CAS Authentication Error

Clifford Bryant CBryant at edgewater.com
Mon Sep 24 14:42:41 EDT 2007 

We are using Java 1.4.2 and Tomcat 5.5.  I think that the problem was
because the link was using HTTP (port 8080), and not HTTPS (port 8443).

 

Is it possible to specify a different link for CAS to return to, after
the user is authenticated?

 

________________________________

From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
On Behalf Of Scott Battaglia
Sent: Monday, September 24, 2007 2:19 PM
To: Yale CAS mailing list
Subject: Re: CAS Authentication Error

 

Clifford,

Can you confirm that the service url you sent on authentication request
exactly matches the service url sent on ticket validation?

Since you're using a version older than CAS 3.1, you'll need to check
the access logs to confirm this (or attempt to discern it from the
web.xml).

-Scott

On 9/24/07, Clifford Bryant <CBryant at edgewater.com> wrote:

Hello,

 

I am trying to implement CAS in a Cold Fusion app.  The CAS servlet
filter was added to the CF web.xml, and the casclient.jar was added to
the CF WEB-INF/lib.  The app redirects to the CAS login page, and it
looks as though the authentication is valid.  But, a servlet exception
is thrown (See below.).

 

2007-09-24 11:46:56,447 INFO
[org.jasig.cas.web.flow.AutomaticCookiePathSetterAction] - <Setting
ContextPath for cookies to: /cas>

2007-09-24 11:47:10,345 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
com.rs.cas.authentication.RSCasAuthenticationHandler successfully
authenticated the user which provided the following credentials:
Admin100>

2007-09-24 11:47:10,370 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-2-9TslNwdujd739Sk7cVAXqPxBZS39dklt5wr-20] for service
[http://rsdev01:8443/golddev/hmm/default.cfm] for user [Admin100]>

 

SEVERE: Servlet.service() for servlet CfmServlet threw exception

javax.servlet.ServletException: CAS authentication error:
INVALID_SERVICE: ticket 'ST-2-9TslNwdujd739Sk7cVAXqPxBZS39dklt5wr-20'
does not match supplied service

        at
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilt
er.java:220)

        at
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)

        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:215)

        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:188)

        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:210)

        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
e.java:174)

        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:127)

        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:117)

        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:108)

        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1
51)

        at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:87
0)

        at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.proc
essConnection(Http11BaseProtocol.java:665)

        at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint
.java:528)

        at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollow
erWorkerThread.java:81)

        at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool
.java:685)

        at java.lang.Thread.run(Thread.java:534)       

 

Cliff Bryant

 

This e-mail and any files transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they are
addressed.  This communication may contain information that is protected
from disclosure by applicable law.  If you are not the intended
recipient, or the employee or agent responsible for delivering this
communication to the intended recipient, be advised that you have
received this e-mail in error and any use, dissemination, forwarding,
printing or copying of this e-mail is strictly prohibited.  If you
believe that you have received this e-mail in error, please immediately
notify Edgewater Technology by telephone at (781) 246-3343 and delete
the communication from all e-mail files.
 


_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas




-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia 



This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed.  This communication may contain information that is protected from disclosure by applicable law.  If you are not the intended recipient, or the employee or agent responsible for delivering this communication to the intended recipient, be advised that you have received this e-mail in error and any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited.  If you believe that you have received this e-mail in error, please immediately notify Edgewater Technology by telephone at (781) 246-3343 and delete the communication from all e-mail files.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070924/5d2965ef/attachment.html

More information about the cas mailing list