Gary,
I don’t have an answer but I saw this same error yesterday when I was testing proxy authentication on my CAS 6.0.3 test setup. In my case I haven’t configured LPPE. I did try disabling it just now but that seemed to have no effect as the error still occurs. In my case I am using spymemcache and not AWS Elasticache. For now I have switched back to the default InMemory ticket registry and proxy authentication works fine with that. If I figured out anything I will let you know and if you discover a solution please do report back. Thanks! From: [email protected] [mailto:[email protected]] On Behalf Of Windham, Gary D - (windhamg) Sent: Monday, April 29, 2019 9:28 AM To: [email protected] Subject: [cas-user] Issue with LPPE and memcached ticket registry Hi all, I've been building/testing CAS v6.1.0 (HEAD), and was getting along fairly well until I ran into an error with LPPE and the memcached ticket registry I'm using. I am using 389 Directory server for LDAP authentication and have password policy configured as follows: # LDAP Password Policy Enforcement (LPPE) parameters cas.authn.ldap[0].passwordPolicy.type=GENERIC cas.authn.ldap[0].passwordPolicy.enabled=true cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException cas.authn.ldap[0].passwordPolicy.loginFailures=6 cas.authn.ldap[0].passwordPolicy.warningAttributeValue= cas.authn.ldap[0].passwordPolicy.warningAttributeName= cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true cas.authn.ldap[0].passwordPolicy.warnAll=true cas.authn.ldap[0].passwordPolicy.warningDays=30 cas.authn.ldap[0].passwordPolicy.accountStateHandlingEnabled=true cas.authn.ldap[0].passwordPolicy.strategy=DEFAULT I am using memcached (with AWS Elasticache support) and am using all of the defaults (just setting cas.ticket.registry.memcached.servers to the configuration endpoint node). When I disable LPPE, everything works as expected--I can login, get a TGC, ST validation works, etc). When I enable LPPE and set my password expiration date to a threshold within 30 days, I get the expected "your password is about to expire" page, with the green "Continue" button. When I click that, I'm redirected to the CAS login page and the following errors appear in the log: 2019-04-29 01:10:22,684 ERROR [org.apereo.cas.ticket.registry.MemcachedTicketRegistry] - <Failed adding [TGT-1-*****ems91rmrGY-a1ab3d9633df]> com.esotericsoftware.kryo.KryoException: com.esotericsoftware.kryo.KryoException: java.lang.IllegalArgumentException: Class is not registered: org.apereo.cas.authentication.support.password.PasswordExpiringWarningMessageDescriptor Note: To register this class use: kryo.register(org.apereo.cas.authentication.support.password.PasswordExpiringWarningMessageDescriptor.class); <...followed by big stack trace...> Is there something I'm overlooking, or failed to add, in my config? Any pointers appreciated! Thanks, --Gary -- Gary Windham Principal Enterprise Systems Architect University Information Technology Services The University of Arizona Email: [email protected] <mailto:[email protected]> Office: +1 520 626 5981 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABpeFHGDx0-TPBmE-tMCmpfcgvr1eSUMhQF0xygfka%3DxXxzKVA%40mail.gmail.com <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABpeFHGDx0-TPBmE-tMCmpfcgvr1eSUMhQF0xygfka%3DxXxzKVA%40mail.gmail.com?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/001201d4fe34%2459c9aa10%240d5cfe30%24%40gmail.com.
