Thanks Julien.
I think I understand what is needed to be done for registering the missing class but I have no idea how to deploy a change to test it. I’m using the cas-webapp-docker to deploy to Docker using cas-overlay-template. If were able to give me some pointers as to how to test these changes I would go ahead and try to make this work on the 6.0.x branch. Doug From: [email protected] [mailto:[email protected]] On Behalf Of Julien Gribonvald Sent: Tuesday, April 30, 2019 5:47 PM To: [email protected] Subject: Re: [cas-user] Issue with LPPE and memcached ticket registry Hi, To fix your problem you have to register the missing class, here is a PR to get as example to register some missing class https://github.com/apereo/cas/pull/3857/files. So you can contribute ? After my point of view is that's a problem that KRYO need to register all class to serialize them, but it doesn't seem to have an other way. After there is a good beneit to use KRYO as his serialization is more efficient than the default one. Thanks, Julien Le 29/04/2019 à 05:51, Windham, Gary D - (windhamg) a écrit : Doug, thank you very much for your feedback and the workaround. That does, indeed, fix the immediate issue at hand. Hopefully the Kryo serialization issue will be resolved soon. Thanks again! --Gary -- Gary Windham Principal Enterprise Systems Architect University Information Technology Services The University of Arizona Email: [email protected] <mailto:[email protected]> Office: +1 520 626 5981 On Sun, Apr 28, 2019 at 8:26 PM Doug Campbell <[email protected] <mailto:[email protected]> > wrote: I don’t know if this is an ideal workaround but I found in my case if I changed the transcoder setting from KYRO to SERIAL that everything starting working great. cas.ticket.registry.memcached.transcoder: SERIAL In the documentation it recommends using KYRO stating “This component is recommended over the default Java serialization mechanism since it produces much more compact data, which benefits both storage requirements and throughput.” There are two other options as well: WHALIN and WHALINV1. I am not sure if it really matters which one but since the use of KYRO seems buggy maybe the recommendation for using it is no longer the best. From: [email protected] <mailto:[email protected]> [mailto:[email protected] <mailto:[email protected]> ] On Behalf Of Doug Campbell Sent: Monday, April 29, 2019 10:36 AM To: [email protected] <mailto:[email protected]> Subject: RE: [cas-user] Issue with LPPE and memcached ticket registry Gary, I don’t have an answer but I saw this same error yesterday when I was testing proxy authentication on my CAS 6.0.3 test setup. In my case I haven’t configured LPPE. I did try disabling it just now but that seemed to have no effect as the error still occurs. In my case I am using spymemcache and not AWS Elasticache. For now I have switched back to the default InMemory ticket registry and proxy authentication works fine with that. If I figured out anything I will let you know and if you discover a solution please do report back. Thanks! From: [email protected] <mailto:[email protected]> [mailto:[email protected]] On Behalf Of Windham, Gary D - (windhamg) Sent: Monday, April 29, 2019 9:28 AM To: [email protected] <mailto:[email protected]> Subject: [cas-user] Issue with LPPE and memcached ticket registry Hi all, I've been building/testing CAS v6.1.0 (HEAD), and was getting along fairly well until I ran into an error with LPPE and the memcached ticket registry I'm using. I am using 389 Directory server for LDAP authentication and have password policy configured as follows: # LDAP Password Policy Enforcement (LPPE) parameters cas.authn.ldap[0].passwordPolicy.type=GENERIC cas.authn.ldap[0].passwordPolicy.enabled=true cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException cas.authn.ldap[0].passwordPolicy.loginFailures=6 cas.authn.ldap[0].passwordPolicy.warningAttributeValue= cas.authn.ldap[0].passwordPolicy.warningAttributeName= cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true cas.authn.ldap[0].passwordPolicy.warnAll=true cas.authn.ldap[0].passwordPolicy.warningDays=30 cas.authn.ldap[0].passwordPolicy.accountStateHandlingEnabled=true cas.authn.ldap[0].passwordPolicy.strategy=DEFAULT I am using memcached (with AWS Elasticache support) and am using all of the defaults (just setting cas.ticket.registry.memcached.servers to the configuration endpoint node). When I disable LPPE, everything works as expected--I can login, get a TGC, ST validation works, etc). When I enable LPPE and set my password expiration date to a threshold within 30 days, I get the expected "your password is about to expire" page, with the green "Continue" button. When I click that, I'm redirected to the CAS login page and the following errors appear in the log: 2019-04-29 01:10:22,684 ERROR [org.apereo.cas.ticket.registry.MemcachedTicketRegistry] - <Failed adding [TGT-1-*****ems91rmrGY-a1ab3d9633df]> com.esotericsoftware.kryo.KryoException: com.esotericsoftware.kryo.KryoException: java.lang.IllegalArgumentException: Class is not registered: org.apereo.cas.authentication.support.password.PasswordExpiringWarningMessageDescriptor Note: To register this class use: kryo.register(org.apereo.cas.authentication.support.password.PasswordExpiringWarningMessageDescriptor.class); <...followed by big stack trace...> Is there something I'm overlooking, or failed to add, in my config? Any pointers appreciated! Thanks, --Gary -- Gary Windham Principal Enterprise Systems Architect University Information Technology Services The University of Arizona Email: [email protected] <mailto:[email protected]> Office: +1 520 626 5981 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABpeFHGDx0-TPBmE-tMCmpfcgvr1eSUMhQF0xygfka%3DxXxzKVA%40mail.gmail.com <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABpeFHGDx0-TPBmE-tMCmpfcgvr1eSUMhQF0xygfka%3DxXxzKVA%40mail.gmail.com?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/001201d4fe34%2459c9aa10%240d5cfe30%24%40gmail.com <https://groups.google.com/a/apereo.org/d/msgid/cas-user/001201d4fe34%2459c9aa10%240d5cfe30%24%40gmail.com?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/001901d4fe3b%244c401260%24e4c03720%24%40gmail.com <https://groups.google.com/a/apereo.org/d/msgid/cas-user/001901d4fe3b%244c401260%24e4c03720%24%40gmail.com?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABpeFHFPqf5pWspLfmx%2B-ncZZ4AE5WafMduJ_XmQPCCk%2BqNBHA%40mail.gmail.com <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABpeFHFPqf5pWspLfmx%2B-ncZZ4AE5WafMduJ_XmQPCCk%2BqNBHA%40mail.gmail.com?utm_medium=email&utm_source=footer> . -- Julien Gribonvald -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/90f4c6dd-6b79-719e-d2d2-2dcd5a3a3c31%40recia.fr <https://groups.google.com/a/apereo.org/d/msgid/cas-user/90f4c6dd-6b79-719e-d2d2-2dcd5a3a3c31%40recia.fr?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00f601d4fffd%248bac4a40%24a304dec0%24%40gmail.com.
