Troubleshooting CAS Clearpass configuration

To troubleshoot CAS Clearpass configuration, enable logging as specified in  UP-4108 - Getting issue details... STATUS .  Also review  UP-4108 - Getting issue details... STATUS  to see what a valid CAS Clearpass transaction looks like.  This page lists some observations from experiences troubleshooting CAS Clearpass.

Scenario: uPortal is not able to obtain password from CAS, CAS has java.net.SocketTimeoutException: Read timed out

This can be caused by one of the following:

  • In filters/*.properties and how the cas clearpass property is specified in security.properties, CAS is making an HTTP call to uPortal to send the PGTIOU-PGT message.
  • In uPortal ehcache.xml, RMI cache replication is setup for clustered uPortal configuration but the RMI server list in filters/*.properties lists a server that is not accessible so RMI replication of the PGTIOU-PGT message holds up a response to CAS and CAS times out.