6.0.4 / SocketTimeoutException: Read timed out

[tnbreitkreutz]

Hello,

still having some issues with my instance of CAS 6.0.4. After some time it was possible to connect CAS to LDAP with the UnboundIdProvider and the login works, but.

I'm seeing an exception in Stackdriver, if I enable -Djavax.net.debug=ssl. I enabled debugging as the container crashes at some point...

javax.net.ssl|WARNING|32|Connection reader for connection 2 to active-directory.lan:636|2019-08-27 08:46:25.267 UTC|SSLSocketImpl.java:1289|handling exception (

    "throwable" : {

        java.net.SocketTimeoutException: Read timed out at java.base/java.net.SocketInputStream.socketRead0(Native Method) at java.base/java.net.SocketInputStream.socketRead(SocketInputStream.java:115) at java.base/java.net.SocketInputStream.read(SocketInputStream.java:168) at java.base/java.net.SocketInputStream.read(SocketInputStream.java:140) at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:448) at java.base/sun.security.ssl.SSLSocketInputRecord.bytesInCompletePacket(SSLSocketInputRecord.java:68) at java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1104) at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:823) at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:252) at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:271) at com.unboundid.asn1.ASN1StreamReader.read(ASN1StreamReader.java:1159) at com.unboundid.asn1.ASN1StreamReader.readType(ASN1StreamReader.java:332) at com.unboundid.asn1.ASN1StreamReader.beginSequence(ASN1StreamReader.java:1079) at com.unboundid.ldap.protocol.LDAPMessage.readLDAPResponseFrom(LDAPMessage.java:1151) at com.unboundid.ldap.sdk.LDAPConnectionReader.run(LDAPConnectionReader.java:225)

    }

)

ConnectionTimeouts were increased. I tried to create a new truststore/keystore and imported the necessary CA certificate, but that didn't change a thing.

What can I do here to get rid of this SocketTimeoutException?

Best regards

[Appify]

Can you please share your CAS properties? For ldap authentication you don't need to connect to ssl.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6b59ae54-4155-4301-9676-14da47c56624%40apereo.org.

[tnbreitkreutz]

cas.server.name=https://${serviceName}.${domain}

cas.server.prefix=${cas.server.name}/cas

logging.config: file:/etc/cas/config/log4j2.xml

# logging.level.org.apereo=DEBUG

cas.authn.accept.users=

# cas.authn.accept.name=

# cas.authn.accept.credentialCriteria=

cas.view.defaultRedirectUrl=https://dashboard.${domain}

### CAS httpClient

cas.httpClient.connectionTimeout=5000

cas.httpClient.asyncTimeout=5000

cas.httpClient.readTimeout=5000

cas.httpClient.hostNameVerifier=NONE

cas.httpClient.allowLocalLogoutUrls=false

cas.httpClient.truststore.psw=changeit

cas.httpClient.truststore.file=file:/etc/security/.truststore

### LDAP

cas.authn.ldap[0].name=${ldapDomain}01

cas.authn.ldap[0].type=AD

cas.authn.ldap[0].ldapUrl=${ldapUrl}

cas.authn.ldap[0].baseDn=${ldapBaseDn}

cas.authn.ldap[0].minPoolSize=3

cas.authn.ldap[0].maxPoolSize=10

cas.authn.ldap[0].validateOnCheckout=false

cas.authn.ldap[0].validatePeriodically=true

cas.authn.ldap[0].validatePeriod=PT5M

cas.authn.ldap[0].failFast=true

cas.authn.ldap[0].idleTime=PT10M

cas.authn.ldap[0].prunePeriod=PT2M

cas.authn.ldap[0].blockWaitTime=PT3S

cas.authn.ldap[0].useStartTls=false

cas.authn.ldap[0].useSsl=true

cas.authn.ldap[0].searchFilter=(sAMAccountName={user})

cas.authn.ldap[0].poolPassivator=NONE

cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider

cas.authn.ldap[0].connectTimeout=PT5S

cas.authn.ldap[0].subtreeSearch=true

cas.authn.ldap[0].dnFormat=CN=%s,OU=Users,${ldapBaseDn}

# cas.authn.ldap[0].trustCertificates=

cas.authn.ldap[0].keystore=file:/etc/security/.keystore

cas.authn.ldap[0].keystorePassword=changeit

cas.authn.ldap[0].keystoreType=PKCS12

### JPA Ticket Registry

cas.ticket.registry.jpa.user=${databaseUser}

cas.ticket.registry.jpa.password=${databasePassword}

cas.ticket.registry.jpa.driverClass=com.mysql.cj.jdbc.Driver

cas.ticket.registry.jpa.url=jdbc:mysql://127.0.0.1:3306/${databaseName}

cas.ticket.registry.jpa.dialect=org.hibernate.dialect.MySQL5InnoDBDialect

cas.ticket.registry.jpa.pool.suspension=false

cas.ticket.registry.jpa.pool.minSize=6

cas.ticket.registry.jpa.pool.maxSize=18

cas.ticket.registry.jpa.pool.maxWait=2000

cas.ticket.registry.jpa.pool.timeoutMillis=1000

cas.ticket.registry.jpa.healthQuery=select 1

cas.ticket.registry.jpa.ticketLockType=NONE

cas.ticket.registry.jpa.jpaLockingTimeout=3600

cas.ticket.registry.jpa.crypto.signing.key=mysupersecretsigningkey

cas.ticket.registry.jpa.crypto.signing.keySize=512

cas.ticket.registry.jpa.crypto.encryption.key=mysupersecretencryptionkey

cas.ticket.registry.jpa.crypto.encryption.keySize=512

cas.ticket.registry.jpa.crypto.alg=AES

cas.ticket.registry.jpa.crypto.enabled=false

### JPA Service Registry

cas.serviceRegistry.jpa.user=${databaseUser}

cas.serviceRegistry.jpa.password=${databasePassword}

cas.serviceRegistry.jpa.driverClass=com.mysql.cj.jdbc.Driver

cas.serviceRegistry.jpa.url=jdbc:mysql://127.0.0.1:3306/${databaseName}

cas.serviceRegistry.jpa.dialect=org.hibernate.dialect.MySQL5InnoDBDialect

cas.serviceRegistry.jpa.pool.suspension=false

cas.serviceRegistry.jpa.pool.minSize=6

cas.serviceRegistry.jpa.pool.maxSize=18

cas.serviceRegistry.jpa.pool.maxWait=2000

cas.serviceRegistry.jpa.pool.timeoutMillis=1000

cas.serviceRegistry.jpa.healthQuery=select 1

For ${ldapUrl} a ldaps://-adress-value is stored. Regular LDAP is working fine.. But I have to connect via LDAPS.

Am Dienstag, 27. August 2019 11:38:35 UTC+2 schrieb casuser:

Can you please share your CAS properties? For ldap authentication you don't need to connect to ssl.

On Tue, 27 Aug 2019, 5:00 pm tnbreitkreutz, <torben.b...@gmail.com> wrote:

Hello,

still having some issues with my instance of CAS 6.0.4. After some time it was possible to connect CAS to LDAP with the UnboundIdProvider and the login works, but.

I'm seeing an exception in Stackdriver, if I enable -Djavax.net.debug=ssl. I enabled debugging as the container crashes at some point...

javax.net.ssl|WARNING|32|Connection reader for connection 2 to active-directory.lan:636|2019-08-27 08:46:25.267 UTC|SSLSocketImpl.java:1289|handling exception (

    "throwable" : {

        java.net.SocketTimeoutException: Read timed out at java.base/java.net.SocketInputStream.socketRead0(Native Method) at java.base/java.net.SocketInputStream.socketRead(SocketInputStream.java:115) at java.base/java.net.SocketInputStream.read(SocketInputStream.java:168) at java.base/java.net.SocketInputStream.read(SocketInputStream.java:140) at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:448) at java.base/sun.security.ssl.SSLSocketInputRecord.bytesInCompletePacket(SSLSocketInputRecord.java:68) at java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1104) at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:823) at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:252) at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:271) at com.unboundid.asn1.ASN1StreamReader.read(ASN1StreamReader.java:1159) at com.unboundid.asn1.ASN1StreamReader.readType(ASN1StreamReader.java:332) at com.unboundid.asn1.ASN1StreamReader.beginSequence(ASN1StreamReader.java:1079) at com.unboundid.ldap.protocol.LDAPMessage.readLDAPResponseFrom(LDAPMessage.java:1151) at com.unboundid.ldap.sdk.LDAPConnectionReader.run(LDAPConnectionReader.java:225)

    }

)

ConnectionTimeouts were increased. I tried to create a new truststore/keystore and imported the necessary CA certificate, but that didn't change a thing.

What can I do here to get rid of this SocketTimeoutException?

Best regards

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

[Appify]

You don't need ssl for ldap authentication

Try the following :

cas.authn.ldap[0].ldapUrl=ldap://yourldapurl

cas.authn.ldap[0].useSsl=false

And comment out the keystore configurations.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/068f6116-5da1-435b-a0a3-1746d4d2263e%40apereo.org.

[tnbreitkreutz]

Hi,

according to company regulations I have to go with LDAPS, so I can't just do LDAP.

Am Dienstag, 27. August 2019 14:52:29 UTC+2 schrieb casuser:

You don't need ssl for ldap authentication

Try the following :

cas.authn.ldap[0].ldapUrl=ldap://yourldapurl

cas.authn.ldap[0].useSsl=false

And comment out the keystore configurations.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/068f6116-5da1-435b-a0a3-1746d4d2263e%40apereo.org.