CAS 5.2.0 Falied adding ticket in Memcached Ticket Registry Key is too long (maxlen = 250)
392 views
Skip to first unread message
casuser
Dec 18, 2017, 3:58:24 AM12/18/17
to CAS Community
This is my cas.properties,
# cas.tgc.path=
cas.tgc.maxAge=-1
# cas.tgc.domain=
cas.tgc.signingKey=*******************************************************************************************
cas.tgc.name=TGC
cas.tgc.encryptionKey=*******************************************************************************************
cas.tgc.secure=false
cas.tgc.rememberMeMaxAge=1350000
cas.tgc.cipherEnabled=true
cas.webflow.signing.key=*******************************************************************************************
cas.webflow.signing.keySize=512
cas.webflow.encryption.keySize=16
cas.webflow.encryption.key=*******************************************************************************************
cas.webflow.crypto.signing.key=*******************************************************************************************
cas.webflow.crypto.encryption.key=*******************************************************************************************
#cas.webflow.crypto.enabled=false
cas.webflow.crypto.signing.keySize=512
cas.webflow.crypto.encryption.keySize=16
#cas.webflow.crypto.alg=AES
cas.tgc.crypto.signing.key=*******************************************************************************************
cas.tgc.crypto.encryption.key=*******************************************************************************************
# Service Registry
cas.serviceRegistry.watcherEnabled=true
cas.serviceRegistry.repeatInterval=120000
cas.serviceRegistry.startDelay=15000
cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.config.location=file:/etc/cas/config/services
cas.ticket.tgt.onlyTrackMostRecentSession=true
cas.ticket.tgt.maxLength=50
cas.monitor.tgt.warn.threshold=10
cas.monitor.tgt.warn.evictionThreshold=0
#
# #remember me in seconds
# # Set to a negative value to never expire tickets
cas.ticket.tgt.maxTimeToLiveInSeconds=135000
cas.ticket.tgt.timeToKillInSeconds=7200
cas.ticket.tgt.rememberMe.enabled=true
cas.ticket.tgt.rememberMe.timeToKillInSeconds=135000
cas.web.flow.GenericSuccessViewAction=*******************************************************************************************
cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=135000
##
#Throttled Timeout
##
cas.ticket.tgt.throttledTimeout.timeToKillInSeconds=28800
cas.ticket.tgt.throttledTimeout.timeInBetweenUsesInSeconds=5
cas.ticket.tgt.hardTimeout.timeToKillInSeconds=28800
cas.monitor.st.warn.threshold=10
cas.monitor.st.warn.evictionThreshold=0
cas.ticket.st.maxLength=20
cas.ticket.st.numberOfUses=1
cas.ticket.st.timeToKillInSeconds=180
cas.ticket.crypto.enabled=true
cas.ticket.crypto.signing.key=*******************************************************************************************
cas.ticket.crypto.encryption.key=*******************************************************************************************
I am getting an error in the catalina "java.lang.IllegalArgumentException: Key is too long (maxlen = 250)". How can I solve this?
This is the log:
2017-12-18 15:12:50,962 DEBUG [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Creating encryption key instance based on provided secret key>
2017-12-18 15:12:50,962 DEBUG [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Initialized cipher encryption sequence via content encryption [A128CBC-HS256] and algorithm [dir]>
2017-12-18 15:12:50,963 DEBUG [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Located signing key to use for [CAS Protocol Tickets]>
2017-12-18 15:12:50,963 DEBUG [org.apereo.cas.util.cipher.AbstractCipherExecutor] - <Created signing key instance [AesKey] based on provided secret key>
2017-12-18 15:12:50,964 DEBUG [org.apereo.cas.util.EncodingUtils] - <Encrypting via [A128CBC-HS256]>
2017-12-18 15:12:50,964 DEBUG [org.apereo.cas.ticket.factory.DefaultTicketGrantingTicketFactory] - <Encoded ticket-granting ticket id [*******************************************************************************************]>
2017-12-18 15:12:50,965 DEBUG [org.apereo.cas.ticket.registry.MemcachedTicketRegistry] - <Adding ticket [*******************************************************************************************]>
2017-12-18 15:12:50,965 ERROR [org.apereo.cas.ticket.registry.MemcachedTicketRegistry] - <Failed adding [*******************************************************************************************]>
java.lang.IllegalArgumentException: Key is too long (maxlen = 250)
2017-12-18 15:12:50,966 DEBUG [org.apereo.cas.AbstractCentralAuthenticationService] - <Publishing [org.apereo.cas.support.events.ticket.CasTicketGrantingTicketCreatedEvent@41e218bd[ticketGrantingTicket=*******************************************************************************************]]>
2017-12-18 15:12:50,966 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: USER
WHAT: *******************************************************************************************
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Mon Dec 18 15:13:10 MYT 2017
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
I should also mention that I don't see any ST created in the log too. I want to create the ST is well to validate the service.
# cas.tgc.path=
cas.tgc.maxAge=-1
# cas.tgc.domain=
cas.tgc.signingKey=*******************************************************************************************
cas.tgc.name=TGC
cas.tgc.encryptionKey=*******************************************************************************************
cas.tgc.secure=false
cas.tgc.rememberMeMaxAge=1350000
cas.tgc.cipherEnabled=true
cas.webflow.signing.key=*******************************************************************************************
cas.webflow.signing.keySize=512
cas.webflow.encryption.keySize=16
cas.webflow.encryption.key=*******************************************************************************************
cas.webflow.crypto.signing.key=*******************************************************************************************
cas.webflow.crypto.encryption.key=*******************************************************************************************
#cas.webflow.crypto.enabled=false
cas.webflow.crypto.signing.keySize=512
cas.webflow.crypto.encryption.keySize=16
#cas.webflow.crypto.alg=AES
cas.tgc.crypto.signing.key=*******************************************************************************************
cas.tgc.crypto.encryption.key=*******************************************************************************************
# Service Registry
cas.serviceRegistry.watcherEnabled=true
cas.serviceRegistry.repeatInterval=120000
cas.serviceRegistry.startDelay=15000
cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.config.location=file:/etc/cas/config/services
cas.ticket.tgt.onlyTrackMostRecentSession=true
cas.ticket.tgt.maxLength=50
cas.monitor.tgt.warn.threshold=10
cas.monitor.tgt.warn.evictionThreshold=0
#
# #remember me in seconds
# # Set to a negative value to never expire tickets
cas.ticket.tgt.maxTimeToLiveInSeconds=135000
cas.ticket.tgt.timeToKillInSeconds=7200
cas.ticket.tgt.rememberMe.enabled=true
cas.ticket.tgt.rememberMe.timeToKillInSeconds=135000
cas.web.flow.GenericSuccessViewAction=*******************************************************************************************
cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=135000
##
#Throttled Timeout
##
cas.ticket.tgt.throttledTimeout.timeToKillInSeconds=28800
cas.ticket.tgt.throttledTimeout.timeInBetweenUsesInSeconds=5
cas.ticket.tgt.hardTimeout.timeToKillInSeconds=28800
cas.monitor.st.warn.threshold=10
cas.monitor.st.warn.evictionThreshold=0
cas.ticket.st.maxLength=20
cas.ticket.st.numberOfUses=1
cas.ticket.st.timeToKillInSeconds=180
cas.ticket.crypto.enabled=true
cas.ticket.crypto.signing.key=*******************************************************************************************
cas.ticket.crypto.encryption.key=*******************************************************************************************
I am getting an error in the catalina "java.lang.IllegalArgumentException: Key is too long (maxlen = 250)". How can I solve this?
This is the log:
2017-12-18 15:12:50,962 DEBUG [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Creating encryption key instance based on provided secret key>
2017-12-18 15:12:50,962 DEBUG [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Initialized cipher encryption sequence via content encryption [A128CBC-HS256] and algorithm [dir]>
2017-12-18 15:12:50,963 DEBUG [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Located signing key to use for [CAS Protocol Tickets]>
2017-12-18 15:12:50,963 DEBUG [org.apereo.cas.util.cipher.AbstractCipherExecutor] - <Created signing key instance [AesKey] based on provided secret key>
2017-12-18 15:12:50,964 DEBUG [org.apereo.cas.util.EncodingUtils] - <Encrypting via [A128CBC-HS256]>
2017-12-18 15:12:50,964 DEBUG [org.apereo.cas.ticket.factory.DefaultTicketGrantingTicketFactory] - <Encoded ticket-granting ticket id [*******************************************************************************************]>
2017-12-18 15:12:50,965 DEBUG [org.apereo.cas.ticket.registry.MemcachedTicketRegistry] - <Adding ticket [*******************************************************************************************]>
2017-12-18 15:12:50,965 ERROR [org.apereo.cas.ticket.registry.MemcachedTicketRegistry] - <Failed adding [*******************************************************************************************]>
java.lang.IllegalArgumentException: Key is too long (maxlen = 250)
2017-12-18 15:12:50,966 DEBUG [org.apereo.cas.AbstractCentralAuthenticationService] - <Publishing [org.apereo.cas.support.events.ticket.CasTicketGrantingTicketCreatedEvent@41e218bd[ticketGrantingTicket=*******************************************************************************************]]>
2017-12-18 15:12:50,966 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: USER
WHAT: *******************************************************************************************
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Mon Dec 18 15:13:10 MYT 2017
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
I should also mention that I don't see any ST created in the log too. I want to create the ST is well to validate the service.
Jérôme LELEU
Dec 18, 2017, 4:37:09 AM12/18/17
to CAS Community
Hi,
The encryption of the TGC makes it too long for a Memcached key: do you really need it?
Thanks.
Best regards,
Jérôme
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/242eb0e3-4e51-4709-9f71-bdc0782e74bd%40apereo.org.
casuser
Dec 18, 2017, 4:56:28 AM12/18/17
to CAS Community
no i don't need the TGC too long, how can I make it shorter?
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
Jérôme LELEU
Dec 18, 2017, 1:14:29 PM12/18/17
to CAS Community
Hi,
It's a matter of extra security via signing and encryption, not directly a matter of size. So you can disable the encryption and signature of the TGT via the appropriate properties: cas.tgc.crypto.encryption.key= and cas.tgc.crypto.signing.key=
Leave them blank.
Thanks.
Best regards,
Jérôme
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d8fb1cb4-ebde-4f64-8f52-e817e3ae2bef%40apereo.org.
Reply all
Reply to author
Forward
0 new messages