openldap behind firewall
Ames, Phillip
phil.ames at uconn.edu
Thu Feb 21 19:05:22 EST 2008
Is your firewall stateful? Does CAS open a persistent LDAP connection? If so, and it does not send any data through that connection for 'N' seconds where 'N' is the maximum idle time (when no packets are sent) before your firewall removes that session from its session table, you could be seeing a session expiration issue. The resulting effect would be that the firewall would drop all packets sent after 'N' idle seconds since it cannot find that session in its session table. CAS would need to reconnect to the LDAP server (going through the whole TCP 3-way handshake).
In short, check your firewall logs to see if anything shows up involving the CAS server and your LDAP server.
-Phil
-----Original Message-----
From: cas-bounces at tp.its.yale.edu on behalf of Tarik Arrad
Sent: Thu 2/21/2008 5:08 PM
To: cas at tp.its.yale.edu
Subject: openldap behind firewall
Hi all,
i have a problem with my cas authentication, on my architecture i have 2 cas
server 3.1 as front-end and 2 openldap server as back-end behind a firewall,
everything works fine but from time to time i have this error message :
**
*exception*
org.springframework.web.util.NestedServletException: Request
processing failed; nested exception is
org.springframework.webflow.engine.ActionExecutionException: Exception
thrown executing [AnnotatedAction at 3ab6f7f5 targetAction =
org.jasig.cas.web.flow.AuthenticationViaFormAction at 51af4309,
attributes = map['method' -> 'submit']] in state 'submit' of flow
'login-webflow' -- action execution attributes were 'map['method' ->
'submit']'; nested exception is
org.springframework.ldap.UncategorizedLdapException: Operation failed;
nested exception is javax.naming.ServiceUnavailableException:
10.127.11.12:389; socket closed; remaining name 'dc=mooja,dc=ma'
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:487)
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440)
javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
*cause mère*
org.springframework.webflow.engine.ActionExecutionException: Exception
thrown executing [AnnotatedAction at 3ab6f7f5 targetAction =
org.jasig.cas.web.flow.AuthenticationViaFormAction at 51af4309,
attributes = map['method' -> 'submit']] in state 'submit' of flow
'login-webflow' -- action execution attributes were 'map['method' ->
'submit']'; nested exception is
org.springframework.ldap.UncategorizedLdapException: Operation failed;
nested exception is javax.naming.ServiceUnavailableException:
10.127.11.12:389; socket closed; remaining name 'dc=mooja,dc=ma'
org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:68)
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
org.springframework.webflow.engine.State.enter(State.java:200)
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185)
org.springframework.webflow.engine.State.enter(State.java:200)
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:214)
org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:245)
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115)
org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:172)
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:857)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:475)
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440)
javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
*cause mère*
org.springframework.ldap.UncategorizedLdapException: Operation failed;
nested exception is javax.naming.ServiceUnavailableException:
10.127.11.12:389; socket closed; remaining name 'dc=mooja,dc=ma'
org.springframework.ldap.DefaultNamingExceptionTranslator.translate(DefaultNamingExceptionTranslator.java:93)
org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:287)
org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:314)
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal(BindLdapAuthenticationHandler.java:67)
org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHandler.java:56)
org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:58)
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:84)
org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:383)
org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaFormAction.java:107)
sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethodInvoker.java:103)
org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:136)
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:203)
org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.java:142)
org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:61)
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
org.springframework.webflow.engine.State.enter(State.java:200)
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185)
org.springframework.webflow.engine.State.enter(State.java:200)
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:214)
org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:245)
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115)
org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:172)
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:857)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:475)
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440)
javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
*cause mère*
javax.naming.ServiceUnavailableException: 10.127.11.12:389; socket
closed; remaining name 'dc=mooja,dc=ma'
com.sun.jndi.ldap.Connection.readReply(Connection.java:416)
com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)
com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)
com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1948)
com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1810)
com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1735)
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler$1.executeSearch(BindLdapAuthenticationHandler.java:71)
org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:268)
org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:314)
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal(BindLdapAuthenticationHandler.java:67)
org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHandler.java:56)
org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:58)
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:84)
org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:383)
org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaFormAction.java:107)
sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethodInvoker.java:103)
org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:136)
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:203)
org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.java:142)
org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:61)
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
org.springframework.webflow.engine.State.enter(State.java:200)
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185)
org.springframework.webflow.engine.State.enter(State.java:200)
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:214)
org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:245)
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115)
org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:172)
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:857)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:475)
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:440)
javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
I need your help
Thanks.
Tarik Arrad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 6605 bytes
Desc: not available
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20080221/587a8348/attachment.bin
More information about the cas
mailing list