[cas-dev] Unable to validate ProxyTicketValidator

Uday Kari ukari at pdc.org
Thu Apr 12 22:20:43 EDT 2007 

Followed the instruction in the following thread and verified that the
SSL certification is in JVM cacerts file as required: 

 

http://www.mail-archive.com/cas-dev@tp.its.yale.edu/msg00090.html

 


However, I am still getting the Unable to validate ProxyTicketValidator
error when I finish logging in...

 

Specifically:

 

*	The request https://localhost:8443/ works fine with the familiar
warning about the SSL certificate being named differently than
localhost.  (so server is up).

 

*	https://localhost:8443/app1 leads to the application after the
above warning, but immediately redirects to CAS as expected.  

 

*	I login with the "equal" credentials such as yahoo/yahoo and
google/google.  

 

*	Apparently the ticket generates just fine. 

 

*	Then on the way back to render the protected (but very simple
jsp within the app1 context), I get an HTTP 500 error with the following
stack trace on the screen:

 

exception 

javax.servlet.ServletException: Unable to validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://localhost:8443/cas/proxyValidate]
ticket=[ST-6-cDriGKlSaCFOeNf3DWqLyILhIDaWlpW2JG7-20]
service=[https%3A%2F%2Flocalhost%3A8443%2Fapp1%2F] renew=false]]]
 
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)

root cause 

edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://localhost:8443/cas/proxyValidate]
ticket=[ST-6-cDriGKlSaCFOeNf3DWqLyILhIDaWlpW2JG7-20]
service=[https%3A%2F%2Flocalhost%3A8443%2Fapp1%2F] renew=false]]]
 
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
 
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilt
er.java:455)
 
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)

 

 

 

Specifically, here are the excerpts from my Catalina.2007-04-12.log for
the last two login attempts (user/password = yahoo, google)

 

Apr 12, 2007 3:56:13 PM edu.yale.its.tp.cas.client.CASReceipt getReceipt

SEVERE: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://localhost:8443/cas/proxyValidate]
ticket=[ST-4-P3kihjtft7UGHzY4PynoJkuyBLp7bfLBjD1-20]
service=[https%3A%2F%2Flocalhost%3A8443%2Fapp1%2F] renew=false]]]

Apr 12, 2007 3:56:13 PM edu.yale.its.tp.cas.client.filter.CASFilter
doFilter

SEVERE: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://localhost:8443/cas/proxyValidate]
ticket=[ST-4-P3kihjtft7UGHzY4PynoJkuyBLp7bfLBjD1-20]
service=[https%3A%2F%2Flocalhost%3A8443%2Fapp1%2F] renew=false]]]

Apr 12, 2007 3:57:53 PM edu.yale.its.tp.cas.client.CASReceipt getReceipt

SEVERE: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://localhost:8443/cas/proxyValidate]
ticket=[ST-5-prfNAfpSop6mcxseBbbEnBVnk7c7S0xwRIt-20]
service=[https%3A%2F%2Flocalhost%3A8443%2Fapp1%2F] renew=false]]]

Apr 12, 2007 3:57:53 PM edu.yale.its.tp.cas.client.filter.CASFilter
doFilter

SEVERE: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://localhost:8443/cas/proxyValidate]
ticket=[ST-5-prfNAfpSop6mcxseBbbEnBVnk7c7S0xwRIt-20]
service=[https%3A%2F%2Flocalhost%3A8443%2Fapp1%2F] renew=false]]]

 

 

And, the following from my stdout_20070412.log 

 

2007-04-12 15:56:13,099 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordA
uthenticationHandler successfully authenticated the user which provided
the following credentials: yahoo>

2007-04-12 15:56:13,099 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-4-P3kihjtft7UGHzY4PynoJkuyBLp7bfLBjD1-20] for service
[https://localhost:8443/app1/] for user [yahoo]>

2007-04-12 15:57:53,404 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordA
uthenticationHandler successfully authenticated the user which provided
the following credentials: google>

2007-04-12 15:57:53,404 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-5-prfNAfpSop6mcxseBbbEnBVnk7c7S0xwRIt-20] for service
[https://localhost:8443/app1/] for user [google]>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20070412/b874c3b3/attachment-0001.html

More information about the cas-dev mailing list