Service Registry in MongoDB (with replication)

[Shawn Cutting]

Good morning,

I am at a total loss here about how to get CAS services to load from (and to) MongoDB.  Following the instructions on David Curry's site (very well written, by the way), I have the mongodb server running and replicating across 3 servers.  I am also able to successfully auto-initialize the database with the JSON files.  I verify this by opening mongodb and searching the collection "casServiceRegistry."

CAS version 5.3.14, by the way.

When I start the tomcat server and watch the debug logs, I see that CAS is loading the entry from the database:

- snippet -

2019-11-13 16:24:22,706 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Loading services from [org.apereo.cas.services.ChainingServiceRegistry@3971e14f]>
2019-11-13 16:24:22,728 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Adding registered service [http(|s)://cas(|.*).messiah.edu(|.*)/cas-management(|/.*)]>
2019-11-13 16:24:22,729 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [1] service(s) from [MongoDbServiceRegistry].>

Here is where it gets weird: when I load the management app, I see one service entry that does NOT match the one loaded on startup.  I should also note that I have the ticket registry replicated on the same MongoDB server and it works perfectly.

That's the short story, here are the details (these settings match on all 3 servers "cas-ha01, cas-ha02, cas-ha03":

-- cas.properties: --

cas.server.name=https://cas-ha.messiah.edu
cas.server.prefix=${cas.server.name}/cas
cas.view.templatePrefixes[0]=file:///etc/cas/templates
cas.logout.followServiceRedirects=true
logging.config=file:/etc/cas/config/log4j2.xml

mongo.db=casdb
mongo.rs=rs0
mongo.opts=&ssl=true
mongo.creds=mongocas:**********
mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,cas-ha03.messiah.edu
# The connection string, assembled
mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?replicaSet=${mongo.rs}${mongo.opts}

### Remove default/local users (must be left blank) ###
cas.authn.accept.users=

### Service Registry Setup ###
#cas.serviceRegistry.json.location=file:/etc/cas/services
#cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.mongo.databaseName=${mongo.db}
cas.serviceRegistry.mongo.clientUri=${mongo.uri}
cas.serviceRegistry.mongo.collection=casServiceRegistry
cas.serviceRegistry.mongo.replicaSet=${mongo.rs}
cas.serviceRegistry.mongo.sslEnabled=true

cas.ticket.registry.mongo.clientUri=${mongo.uri}

-- management.properties: --

cas.server.name=https://cas-ha.messiah.edu
cas.server.prefix=${cas.server.name}/cas
mgmt.serverName=${cas.server.name}
mgmt.userPropertiesFile=file:/etc/cas/config/adminusers.properties

mongo.db=casdb
mongo.rs=rs0
mongo.opts=&ssl=true
mongo.creds=mongocas:**********
mongo.hosts=cas-ha01.messiah.edu,cas-ha02.messiah.edu,cas-ha03.messiah.edu
# The connection string, assembled
mongo.uri=mongodb://${mongo.creds}@${mongo.hosts}/${mongo.db}?replicaSet=${mongo.rs}${mongo.opts}

### Service Registry Setup ###
#cas.serviceRegistry.json.location=file:/etc/cas/services
cas.serviceRegistry.mongo.clientUri=${mongo.uri}
cas.serviceRegistry.mongo.collection=casServiceRegistry

-- pom.xml (cas server, dependencies): --

...

<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-webapp${app.server}</artifactId>
    <version>${cas.version}</version>
    <type>war</type>
    <scope>runtime</scope>
</dependency>
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-ldap</artifactId>
    <version>${cas.version}</version>
</dependency>
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-ldap-core</artifactId>
    <version>${cas.version}</version>
</dependency>
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-webapp-config-security</artifactId>
    <version>${cas.version}</version>
</dependency>
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-interrupt-core</artifactId>
    <version>${cas.version}</version>
</dependency>
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-interrupt-api</artifactId>
    <version>${cas.version}</version>
</dependency>
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-interrupt-webflow</artifactId>
    <version>${cas.version}</version>
</dependency>
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-rest</artifactId>
    <version>${cas.version}</version>
</dependency>
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-gauth</artifactId>
    <version>${cas.version}</version>
</dependency>
<dependency>
   <groupId>org.apereo.cas</groupId>
   <artifactId>cas-server-support-jdbc-drivers</artifactId>
   <version>${cas.version}</version>
</dependency>
<dependency>
     <groupId>org.apereo.cas</groupId>
     <artifactId>cas-server-support-gauth-jpa</artifactId>
     <version>${cas.version}</version>
</dependency>
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-trusted-mfa</artifactId>
    <version>${cas.version}</version>
</dependency>
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-trusted-mfa-jdbc</artifactId>
    <version>${cas.version}</version>
</dependency>
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-mongo-ticket-registry</artifactId>
    <version>${cas.version}</version>
</dependency>
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-mongo-service-registry</artifactId>
    <version>${cas.version}</version>
</dependency>

...

-- pom.xml (management app, dependencies): --

...

<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-management-webapp</artifactId>
    <version>${cas-mgmt.version}</version>
    <type>war</type>
</dependency>
...

When I load the Service Management app, here is the service that appears:

^https://cas-ha.messiah.edu/cas-management/manage.html

But the one that is in the MongoDB table (which I imported from the initFromJson) is:

http(|s)://cas(|.*).messiah.edu(|.*)/cas-management(|/.*)

If I try to create a new service entry, it does not appear in the MongoDB, and I cannot delete the existing one.  In fact, I do not know how that one is even getting into the management app (that's what is really driving me nuts, since I have deleted all service json files)!!

If anyone can help me out, I woudl certainly apprecite it.

[Shawn Cutting]

Update:

 

I found something else out in trying to get this working.  If I manually add a service to MongoDB, I am able to access that service via CAS (this was verified by deleting the record and subsequently getting the "Application not allowed" message, re-adding it and being allowed again).

 

So it seems that the issue is with the management application, not the CAS server.  I need to be able to manage the MongoDB records with the service application, and that is not possible for some reason.

 

Thanks in advance for any help.

 

Shawn

[David Curry]

Do you have the   cas-server-support-mongo-service-registry   dependency in the cas-management pom.xml as well as the cas server pom.xml? I didn't see it in the excerpt you provided.

--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • david...@newschool.edu

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/67bec8ac-d253-47ba-95eb-aa01ef6b317a%40apereo.org.

[Shawn Cutting]

No, I don't.  Every time I try to add it to the management pom, it will not start with Tomcat.  Is there another dependency that I need or a config setting that keeps it from loading?  I can't seem to locate the log that the cas-management app should be creating to see why it is not loading.  All I have is what shows on the Tomcat manager page:

FAIL - Application at context path [/cas-management] could not be started
FAIL - Encountered exception [org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/cas-management]]]

To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

[Shawn Cutting]

I watched the catalina log and found this error when the management app was loading:

java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/cas-management]]

Thoughts?

[Shawn Cutting]

Sorry.. it's this error:

Caused by: java.lang.IllegalArgumentException: More than one fragment with the name [log4j] was found. This is not legal with relative ordering. See section 8.2.2 2c of the Servlet specification for details. Consider using absolute ordering.

[Shawn Cutting]

I figured out the problem (several factors):

1. I changed the pom.xml file so that the cas version matched what I was using (it was 5.3.5, but I made it 5.3.14) -> Can't do that apparently.

2. I was not properly deleting the cas-management folder from the tomcat/webapps, and the updated jars created by the pom build were getting added to the webapps folder.

Once I set everything back to the original, and deleted the appropriate folder, it came up.  Ugh!

Thanks for your help!

Shawn

On Thursday, November 14, 2019 at 10:53:56 AM UTC-5, Shawn Cutting wrote: