Re: [cas-user] hazelcast tickets not replicating

2015-11-11 Thread Dmitriy Kopylenko 
And just to add to Paul's notes - since version 4.1 the Hazelcast Ticket 
registry is natively a part of CAS core: 
http://jasig.github.io/cas/4.1.x/installation/Hazelcast-Ticket-Registry.html

So to repeat (many times previously said): DO NOT use cas-addons (which are 
implemented and supported for CAS v3 only) with CAS versions 4.x

Best,
D.

Sent from my iPhone

> On Nov 10, 2015, at 21:40, Paul B. Henson  wrote:
> 
>> On Mon, Nov 02, 2015 at 07:29:14AM -0800, Jonas Steinberg wrote:
>> 
>> My cas server is essentially a copy of this 
>> 
> 
> This is for CAS 4.
> 
>> I used this  to integrate hazelcast
> 
> These are for CAS 3.
> 
> If you're using CAS 4 you need to use:
> 
> https://github.com/unicon-cas-addons/cas-addon-hazelcast-ticket-registry
> 
>> Any insight would be greatly appreciated!
> 
> If the mixed versions weren't a cut and paste typo, try matching the
> addon version to the CAS version...
> 
> We're currently using CAS 3 with the hazelcast ticket registry and it
> works fine. We haven't tried CAS 4 yet, we're tentatively looking at the
> CAS protocol support in the shib idp v3 (with the Unicon hazelcast
> support addon for state replication).
> 
> -- 
> Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
> Operating Systems and Network Analyst  |  hen...@cpp.edu
> California State Polytechnic University  |  Pomona CA 91768
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] hazelcast tickets not replicating

2015-11-11 Thread Dmitriy Kopylenko 
So what's not working? As you noted you have evidence in the CAS server logs 
that Hazelcast nodes are able to chat and share state among each other. If that 
is the case, then HZ ticket registry is working as expected. 

How did you come to conclusion that "tickets are not replicating"?

Best,
D. 

Sent from my iPhone

> On Nov 11, 2015, at 11:22, Jonas Steinberg  wrote:
> 
> Paul, Dmitriy:
> 
> I didn't use the addons, that was simply a typo.  I'm going to explain 
> exactly what I did and what my setup looks like with some additional 
> questions on where I may have gone wrong:
> 
> BUILD PROCESS:
> 
> 1. clone https://github.com/UniconLabs/simple-cas4-overlay-template
> 2. add the dependencies from 
> http://jasig.github.io/cas/4.1.x/installation/Hazelcast-Ticket-Registry.html
> 3. configure proxy authentication policy using 
> http://jasig.github.io/cas/4.1.x/installation/Service-Management.html
> 4. specify path to cas.properties in propertyFileConfigurer
> 5. configure cas.properties to include cluster members, etc.
> 6. clone https://github.com/UniconLabs/cas-sample-java-webapp to build 
> casified java webapp client
> 7. configure casified java webapp client web.xml file using the same link
> 8. deploy within tomcat my cas.war and cas-example-java-webapp.war (cas 
> client) to two different nodes
> 9. place both nodes behind load balancer
> 
> TROUBLESHOOTING/IMPROTANT POINTS:
> 
> 1. The server and client are in the same tomcat instance.  Is this a problem?
> 2. The server and client come up just fine.
> 3. The whole system works just as it should, except state replication is not 
> occuring.
> 4. When I hit the load balancer (lb), the lb redirects me to a cas server.
> 5. Then I authenticate to cas server.
> 6. Catalina.out shows hazelcast ticket registry coming up, tickets being 
> created, proxy tickets being created, etc.
> 7. cas server then redirects me to cas client.
> 8. cas client is up just fine.
> 9. this works just fine for both nodes separately.  both cas clients seem 
> fine.
> 10. load balancer has port 5701 open and is listening.
> 11. both machines the cas server and cas clients are on are both listening 
> for 5701.
> 12. I can telnet to 5701 from either machine TO either machine.
> 13. tcpdump seems to show traffic out of 5701...?  I'm not network analysis 
> expert...
> 
> Here are all my files.  Please, what have I done wrong:
> 
> 1. cas server pom.xml: http://pastebin.com/3DV7s8T8
> 2. propertyFileConfigurer.xml http://pastebin.com/7GKLRHQ2
> 3. cas.properties http://pastebin.com/FxKNhE5u
> 4. deployerConfigContext.xml http://pastebin.com/3rXsK3PM (some stuff is 
> commented out but I'm using proxy auth and non-persistent services 
> management...100% basic)
> 5. cas client pom.xml identical to pom.xml Dmitriy wrote in 
> https://github.com/UniconLabs/cas-sample-java-webapp
> 
> And that's really it.  I'm completely stumped and I could really use some 
> help.
> 
> -jonas
> 
> 
> 
> 
> 
> 
> 
> 
> 
>> On Nov 10, 2015 7:41 PM, "Paul B. Henson"  wrote:
>> On Mon, Nov 02, 2015 at 07:29:14AM -0800, Jonas Steinberg wrote:
>> 
>> > My cas server is essentially a copy of this
>> > 
>> 
>> This is for CAS 4.
>> 
>> > I used this  to integrate hazelcast
>> 
>> These are for CAS 3.
>> 
>> If you're using CAS 4 you need to use:
>> 
>> https://github.com/unicon-cas-addons/cas-addon-hazelcast-ticket-registry
>> 
>> > Any insight would be greatly appreciated!
>> 
>> If the mixed versions weren't a cut and paste typo, try matching the
>> addon version to the CAS version...
>> 
>> We're currently using CAS 3 with the hazelcast ticket registry and it
>> works fine. We haven't tried CAS 4 yet, we're tentatively looking at the
>> CAS protocol support in the shib idp v3 (with the Unicon hazelcast
>> support addon for state replication).
>> 
>> --
>> Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
>> Operating Systems and Network Analyst  |  hen...@cpp.edu
>> California State Polytechnic University  |  Pomona CA 91768
>> 
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> jonassteinbe...@gmail.com
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] hazelcast tickets not replicating

2015-11-11 Thread Jonas Steinberg 
Paul, Dmitriy:

I didn't use the addons, that was simply a typo.  I'm going to explain
exactly what I did and what my setup looks like with some additional
questions on where I may have gone wrong:

BUILD PROCESS:

1. clone https://github.com/UniconLabs/simple-cas4-overlay-template
2. add the dependencies from
http://jasig.github.io/cas/4.1.x/installation/Hazelcast-Ticket-Registry.html
3. configure proxy authentication policy using
http://jasig.github.io/cas/4.1.x/installation/Service-Management.html
4. specify path to cas.properties in propertyFileConfigurer
5. configure cas.properties to include cluster members, etc.
6. clone https://github.com/UniconLabs/cas-sample-java-webapp to build
casified java webapp client
7. configure casified java webapp client web.xml file using the same link
8. deploy within tomcat my cas.war and cas-example-java-webapp.war (cas
client) to two different nodes
9. place both nodes behind load balancer

TROUBLESHOOTING/IMPROTANT POINTS:

1. The server and client are in the same tomcat instance.  Is this a
problem?
2. The server and client come up just fine.
3. The whole system works just as it should, except state replication is
not occuring.
4. When I hit the load balancer (lb), the lb redirects me to a cas server.
5. Then I authenticate to cas server.
6. Catalina.out shows hazelcast ticket registry coming up, tickets being
created, proxy tickets being created, etc.
7. cas server then redirects me to cas client.
8. cas client is up just fine.
9. this works just fine for both nodes separately.  both cas clients seem
fine.
10. load balancer has port 5701 open and is listening.
11. both machines the cas server and cas clients are on are both listening
for 5701.
12. I can telnet to 5701 from either machine TO either machine.
13. tcpdump seems to show traffic out of 5701...?  I'm not network analysis
expert...

Here are all my files.  Please, what have I done wrong:

1. cas server pom.xml: http://pastebin.com/3DV7s8T8
2. propertyFileConfigurer.xml http://pastebin.com/7GKLRHQ2
3. cas.properties http://pastebin.com/FxKNhE5u
4. deployerConfigContext.xml http://pastebin.com/3rXsK3PM (some stuff is
commented out but I'm using proxy auth and non-persistent services
management...100% basic)
5. cas client pom.xml identical to pom.xml Dmitriy wrote in
https://github.com/UniconLabs/cas-sample-java-webapp

And that's really it.  I'm completely stumped and I could really use some
help.

-jonas





On Nov 10, 2015 7:41 PM, "Paul B. Henson"  wrote:

> On Mon, Nov 02, 2015 at 07:29:14AM -0800, Jonas Steinberg wrote:
>
> > My cas server is essentially a copy of this
> > 
>
> This is for CAS 4.
>
> > I used this  to integrate
> hazelcast
>
> These are for CAS 3.
>
> If you're using CAS 4 you need to use:
>
> https://github.com/unicon-cas-addons/cas-addon-hazelcast-ticket-registry
>
> > Any insight would be greatly appreciated!
>
> If the mixed versions weren't a cut and paste typo, try matching the
> addon version to the CAS version...
>
> We're currently using CAS 3 with the hazelcast ticket registry and it
> works fine. We haven't tried CAS 4 yet, we're tentatively looking at the
> CAS protocol support in the shib idp v3 (with the Unicon hazelcast
> support addon for state replication).
>
> --
> Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
> Operating Systems and Network Analyst  |  hen...@cpp.edu
> California State Polytechnic University  |  Pomona CA 91768
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> jonassteinbe...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] hazelcast tickets not replicating

2015-11-10 Thread Paul B. Henson 
On Mon, Nov 02, 2015 at 07:29:14AM -0800, Jonas Steinberg wrote:

> My cas server is essentially a copy of this 
> 

This is for CAS 4.

> I used this  to integrate hazelcast
 
These are for CAS 3.

If you're using CAS 4 you need to use:

https://github.com/unicon-cas-addons/cas-addon-hazelcast-ticket-registry

> Any insight would be greatly appreciated!

If the mixed versions weren't a cut and paste typo, try matching the
addon version to the CAS version...

We're currently using CAS 3 with the hazelcast ticket registry and it
works fine. We haven't tried CAS 4 yet, we're tentatively looking at the
CAS protocol support in the shib idp v3 (with the Unicon hazelcast
support addon for state replication).

-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
Operating Systems and Network Analyst  |  hen...@cpp.edu
California State Polytechnic University  |  Pomona CA 91768

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] hazelcast tickets not replicating

2015-11-02 Thread Jonas Steinberg 
My setup is extremely straightforward.

My cas server is essentially a copy of this 


I used this  to integrate hazelcast

My java client is based on this 

My cas.properties file looks like this 

My client's web.xml looks like this 

Everything is essentially working great except when I bring down NODEA the 
sessions of ALL users associated with NODEA are ended.
This is not my understanding of how Hazelcast is supposed to work.  My 
understanding was that I could bring down a node and expect all previously 
authenticated
users to still have an active session.  Am I wrong?

Any insight would be greatly appreciated!



-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user