I have implemented a SSO service and, after a lot of days, I have got it. But now I have a problem, the CAS service (SSO) works if you are in the local network and in another network which is located in the same place, but if I connect from external network I'm not able to connect. I can access to service but in one step it fails with an error: connection refused.
I use phpCAS in order to authenticate to the service and the log is this:
3CEF .=> phpCAS::forceAuthentication() [portal.php:16]
3CEF .| => CAS_Client::forceAuthentication() [CAS.php:1098]
3CEF .| | => CAS_Client::isAuthenticated() [Client.php:1280]
3CEF .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1393]
3CEF .| | | | no user found [Client.php:1635]
3CEF .| | | <= false
3CEF .| | | CAS 2.0 ticket `ST-7-6cgDalH6VPKQ5vE6SyCB-cas' is present [Client.php:1447]
3CEF .| | | => CAS_Client::validateCAS20('', NULL, NULL, false) [Client.php:1450]
3CEF .| | | | [Client.php:3169]
3CEF .| | | | => CAS_Client::getServerServiceValidateURL() [Client.php:3176]
3CEF .| | | | | => CAS_Client::getURL() [Client.php:453]
3CEF .| | | | | | Final URI: https://www.XX.com/portal.php [Client.php:3548]
3CEF .| | | | | <= 'https://www.XX.com/portal.php'
3CEF .| | | | <= 'https://XX.com:8442/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fportal.php'
3CEF .| | | | => CAS_Client::_readURL('https://XX.com:8442/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fportal.php&ticket=ST-7-6cgDalH6VPKQ5vE6SyCB-cas', NULL, NULL, NULL) [Client.php:3191]
3CEF .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
3CEF .| | | | | | curl_exec() failed [CurlRequest.php:77]
3CEF .| | | | | <= false
3CEF .| | | | <= false
3CEF .| | | | could not open URL 'https://XX.com:8442/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fportal.php&ticket=ST-7-6cgDalH6VPKQ5vE6SyCB-cas' to validate (CURL error #7: Failed to connect to XX.com port 8442: Connection refused) [Client.php:3194]
3CEF .| | | | => CAS_AuthenticationException::__construct(CAS_Client, 'Ticket not validated', 'https://XX.com:8442/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fportal.php&ticket=ST-7-6cgDalH6VPKQ5vE6SyCB-cas', true) [Client.php:3198]
3CEF .| | | | | => CAS_Client::getURL() [AuthenticationException.php:77]
3CEF .| | | | | <= 'https://www.XX.com/portal.php'
3CEF .| | | | | CAS URL: https://XX.com:8442/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fportal.php&ticket=ST-7-6cgDalH6VPKQ5vE6SyCB-cas [AuthenticationException.php:80]
3CEF .| | | | | Authentication failure: Ticket not validated [AuthenticationException.php:81]
3CEF .| | | | | Reason: no response from the CAS server [AuthenticationException.php:83]
3CEF .| | | | | exit()
3CEF .| | | | | -
3CEF .| | | | -
3CEF .| | | -
3CEF .| | -
3CEF .| -
As I said, it works in a local and in a "semi-local" network, but I can't authenticate from external network.
I have the port 8442 open and, for some reason, from external network port 8442 is closed. I know that this is the problem but I don't know how to do to put this port listening the application. In fact, CAS service is located in a server and WebService (login, portal...) is located into another server. I have been configuring firewall but probably I'm doing something bad but I don't know what can be because in local it is working perfectly.
If I enter the URL of validateService with service and ticket (https://XX.com:8442/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fportal.php&ticket=ST-7-6cgDalH6VPKQ5vE6SyCB-cas) on browser I get the username correctly, so I don't know why in the transaction of phpCAS is not working.
I hope you can help me, thanks for your answers!
You are getting connection refused. That is clearly a firewall issue. If you have deployed your CAS application on a server, make sure that server is on the proper secure firewall zone that can be accessed externally. A network security person in your organization should be able to help you with this.
Related
Currently I am working on Codeigniter projected related to stores management. In model I used the following function to get the purchase & issues summary for the view through controller.
Function
function issueDetailReport($id,$start,$end){
$this->db->select('*, store_update_stock_details.item,
CASE
WHEN store_update_stock.order_status = "purchase" THEN tbl_supplier.supplier_name
WHEN store_update_stock.order_status = "issue" THEN store_officer.officer_name
END AS supplier');
$this->db->from('store_update_stock');
$this->db->join('store_update_stock_details','store_update_stock.update_stock_id=store_update_stock_details.update_stock_id');
$this->db->join('store_officer','store_update_stock.supplier=store_officer.officer_id');
$this->db->join('tbl_supplier','store_update_stock.supplier=tbl_supplier.supplier_id');
$this->db->join('store_item','store_update_stock_details.item=store_item.item_id');
$this->db->where("store_update_stock.status='1' and store_item.item_id=$id");
//$this->db->where('store_update_stock.update_stock_id in (select update_stock_id from store_update_stock) ');
if($start!=NULL && $end!=NULL)
$this->db->where("store_update_stock.billed_date BETWEEN '$start' AND '$end'");
$this->db->order_by('store_update_stock.purchased_date','DESC');
$q=$this->db->get();
if($q->num_rows()>0){
return $q->result();
}
return false;
}
02) All are working fine. But the case constructor fires the following error
A Database Error Occurred
Error Number: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.order_status = "issue" THEN store_officer.officer_name END AS supplier FR' at line 1
03) I tried to solve the issue. But did't get the desired output. I can't find the error & what may be wrong. Can anyone help me ?
Supplier Table
+-------------+---------------+
| supplier_id | supplier_name |
+-------------+---------------+
| 500 | ABC |
| 501 | DEF |
| 502 | GHI |
| 503 | JKL |
+-------------+---------------+
officer Table
+------------+--------------+
| officer_id | officer_name |
+------------+--------------+
| 1000 | Danial |
| 1001 | Jhon |
| 1002 | William |
| 1003 | Patrick |
| 1004 | Salman |
+------------+--------------+
Output
+------+--------------------------+------------+------------+--------------+
| item | supplier / officer_name | start | end | order_status |
+------+--------------------------+------------+------------+--------------+
| A4 | ABC | 2018-11-01 | 2018-11-01 | purchase |
| A5 | DEF | 2018-11-01 | 2018-11-01 | purchase |
| A3 | Danial | 2018-11-02 | 2018-11-02 | issue |
| B5 | Jhon | 2018-11-05 | 2018-11-05 | issue |
+------+--------------------------+------------+------------+--------------+
Try changing:
$this->db->select('*, store_update_stock_details.item,
CASE
WHEN store_update_stock.order_status = "purchase" THEN tbl_supplier.supplier_name
WHEN store_update_stock.order_status = "issue" THEN store_officer.officer_name
END AS supplier');
To:
$this->db->select('store_update_stock_details.item,
CASE
WHEN store_update_stock.order_status = "purchase" THEN tbl_supplier.supplier_name
WHEN store_update_stock.order_status = "issue" THEN store_officer.officer_name
END AS supplier, *');
MySQL doesn't like stuff in the select statements after *'s and many times it'll refuse to work
mysql is weirdly formatting my output even though the table isnt overflowing with data in any way (only 30-4 rows, and 4 columns).
Is there something I can do to adjust this?
mysql> select id, city, state, zip from location;
+----+----------------+-------+-------+
| id | city | state | zip |
+----+----------------+-------+-------+
| 97227 |and | OR
| 95814 |mento | CA
| 94607 |nd | CA
| 90245 |gundo | CA
| 90015 |ngeles | CA
| 85004 |ix | AZ
| 84101 |Lake City | UT
| 80204 |r | CO
| 78219 |ntonio | TX
| 77002 |on | TX
| 75219 |s | TX
| 73102 |oma City | OK
| 70113 |rleans | LA
| 60612 |go | IL
| 55403 |apolis | MN
| 53203 |ukee | WI
| 48326 |n Hills | MI
| 46204 |napolis | IN
| 44115 |land | OH
| 38103 |is | TN
| 33132 | | FL
| 32801 |do | FL
| 30303 |ta | GA
| 28202 |otte | NC
| 20004 |ngton | DC
| 19148 |delphia | PA
| 11217 |lyn | NY
| 10121 |ork | NY
| 29 | Boston | MA | 2114 |
+----+----------------+-------+-------+
29 rows in set (0.00 sec)
Somehow you got carriage returns at the end of most of the state values. You can remove them with:
UPDATE location SET state = TRIM(TRAILING '\r' FROM state);
And you should investigate the code you use to add rows to this table, to see why it's leaving those characters in the data. You're probably using a file that was created on Windows and loading it into a program that runs on Unix. You can use the dos2unix command on Linux to fix all the newlines in a file. Or you can fix the program so it removes extraneous carriage return characters.
I have a series of SMS messages I got from a dump and am planning on arranging it so each row only displays the latest message in each thread. I'm having problems writing this query but essentially since the Sender is always the same number (gateway number) then it would be best to group it by the Recipient (groupby number).
I can imagine this like email where the latest message being displayed can either be from the Sender or the Recipient (whichever is latest) but nonetheless grouped by the Recipient. Honestly, I don't know how to go about this.
Messages table. Type out means gateway sent it, in means groupby sent it.
| id | groupby | gateway | message | type | created |
-------------------------------------------------------------------------------
| 1 | +111 | +789 | Hello | out | 2015-01-01 00:00:00 |
| 2 | +222 | +789 | World | out | 2015-01-02 00:00:00 |
| 3 | +111 | +789 | What's | in | 2015-01-03 00:00:00 |
| 4 | +222 | +789 | New | in | 2015-01-04 00:00:00 |
| 5 | +111 | +789 | With You? | out | 2015-01-05 00:00:00 |
-------------------------------------------------------------------------------
So the result should be:
Result in html.
| id | groupby | message | sent from |
------------------------------------------------
| 5 | +111 | With You? | +789 |
| 4 | +222 | New | +222 |
------------------------------------------------
You can do this in many ways and one is
select
m.* from messages m
join(
select
groupby,
max(created) as created
from messages group by groupby
)m1
on m1.groupby = m.groupby and m1.created = m.created
SELECT id, `groupby`, message,
(CASE WHEN typo='out' THEN `groupby` ELSE gateway END) AS sentfrom
FROM __table__name
GROUP BY sentfrom ORDER BY created DESC;
I run 4 Unicorn processes for my Rails app and they eat up all the available MySQL connections causing it to collapse with 'too many connections' error. Today I had to reboot my DB instance 4 times. =(
Processes
$ ps ax | grep [u]ni
21618 ? Sl 0:15 unicorn master -D -c /home/deployer/apps/XXX/shared/config/unicorn.rb -E production
21632 ? Sl 0:20 unicorn worker[0] -D -c /home/deployer/apps/XXX/shared/config/unicorn.rb -E production
21636 ? Sl 0:14 unicorn worker[1] -D -c /home/deployer/apps/XXX/shared/config/unicorn.rb -E production
21640 ? Sl 0:20 unicorn worker[2] -D -c /home/deployer/apps/XXX/shared/config/unicorn.rb -E production
21645 ? Sl 0:12 unicorn worker[3] -D -c /home/deployer/apps/XXX/shared/config/unicorn.rb -E production
My database.yml is setting up 22 connections for the ActiveRecord pool...
...
production:
adapter: mysql2
encoding: utf8
database: xxx
username: xxx
password: xxx
host: xxx
port: 3306
pool: 22
...
And the Unicorn config file looks like this:
working_directory "/home/deployer/apps/XXX/current"
pid "/home/deployer/apps/XXX/shared/pids/unicorn.pid"
stderr_path "/home/deployer/apps/XXX/shared/log/unicorn.log"
stdout_path "/home/deployer/apps/XXX/shared/log/unicorn.log"
listen "/tmp/unicorn.XXX.sock"
worker_processes 4
timeout 100
preload_app true
before_fork do |server, worker|
# Disconnect since the database connection will not carry over
if defined? ActiveRecord::Base
ActiveRecord::Base.connection.disconnect!
end
# Quit the old unicorn process
old_pid = "#{server.config[:pid]}.oldbin"
if File.exists?(old_pid) && server.pid != old_pid
begin
Process.kill("QUIT", File.read(old_pid).to_i)
rescue Errno::ENOENT, Errno::ESRCH
# someone else did our job for us
end
end
end
after_fork do |server, worker|
# Start up the database connection again in the worker
if defined?(ActiveRecord::Base)
ActiveRecord::Base.establish_connection
end
child_pid = server.config[:pid].sub(".pid", ".#{worker.nr}.pid")
system("echo #{Process.pid} > #{child_pid}")
end
And if we look into the DB console, we'll see something like this. They've eaten most of the connections. (I had nothing but Unicorn running at the moment) To my mind there should have been 1 connection * 4 unicorns = 4 connections.
mysql> show full processlist;
+-----+----------+--------------------------------------------------+------------------------+---------+------+-------+-----------------------+
| Id | User | Host | db | Command | Time | State | Info |
+-----+----------+--------------------------------------------------+------------------------+---------+------+-------+-----------------------+
| 2 | rdsadmin | localhost:31383 | NULL | Sleep | 9 | | NULL |
| 52 | level | 212.100.140.42:50683 | leveltravel_production | Query | 0 | NULL | show full processlist |
| 74 | level | ip-10-55-10-151.eu-west-1.compute.internal:38197 | leveltravel_production | Sleep | 5 | | NULL |
| 75 | level | ip-10-55-10-151.eu-west-1.compute.internal:38199 | leveltravel_production | Sleep | 8 | | NULL |
| 76 | level | ip-10-55-10-151.eu-west-1.compute.internal:38201 | leveltravel_production | Sleep | 8 | | NULL |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CUT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| 157 | level | ip-10-55-10-151.eu-west-1.compute.internal:38321 | leveltravel_production | Sleep | 154 | | NULL |
| 158 | level | ip-10-55-10-151.eu-west-1.compute.internal:38322 | leveltravel_production | Sleep | 17 | | NULL |
| 159 | level | ip-10-55-10-151.eu-west-1.compute.internal:38325 | leveltravel_production | Sleep | 54 | | NULL |
| 160 | level | ip-10-55-10-151.eu-west-1.compute.internal:38326 | leveltravel_production | Sleep | 54 | | NULL |
| 161 | level | ip-10-55-10-151.eu-west-1.compute.internal:38327 | leveltravel_production | Sleep | 54 | | NULL |
| 162 | level | ip-10-55-10-151.eu-west-1.compute.internal:38329 | leveltravel_production | Sleep | 42 | | NULL |
+-----+----------+--------------------------------------------------+------------------------+---------+------+-------+-----------------------+
90 rows in set (0.15 sec)
You may also have a look at Issue #503 in sidekiq repository for the background of this problem https://github.com/mperham/sidekiq/issues/503
You have run 4 unicorn process. It is the PROCESS, NOT THREAD.
Every process have 22 connections in pool. Totally they have 22*4 = 88 connections.
If you want have 4 connection for 4 worker process, you can set pool: 1 in database.yml
Let's say I have N > 1 TCP-based, connection-oriented (read: not a website) services handling connections from end users in some load-balanced/sharing configuration.
These users do things that cause updates to one or more keys in the centralized Tokyo Tyrant datastore.
What do you recommend to push these changes to interested users connected to a different service instance running on the same private network (same colo.)?
User 1 Service 1 Tokyo Tyrant Service 2 User 2
------ --------- ------------ --------- ------
| | | | |
------> do something | | |
| | ---> put K 42 | |
| | | ----> Hey! K is now 42 |
| | | | ---> K was updated
A few ideas:
Broadcast the changes on successful update of the datastore from Service N to all other services
User 1 Service 1 Tokyo Tyrant LAN Broadcast Service 2 User 2
------ --------- ------------ ------------- --------- ------
| | | | | |
------> do something | | | |
| | ---> put K 42 | | |
| | -----------------> Hey! K is now 42 | |
| | | | --> Hey! K is now 42 |
| | | | | ---> K was updated
Store which Service each interested user is logged onto and send those services a message which is then relayed to the interested user; I suppose this is how IRC server-server connections work (need to research that).
User 1 Service 1 Tokyo Tyrant Service 2 User 2
------ --------- ------------ --------- ------
| | | | |
------> do something | | |
| | ---> put K 42 | |
| | ---> who cares? | |
| | <--- User 2 on Service 2 | |
--------------------------------------> Hey! K is now 42 |
| | | | ---> K was updated
Run a message broker (e.g. RabbitMQ); have each Service X subscribe to a queue on behalf of the interested users; post to it upon successful "put"s
User 1 Service 1 Tokyo Tyrant RabbitMQ Service 2 User 2
------ --------- ------------ -------- --------- ------
| | | | <--- subscribe --| |
------> do something | | | |
| | ---> put K 42 | | |
| | ------------------- post msg --> | |
| | | |----- notify ---->| |
| | | | | ---> K was updated
Yet another idea is to pretend to be a replication slave and connect to the master.
In general, I'm looking for a way to get "change notifications" as found in CouchDB but for Tokyo Tyrant. The idea is more general however.
If you suggest just using a message broker with persistent queues instead of a datastore like Tokyo Tyrant, please explain how I might hook into such to allow for validations, etc. I am not intimate yet with such.
My recommendation (and what I use) is the message broker approach. RabbitMQ keeps track on services (un)subscribing to different queues and you can use fanout exchanges.
Also, Tokyo Cabinet has a log (in a weird format though) which you can use to get the updates and push them to a queue. I only tried using a cron but I think it can be possible to get it in real time using a socket.