INVALID_TICKET/ticket not recognized error for just granted ticket...

Scott Battaglia scott.battaglia at gmail.com
Sun Jan 14 23:42:58 EST 2007 

If you turn on DEBUG level logging on the CAS server it should give you a
better indication of why the server is rejecting the ticket.

-Scott

On 1/13/07, tedzo <tedzo2003 at yahoo.com> wrote:
>
> Hello,
> With the CAS filters set, I am redirected to CAS's login page and after
> successful login (username=password), I am redirected to my app's page with
> a ticket. However, If you notice the log entries below, the first line
> mentions that a ticket was granted (ST-2....). The next line complains that
> the just granted ticket is invalid and is not recognized. Further down, at
> the bottom, another ticket appears to be granted (ST-3....). I am not sure
> why a second one was granted.
>
> My tomcat's logs-
>
> 2007-01-13 17:38:37,758 INFO [
> org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket
> [ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20] for service [
> http://localhost:8080/DMM/login.jsp] for user [ml]>
> 2007-01-13 17:38:38,211 ERROR [http-8080-Processor25] client.CASReceipt:61
> - validation of [[edu.yale.its.tp.cas.client.ProxyTicketValidatorproxyList=[null] [
> edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[
> https://localhost:8443/cas/proxyValidate]
> ticket=[ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20]
> service=[http%3A%2F%2Flocalhost%3A8080%2FDMM%2Flogin.jsp]
> errorCode=[INVALID_TICKET] errorMessage=[ticket
> 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not recognized] renew=false
> entireResponse=[<cas:serviceResponse xmlns:cas='
> http://www.yale.edu/tp/cas' <http://www.yale.edu/tp/cas%27>>
>     <cas:authenticationFailure code='INVALID_TICKET'>
>         ticket 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not
> recognized
>     </cas:authenticationFailure>
> </cas:serviceResponse>
> ]]]] was not successful.
> 2007-01-13 17:38:38,242 ERROR [http-8080-Processor25] filter.CASFilter:380     -
> edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate
> ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidatorproxyList=[null] [
> edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[
> https://localhost:8443/cas/proxyValidate]
> ticket=[ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20]
> service=[http%3A%2F%2Flocalhost%3A8080%2FDMM%2Flogin.jsp]
> errorCode=[INVALID_TICKET] errorMessage=[ticket
> 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not recognized] renew=false
> entireResponse=[<cas:serviceResponse xmlns:cas='
> http://www.yale.edu/tp/cas' <http://www.yale.edu/tp/cas%27>>
>     <cas:authenticationFailure code='INVALID_TICKET'>
>         ticket 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not
> recognized
>     </cas:authenticationFailure>
> </cas:serviceResponse>
> ]]]]
> 2007-01-13 17:38:38,258 ERROR [http-8080-Processor25] [/DMM].[jsp]
> :253     - Servlet.service() for servlet jsp threw exception
> edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate
> ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidatorproxyList=[null] [
> edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[
> https://localhost:8443/cas/proxyValidate]
> ticket=[ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20]
> service=[http%3A%2F%2Flocalhost%3A8080%2FDMM%2Flogin.jsp]
> errorCode=[INVALID_TICKET] errorMessage=[ticket
> 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not recognized] renew=false
> entireResponse=[<cas:serviceResponse xmlns:cas='
> http://www.yale.edu/tp/cas' <http://www.yale.edu/tp/cas%27>>
>     <cas:authenticationFailure code='INVALID_TICKET'>
>         ticket 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not
> recognized
>     </cas:authenticationFailure>
> </cas:serviceResponse>
> ]]]]
>     at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java
> :62)
>     at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(
> CASFilter.java:455)
> ......
>
> 2007-01-13 17:38:38,774 INFO [
> org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket
> [ST-3-CJAKM2GaTN17LOYzwGxc12YCryRPVKe37KB-20] for service [
> http://localhost:8080/DMM/login.jsp] for user [ml]>
>
> I believe everything else is correctly setup. I can access
> https://localhost and go to Tomcat's initial page. I have exported and
> imported certificates using keytool. The jvm that tomcat uses knows about
> the certificates as does Tomcat itself.
> web.xml
> <filter>
>     <filter-name>CAS Filter</filter-name>
>     <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter
> </filter-class>
>     <init-param>
>       <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
>       <param-value>https://localhost:8443/cas/login</param-value>
>     </init-param>
>     <init-param>
>       <param-name>edu.yale.its.tp.cas.client.filter.validateUrl
> </param-name>
>       <param-value>https://localhost:8443/cas/proxyValidate</param-value>
>     </init-param>
>     <init-param>
>       <param-name>edu.yale.its.tp.cas.client.filter.serviceUrl
> </param-name>
>       <param-value>http://localhost:8080/DMM/login.jsp</param-value>
>     </init-param>
>   </filter>
>
>   <filter-mapping>
>     <filter-name>CAS Filter</filter-name>
>     <url-pattern>*.jsp</url-pattern>
>     <dispatcher>FORWARD</dispatcher>
>     <dispatcher>INCLUDE</dispatcher>
>     <dispatcher>REQUEST</dispatcher>
>   </filter-mapping>
>
> server.xml-
>         <Connector port="8443" maxHttpHeaderSize="8192"
>                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>                enableLookups="false" disableUploadTimeout="true"
>                acceptCount="100" scheme="https" secure="true"
>                clientAuth="false" keystoreFile="C:\Documents and
> Settings\av\.keystore"
>                keystorePass="changeit" sslProtocol="TLS"/>
>
> Any help is appreciated.
>
> Av.
>
> ------------------------------
> TV dinner still cooling?
> Check out "Tonight's Picks"<http://us.rd.yahoo.com/evt=49979/*http://tv.yahoo.com/>on Yahoo! TV.
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070114/20505d7f/attachment.html

More information about the cas mailing list