CAS/Java/Tomcat Versioning Issues

Adam Rybicki arybicki at unicon.net
Thu Nov 15 15:12:55 EST 2007 

Does this mean that the CAS client is running on the same Tomcat as the 
CAS server?  There should be nothing wrong with doing that, of course.  
However, that may point to a misconfigured CAS client.  From the stack 
trace it looks that you are using the Yale Java client.  Make sure that 
it's configured properly on its web.xml.

Adam

Clifford Bryant wrote:
>
> This is the type of thing that we are seeing.  It is timing out on the 
> client side.
>
>  
>
> It looks like it is authenticating the user.  It generates the service 
> ticket.  It looks like it is timing out on the client side, when it is 
> trying to validate the service ticket.
>
>  
>
> 2007-11-13 19:07:06,149 INFO 
> [org.jasig.cas.authentication.AuthenticationManagerImpl] - 
> <AuthenticationHandler: 
> com.rs.cas.authentication.RSCasAuthenticationHandler successfully 
> authenticated the user which provided the following credentials: Admin100>
>
> 2007-11-13 19:07:06,151 INFO 
> [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service 
> ticket [ST-3-VTH0nHZ7gAlwJuM7LYYov45gBdeYqiv2j3C-rs-dev1] for service 
> [https://rsdevtime.resourcesolutions.com:8443/terms/CasLogin.jsp] for 
> user [Admin100]>
>
> 1277798 [http-8443-Processor25] ERROR [/terms].[jsp]  - 
> Servlet.service() for servlet jsp threw exception
>
> java.net.ConnectException: Connection timed out
>
>        at java.net.PlainSocketImpl.socketConnect(Native Method)
>
>        at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
>
>        at 
> java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
>
>        at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
>
>        at java.net.Socket.connect(Socket.java:507)
>
>        at java.net.Socket.connect(Socket.java:457)
>
>        at sun.net.NetworkClient.doConnect(NetworkClient.java:157)
>
>        at sun.net.www.http.HttpClient.openServer(HttpClient.java:365)
>
>        at sun.net.www.http.HttpClient.openServer(HttpClient.java:477)
>
>        at 
> sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:280)
>
>        at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:337)
>
>        at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:176)
>
>        at 
> sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:744)
>
>        at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:162)
>
>        at 
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913)
>
>        at 
> com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204)
>
>        at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70)
>
>        at 
> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
>
>        at 
> edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:219)
>
>        at 
> edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)
>
>        at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>
>        at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>
>        at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
>
>        at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
>
>        at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>
>        at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
>
>        at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
>
>        at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
>
>        at 
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
>
>        at 
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
>
>        at 
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
>
>        at 
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
>
>        at 
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
>
>        at java.lang.Thread.run(Thread.java:595)
>
>  
>
> ------------------------------------------------------------------------
>
> *From:* cas-bounces at tp.its.yale.edu 
> [mailto:cas-bounces at tp.its.yale.edu] *On Behalf Of *Scott Battaglia
> *Sent:* Tuesday, November 13, 2007 11:41 PM
> *To:* Yale CAS mailing list
> *Subject:* Re: CAS/Java/Tomcat Versioning Issues
>
>  
>
> Where is it hanging? On the client side? On the server side? At the 
> tomcat level? Or at the CAS level?
>
> Can you see the call leave the client and make it to the server?  Are 
> there any known issues with Tomcat on a 64-bit server?  Any known 
> issues with the JVM on the 64 bit server?
>
> If you know that the client is successfully making the connection and 
> sending the request, try turning on DEBUG in Tomcat and see how far it 
> gets.
>
> -Scott
>
> On Nov 13, 2007 2:33 PM, Clifford Bryant < CBryant at edgewater.com 
> <mailto:CBryant at edgewater.com>> wrote:
>
> Are there any know issue with running CAS 3.0.7 on a 64 bit Java 
> machine?  The application was running last night using Java 1.5 and 
> Tomcat 5.5 on a 32 bit server.  I tarred up the Apache Tomcat 
> directory.  We installed it on the client's 64 bit server.  It looks 
> like the user is authenticated, and the ticket is granted.  But, the 
> application hangs (connection times out) when the app attempts to 
> validate the ticket.
>
>  
>
> The firewalls have been removed.
>
>  
>
> Any help would be greatly appreciated.
>
>  
>
> Thanks,
>
> Cliff Bryant
>
>  
>
> ------------------------------------------------------------------------
>
> *From:* cas-bounces at tp.its.yale.edu 
> <mailto:cas-bounces at tp.its.yale.edu> 
> [mailto:cas-bounces at tp.its.yale.edu 
> <mailto:cas-bounces at tp.its.yale.edu>] *On Behalf Of *Scott Battaglia
> *Sent:* Tuesday, November 13, 2007 9:33 AM
> *To:* Yale CAS mailing list
> *Subject:* Re: CAS/Java/Tomcat Versioning Issues
>
>  
>
> Cliff,
>
> CAS 3.0.7 should work equally well on both Java 1.4 and Java 1.5.  If 
> it was a Java versioning issue there would be some exceptions related 
> to that.
>
> Is there any form of firewall, port blocking, etc. between one of the 
> client applications and the CAS server?
>
> -Scott
>
> On Nov 12, 2007 12:20 PM, Clifford Bryant <CBryant at edgewater.com 
> <mailto:CBryant at edgewater.com>> wrote:
>
> Hello,
>
>  
>
> We have been using CAS 3.0.7.  We thought that the target environment 
> was Java 1.4.2 and Tomcat 5.5 (with the Java 1.4.compatibility JAR).  
> It turns out that the client is running Java 1.5 and Tomcat 5.5 in 
> their development environment.  When they deploy the CAS WAR file, 
> that was compiled with Java 1.4, CAS times out.
>
>  
>
> Specifically, CAS does the authentication, and generates a ticket.  
> But, the ticket validation times out. 
>
>  
>
> Has anyone seen this type of timeout behavior with CAS?
>
>  
>
> It may be worthwhile for us to just go ahead, and upgrade to CAS 3.1?
>
>  
>
> Cliff Bryant
>
>  
>
>  
>
> This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed.  This communication may contain information that is protected from disclosure by applicable law.  If you are not the intended recipient, or the employee or agent responsible for delivering this communication to the intended recipient, be advised that you have received this e-mail in error and any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited.  If you believe that you have received this e-mail in error, please immediately notify Edgewater Technology by telephone at (781) 246-3343 and delete the communication from all e-mail files.
>  
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas 
> <http://tp.its.yale.edu/mailman/listinfo/cas>
>
>
>
>
> -- 
> -Scott Battaglia
>
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>  
>
> This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed.  This communication may contain information that is protected from disclosure by applicable law.  If you are not the intended recipient, or the employee or agent responsible for delivering this communication to the intended recipient, be advised that you have received this e-mail in error and any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited.  If you believe that you have received this e-mail in error, please immediately notify Edgewater Technology by telephone at (781) 246-3343 and delete the communication from all e-mail files.
>  
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas 
> <http://tp.its.yale.edu/mailman/listinfo/cas>
>
>
>
>
> -- 
> -Scott Battaglia
>
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
> This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed.  This communication may contain information that is protected from disclosure by applicable law.  If you are not the intended recipient, or the employee or agent responsible for delivering this communication to the intended recipient, be advised that you have received this e-mail in error and any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited.  If you believe that you have received this e-mail in error, please immediately notify Edgewater Technology by telephone at (781) 246-3343 and delete the communication from all e-mail files.
>
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071115/e19ad107/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: arybicki.vcf
Type: text/x-vcard
Size: 336 bytes
Desc: not available
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20071115/e19ad107/attachment.vcf 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3359 bytes
Desc: S/MIME Cryptographic Signature
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20071115/e19ad107/attachment.bin

More information about the cas mailing list