cas.server.name=https://${serviceName}.${domain} cas.server.prefix=${cas.server.name}/cas logging.config: file:/etc/cas/config/log4j2.xml # logging.level.org.apereo=DEBUG cas.authn.accept.users= # cas.authn.accept.name= # cas.authn.accept.credentialCriteria=
cas.view.defaultRedirectUrl=https://dashboard.${domain} ### CAS httpClient cas.httpClient.connectionTimeout=5000 cas.httpClient.asyncTimeout=5000 cas.httpClient.readTimeout=5000 cas.httpClient.hostNameVerifier=NONE cas.httpClient.allowLocalLogoutUrls=false cas.httpClient.truststore.psw=changeit cas.httpClient.truststore.file=file:/etc/security/.truststore ### LDAP cas.authn.ldap[0].name=${ldapDomain}01 cas.authn.ldap[0].type=AD cas.authn.ldap[0].ldapUrl=${ldapUrl} cas.authn.ldap[0].baseDn=${ldapBaseDn} cas.authn.ldap[0].minPoolSize=3 cas.authn.ldap[0].maxPoolSize=10 cas.authn.ldap[0].validateOnCheckout=false cas.authn.ldap[0].validatePeriodically=true cas.authn.ldap[0].validatePeriod=PT5M cas.authn.ldap[0].failFast=true cas.authn.ldap[0].idleTime=PT10M cas.authn.ldap[0].prunePeriod=PT2M cas.authn.ldap[0].blockWaitTime=PT3S cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].useSsl=true cas.authn.ldap[0].searchFilter=(sAMAccountName={user}) cas.authn.ldap[0].poolPassivator=NONE cas.authn.ldap[0].providerClass =org.ldaptive.provider.unboundid.UnboundIDProvider cas.authn.ldap[0].connectTimeout=PT5S cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].dnFormat=CN=%s,OU=Users,${ldapBaseDn} # cas.authn.ldap[0].trustCertificates= cas.authn.ldap[0].keystore=file:/etc/security/.keystore cas.authn.ldap[0].keystorePassword=changeit cas.authn.ldap[0].keystoreType=PKCS12 ### JPA Ticket Registry cas.ticket.registry.jpa.user=${databaseUser} cas.ticket.registry.jpa.password=${databasePassword} cas.ticket.registry.jpa.driverClass=com.mysql.cj.jdbc.Driver cas.ticket.registry.jpa.url=jdbc:mysql://127.0.0.1:3306/${databaseName} cas.ticket.registry.jpa.dialect=org.hibernate.dialect.MySQL5InnoDBDialect cas.ticket.registry.jpa.pool.suspension=false cas.ticket.registry.jpa.pool.minSize=6 cas.ticket.registry.jpa.pool.maxSize=18 cas.ticket.registry.jpa.pool.maxWait=2000 cas.ticket.registry.jpa.pool.timeoutMillis=1000 cas.ticket.registry.jpa.healthQuery=select 1 cas.ticket.registry.jpa.ticketLockType=NONE cas.ticket.registry.jpa.jpaLockingTimeout=3600 cas.ticket.registry.jpa.crypto.signing.key=mysupersecretsigningkey cas.ticket.registry.jpa.crypto.signing.keySize=512 cas.ticket.registry.jpa.crypto.encryption.key=mysupersecretencryptionkey cas.ticket.registry.jpa.crypto.encryption.keySize=512 cas.ticket.registry.jpa.crypto.alg=AES cas.ticket.registry.jpa.crypto.enabled=false ### JPA Service Registry cas.serviceRegistry.jpa.user=${databaseUser} cas.serviceRegistry.jpa.password=${databasePassword} cas.serviceRegistry.jpa.driverClass=com.mysql.cj.jdbc.Driver cas.serviceRegistry.jpa.url=jdbc:mysql://127.0.0.1:3306/${databaseName} cas.serviceRegistry.jpa.dialect=org.hibernate.dialect.MySQL5InnoDBDialect cas.serviceRegistry.jpa.pool.suspension=false cas.serviceRegistry.jpa.pool.minSize=6 cas.serviceRegistry.jpa.pool.maxSize=18 cas.serviceRegistry.jpa.pool.maxWait=2000 cas.serviceRegistry.jpa.pool.timeoutMillis=1000 cas.serviceRegistry.jpa.healthQuery=select 1 For ${ldapUrl} a *ldaps://*-adress-value is stored. Regular LDAP is working fine.. But I have to connect via LDAPS. Am Dienstag, 27. August 2019 11:38:35 UTC+2 schrieb casuser: > > Can you please share your CAS properties? For ldap authentication you > don't need to connect to ssl. > > On Tue, 27 Aug 2019, 5:00 pm tnbreitkreutz, <[email protected] > <javascript:>> wrote: > >> Hello, >> >> still having some issues with my instance of CAS 6.0.4. After some time >> it was possible to connect CAS to LDAP with the UnboundIdProvider and the >> login works, but. >> >> I'm seeing an exception in Stackdriver, if I enable >> *-Djavax.net.debug=ssl*. I enabled debugging as the container crashes at >> some point... >> >> javax.net.ssl|WARNING|32|Connection reader for connection 2 to >> active-directory.lan:636|2019-08-27 08:46:25.267 >> UTC|SSLSocketImpl.java:1289|handling exception ( >> "throwable" : { >> java.net.SocketTimeoutException: Read timed out at >> java.base/java.net.SocketInputStream.socketRead0(Native Method) at >> java.base/java.net.SocketInputStream.socketRead(SocketInputStream.java:115) >> at java.base/java.net.SocketInputStream.read(SocketInputStream.java:168) at >> java.base/java.net.SocketInputStream.read(SocketInputStream.java:140) at >> java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:448) >> >> at >> java.base/sun.security.ssl.SSLSocketInputRecord.bytesInCompletePacket(SSLSocketInputRecord.java:68) >> >> at >> java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1104) >> >> at >> java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:823) >> >> at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:252) >> at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:271) >> at com.unboundid.asn1.ASN1StreamReader.read(ASN1StreamReader.java:1159) at >> com.unboundid.asn1.ASN1StreamReader.readType(ASN1StreamReader.java:332) at >> com.unboundid.asn1.ASN1StreamReader.beginSequence(ASN1StreamReader.java:1079) >> >> at >> com.unboundid.ldap.protocol.LDAPMessage.readLDAPResponseFrom(LDAPMessage.java:1151) >> >> at >> com.unboundid.ldap.sdk.LDAPConnectionReader.run(LDAPConnectionReader.java:225) >> } >> ) >> >> ConnectionTimeouts were increased. I tried to create a new >> truststore/keystore and imported the necessary CA certificate, but that >> didn't change a thing. >> >> What can I do here to get rid of this SocketTimeoutException? >> >> Best regards >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6b59ae54-4155-4301-9676-14da47c56624%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6b59ae54-4155-4301-9676-14da47c56624%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/068f6116-5da1-435b-a0a3-1746d4d2263e%40apereo.org.
