date:20180412

Re: [cas-user] CAS 4.1.9 overlay consumes SAML 2.0 and 1.x assertions

2018-04-12 Thread Yan Zhou


OK, We do not have an IDP yet.  CAS 5.2 would be able to do that without 
relying delegate-authentication, right?

Yan


On Thursday, April 12, 2018 at 3:42:26 PM UTC-4, Misagh Moayyed wrote:
>
> You want to start with something like this:
> https://apereo.github.io/cas/4.1.x/integration/Delegate-Authentication.html
>
> External identity providers are referred to as "Clients", in the sense 
> that CAS is a client of that identity provider. Build the one for SAML and 
> proceed. IIRC, only SAML2 and only specific variants of are supported 
> there. 
>
> Skip backporting. It's only going to make you age faster...and not like 
> Clooney. 
>
> --Misagh
>
> --
>
> *From: *"Yan Zhou" 
> *To: *"CAS Community" 
> *Sent: *Thursday, April 12, 2018 12:16:47 PM
> *Subject: *[cas-user] CAS 4.1.9 overlay consumes SAML 2.0 and 1.x 
> assertions
>
> Hello,
> We are running CAS 4.1.9.  An external vendor wants to do SSO with us. 
> User login on their side, and they will send us SAML assertion, so that 
> user can SSO to our App. without login again. 
>
> Can CAS (without Shibboleth) consume such SAML 1.x and/or 2.0 assertion?
>
> I think CAS 5.x can, is that correct?  We are not in a position to upgrade 
> CAS 4 yet.  Is it possible to give me the implementation in CAS 5.x and I 
> can port that into my CAS 4.1.9?
>
> Thanks,
> Yan
>
> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org .
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/fecb154a-908e-4253-8368-69aa3f2eab8c%40apereo.org
>  
> 
> .
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d4eecf37-f6f2-44c6-b623-7655a7cf4eb7%40apereo.org.

Re: [cas-user] CAS 4.1.9 overlay consumes SAML 2.0 and 1.x assertions

2018-04-12 Thread Misagh Moayyed

You want to start with something like this: 
https://apereo.github.io/cas/4.1.x/integration/Delegate-Authentication.html 

External identity providers are referred to as "Clients", in the sense that CAS 
is a client of that identity provider. Build the one for SAML and proceed. 
IIRC, only SAML2 and only specific variants of are supported there. 

Skip backporting. It's only going to make you age faster...and not like 
Clooney. 

--Misagh 

> From: "Yan Zhou" 
> To: "CAS Community" 
> Sent: Thursday, April 12, 2018 12:16:47 PM
> Subject: [cas-user] CAS 4.1.9 overlay consumes SAML 2.0 and 1.x assertions

> Hello,
> We are running CAS 4.1.9. An external vendor wants to do SSO with us. User 
> login
> on their side, and they will send us SAML assertion, so that user can SSO to
> our App. without login again.

> Can CAS (without Shibboleth) consume such SAML 1.x and/or 2.0 assertion?

> I think CAS 5.x can, is that correct? We are not in a position to upgrade CAS 
> 4
> yet. Is it possible to give me the implementation in CAS 5.x and I can port
> that into my CAS 4.1.9?

> Thanks,
> Yan

> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups "CAS
> Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email
> to cas-user+unsubscr...@apereo.org .
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/fecb154a-908e-4253-8368-69aa3f2eab8c%40apereo.org
> .

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2078968513.19553697.1523562143735.JavaMail.zimbra%40unicon.net.

[cas-user] CAS 4.1.9 overlay consumes SAML 2.0 and 1.x assertions

2018-04-12 Thread Yan Zhou

Hello,

We are running CAS 4.1.9.  An external vendor wants to do SSO with us. User 
login on their side, and they will send us SAML assertion, so that user can 
SSO to our App. without login again. 

Can CAS (without Shibboleth) consume such SAML 1.x and/or 2.0 assertion?

I think CAS 5.x can, is that correct?  We are not in a position to upgrade 
CAS 4 yet.  Is it possible to give me the implementation in CAS 5.x and I 
can port that into my CAS 4.1.9?

Thanks,
Yan

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fecb154a-908e-4253-8368-69aa3f2eab8c%40apereo.org.

Re: [cas-user] Re: CAS 5.2 login with UPN removing domain

2018-04-12 Thread William E.

Try this:

cas.authn.ldap[0].principalAttributeList=uid,userprincipalname

Instead of this:

cas.authn.ldap[0].principalAttributeId=userprincipalname

-William



On Thursday, April 12, 2018 at 2:40:00 AM UTC-5, dag wrote:
>
> Thanks for your comment William.
>
>
> I've in cas.properties:
>
> cas.authn.ldap[0].userFilter=(|(uid={user})(userprincipalname={user}))
> cas.authn.ldap[0].principalAttributeId=userprincipalname
>
> It seems upn is not allowed in this version. Anyway, the filter it's not 
> working. I've to type user@domain to login yet :(
>
> Any other trick please?
>
>
> Regards.
>
>
> 2018-04-12 0:42 GMT+02:00 William E. :
>
>> We use ldap and used an ldap filter on uid or'ed with upn.  Ldap search 
>> syntax.
>>
>> Like so:
>>
>> cas.authn.ldap[0].userFilter=(|(uid={user})(upn={user}))
>>
>>
>> -William
>>
>>
>>
>> On Wednesday, April 11, 2018 at 10:26:10 AM UTC-5, dag wrote:
>>>
>>> Hi all,
>>>
>>> I've configured Apereo CAS 5.2, and it's running fine using UPN.
>>> However is there any parameter to include in cas.properties config file 
>>> to allow authenticacion through UPN without typing the domain name?
>>>
>>> Thanks in advance.
>>>
>>>
>>> Regards.
>>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/dc8d575a-51ba-445d-9bab-a5f08f69b0ec%40apereo.org
>>  
>> 
>> .
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ac9959a0-1338-410c-8297-cf548eb57ae0%40apereo.org.

Re: [cas-user] CAS-Management - Bottle at the sea - Need advice or help

2018-04-12 Thread William E.

I see you pom.xml has ldap module, but I do not see you ldap properties.  
Did I miss it?  Sorry if so.

The log makes me think cas is trying to do an ldap lookup and all of the 
properties it needs are not defined.  Do you have all of these in you 
cas.properties?

# Authentication
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldaps://ldap.example.edu:636
cas.authn.ldap[0].useSsl=true
cas.authn.ldap[0].baseDn=ou=People,dc=uah,dc=edu
cas.authn.ldap[0].userFilter=uid={user}
cas.authn.ldap[0].bindDn=uid=cas,ou=people,dc=example,dc=edu
cas.authn.ldap[0].bindCredential=

# Attribute resolution
cas.authn.attributeRepository.ldap[0].order=0
cas.authn.attributeRepository.ldap[0].ldapUrl=ldaps://ldap.example.edu:636
cas.authn.attributeRepository.ldap[0].useSsl=true
cas.authn.attributeRepository.ldap[0].useStartTls=false
cas.authn.attributeRepository.ldap[0].baseDn=ou=People,dc=example,dc=edu
cas.authn.attributeRepository.ldap[0].bindDn=uid=cas,ou=People,dc=example,dc=edu
cas.authn.attributeRepository.ldap[0].bindCredential=
cas.authn.attributeRepository.ldap[0].userFilter=uid={user}
#
cas.authn.attributeRepository.ldap[0].attributes.uid=uid
cas.authn.attributeRepository.ldap[0].attributes.ou=ou
cas.authn.attributeRepository.ldap[0].attributes.o=o
cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
cas.authn.attributeRepository.ldap[0].attributes.cn=cn
cas.authn.attributeRepository.ldap[0].attributes.mail=mail
.


-W


On Thursday, April 12, 2018 at 3:32:55 AM UTC-5, Olivier Calzi wrote:
>
> Hi William,
>
> As i showed in my configuration on my first post i have the same ldap 
> configuration on the management.properties and the cas.properties.
> What do you mean exactly ?
>
> Thanks
>
> On Thursday, April 12, 2018 at 4:23:36 AM UTC+2, William E. wrote:
>>
>> This makes me think you have a bad ldap search filter in your .properties 
>> file, or maybe ldap support partially configured.
>>
>> Caused by: java.lang.NullPointerException
>> at 
>> org.apereo.cas.util.LdapUtils.lambda$newLdaptiveSearchFilter$2(LdapUtils.java:531)
>>  
>> ~[cas-server-support-ldap-core-5.2.2.jar:5.2.2]
>>
>>
>>
>> On Monday, April 9, 2018 at 2:05:47 AM UTC-5, Olivier Calzi wrote:
>>>
>>> Hi,
>>>
>>> No as it's behind an haproxy i'm using the 443.
>>>
>>> Here you will find more logs who may have the lost key to this problem.
>>>
 2018-04-09 08:54:00,851 ERROR 
 [org.apereo.cas.mgmt.services.web.AbstractManagementController] - 
 
 org.pac4j.core.exception.TechnicalException: 
 java.lang.NullPointerException
 at 
 org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:168)
  
 ~[pac4j-core-2.2.0.jar:?]
 at 
 org.pac4j.springframework.web.SecurityInterceptor.preHandle(SecurityInterceptor.java:65)
  
 ~[spring-webmvc-pac4j-2.0.0.jar:?]
 at 
 org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:133)
  
 ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
 at 
 org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:962)
  
 ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
 at 
 org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
  
 ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
 at 
 org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
  
 ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
 at 
 org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
  
 ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:635) 
 ~[servlet-api-3.1.jar:?]
 at 
 org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
  
 ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) 
 ~[servlet-api-3.1.jar:?]
 at 
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
  
 ~[tomcat8-catalina-8.5.14.jar:8.5.14]
 at 
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  
 ~[tomcat8-catalina-8.5.14.jar:8.5.14]
 at 
 org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) 
 ~[tomcat8-websocket-8.5.14.jar:8.5.14]
 at 
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  
 ~[tomcat8-catalina-8.5.14.jar:8.5.14]
 at 
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  
 ~[tomcat8-catalina-8.5.14.jar:8.5.14]
 at

[cas-user] CAS 5.2.x as IDP using SAML 2.0

2018-04-12 Thread Jay

Hello everyone,

We are recently in process of upgrading from CAS3.5 to CAS5.2 as part of 
this effort we need to provide support of SAML authentication to an 
external application (say 'abc' application).

Here 'abc' will be the SP and new CAS5.x will be the identity provider.

Could someone guide us or tell how to achieve since we are new to CAS5.x 
framework, it would be very helpful the achieve this implementation.

Thanks,
Jay

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2dfb8750-be37-4603-8621-5cc51142d6e4%40apereo.org.

Re: [cas-user] Issue handling Browser Back button in CAS UI flow

2018-04-12 Thread Yan Zhou


Hello, 

I am using this as an example that CAS flow does not support BACK button. 
That is not the real problem I am facing. 

We have added a couple more screens in the login flow, such as requiring 
user to change password if it expires, setting up user when login to CAS 
for the first time.  Our BACK button is broken right now. Spring Web Flow 
should support it by default.  

I understand the double-submit problem, that is why there is 
POST-REDIRECT-GET pattern.

What is in CAS that it overrides Spring Web Flow default behavior and does 
not support Back button, and I will have to implement "Back" myself on 
every screen individually?

Yan

On Wednesday, April 11, 2018 at 4:59:06 AM UTC-4, Uxío Prego wrote:
>
> Yeah take control of the browser back button and send the user to wherever 
> you find appropriate: https://stackoverflow.com/questions/25806608/.
>
> Regards,
>
> Uxío Prego
>
>  
>
> Madiva Soluciones
> CL / SERRANO GALVACHE 56
> BLOQUE ABEDUL PLANTA 4
> 28033 MADRID
> +34 917 56 84 94
> www.madiva.com
> www.bbva.com
>
> The activity of email inboxes can be systematically tracked by colleagues, 
> business partners and third parties. Turn off automatic loading of images 
> to hamper it.
>
> 2018-04-10 15:59 GMT+00:00 Ray Bon :
>
>> Yan,
>>
>> Accept User Agreement is shown after Login Screen form is POSTed. You can 
>> not go back to it from Success Page because that would require resubmitting 
>> the login form.
>> If you really want to be able to go back to Accept User Agreement, you 
>> could have a link on Success Page or perform some redirection/javascript 
>> reloading of Accept User Agreement. 
>>
>> Ray
>>
>> On Mon, 2018-04-09 at 10:50 -0700, Yan Zhou wrote:
>>
>> Hello,  
>>
>> I built CAS 4.1.9 overlay webapp. In order to test transition among the 
>> UI screens using browser Back button, I enabled AUP flow just so I can have 
>> a couple screens to navigate with. 
>>
>> Login Screen -> Accept User Agreement -> Success Page. 
>>
>> When I am in the 2nd screen, I can use Browser Back button to go back to 
>> the 1st screen,  but when I am at the last screen (success page), hitting 
>> browser BACK button results in an "expired page" or a cache-miss, 
>> basically, browser cannot find the page in the cache. 
>>
>> Any suggestion?
>>
>> Thx!
>>
>> -- 
>> Ray Bon
>> Programmer analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | rb...@uvic.ca 
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1523375951.1822.11.camel%40uvic.ca
>>  
>> 
>> .
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bcf2d122-e937-49c4-bd8b-85ef8ef5a385%40apereo.org.

[cas-user] Re: Thread count keeps growing at tomcat 8.5 with CAS 5.1

2018-04-12 Thread Bergner, Arnold

We’re facing the same issue on 5.2.2, tomcat 8.0.

I’ve also related the number of Timers to the SAML logins. Logging org.opensaml 
in debug mode, I can see a metadata resolver refresh files every ~10 seconds. 
Given the refresh interval of 2 hours and the number of Timers, this seems to 
be the reason.

The issue was also part of this pull request: 
https://github.com/apereo/cas/pull/3130
The result is as you say; it’s probably fixed in 5.3. I couldn’t find a 
starting point for a backport right away, so we’re hoping for it.

Regards,
Arnold

Von: cas-user@apereo.org [mailto:cas-user@apereo.org] Im Auftrag von Dan S
Gesendet: Donnerstag, 12. April 2018 16:08
An: CAS Community 
Cc: ds...@armada.net
Betreff: [cas-user] Re: Thread count keeps growing at tomcat 8.5 with CAS 5.1

I haven't found a solution to this issue. It seems to be related to SAML2 
services. Any time one of them creates a service ticket, the thread count 
increases and never decreases.

I checked the 5.3 RC2 and it doesn't seem to have the same issue. Once that 
release is a stable version, I'll be testing that out for our deployment.



On Monday, August 28, 2017 at 9:02:48 AM UTC-5, Song, Doe-Hyun wrote:
Good Morning All,

Since we go to production with CAS 5.1, we keep having growing Thread counts.

We use ehcache for HA implementation and ldap for authentication.

Two types of threads – Timer and pool-3-thread – keep growing as time goes.

Any suggestion to debug this issue?

Thread dump :


Full thread dump OpenJDK 64-Bit Server VM (25.101-b13 mixed mode):

"Timer-73" #512 daemon prio=5 os_prio=0 tid=0x7f0520033000 nid=0x8041 in 
Object.wait() [0x7f0509b5c000]
   java.lang.Thread.State: TIMED_WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
at java.util.TimerThread.mainLoop(Timer.java:552)
- locked <0xafb48f10> (a java.util.TaskQueue)
at java.util.TimerThread.run(Timer.java:505)

"Timer-72" #509 daemon prio=5 os_prio=0 tid=0x7f0520019800 nid=0x7fbc in 
Object.wait() [0x7f050a469000]
   java.lang.Thread.State: TIMED_WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
at java.util.TimerThread.mainLoop(Timer.java:552)
- locked <0xafa333a0> (a java.util.TaskQueue)
at java.util.TimerThread.run(Timer.java:505)

"pool-3-thread-23" #508 prio=5 os_prio=0 tid=0x7f05180b3000 nid=0x7f36 
waiting on condition [0x7f0509d6]
   java.lang.Thread.State: WAITING (parking)
at sun.misc.Unsafe.park(Native Method)
- parking to wait for  <0xa7f17930> (a 
java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
at java.util.concurrent.locks.LockSupport.park(LockSupport.java:175)
at 
java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:2039)
at 
java.util.concurrent.LinkedBlockingQueue.take(LinkedBlockingQueue.java:442)
at 
java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1067)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1127)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

"Timer-71" #507 daemon prio=5 os_prio=0 tid=0x7f05180b8800 nid=0x7f35 in 
Object.wait() [0x7f0509f62000]
   java.lang.Thread.State: TIMED_WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
at java.util.TimerThread.mainLoop(Timer.java:552)
- locked <0xaf974c00> (a java.util.TaskQueue)
at java.util.TimerThread.run(Timer.java:505)

"Timer-70" #506 daemon prio=5 os_prio=0 tid=0x7f05506ba000 nid=0x7eb4 in 
Object.wait() [0x7f0509e61000]
   java.lang.Thread.State: TIMED_WAITING (on object monitor)
at java.lang.Object.wait(Native Method)
at java.util.TimerThread.mainLoop(Timer.java:552)
- locked <0xaf8cf808> (a java.util.TaskQueue)
at java.util.TimerThread.run(Timer.java:505)

"pool-3-thread-22" #496 prio=5 os_prio=0 tid=0x7f05180b7800 nid=0x79dd 
waiting on condition [0x7f050a063000]
   java.lang.Thread.State: WAITING (parking)
at sun.misc.Unsafe.park(Native Method)
- parking to wait for  <0xa7f17930> (a 
java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
at java.util.concurrent.locks.LockSupport.park(LockSupport.java:175)
at 
java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:2039)
at 
java.util.concurrent.LinkedBlockingQueue.take(LinkedBlockingQueue.java:442)
at 
java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1067)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1127)

Thanks,
Doe


The information contained in this e-mail and any attachments

Re: [cas-user] Cas5 Ldap Authentication

2018-04-12 Thread yashwanth chowdary

Hi Manfredo Hopp,

How to send authorities to an application



On Thursday, March 8, 2018 at 11:09:54 AM UTC-6, Manfredo Hopp wrote:
>
> see 
>
>
> https://apereo.github.io/cas/development/installation/Configuring-Custom-Authentication.html
>
> 2018-03-08 11:32 GMT-03:00 yashwanth chowdary  >:
>
>> Dave I have written my .own classes handler,configuration(please refer to 
>>> the attached files).What i observe is My handler is getting registered 
>>> properly but when i give the credentials the method "
>>> authenticateUsernamePasswordInternal" is not getting called. properties 
>>> are same as above .
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8179af60-49fd-44fc-bcb4-6bd00adae092%40apereo.org
>>  
>> 
>> .
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/263e1b32-85e8-4bb2-9abd-81d2b569cafb%40apereo.org.

[cas-user] Re: Thread count keeps growing at tomcat 8.5 with CAS 5.1

2018-04-12 Thread Dan S

I haven't found a solution to this issue. It seems to be related to SAML2 
services. Any time one of them creates a service ticket, the thread count 
increases and never decreases.

I checked the 5.3 RC2 and it doesn't seem to have the same issue. Once that 
release is a stable version, I'll be testing that out for our deployment.



On Monday, August 28, 2017 at 9:02:48 AM UTC-5, Song, Doe-Hyun wrote:
>
> Good Morning All, 
>
>  
>
> Since we go to production with CAS 5.1, we keep having growing Thread 
> counts. 
>
>  
>
> We use ehcache for HA implementation and ldap for authentication. 
>
>
> Two types of threads – Timer and pool-3-thread – keep growing as time 
> goes. 
>
>  
>
> Any suggestion to debug this issue? 
>
>  
>
> Thread dump : 
>
>  
>
>  
>
> Full thread dump OpenJDK 64-Bit Server VM (25.101-b13 mixed mode):
>
>  
>
> "Timer-73" #512 daemon prio=5 os_prio=0 tid=0x7f0520033000 nid=0x8041 
> in Object.wait() [0x7f0509b5c000]
>
>java.lang.Thread.State: TIMED_WAITING (on object monitor)
>
> at java.lang.Object.wait(Native Method)
>
> at java.util.TimerThread.mainLoop(Timer.java:552)
>
> - locked <0xafb48f10> (a java.util.TaskQueue)
>
> at java.util.TimerThread.run(Timer.java:505)
>
>  
>
> "Timer-72" #509 daemon prio=5 os_prio=0 tid=0x7f0520019800 nid=0x7fbc 
> in Object.wait() [0x7f050a469000]
>
>java.lang.Thread.State: TIMED_WAITING (on object monitor)
>
> at java.lang.Object.wait(Native Method)
>
> at java.util.TimerThread.mainLoop(Timer.java:552)
>
> - locked <0xafa333a0> (a java.util.TaskQueue)
>
> at java.util.TimerThread.run(Timer.java:505)
>
>  
>
> "pool-3-thread-23" #508 prio=5 os_prio=0 tid=0x7f05180b3000 nid=0x7f36 
> waiting on condition [0x7f0509d6]
>
>java.lang.Thread.State: WAITING (parking)
>
> at sun.misc.Unsafe.park(Native Method)
>
> - parking to wait for  <0xa7f17930> (a 
> java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
>
> at 
> java.util.concurrent.locks.LockSupport.park(LockSupport.java:175)
>
> at 
> java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:2039)
>
> at 
> java.util.concurrent.LinkedBlockingQueue.take(LinkedBlockingQueue.java:442)
>
> at 
> java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1067)
>
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1127)
>
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>
> at java.lang.Thread.run(Thread.java:745)
>
>  
>
> "Timer-71" #507 daemon prio=5 os_prio=0 tid=0x7f05180b8800 nid=0x7f35 
> in Object.wait() [0x7f0509f62000]
>
>java.lang.Thread.State: TIMED_WAITING (on object monitor)
>
> at java.lang.Object.wait(Native Method)
>
> at java.util.TimerThread.mainLoop(Timer.java:552)
>
> - locked <0xaf974c00> (a java.util.TaskQueue)
>
> at java.util.TimerThread.run(Timer.java:505)
>
>  
>
> "Timer-70" #506 daemon prio=5 os_prio=0 tid=0x7f05506ba000 nid=0x7eb4 
> in Object.wait() [0x7f0509e61000]
>
>java.lang.Thread.State: TIMED_WAITING (on object monitor)
>
> at java.lang.Object.wait(Native Method)
>
> at java.util.TimerThread.mainLoop(Timer.java:552)
>
> - locked <0xaf8cf808> (a java.util.TaskQueue)
>
> at java.util.TimerThread.run(Timer.java:505)
>
>  
>
> "pool-3-thread-22" #496 prio=5 os_prio=0 tid=0x7f05180b7800 nid=0x79dd 
> waiting on condition [0x7f050a063000]
>
>java.lang.Thread.State: WAITING (parking)
>
> at sun.misc.Unsafe.park(Native Method)
>
> - parking to wait for  <0xa7f17930> (a 
> java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
>
> at 
> java.util.concurrent.locks.LockSupport.park(LockSupport.java:175)
>
> at 
> java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:2039)
>
> at 
> java.util.concurrent.LinkedBlockingQueue.take(LinkedBlockingQueue.java:442)
>
> at 
> java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1067)
>
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1127)
>
>  
>
> Thanks,
>
> Doe
>
>  
>
> The information contained in this e-mail and any attachments is confidential 
> and
> intended only for the recipient. If you are not the intended recipient, the
> information contained in this message may not be used, copied, or forwarded to
> third parties or otherwise distributed for any other purpose. Please notify 
> the
> sender if you received this e-mail in error and delete the e-mail and its
> attachments promptly.  Nothing in this e-mail may be used or deemed to form 
> the
> basis of a contractual or any other

Re: [cas-user] CAS-Management - Bottle at the sea - Need advice or help

2018-04-12 Thread Cristina Vlaicu

Hghj the same time and 4vn nu cum e bine hahaha ttdt

On Thu, Apr 12, 2018, 11:32 Olivier Calzi  wrote:

> Hi William,
>
> As i showed in my configuration on my first post i have the same ldap
> configuration on the management.properties and the cas.properties.
> What do you mean exactly ?
>
> Thanks
>
> On Thursday, April 12, 2018 at 4:23:36 AM UTC+2, William E. wrote:
>>
>> This makes me think you have a bad ldap search filter in your .properties
>> file, or maybe ldap support partially configured.
>>
>> Caused by: java.lang.NullPointerException
>> at
>> org.apereo.cas.util.LdapUtils.lambda$newLdaptiveSearchFilter$2(LdapUtils.java:531)
>> ~[cas-server-support-ldap-core-5.2.2.jar:5.2.2]
>>
>>
>>
>> On Monday, April 9, 2018 at 2:05:47 AM UTC-5, Olivier Calzi wrote:
>>>
>>> Hi,
>>>
>>> No as it's behind an haproxy i'm using the 443.
>>>
>>> Here you will find more logs who may have the lost key to this problem.
>>>
 2018-04-09 08:54:00,851 ERROR
 [org.apereo.cas.mgmt.services.web.AbstractManagementController] -
 
 org.pac4j.core.exception.TechnicalException:
 java.lang.NullPointerException
 at
 org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:168)
 ~[pac4j-core-2.2.0.jar:?]
 at
 org.pac4j.springframework.web.SecurityInterceptor.preHandle(SecurityInterceptor.java:65)
 ~[spring-webmvc-pac4j-2.0.0.jar:?]
 at
 org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:133)
 ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
 at
 org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:962)
 ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
 at
 org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
 ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
 at
 org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
 ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
 at
 org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
 ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)
 ~[servlet-api-3.1.jar:?]
 at
 org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
 ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
 ~[servlet-api-3.1.jar:?]
 at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
 ~[tomcat8-catalina-8.5.14.jar:8.5.14]
 at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 ~[tomcat8-catalina-8.5.14.jar:8.5.14]
 at
 org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
 ~[tomcat8-websocket-8.5.14.jar:8.5.14]
 at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 ~[tomcat8-catalina-8.5.14.jar:8.5.14]
 at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 ~[tomcat8-catalina-8.5.14.jar:8.5.14]
 at
 org.springframework.boot.web.filter.ApplicationContextHeaderFilter.doFilterInternal(ApplicationContextHeaderFilter.java:55)
 ~[spring-boot-1.5.8.RELEASE.jar:1.5.8.RELEASE]
 at
 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
 ~[spring-web-4.3.12.RELEASE.jar:4.3.12.RELEASE]
 at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 ~[tomcat8-catalina-8.5.14.jar:8.5.14]
 at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 ~[tomcat8-catalina-8.5.14.jar:8.5.14]
 at
 org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66)
 ~[inspektr-common-1.8.0.GA.jar:1.8.0.GA]
 at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 ~[tomcat8-catalina-8.5.14.jar:8.5.14]
 at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 ~[tomcat8-catalina-8.5.14.jar:8.5.14]
 at
 org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:110)
 ~[spring-boot-actuator-1.5.8.RELEASE.jar:1.5.8.RELEASE]
 at
 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
 ~[spring-web-4.3.12.RELEASE.jar:4.3.12.RELEASE]
 at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

Re: [cas-user] CAS-Management - Bottle at the sea - Need advice or help

2018-04-12 Thread Olivier Calzi

Hi William,

As i showed in my configuration on my first post i have the same ldap 
configuration on the management.properties and the cas.properties.
What do you mean exactly ?

Thanks

On Thursday, April 12, 2018 at 4:23:36 AM UTC+2, William E. wrote:
>
> This makes me think you have a bad ldap search filter in your .properties 
> file, or maybe ldap support partially configured.
>
> Caused by: java.lang.NullPointerException
> at 
> org.apereo.cas.util.LdapUtils.lambda$newLdaptiveSearchFilter$2(LdapUtils.java:531)
>  
> ~[cas-server-support-ldap-core-5.2.2.jar:5.2.2]
>
>
>
> On Monday, April 9, 2018 at 2:05:47 AM UTC-5, Olivier Calzi wrote:
>>
>> Hi,
>>
>> No as it's behind an haproxy i'm using the 443.
>>
>> Here you will find more logs who may have the lost key to this problem.
>>
>>> 2018-04-09 08:54:00,851 ERROR 
>>> [org.apereo.cas.mgmt.services.web.AbstractManagementController] - 
>>> 
>>> org.pac4j.core.exception.TechnicalException: 
>>> java.lang.NullPointerException
>>> at 
>>> org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:168)
>>>  
>>> ~[pac4j-core-2.2.0.jar:?]
>>> at 
>>> org.pac4j.springframework.web.SecurityInterceptor.preHandle(SecurityInterceptor.java:65)
>>>  
>>> ~[spring-webmvc-pac4j-2.0.0.jar:?]
>>> at 
>>> org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:133)
>>>  
>>> ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>>> at 
>>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:962)
>>>  
>>> ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>>> at 
>>> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
>>>  
>>> ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>>> at 
>>> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
>>>  
>>> ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>>> at 
>>> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
>>>  
>>> ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:635) 
>>> ~[servlet-api-3.1.jar:?]
>>> at 
>>> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
>>>  
>>> ~[spring-webmvc-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) 
>>> ~[servlet-api-3.1.jar:?]
>>> at 
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
>>>  
>>> ~[tomcat8-catalina-8.5.14.jar:8.5.14]
>>> at 
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>  
>>> ~[tomcat8-catalina-8.5.14.jar:8.5.14]
>>> at 
>>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) 
>>> ~[tomcat8-websocket-8.5.14.jar:8.5.14]
>>> at 
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>  
>>> ~[tomcat8-catalina-8.5.14.jar:8.5.14]
>>> at 
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>  
>>> ~[tomcat8-catalina-8.5.14.jar:8.5.14]
>>> at 
>>> org.springframework.boot.web.filter.ApplicationContextHeaderFilter.doFilterInternal(ApplicationContextHeaderFilter.java:55)
>>>  
>>> ~[spring-boot-1.5.8.RELEASE.jar:1.5.8.RELEASE]
>>> at 
>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>>>  
>>> ~[spring-web-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>>> at 
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>  
>>> ~[tomcat8-catalina-8.5.14.jar:8.5.14]
>>> at 
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>  
>>> ~[tomcat8-catalina-8.5.14.jar:8.5.14]
>>> at 
>>> org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66)
>>>  
>>> ~[inspektr-common-1.8.0.GA.jar:1.8.0.GA]
>>> at 
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>  
>>> ~[tomcat8-catalina-8.5.14.jar:8.5.14]
>>> at 
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>>>  
>>> ~[tomcat8-catalina-8.5.14.jar:8.5.14]
>>> at 
>>> org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:110)
>>>  
>>> ~[spring-boot-actuator-1.5.8.RELEASE.jar:1.5.8.RELEASE]
>>> at 
>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>>>  
>>> ~[spring-web-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>>> at 
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>>>  
>>> ~[tomcat8-catalina-8.5.14.jar:8.5.14]
>>> at 
>>>

Re: [cas-user] Re: CAS 5.2 login with UPN removing domain

2018-04-12 Thread Daniel Arnal

Thanks for your comment William.


I've in cas.properties:

cas.authn.ldap[0].userFilter=(|(uid={user})(userprincipalname={user}))
cas.authn.ldap[0].principalAttributeId=userprincipalname

It seems upn is not allowed in this version. Anyway, the filter it's not
working. I've to type user@domain to login yet :(

Any other trick please?


Regards.


2018-04-12 0:42 GMT+02:00 William E. :

> We use ldap and used an ldap filter on uid or'ed with upn.  Ldap search
> syntax.
>
> Like so:
>
> cas.authn.ldap[0].userFilter=(|(uid={user})(upn={user}))
>
>
> -William
>
>
>
> On Wednesday, April 11, 2018 at 10:26:10 AM UTC-5, dag wrote:
>>
>> Hi all,
>>
>> I've configured Apereo CAS 5.2, and it's running fine using UPN.
>> However is there any parameter to include in cas.properties config file
>> to allow authenticacion through UPN without typing the domain name?
>>
>> Thanks in advance.
>>
>>
>> Regards.
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/dc8d575a-51ba-445d-9bab-
> a5f08f69b0ec%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGujv0cozDtrmZJrOQRa_ZP%3DVm%2BxJUkcYx5R_rLRyEMPHmHHhQ%40mail.gmail.com.

[cas-user] Re: Thread count keeps growing at tomcat 8.5 with CAS 5.1

2018-04-12 Thread Bruno ELIE

Up, someone's has found something about this ?


Le lundi 28 août 2017 16:02:48 UTC+2, Song, Doe-Hyun a écrit :
>
> Good Morning All, 
>
>  
>
> Since we go to production with CAS 5.1, we keep having growing Thread 
> counts. 
>
>  
>
> We use ehcache for HA implementation and ldap for authentication. 
>
>
> Two types of threads – Timer and pool-3-thread – keep growing as time 
> goes. 
>
>  
>
> Any suggestion to debug this issue? 
>
>  
>
> Thread dump : 
>
>  
>
>  
>
> Full thread dump OpenJDK 64-Bit Server VM (25.101-b13 mixed mode):
>
>  
>
> "Timer-73" #512 daemon prio=5 os_prio=0 tid=0x7f0520033000 nid=0x8041 
> in Object.wait() [0x7f0509b5c000]
>
>java.lang.Thread.State: TIMED_WAITING (on object monitor)
>
> at java.lang.Object.wait(Native Method)
>
> at java.util.TimerThread.mainLoop(Timer.java:552)
>
> - locked <0xafb48f10> (a java.util.TaskQueue)
>
> at java.util.TimerThread.run(Timer.java:505)
>
>  
>
> "Timer-72" #509 daemon prio=5 os_prio=0 tid=0x7f0520019800 nid=0x7fbc 
> in Object.wait() [0x7f050a469000]
>
>java.lang.Thread.State: TIMED_WAITING (on object monitor)
>
> at java.lang.Object.wait(Native Method)
>
> at java.util.TimerThread.mainLoop(Timer.java:552)
>
> - locked <0xafa333a0> (a java.util.TaskQueue)
>
> at java.util.TimerThread.run(Timer.java:505)
>
>  
>
> "pool-3-thread-23" #508 prio=5 os_prio=0 tid=0x7f05180b3000 nid=0x7f36 
> waiting on condition [0x7f0509d6]
>
>java.lang.Thread.State: WAITING (parking)
>
> at sun.misc.Unsafe.park(Native Method)
>
> - parking to wait for  <0xa7f17930> (a 
> java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
>
> at 
> java.util.concurrent.locks.LockSupport.park(LockSupport.java:175)
>
> at 
> java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:2039)
>
> at 
> java.util.concurrent.LinkedBlockingQueue.take(LinkedBlockingQueue.java:442)
>
> at 
> java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1067)
>
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1127)
>
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>
> at java.lang.Thread.run(Thread.java:745)
>
>  
>
> "Timer-71" #507 daemon prio=5 os_prio=0 tid=0x7f05180b8800 nid=0x7f35 
> in Object.wait() [0x7f0509f62000]
>
>java.lang.Thread.State: TIMED_WAITING (on object monitor)
>
> at java.lang.Object.wait(Native Method)
>
> at java.util.TimerThread.mainLoop(Timer.java:552)
>
> - locked <0xaf974c00> (a java.util.TaskQueue)
>
> at java.util.TimerThread.run(Timer.java:505)
>
>  
>
> "Timer-70" #506 daemon prio=5 os_prio=0 tid=0x7f05506ba000 nid=0x7eb4 
> in Object.wait() [0x7f0509e61000]
>
>java.lang.Thread.State: TIMED_WAITING (on object monitor)
>
> at java.lang.Object.wait(Native Method)
>
> at java.util.TimerThread.mainLoop(Timer.java:552)
>
> - locked <0xaf8cf808> (a java.util.TaskQueue)
>
> at java.util.TimerThread.run(Timer.java:505)
>
>  
>
> "pool-3-thread-22" #496 prio=5 os_prio=0 tid=0x7f05180b7800 nid=0x79dd 
> waiting on condition [0x7f050a063000]
>
>java.lang.Thread.State: WAITING (parking)
>
> at sun.misc.Unsafe.park(Native Method)
>
> - parking to wait for  <0xa7f17930> (a 
> java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
>
> at 
> java.util.concurrent.locks.LockSupport.park(LockSupport.java:175)
>
> at 
> java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:2039)
>
> at 
> java.util.concurrent.LinkedBlockingQueue.take(LinkedBlockingQueue.java:442)
>
> at 
> java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1067)
>
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1127)
>
>  
>
> Thanks,
>
> Doe
>
>  
>
> The information contained in this e-mail and any attachments is confidential 
> and
> intended only for the recipient. If you are not the intended recipient, the
> information contained in this message may not be used, copied, or forwarded to
> third parties or otherwise distributed for any other purpose. Please notify 
> the
> sender if you received this e-mail in error and delete the e-mail and its
> attachments promptly.  Nothing in this e-mail may be used or deemed to form 
> the
> basis of a contractual or any other legally binding obligation unless 
> separately
> confirmed in writing by an authorized representative of ARMADA.
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---

Re: [cas-user] CAS 4.1.9 overlay consumes SAML 2.0 and 1.x assertions

Re: [cas-user] CAS 4.1.9 overlay consumes SAML 2.0 and 1.x assertions

[cas-user] CAS 4.1.9 overlay consumes SAML 2.0 and 1.x assertions

Re: [cas-user] Re: CAS 5.2 login with UPN removing domain

Re: [cas-user] CAS-Management - Bottle at the sea - Need advice or help

[cas-user] CAS 5.2.x as IDP using SAML 2.0

Re: [cas-user] Issue handling Browser Back button in CAS UI flow

[cas-user] Re: Thread count keeps growing at tomcat 8.5 with CAS 5.1

Re: [cas-user] Cas5 Ldap Authentication

[cas-user] Re: Thread count keeps growing at tomcat 8.5 with CAS 5.1

Re: [cas-user] CAS-Management - Bottle at the sea - Need advice or help

Re: [cas-user] CAS-Management - Bottle at the sea - Need advice or help

Re: [cas-user] Re: CAS 5.2 login with UPN removing domain

[cas-user] Re: Thread count keeps growing at tomcat 8.5 with CAS 5.1

14 matches

Site Navigation

Mail list logo

Footer information