Did you get the solution? Please post i am also getting the same issue with memcached.
On Friday, September 8, 2017 at 4:06:00 AM UTC+5:45, [email protected] wrote: > > Hi, all. > > I've been prototyping and learning Apereo CAS 5.1.3, using the Cas Overlay > Template. > > I am able to get it set up so I can run an instance on my workstation, and > hit https://localhost:8443/cas/login and authenticate. Then, I'm able to > hit https://localhost:8443/cas/status/dashboard to see the CAS Dashboard > app. That was using the default in-memory token store. > > Then I tried to change the token store to memcached, and started getting > an intermittent errors. I've been trying to debug it, and am at the point > where I need help. > > Basically, the ST token gets written OK to the memcached client I'm using > (I can see it in the memcached console, and in the debugger it successfully > gets through MemCacheTicketRegistry method addTitket, including the 'sanity > check' that reads back that cache entity. > > However - the next call to getTicket for the ST token fails. The raw > memcached retrieve works - it's the Kryo based deserialization that fails. > It gets to the lastTimeUsed field when deserializing to ServiceTicketImpl, > and gets this exception (this is just the deepest section): > > Caused by: java.time.DateTimeException: Invalid ID for region-based > ZoneId, invalid format: ST-1-ekjABqJkYU9gJdlkLxHd-DL-GB46TC2 > at java.time.ZoneRegion.checkName(ZoneRegion.java:151) > ~[?:1.8.0_131] > at java.time.ZoneRegion.ofId(ZoneRegion.java:116) ~[?:1.8.0_131] > at java.time.ZoneId.of(ZoneId.java:411) ~[?:1.8.0_131] > at java.time.ZoneId.of(ZoneId.java:359) ~[?:1.8.0_131] > at > org.apereo.cas.ticket.registry.support.kryo.serial.ZonedDateTimeTranscoder.read(ZonedDateTimeTranscoder.java:26) > > ~[cas-server-support-memcached-ticket-registry-5.1.3.jar!/:5.1.3] > at > org.apereo.cas.ticket.registry.support.kryo.serial.ZonedDateTimeTranscoder.read(ZonedDateTimeTranscoder.java:16) > > ~[cas-server-support-memcached-ticket-registry-5.1.3.jar!/:5.1.3] > at com.esotericsoftware.kryo.Kryo.readObjectOrNull(Kryo.java:789) > ~[kryo-4.0.0.jar!/:?] > at > com.esotericsoftware.kryo.serializers.ObjectField.read(ObjectField.java:132) > ~[kryo-4.0.0.jar!/:?] > at > com.esotericsoftware.kryo.serializers.FieldSerializer.read(FieldSerializer.java:540) > > ~[kryo-4.0.0.jar!/:?] > at > com.esotericsoftware.kryo.Kryo.readClassAndObject(Kryo.java:816) > ~[kryo-4.0.0.jar!/:?] > at > org.apereo.cas.ticket.registry.support.kryo.KryoTranscoder.decode(KryoTranscoder.java:187) > > ~[cas-server-support-memcached-ticket-registry-5.1.3.jar!/:5.1.3] > at > net.spy.memcached.transcoders.TranscodeService$1.call(TranscodeService.java:63) > > ~[spymemcached-2.12.1.jar!/:2.12.1] > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > ~[?:1.8.0_131] > at > net.spy.memcached.transcoders.TranscodeService$Task.run(TranscodeService.java:110) > > ~[spymemcached-2.12.1.jar!/:2.12.1] > at > net.spy.memcached.transcoders.TranscodeService$Task.get(TranscodeService.java:96) > > ~[spymemcached-2.12.1.jar!/:2.12.1] > at net.spy.memcached.internal.GetFuture.get(GetFuture.java:70) > ~[spymemcached-2.12.1.jar!/:2.12.1] > at > net.spy.memcached.MemcachedClient.get(MemcachedClient.java:1229) > ~[spymemcached-2.12.1.jar!/:2.12.1] > ... 121 more > > You can see that for some reason, when trying to get the time zone (in > ZonedDateTimeTranscoder, line 26) it doesn't find a 'Z' (which it did on > the initial, successful sanity check read), but seems to find the token ID > instead. > > If I log out from the CAS console, and then log in again, I don't see any > further exceptions. > > So - after starting up CAS, the SECOND cache read fails consistently - but > that's the only one. > > Any ideas? > > Should I report this as a bug, or wait and see if anyone here has any > ideas? > > > How to replicate: > 1. Start with a fresh clone > of ssh://git@bitbucket/sand/cas-server-overlay.git > > 2. Set it up to be able to run the console and the dashboard. (These are > an attempt at a minimal change to the repo to reproduce the proboem) > > 2a. create etc\cas\config\services\HTTPSandIMAPS-10000001.json with > contents: > > { > "@class" : "org.apereo.cas.services.RegexRegisteredService", > "serviceId" : "^(https|imaps)://.*", > "name" : "HTTPS and IMAPS", > "id" : 10000001, > "description" : "This service definition authorizes all application urls > that support HTTPS and IMAPS protocols.", > "evaluationOrder" : 10000 > } > > > 2b. create etc\cas\config\adminusers.properties with contents: > > > casuser=notused,ROLE_ADMIN > > > 2c. update etc\cas\config\cas.properties to look like this: > > cas.server.name=https://localhost:8443 > cas.server.prefix=https://localhost:8443/cas > > cas.adminPagesSecurity.ip=127\.0\.0\.1 > > logging.config=file:/etc/cas/config/log4j2.xml > # cas.serviceRegistry.config.location: classpath:/services > > #cas.serviceRegistry.config.location=classpath:/services > # Where the Service Registry config files reside. > cas.serviceRegistry.config.location=file:/etc/cas/config/services > # Should CAS ALSO load service registry from $TEMP/cas/services? Almost > certainly no - just load from the > # config location mentioned just above. > cas.serviceRegistry.initFromJson=false > > cas.tgc.encryptionKey=n-mjo3eRBKS2D1bN-9LfyrAKs97qaVDS1qm_QnXjXSk > cas.tgc.signingKey=pf7scXUAk-l6FmwWDVzOONH-Is8RU1OLIcGlTdTPJL_hYQvYz8zhwzOiLQQZE6I-sbJbiyNL7WP5jq9UkvxN7w > > cas.webflow.signing.key=73eYssgawTHjAjkH_4uaEw4wUdaXD3M1lsPoqk50lpdpr_tu0XtLKLZmS_0DIJcZ_dU99nuXX7EaG9OBHQN1JA > cas.webflow.encryption.key=qblhBvdquHNqGjkw > > management.contextPath=/status > management.security.enabled=false > management.security.roles=ACTUATOR,ADMIN > management.security.sessions=if_required > > endpoints.restart.enabled=false > endpoints.shutdown.enabled=false > endpoints.autoconfig.enabled=true > endpoints.beans.enabled=true > endpoints.bus.enabled=true > endpoints.configprops.enabled=true > endpoints.dump.enabled=true > endpoints.env.enabled=true > endpoints.health.enabled=true > endpoints.features.enabled=true > endpoints.info.enabled=true > endpoints.loggers.enabled=true > endpoints.logfile.enabled=true > endpoints.trace.enabled=true > endpoints.docs.enabled=false > endpoints.heapdump.enabled=true > > cas.adminPagesSecurity.loginUrl=https://localhost:8443/cas/login > cas.adminPagesSecurity.service=https://localhost:8443/cas/status/dashboard > cas.adminPagesSecurity.users=file:/etc/cas/config/adminusers.properties > cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN > > cas.adminPagesSecurity.actuatorEndpointsEnabled=false > > cas.monitor.endpoints.enabled=true > cas.monitor.endpoints.sensitive=false > > 2d. Add this dependency to the pom: > > > <dependency> > <groupId>org.apereo.cas</groupId> > <artifactId>cas-server-support-json-service-registry</artifactId> > <version>${cas.version}</version> > </dependency> > > > > 3. Start up the CAS server > > > 3a. gen an ssl certificate and use keytool to import that into your JAVA > keystore. > > > 3b. create \etc\cas\config folders (with appropriate permissions) > > > 3c. "build copy" to copy the config files to \etc\cas\config > > > 3d. "build run" to fire up the CAS server. > > 4. Browse to https://localhost:8443/cas > You should get a login screen - login with casuser > > 5. Browse to https://localhost:8443/cas/status/dashboard > You should see the dashboard. > > > Now - enable memcached. > > 6. Add memcached dependency to the pom: > > <dependency> > <groupId>org.apereo.cas</groupId> > <artifactId>cas-server-support-memcached-ticket-registry</artifactId> > <version>${cas.version}</version> > </dependency> > > > 7. I added a couple of extra properties to the cas.properties file: > > cas.ticket.st.timeToKillInSeconds=28800 > > cas.ticket.registry.memcached.servers=localhost:11211 > > > The first one is just to extend the timeout on the ST tokens - gives more > time to debug. the second one isn't really required, since that's the > default value for the memcached server. > > > 8. Start up a local memcached server. I'm on Windows, and using > memcached-win64 version 1.4.2. I start it with: > > memcached -p 11211 -vv > > (the '-vv' shows the keys of all the adds, gets, and deletes made to the > memcached server) > > > 9. Repeat steps 4 and 5. > > When you get to step 5, if you have memcached showing the keys, then > you'll see an add for the ST token, then a get for the ST token, then > (likely) a TGT token get, then the second ST get. > > In your CAS server console, you'll see the exception noted above. > > Thanks! > > Bob. > > > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9008f3ea-3cdb-412a-a91e-7bd730e2af42%40apereo.org.
