Hi Andy,
Apologies for the belated reply here. I really appreciate your time and effort
looking into this!
I'm looking into options (downgrading to 5.2.9, upgrading to 5.3.14) for a fix.
Next week is our advance registration - one of the busiest periods - so I'd
prefer to avoid major changes.
Moving to 6.x is a path to consider if 5.3.14 doesn't work, as well as
switching the ticket registry to Hazelcast as you suggest. I won't get a
chance to do this (especially a 6.x upgrade) until I have more time available
after classes are done for the semester.
As a shorter-term fix - I've gone into the MongoDB (primary instance in the
replica set) and deleted any tickets that were set to expire in the past:
db.ticketGrantingTicketsCollection.deleteMany({expireAt: { $regex:
/^2019-11-0[1-6]/ } } )
db.ticketGrantingTicketsCollection.deleteMany({expireAt: { $regex:
/^2019-10-0[/ } } )
Tomorrow I'll write a script to clean old tickets on a daily basis until I can
get a more permanent solution.
If the upgrade to 5.3.14 fixes the problem - I'll report back to the list in
case anyone else experiences the same issue.
Paul Chauvet, CISSP
Information Security Officer
State University of New York at New Paltz
845-257-3828
[email protected]
[cid:1c3f69ea-8daf-4da5-bceb-8e507afe1175]
________________________________
From: [email protected] <[email protected]> on behalf of Andy Ng
<[email protected]>
Sent: Thursday, November 7, 2019 3:21 AM
To: CAS Community <[email protected]>
Subject: [cas-user] Re: Issue with Ticket Registry Cleanup (MongoDB - CAS
5.3.12.1
CAUTION: Message from a non-New Paltz email server. Treat message, links, and
attachments with extra caution.
Hi Paul,
I have done some investigation on your case, and:
I can reproduce your error case using my testing docker with CAS 5.3.x and
MongoDB 4 ticket registry, after a single login, I can see the error same as
yours occurs.
Below are my error log as well:
============================================================================================================================
2019-11-07 08:00:58,144 INFO [org.apereo.cas.services.AbstractServicesManager]
- <Loaded [1] service(s) from [JsonServiceRegistry].>
2019-11-07 08:01:08,187 ERROR
[org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer] -
<Cannot read/parse
[{"@class":"org.apereo.cas.ticket.TicketGrantingTicketImpl","@id":1,"id":"TGT-1-********************************Cull52Dyeq5...]
to deserialize into type [interface
org.apereo.cas.ticket.TicketGrantingTicket]. This may be caused in the absence
of a configuration/support module that knows how to interpret the fragment,
specially if the fragment describes a CAS registered service definition.
Internal parsing error is [Could not resolve type id
'org.apereo.cas.authentication.metadata.BasicCredentialMetaData' as a subtype
of [simple type, class org.apereo.cas.authentication.CredentialMetaData]
: no such class found at [Source:
(String)"{"@class":"org.apereo.cas.ticket.TicketGrantingTicketImpl","@id":1,"id":"TGT-1-********************************Cull52Dyeq5Q7aMAvNyX4yrvvx0AI-7k-cas","authentication":{"@class":"org.apereo.cas.authentication.DefaultAuthentication","authenticationDate":1573113040.4
1772,"principal":{"@class":"org.apereo.cas.authentication.principal.SimplePrincipal","id":"casuser","attributes":{"@class":"java.util.TreeMap","attributeRetriveFrom":["java.util.ArrayList",["json"]],"coolSystemYouGotThere":["java.util"[truncated
2347 chars]; line: 1, column: 575] (through reference chain:
org.apereo.cas.ticket.TicketGrantingTicketImpl["authentication"]->org.apereo.cas.authentication.DefaultAuthentication["credentials"]->java.util.ArrayList[0])]>
2019-11-07 08:01:08,193 ERROR
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <null>
org.apereo.cas.ticket.InvalidTicketException: null
at
org.apereo.cas.ticket.BaseTicketSerializers.deserializeTicket(BaseTicketSerializers.java:208)
~[cas-server-core-tickets-api-5.3.12.1.jar!/:5.3.12.1]
at
org.apereo.cas.ticket.BaseTicketSerializers.deserializeTicket(BaseTicketSerializers.java:185)
~[cas-server-core-tickets-api-5.3.12.1.jar!/:5.3.12.1]
============================================================================================================================
As for fixing it, seems too complicated for me so I am probably not going to
devote time into fixing it... See if other want to help investigate more.
Some alternative suggestions from me, which may or may not help you:
- During my simulation, I also tried using CAS 6.1.1 and MongoDB 4 ticket
registry, and from my testing it works fine, no null pointer exception.
- If you can affort the upgrade, then this might be one path the choose.
- In my own production environment, I am using Hazelcast ticket registry and
CAS 5.3, and didn't encounter any related error,
- so I guess the null pointer bug is MongoDB related, probably something
bug related to phrasing of the JSON.
See if other can help more...
- Andy
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected]<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ff9f9c9d-b795-4aa4-9f91-4228dd55912d%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/ff9f9c9d-b795-4aa4-9f91-4228dd55912d%40apereo.org?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/MWHPR20MB147156EF47D2F5B3B3BC488DA77B0%40MWHPR20MB1471.namprd20.prod.outlook.com.
