoSuchBeanDefinitionException: No
> qualifying bean of type
> 'org.apereo.cas.authentication.principal.PrincipalResolver' available:
> expected at least 1 bean which qualifies as autowire candidate. Dependency
> annotations:
> {@org.springframework.beans.factory.annotation.Qualifier(value="defaultPrincipalResolver")}>
> 2023-12-23 16:22:19,896 ERROR
> [org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter] - <
>
> ***
> APPLICATION FAILED TO START
> ***
>
> Description:
>
> Parameter 1 of method ldapAuthenticationEventExecutionPlanConfigurer in
> org.apereo.cas.config.LdapAuthenticationConfiguration$LdapAuthenticationPlanConfiguration
>
> required a bean of type
> 'org.apereo.cas.authentication.principal.PrincipalResolver' that could not
> be found.
>
> The injection point has the following annotations:
> -
> @org.springframework.beans.factory.annotation.Qualifier(value="defaultPrincipalResolver")
>
>
> Action:
>
> Consider defining a bean of type
> 'org.apereo.cas.authentication.principal.PrincipalResolver' in your
> configuration.
> >
>
> > Task :run FAILED
>
> FAILURE: Build failed with an exception.
>
> Our CAS management config:
> cas.server.name=https://cas.mbsco.local:8443/
> cas.server.prefix=${cas.server.name}/cas
> server.port=8080
> mgmt.server-name=https://cas.mbsco.local:8080
> server.context-path=/cas-management
> mgmt.admin-roles[0]=ROLE_ADMIN
> mgmt.user-properties-file=classpath:user-details.properties
> logging.config=file:/etc/cas/config/log4j2-management.xml
> cas.service-registry.core.init-from-json=false
> cas.service-registry.json.location=file:/etc/cas/services
> cas.service-registry.jpa.health-query=SELECT 1 FROM
> INFORMATION_SCHEMA.VIEWS
> cas.service-registry.jpa.url=jdbc:mariadb://127.0.0.1:3306/cas2
> cas.service-registry.jpa.user=root
> cas.service-registry.jpa.password=
> cas.service-registry.jpa.ddl-auto=create
> cas.service-registry.jpa.dialect=org.hibernate.dialect.MariaDBDialect
> cas.service-registry.jpa.leak-threshold=5
> cas.service-registry.jpa.autocommit=true
> cas.service-registry.jpa.driver-class=org.mariadb.jdbc.Driver
> cas.service-registry.jpa.pool.min-size=20
> cas.service-registry.jpa.pool.max-size=100
> cas.service-registry.jpa.pool.max-wait=1
> cas.service-registry.jpa.idle-timeout=5000
>
> mgmt.ldap.ldap-url=ldap://192.168.10.10
> mgmt.ldap.bind-dn=cn=manager,dc=example,dc=com
> mgmt.ldap.bind-credential=ldap_manager_password
> mgmt.ldap.use-start-tls=false
> mgmt.ldap.subtree-search=true
>
> mgmt.ldap.ldap-authz.allow-multiple-results=true
> mgmt.ldap.ldap-authz.base-dn=dc=example,dc=com
> mgmt.ldap.ldap-authz.group-attribute=cn
> mgmt.ldap.ldap-authz.group-filter=(memberUid={user})
> mgmt.ldap.ldap-authz.group-base-dn=dc=example,dc=com
> mgmt.ldap.ldap-authz.search-filter=(uid={user})
>
> And we added this dependencies:
>
> implementation "org.apereo.cas:cas-server-support-jpa-service-registry"
> implementation "o
[cas-user] CAS Management 6.6.4 run tasks failed with cas-server-ldap-support
I use Apereo CAS from 3.x version. I decide to switch from CAS 5.3.x to
6.6.x.
We use multiple dependencies for our service such as LDAP. We don't have
any problem to build and run CAS 6.6.14 and we change all property from
5.3.x to 6.6.14 and everything is working very well.
But for CAS Management we have one problem. after use ./gradlew run with
the below config we got a error like this. I think CAS management docs are
not updated according to 6.6.x version. Also they are very short.
2023-12-23 16:22:14,742 WARN
[org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext]
-
2023-12-23 16:22:19,896 ERROR
[org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter] - <
***
APPLICATION FAILED TO START
***
Description:
Parameter 1 of method ldapAuthenticationEventExecutionPlanConfigurer in
org.apereo.cas.config.LdapAuthenticationConfiguration$LdapAuthenticationPlanConfiguration
required a bean of type
'org.apereo.cas.authentication.principal.PrincipalResolver' that could not
be found.
The injection point has the following annotations:
-
@org.springframework.beans.factory.annotation.Qualifier(value="defaultPrincipalResolver")
Action:
Consider defining a bean of type
'org.apereo.cas.authentication.principal.PrincipalResolver' in your
configuration.
>
> Task :run FAILED
FAILURE: Build failed with an exception.
Our CAS management config:
cas.server.name=https://cas.mbsco.local:8443/
cas.server.prefix=${cas.server.name}/cas
server.port=8080
mgmt.server-name=https://cas.mbsco.local:8080
server.context-path=/cas-management
mgmt.admin-roles[0]=ROLE_ADMIN
mgmt.user-properties-file=classpath:user-details.properties
logging.config=file:/etc/cas/config/log4j2-management.xml
cas.service-registry.core.init-from-json=false
cas.service-registry.json.location=file:/etc/cas/services
cas.service-registry.jpa.health-query=SELECT 1 FROM INFORMATION_SCHEMA.VIEWS
cas.service-registry.jpa.url=jdbc:mariadb://127.0.0.1:3306/cas2
cas.service-registry.jpa.user=root
cas.service-registry.jpa.password=
cas.service-registry.jpa.ddl-auto=create
cas.service-registry.jpa.dialect=org.hibernate.dialect.MariaDBDialect
cas.service-registry.jpa.leak-threshold=5
cas.service-registry.jpa.autocommit=true
cas.service-registry.jpa.driver-class=org.mariadb.jdbc.Driver
cas.service-registry.jpa.pool.min-size=20
cas.service-registry.jpa.pool.max-size=100
cas.service-registry.jpa.pool.max-wait=1
cas.service-registry.jpa.idle-timeout=5000
mgmt.ldap.ldap-url=ldap://192.168.10.10
mgmt.ldap.bind-dn=cn=manager,dc=example,dc=com
mgmt.ldap.bind-credential=ldap_manager_password
mgmt.ldap.use-start-tls=false
mgmt.ldap.subtree-search=true
mgmt.ldap.ldap-authz.allow-multiple-results=true
mgmt.ldap.ldap-authz.base-dn=dc=example,dc=com
mgmt.ldap.ldap-authz.group-attribute=cn
mgmt.ldap.ldap-authz.group-filter=(memberUid={user})
mgmt.ldap.ldap-authz.group-base-dn=dc=example,dc=com
mgmt.ldap.ldap-authz.search-filter=(uid={user})
And we added this dependencies:
implementation "org.apereo.cas:cas-server-support-jpa-service-registry"
implementation "org.apereo.cas:cas-server-support-ldap"
implementation "org.apereo.cas:cas-server-support-jdbc-drivers"
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/430caa6a-eb0b-4bc6-87ab-b4bdd6279b43n%40apereo.org.
Re: [cas-user] Re: Migrating services from version 5 to 6
Can you explain more about what was your minor change on exported Service entries? I want to do same thing for migrating from cas 5.3 to 6.6 On Wednesday, June 29, 2022 at 1:44:27 AM UTC+4:30 Dave Steiner wrote: > We are currently upgrading from v5 to v6 and use JPA like you are. What > we are doing is to use the CAS5 endpoint /status/services/export to get a > zip file of all our Service entries (~1000-1500). We then need to make a > minor change to those and will be using the CAS6 endpoint > /actuator/registeredServices/import to import each json file individually > (we tried giving it a new zip file but it was duplicating entries for some > reason). I'm currently playing with this on Dev and will hopefully do this > on Test in a few weeks. > > -ds > > On Wednesday, June 15, 2022 at 12:43:23 PM UTC-4 Trevor Fong wrote: > >> Thanks a lot for your reply Francois. >> >> Dammit - that sucks that we both had such a poor experience! >> I fear you might be right and I'll have to abandon the 300+ rules we've >> built up over the years due to inadequate support and documentation; it's >> not like they discontinued support for JPA - they just didn't provide any >> support at all for migration, which feels worse! It's like saying "Sure >> you can do it, see all the cool things you can do" and not say how to do >> it. >> I'll give myself to the end of the week and "cut bait" if I can't find a >> way out. I'll reply if I should find anything of use. >> >> Thanks again, >> Trev >> >> On Wed, 15 Jun 2022 at 08:11, fjannin4 wrote: >> >>> Hi Trev >>> >>> Alas I didn't found anything to simply convert structured data from JPA >>> to JSON... It was too tedious and time consuming and I gave up... None of >>> cues and hints was working. >>> >>> The whole online documentation of CAS 5.x has been removed (i have never >>> seen so many Google results issueing 404 errors... dunno why they don't >>> remove links ?) , to enforce difficulty to find relevant informations, and >>> I mess up working with partial remains in webarchives. >>> >>> Instead I am going to replace my fine tuned granularity of service >>> descriptions with one wildcard by domains name of internal applications, in >>> JSON format, the only one that really has support from CAS Team and >>> documented. >>> >>> Doing this therefore, I will lost all level of details for each service >>> : descriptions, logo and contacts, thas was before used in CAS and CAS >>> management application... >>> >>> High price to paid, just for CAS developpers team's taste to follow the >>> fahsion for JSON and unilateral deprection for JPA ... >>> >>> So, to keep your CAS installation working is a question of chance : if >>> you bet on the good techno that wil survive to annual elegation, you won... >>> We bet on JPA and lost... >>> Good luck ! >>> Regards >>> >>> Le 10/06/2022 à 19:45, Trevor Fong a écrit : >>> >>> Hi Francois, >>> >>> Just wondering if you were able to resolve your situation and if so, >>> how? I'm also facing a similar thing. >>> >>> Thanks a lot, >>> Trev >>> >>> On Thursday, March 31, 2022 at 10:54:41 AM UTC-7 fjan...@gmail.com >>> wrote: >>> Thank you for the response. We actually use CAS Management application, and I will follow your suggestion. We have a bunch of services to migrate : 140+, with their own contacts, policies and release attriibute settings. I have tried the actuator end point /services from CAS Server , wich export all services in one file, but JSON format seems different from the import format used in CAS 6.4. i will try the management application way, with hopefully more success... Best regards Francois Le 31/03/2022 à 17:35, 'Richard Frovarp' via CAS Community a écrit : The tables in the post are for the service registry. If you don't migrate those, you will have to reconfigure from scratch. I do not know what the plans are for the project with respect to the service registry. It's changed a bit between versions, and usually seems like a pain. We made the change in a previous upgrade to just drop JSON files on the filesystem and have CAS pick those up. It keeps us free of changes in the JPA method (which we had been using), and free from management app changes. In addition, we can keep service configuration in git, which is extremely nice. What I gather from that post is you are going to need to change the source code of RegisteredServicesReportController either changing that method, or adding that method. Looks like it is adding the method. Compile, put into your deployment (or download your DB and run locally), and then hit that point to get the exported JSON services. If you are running the management application in 5.3, I think you can export services as JSON as well, just
Re: [cas-user] Re: CAS 5.3 OAuth2 Delegated Authentication error Client not found
Thanks Łukasz It is not possible to update in short time. I will test cas 6.6.x too. I have another problem. When it try to check Token, does not send cilent_id and client_secret in www-form-data. the external idp that we are using need this field to pass. Do you have any idea to send these fields? On Mon, Jul 24, 2023 at 11:44 AM Łukasz Woźniak wrote: > Many years ago I have been using CAS with version 5.3, but there was many > errors with delegated authentication. I suggest You to upgrade to version > 6.6.x > > sob., 22 lip 2023 o 06:34 mohsen saeedi > napisał(a): > >> Extra information is needed to answer this question? >> >> nobody is here to help me? >> >> Best Regards >> >> On Thursday, July 20, 2023 at 12:28:13 AM UTC+3:30 mohsen saeedi wrote: >> >>> Hello, >>> >>> I'm using CAS 5.3 latest version. I want to delegate authentication to >>> an external oauth2 identity server. I added new configuration key >>> starts with cas.authn.pac4j.oauth2[0] for authUrl, tokenUrl, >>> ProfileUrl and ... . also defined clientName (for example OAuth20). >>> Everything works fine but when user return back to cas, it prints >>> error: 2023-07-17 03:57:35,221 ERROR >>> [org.apereo.cas.web.flow.DelegatedClientAuthenticationAction] - >> client found for name: OAuth20?code=74486072882b4f6b896b4476a11f56f9> >>> org.pac4j.core.exception.TechnicalException: No client found for name: >>> OAuth20?code=74486072882b4f6b896b4476a11f56f9 >>> I read docs and blog posts and everything was on the internet about >>> this subject without any success. anyone can help me? I can't change >>> this version and switch to 6.x . it is not possible on short time. >>> >>> Mohsen Saeedi >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+unsubscr...@apereo.org. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/08d73395-824d-42d1-9354-9c90e811aabcn%40apereo.org >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/08d73395-824d-42d1-9354-9c90e811aabcn%40apereo.org?utm_medium=email_source=footer> >> . >> > -- Seyyed Mohsen Saeedi سید محسن سعیدی -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAE0qWrwe6URrjtFHYGHBw29Eu7M%3D%2Bh858%3DX%3D8%2BJAjJmz69hsGQ%40mail.gmail.com.
[cas-user] Re: CAS 5.3 OAuth2 Delegated Authentication error Client not found
Extra information is needed to answer this question? nobody is here to help me? Best Regards On Thursday, July 20, 2023 at 12:28:13 AM UTC+3:30 mohsen saeedi wrote: > Hello, > > I'm using CAS 5.3 latest version. I want to delegate authentication to > an external oauth2 identity server. I added new configuration key > starts with cas.authn.pac4j.oauth2[0] for authUrl, tokenUrl, > ProfileUrl and ... . also defined clientName (for example OAuth20). > Everything works fine but when user return back to cas, it prints > error: 2023-07-17 03:57:35,221 ERROR > [org.apereo.cas.web.flow.DelegatedClientAuthenticationAction] - client found for name: OAuth20?code=74486072882b4f6b896b4476a11f56f9> > org.pac4j.core.exception.TechnicalException: No client found for name: > OAuth20?code=74486072882b4f6b896b4476a11f56f9 > I read docs and blog posts and everything was on the internet about > this subject without any success. anyone can help me? I can't change > this version and switch to 6.x . it is not possible on short time. > > Mohsen Saeedi -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/08d73395-824d-42d1-9354-9c90e811aabcn%40apereo.org.
[cas-user] CAS 5.3 OAuth2 Delegated Authentication error Client not found
Hello, I'm using CAS 5.3 latest version. I want to delegate authentication to an external oauth2 identity server. I added new configuration key starts with cas.authn.pac4j.oauth2[0] for authUrl, tokenUrl, ProfileUrl and ... . also defined clientName (for example OAuth20). Everything works fine but when user return back to cas, it prints error: 2023-07-17 03:57:35,221 ERROR [org.apereo.cas.web.flow.DelegatedClientAuthenticationAction] - org.pac4j.core.exception.TechnicalException: No client found for name: OAuth20?code=74486072882b4f6b896b4476a11f56f9 I read docs and blog posts and everything was on the internet about this subject without any success. anyone can help me? I can't change this version and switch to 6.x . it is not possible on short time. Mohsen Saeedi -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/080591ab-fa63-4208-ab1e-2b1854516893n%40apereo.org.
Re: [cas-user] CAS 5.2/5.3 cas.util.LdapUtils try connect to localhost for LDAP
The problem solved! with remove cas-server-support-ldap-service-registry
from pom.xml
On Thursday, July 30, 2020 at 11:53:00 PM UTC+4:30 mohsen saeedi wrote:
> I think i added cas-server-support-ldap-service-registry as dependency.
> and i don't have any configuration parameter for that on cas.properties.
> maybe the problem caused for that!!! I will test again and send result here
>
> On Thursday, July 30, 2020 at 9:03:25 PM UTC+4:30 mohsen saeedi wrote:
>
>> The problem occur when it try to connect to ldap and finally failed to
>> start. for example i defined 192.168.250.71 as ldapUrl but it try to
>> connect to localhost!
>>
>> Jul 30 20:58:38 SSO1 server[10311]: 2020-07-30 20:58:38,797 DEBUG
>> [org.apereo.cas.util.LdapUtils] - > [ldap://localhost:389]>
>> Jul 30 20:58:38 SSO1 server[10311]: 2020-07-30 20:58:38,797 DEBUG
>> [org.apereo.cas.util.LdapUtils] - > for [ldap://localhost:389]>
>> Jul 30 20:58:38 SSO1 server[10311]: 2020-07-30 20:58:38,798 DEBUG
>> [org.apereo.cas.util.LdapUtils] - > [ldap://localhost:389] to [ldap://localhost:389]>
>> Jul 30 20:58:38 SSO1 server[10311]: 2020-07-30 20:58:38,798 DEBUG
>> [org.apereo.cas.util.LdapUtils] - > native JVM truststore>
>> Jul 30 20:58:38 SSO1 server[10311]: 2020-07-30 20:58:38,798 DEBUG
>> [org.apereo.cas.util.LdapUtils] - > configuration for [ldap://localhost:389]>
>> Jul 30 20:58:38 SSO1 server[10311]: 2020-07-30 20:58:38,799 WARN
>> [org.apereo.cas.util.LdapUtils] - > for [ldap://localhost:389] given bind credentials are not specified>
>> Jul 30 20:58:38 SSO1 server[10311]: 2020-07-30 20:58:38,799 DEBUG
>> [org.apereo.cas.util.LdapUtils] - > [ldap://localhost:389] and bindDn [null]>
>> Jul 30 20:58:38 SSO1 server[10311]: 2020-07-30 20:58:38,872 ERROR
>> [org.ldaptive.pool.BlockingConnectionPool] -
>> <[org.ldaptive.pool.BlockingConnectionPool@1048947778::name=null,
>> poolConfig=[org.ldaptive.pool.PoolConfig@562606106::minPoolSize=3,
>> maxPoolSize=10, validateOnCheckIn=false, validateOnCheckOut=true,
>> validatePeriodically=true, validatePeriod=PT5M, validateTimeout=PT5S],
>> activator=null, passivator=null,
>> validator=[org.ldaptive.pool.SearchValidator@432073790::searchRequest=[org.ldaptive.SearchRequest@-1800458700::baseDn=,
>>
>> searchFilter=[org.ldaptive.SearchFilter@1642584434::filter=(objectClass=*),
>> parameters={}], returnAttributes=[1.1], searchScope=OBJECT, timeLimit=PT0S,
>> sizeLimit=1, derefAliases=null, typesOnly=false, binaryAttributes=null,
>> sortBehavior=UNORDERED, searchEntryHandlers=null,
>> searchReferenceHandlers=[org.ldaptive.referral.SearchReferralHandler$SearchReferenceHandler@4a664d6],
>>
>> controls=null,
>> referralHandler=org.ldaptive.referral.SearchReferralHandler@6d01e679,
>> intermediateResponseHandlers=null]]
>> pruneStrategy=[org.ldaptive.pool.IdlePruneStrategy@1513537499::prunePeriod=PT2H,
>>
>> idleTime=PT10M], connectOnCreate=true,
>> connectionFactory=[org.ldaptive.DefaultConnectionFactory@1545585902::provider=org.ldaptive.provider.jndi.JndiProvider@5d097df4,
>>
>> config=[org.ldaptive.ConnectionConfig@1062824450::ldapUrl=ldap://localhost:389,
>>
>> connectTimeout=PT5S, responseTimeout=PT5S,
>> sslConfig=[org.ldaptive.ssl.SslConfig@1358873173::credentialConfig=null,
>> trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null,
>> enabledCipherSuites=null, enabledProtocols=null,
>> handshakeCompletedListeners=null], useSSL=true, useStartTLS=false,
>> connectionInitializer=null,
>> connectionStrategy=org.ldaptive.DefaultConnectionStrategy@72644410]],
>> initialized=false, availableCount=0, activeCount=0] unable to connect to
>> the ldap>
>> Jul 30 20:58:38 SSO1 server[10311]:
>> org.ldaptive.provider.ConnectionException:
>> javax.naming.CommunicationException: localhost:389 [Root exception is
>> java.net.ConnectException: Connection refused (Connection refused)]
>>
>> but before this error CAS try to create LDAP connection factory to
>> 192.168.250.71. here is logs:
>> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,703 DEBUG
>> [org.apereo.cas.util.LdapUtils] - > [ldap://192.168.250.71:389]>
>> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,704 DEBUG
>> [org.apereo.cas.util.LdapUtils] - > [ldap://192.168.250.71:389]>
>> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,704 DEBUG
>> [org.apereo.cas.util.LdapUtils] - > for [ldap://192.168.250.71:389]>
>> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,708 DEBUG
>> [org.apereo.cas
Re: [cas-user] CAS 5.2/5.3 cas.util.LdapUtils try connect to localhost for LDAP
I think i added cas-server-support-ldap-service-registry as dependency. and
i don't have any configuration parameter for that on cas.properties. maybe
the problem caused for that!!! I will test again and send result here
On Thursday, July 30, 2020 at 9:03:25 PM UTC+4:30 mohsen saeedi wrote:
> The problem occur when it try to connect to ldap and finally failed to
> start. for example i defined 192.168.250.71 as ldapUrl but it try to
> connect to localhost!
>
> Jul 30 20:58:38 SSO1 server[10311]: 2020-07-30 20:58:38,797 DEBUG
> [org.apereo.cas.util.LdapUtils] - [ldap://localhost:389]>
> Jul 30 20:58:38 SSO1 server[10311]: 2020-07-30 20:58:38,797 DEBUG
> [org.apereo.cas.util.LdapUtils] - for [ldap://localhost:389]>
> Jul 30 20:58:38 SSO1 server[10311]: 2020-07-30 20:58:38,798 DEBUG
> [org.apereo.cas.util.LdapUtils] - [ldap://localhost:389] to [ldap://localhost:389]>
> Jul 30 20:58:38 SSO1 server[10311]: 2020-07-30 20:58:38,798 DEBUG
> [org.apereo.cas.util.LdapUtils] - native JVM truststore>
> Jul 30 20:58:38 SSO1 server[10311]: 2020-07-30 20:58:38,798 DEBUG
> [org.apereo.cas.util.LdapUtils] - configuration for [ldap://localhost:389]>
> Jul 30 20:58:38 SSO1 server[10311]: 2020-07-30 20:58:38,799 WARN
> [org.apereo.cas.util.LdapUtils] - for [ldap://localhost:389] given bind credentials are not specified>
> Jul 30 20:58:38 SSO1 server[10311]: 2020-07-30 20:58:38,799 DEBUG
> [org.apereo.cas.util.LdapUtils] - [ldap://localhost:389] and bindDn [null]>
> Jul 30 20:58:38 SSO1 server[10311]: 2020-07-30 20:58:38,872 ERROR
> [org.ldaptive.pool.BlockingConnectionPool] -
> <[org.ldaptive.pool.BlockingConnectionPool@1048947778::name=null,
> poolConfig=[org.ldaptive.pool.PoolConfig@562606106::minPoolSize=3,
> maxPoolSize=10, validateOnCheckIn=false, validateOnCheckOut=true,
> validatePeriodically=true, validatePeriod=PT5M, validateTimeout=PT5S],
> activator=null, passivator=null,
> validator=[org.ldaptive.pool.SearchValidator@432073790::searchRequest=[org.ldaptive.SearchRequest@-1800458700::baseDn=,
>
> searchFilter=[org.ldaptive.SearchFilter@1642584434::filter=(objectClass=*),
> parameters={}], returnAttributes=[1.1], searchScope=OBJECT, timeLimit=PT0S,
> sizeLimit=1, derefAliases=null, typesOnly=false, binaryAttributes=null,
> sortBehavior=UNORDERED, searchEntryHandlers=null,
> searchReferenceHandlers=[org.ldaptive.referral.SearchReferralHandler$SearchReferenceHandler@4a664d6],
>
> controls=null,
> referralHandler=org.ldaptive.referral.SearchReferralHandler@6d01e679,
> intermediateResponseHandlers=null]]
> pruneStrategy=[org.ldaptive.pool.IdlePruneStrategy@1513537499::prunePeriod=PT2H,
>
> idleTime=PT10M], connectOnCreate=true,
> connectionFactory=[org.ldaptive.DefaultConnectionFactory@1545585902::provider=org.ldaptive.provider.jndi.JndiProvider@5d097df4,
>
> config=[org.ldaptive.ConnectionConfig@1062824450::ldapUrl=ldap://localhost:389,
>
> connectTimeout=PT5S, responseTimeout=PT5S,
> sslConfig=[org.ldaptive.ssl.SslConfig@1358873173::credentialConfig=null,
> trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null,
> enabledCipherSuites=null, enabledProtocols=null,
> handshakeCompletedListeners=null], useSSL=true, useStartTLS=false,
> connectionInitializer=null,
> connectionStrategy=org.ldaptive.DefaultConnectionStrategy@72644410]],
> initialized=false, availableCount=0, activeCount=0] unable to connect to
> the ldap>
> Jul 30 20:58:38 SSO1 server[10311]:
> org.ldaptive.provider.ConnectionException:
> javax.naming.CommunicationException: localhost:389 [Root exception is
> java.net.ConnectException: Connection refused (Connection refused)]
>
> but before this error CAS try to create LDAP connection factory to
> 192.168.250.71. here is logs:
> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,703 DEBUG
> [org.apereo.cas.util.LdapUtils] - [ldap://192.168.250.71:389]>
> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,704 DEBUG
> [org.apereo.cas.util.LdapUtils] - [ldap://192.168.250.71:389]>
> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,704 DEBUG
> [org.apereo.cas.util.LdapUtils] - for [ldap://192.168.250.71:389]>
> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,708 DEBUG
> [org.apereo.cas.util.LdapUtils] - 192.168.250.71:389] to [ldap://192.168.250.71:389]>
> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,708 DEBUG
> [org.apereo.cas.util.LdapUtils] - native JVM truststore>
> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,710 DEBUG
> [org.apereo.cas.util.LdapUtils] - initializer via [cn=manager,dc=uast,dc=ac,dc=ir]>
> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,723 DEBUG
> [org.apereo.cas.util.LdapUtils] - configurat
Re: [cas-user] CAS 5.2/5.3 cas.util.LdapUtils try connect to localhost for LDAP
.cas.util.LdapUtils] - Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,752 DEBUG [org.apereo.cas.util.LdapUtils] - ldap://192.168.250.71:389]> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,753 DEBUG [org.apereo.cas.util.LdapUtils] - ldap://192.168.250.71:389] and bindDn [cn=manager,dc=uast,dc=ac,dc=ir]> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,764 DEBUG [org.apereo.cas.util.LdapUtils] - ldap://192.168.250.71:389]> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,764 DEBUG [org.apereo.cas.util.LdapUtils] - ldap://192.168.250.71:389]> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,765 DEBUG [org.apereo.cas.util.LdapUtils] - ldap://192.168.250.71:389] to [ldap://192.168.250.71:389]> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,765 DEBUG [org.apereo.cas.util.LdapUtils] - Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,765 DEBUG [org.apereo.cas.util.LdapUtils] - Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,766 DEBUG [org.apereo.cas.util.LdapUtils] - ldap://192.168.250.71:389]> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,766 DEBUG [org.apereo.cas.util.LdapUtils] - ldap://192.168.250.71:389] and bindDn [cn=manager,dc=uast,dc=ac,dc=ir]> Jul 30 20:58:24 SSO1 server[10311]: 2020-07-30 20:58:24,862 WARN [org.apereo.cas.support.pac4j.config.support.authentication.Pac4jAuthenticationEventExecutionPlanConfiguration] - CAS version is 5.2.2 . it works with this same version that was built two years ago. I know something has been updated on CAS code for ldaptive poolPassivator. On Thursday, July 30, 2020 at 8:49:31 PM UTC+4:30 dfisher wrote: > On Thu, Jul 30, 2020 at 3:23 AM mohsen saeedi wrote: > >> Jul 30 11:24:40 SSO1 server[4213]: 2020-07-30 11:24:40,315 ERROR >> [org.ldaptive.pool.BlockingConnectionPool] >> > > What error is reported here? > > --Daniel Fisher > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a2a687a8-b075-42b9-853e-63f7ef7fab73n%40apereo.org.
[cas-user] CAS 5.2/5.3 cas.util.LdapUtils try connect to localhost for LDAP
Hi I have experience more than 7 years on apereo CAS. after we updated our cas overlay version to 5.2.3 (test with 5.3.6 too) one problem occur during tomcat starting. We define ldapUrl, bindDn, bindCredential in cas configuration file. this config was working for older build (with 5.2.2 version). I think the problem is caused by poolPassivator has been added to overlay (maybe after 5.1RC2). in this environment oldest build everything works like charms. however we enabled debugging for cas.util.LdapUtils and restart tomcat. on ldap initialization cas.util.LdapUtils try connect to our ldapUrl. sample log: Jul 30 11:24:25 SSO1 server[4213]: 2020-07-30 11:24:25,594 DEBUG [org.apereo.cas.util.LdapUtils] - Jul 30 11:24:25 SSO1 server[4213]: 2020-07-30 11:24:25,595 DEBUG [org.apereo.cas.util.LdapUtils] - ldap://192.168.xxx.71:389 ldap://ldap.xxx.local:389]> Jul 30 11:24:25 SSO1 server[4213]: 2020-07-30 11:24:25,582 DEBUG [org.apereo.cas.util.LdapUtils] - ldap://192.168.xxx.71:389 ldap://ldap.xxx.local:389] and bindDn [cn=manager,dc=domain]> but after this logs, cas.util.LdapUtils try connect to localhost:389 Jul 30 11:24:40 SSO1 server[4213]: 2020-07-30 11:24:40,240 DEBUG [org.apereo.cas.util.LdapUtils] - ldap://localhost:389]> Jul 30 11:24:40 SSO1 server[4213]: 2020-07-30 11:24:40,242 WARN [org.apereo.cas.util.LdapUtils] - ldap://localhost:389] given bind credentials are not specified> Jul 30 11:24:40 SSO1 server[4213]: 2020-07-30 11:24:40,315 ERROR [org.ldaptive.pool.BlockingConnectionPool] cas.authn.ldap[0].LdapUrl=ldap://192.168.xxx.71:389 ldap://ldap.xxx.local:389 cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].bindDn=cn=manager,dc=domain cas.authn.ldap[0].bindCredential=ldap_manager_password # Bind credentials used to connect to the LDAP instance # cas.authn.ldap[0].poolPassivator=NONE cas.authn.ldap[0].connectionStrategy=DEFAULT cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].useStartTls=false # cas.authn.ldap[0].connectTimeout=5000 cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].minPoolSize=0 cas.authn.ldap[0].maxPoolSize=10 I use CLOSE and BIND for passivator to test. what is the problem? when we switch back to our oldest cas (5.2.2 built with older ldaptive library) it starts without any problem. all config and ldap services are fixed during the test. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/dae63836-e633-4d45-baf8-678d89a2859ao%40apereo.org.
