Single Log Out - which version
Scott Battaglia
scott.battaglia at gmail.com
Wed Aug 6 08:10:36 EDT 2008
On Wed, Aug 6, 2008 at 12:40 AM, Tracy12 <j_lalith at yahoo.com> wrote:
>
> Thanks scot,
>
> In CAS 3.0.3 it was enough to do those configurations to pass addtional
> information to the client, but it looks to me it is not the case with CAS
> 3.2.1.1, there wasn't any confilict with my custom principal conflicting
> with CAS services earlier 3.0.x.
>
> But it looks to me now it is different, I can't understand why we preserve
> the above feature in CAS 3.2.1.1. Any how one of the things which I
> observed
> is SimplePrincipal is hard wired in top level classes like
> CentralAuthenticationServiceImpl. Which was not the case in CAS 3.0.x, Any
> how all are observations, these changes are for some reason.
I believe I've already explained in my previous email that the principal is
used in conjunction with the Services Management tool to limit the
attributes returned to services. In order for it to be used it has to have
a concrete implementation it can construct.
>
>
> We thougth there are two paths for us to proceed with CAS 3.2..1.1 with
> regards to this
>
> 1) modify the SimplePrinical to have more properties similar to my Custom
> Principal and with no other additional configuration.
That's not going to work. They won't be copied over.
>
>
> 2) change the deployerConfigContext.xml to have our own
> RegisteredServiceImpl
>
> As above no 2 is not clear as a easy approach we did add addtional setter
> and getters for the SimplePrincipal, the result was there wasn't any errors
> but did not pass additional attributes to the client apart from id, Do we
> have to add the addtional attributes some where.
I'm pretty sure adding a default RegisteredServicesImpl to the registry in
configuration that basically says "please ignore attributes and just pass
the principal along" is the easier of the two options.
>
>
> The best we like to have is above no 2, which is not clear for us, can you
> pls elaborate it with a example. are you refereing to the following, can
> you provide us a sample. What exactly the service you are refering here.
>
> <bean
> id="serviceRegistryDao"
>
> class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />
>
> What exactly do we have to do?
What you really should be doing is not using custom principals now that we
have support for attributes as a map on the Principal and populating that
map. And then configuring in the Services Management tool the default list
of attributes to send back to every application. But if you're not going to
do that then you should configure the InMemoryServiceRegistryDaoImpl to have
one RegisteredServiceImpl added to it (via the XML configuration) that sets
the ignoreAttributes property to true and is set to cover all of your
services.
> As I described in my previous mails the success service validae protocoal
> jsp looks as follows with additional information
What it looks like doesn't matter if you're not going to configure the CAS
server to ignore the Services Management tool.
-Scott
>
>
> <%@ page session="false" %><%@ taglib prefix="c"
> uri="http://java.sun.com/jsp/jstl/core" %><%@ taglib
> uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"
> %><cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
> <cas:authenticationSuccess>
>
>
> <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].
> principal.id)}</cas:user>
>
>
> <cas:firstName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.firstName)}</cas:firstName>
>
>
> <cas:middleName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.middleName)}</cas:middleName>
>
>
> <cas:lastName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.lastName)}</cas:lastName>
>
>
> <cas:displayName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.displayName)}</cas:displayName>
>
>
> <cas:userType>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.userType)}</cas:userType>
>
> <c:if test="${not empty pgtIou}">
> <cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
> </c:if>
> <c:if test="${fn:length(assertion.chainedAuthentications) > 1}">
> <cas:proxies>
> <c:forEach var="proxy" items="${assertion.chainedAuthentications}"
> varStatus="loopStatus" begin="0"
> end="${fn:length(assertion.chainedAuthentications)-2}" step="1">
> <cas:proxy>${fn:escapeXml(proxy.principal.id
> )}</cas:proxy>
> </c:forEach>
> </cas:proxies>
> </c:if>
> </cas:authenticationSuccess>
> </cas:serviceResponse>
>
>
>
>
>
>
>
>
>
>
> scott_battaglia wrote:
> >
> > It looks like your custom principal is conflicting with the Services
> > Management tool. You can basically tell CAS to ignore the Services
> > Management tool by essentially reconfiguring the
> InMemoryServiceManagerDao
> > (in the deployerConfigContext.xml).
> >
> > You'll need to add one RegisteredServiceImpl with a path pattern that
> > matches all of your services (i.e. **/**) and then set the
> > ignoreAttributes
> > property to true.
> >
> > The Services Management tool exists to allow you to configure which
> > services
> > can see which attributes. Unfortunately its designed to work with the
> > principals that exist with CAS.
> >
> > -Scott
> >
> > -Scott Battaglia
> > PGP Public Key Id: 0x383733AA
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >
> >
> > On Tue, Aug 5, 2008 at 4:20 AM, Tracy12 <j_lalith at yahoo.com> wrote:
> >
> >>
> >> Yes I did the manual way and could produce what the error is,
> >> I have my own JAASAuthHanlder and credential to principal resolvers also
> >> my
> >> own Principal extends from the pricipal,
> >>
> >> But it gives the follwoing exception, it tries to find attribtues in the
> >> org.jasig.cas.authentication.principal.SimplePrincipal
> >> instead of mine,
> >>
> >> I have defined Authhandlers and Resolvers in deployerConfigContext.xml
> >> properly.
> >>
> >> Note:
> >> ......
> >>
> >> My principal got more attributes than normal one and protocol jsps are
> >> modified accordingly, this was working fine in CAS 3.0.x, is there any
> >> change in the new version
> >>
> >>
> >>
> >> org.apache.jasper.JasperException: Exception in JSP:
> >> /WEB-INF/view/jsp/protocol/2.0/casServiceValidationSuccess.jsp:4
> >>
> >> 1: <%@ page session="false" %><%@ taglib prefix="c"
> >> uri="http://java.sun.com/jsp/jstl/core" %><%@ taglib
> >> uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"
> >> %><cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
> >> 2: <cas:authenticationSuccess>
> >> 3:
> >>
> >>
> <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].
> >> principal.id)}</cas:user>
> >> 4:
> >>
> >>
> <cas:firstName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.firstName)}</cas:firstName>
> >> 5:
> >>
> >>
> <cas:middleName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.middleName)}</cas:middleName>
> >> 6:
> >>
> >>
> <cas:lastName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.lastName)}</cas:lastName>
> >> 7:
> >>
> >>
> <cas:displayName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.displayName)}</cas:displayName>
> >>
> >>
> >> Stacktrace:
> >>
> >>
> >>
> org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:451)
> >>
> >>
> >>
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:355)
> >>
> >>
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
> >> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >>
> >>
> >>
> org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:171)
> >>
> >>
> >>
> org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:251)
> >>
> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1160)
> >>
> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:901)
> >>
> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809)
> >>
> >>
> >>
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
> >>
> >>
> >>
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431)
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >>
> >>
> >>
> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
> >>
> >>
> >>
> org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
> >>
> >>
> >>
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
> >>
> >> root cause
> >>
> >> javax.servlet.ServletException: Unable to find a value for "firstName"
> in
> >> object of class "org.jasig.cas.authentication.principal.SimplePrincipal"
> >> using operator "."
> >>
> >>
> >>
> org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:841)
> >>
> >>
> >>
> org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:774)
> >>
> >>
> >>
> org.apache.jsp.WEB_002dINF.view.jsp.protocol._2_0.casServiceValidationSuccess_jsp._jspService(casServiceValidationSuccess_jsp.java:97)
> >>
> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >>
> >>
> >>
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
> >>
> >>
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
> >> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >>
> >>
> >>
> org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:171)
> >>
> >>
> >>
> org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:251)
> >>
> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1160)
> >>
> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:901)
> >>
> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809)
> >>
> >>
> >>
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
> >>
> >>
> >>
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431)
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >>
> >>
> >>
> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
> >>
> >>
> >>
> org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
> >>
> >>
> >>
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
> >>
> >> root cause
> >>
> >> javax.servlet.jsp.el.ELException: Unable to find a value for "firstName"
> >> in
> >> object of class "org.jasig.cas.authentication.principal.SimplePrincipal"
> >> using operator "."
> >> org.apache.commons.el.Logger.logError(Logger.java:481)
> >> org.apache.commons.el.Logger.logError(Logger.java:498)
> >> org.apache.commons.el.Logger.logError(Logger.java:611)
> >> org.apache.commons.el.ArraySuffix.evaluate(ArraySuffix.java:340)
> >>
> org.apache.commons.el.ComplexValue.evaluate(ComplexValue.java:145)
> >>
> >>
> >>
> org.apache.commons.el.FunctionInvocation.evaluate(FunctionInvocation.java:163)
> >>
> >>
> >>
> org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:263)
> >>
> >>
> >>
> org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:190)
> >>
> >>
> >>
> org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:924)
> >>
> >>
> >>
> org.apache.jsp.WEB_002dINF.view.jsp.protocol._2_0.casServiceValidationSuccess_jsp._jspService(casServiceValidationSuccess_jsp.java:67)
> >>
> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >>
> >>
> >>
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
> >>
> >>
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
> >> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >>
> >>
> >>
> org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:171)
> >>
> >>
> >>
> org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:251)
> >>
> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1160)
> >>
> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:901)
> >>
> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809)
> >>
> >>
> >>
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
> >>
> >>
> >>
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431)
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >>
> >>
> >>
> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
> >>
> >>
> >>
> org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
> >>
> >>
> >>
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
> >>
> >> note The full stack trace of the root cause is available in the Apache
> >> Tomcat/5.5.25 logs.
> >> Apache Tomcat/5.5.25
> >>
> >>
> >> scott_battaglia wrote:
> >> >
> >> > If there really is an error then those log4j settings should have
> >> worked.
> >> > You can also try manually getting a ticket and then manually
> validating
> >> it
> >> > in the browser to see what the error is.
> >> >
> >> > 3.2.1.1 and 3.2.1 only differ in a couple JSP pages not used in the
> >> > validation part.
> >> >
> >> > -Scott
> >> >
> >> >
> >> >
> >> > On Mon, Aug 4, 2008 at 10:09 PM, Tracy12 <j_lalith at yahoo.com> wrote:
> >> >
> >> >>
> >> >> Thanks Scott,
> >> >>
> >> >> Client side it throws the following exception, and to debug server
> >> side
> >> >> CAS
> >> >> I changed the log4j.properties of
> >> >> /cas-server-3.2.1.1/cas-server-webapp/src/main/webapp/WEB-INF/classes
> >> >> as follows (last couple of entries), but still I can't see any log
> >> error
> >> >> in cas.log as well as catalina.out
> >> >>
> >> >> Am I doing something wrong., Can you let me know a specific location
> >> to
> >> >> track the error.?
> >> >>
> >> >> log4j.logger.org.springframework=DEBUG
> >> >> log4j.logger.org.jasig=DEBUG
> >> >>
> >> >> log4j.logger.org.jasig.cas.web.flow=DEBUG
> >> >> log4j.logger.org.jasig.cas.authentication=DEBUG
> >> >> log4j.logger.org.jasig.cas.services=DEBUG
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> Client Error
> >> >>
> >> >> java.io.IOException: Server returned HTTP response code: 500 for URL:
> >> >>
> >> >>
> >>
> https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-sKehsbEf5Spajj7bKh5i-cas
> >> >> at
> >> >>
> >> >>
> >>
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1170)
> >> >> at
> >> >>
> >> >>
> >>
> com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204)
> >> >> at
> >> edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
> >> >> at
> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:228)
> >> >> at
> >> >> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:64)
> >> >> at
> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:344)
> >> >> at
> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289)
> >> >> at
> >> >>
> >> >>
> >>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
> >> >> at
> >> >>
> >> >>
> >>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> >> >> at
> >> >>
> >> >>
> >>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> >> >> at
> >> >>
> >> >>
> >>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
> >> >> at
> >> >>
> >> >>
> >>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> >> >> at
> >> >>
> >> >>
> >>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> >> >> at
> >> >>
> >> >>
> >>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> >> >> at
> >> >>
> >>
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
> >> >>
> >> >>
> >> >> scott_battaglia wrote:
> >> >> >
> >> >> > You'll have to look in the CAS logs as to why there's a 500 error
> in
> >> >> the
> >> >> > server.
> >> >> >
> >> >> > -Scott
> >> >> >
> >> >> > -Scott Battaglia
> >> >> > PGP Public Key Id: 0x383733AA
> >> >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >> >> >
> >> >> >
> >> >> > On Mon, Aug 4, 2008 at 8:45 PM, Tracy12 <j_lalith at yahoo.com>
> wrote:
> >> >> >
> >> >> >>
> >> >> >> I realized the reason for the invalid ticket is because I got the
> >> >> >> firstURL
> >> >> >> and did another hit basically I am trying to validate a ticket
> >> twice,
> >> >> >>
> >> >> >> But the first exception I got was nothing related to invalid
> ticket
> >> >> but
> >> >> >> something else a I stated in previous email.
> >> >> >>
> >> >> >> The thing which I can't understand is I got uPortal 2.5.3 with
> Yale
> >> >> CAS
> >> >> >> Client workiing fine with CAS 3.0.x,
> >> >> >>
> >> >> >> but with the similar setup when I replace CAS 3.2.1.1 it throws
> the
> >> >> above
> >> >> >> exception for the serviceValidate.
> >> >> >>
> >> >> >> If CAS 3.2.1.1 is compatible with Yale CAS client 2.1, I dont
> need
> >> to
> >> >> do
> >> >> >> any
> >> >> >> configuration change in uPortal or Yale CAS client, isnt it?
> >> >> >>
> >> >> >> How Can I trouble shoot this more in the CAS 3.2.1.1
> >> >> >>
> >> >> >> Thanks
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> scott_battaglia wrote:
> >> >> >> >
> >> >> >> > It usually just means the ticket can't be found ;-) That
> usually
> >> >> >> occurs
> >> >> >> > if
> >> >> >> > for some reason the ticket id being passed in is wrong or you've
> >> >> tried
> >> >> >> to
> >> >> >> > validate a ticket twice.
> >> >> >> >
> >> >> >> > -Scott
> >> >> >> >
> >> >> >> >
> >> >> >> > On Mon, Aug 4, 2008 at 1:08 AM, Tracy12 <j_lalith at yahoo.com>
> >> wrote:
> >> >> >> >
> >> >> >> >>
> >> >> >> >> Hi Scott,
> >> >> >> >>
> >> >> >> >> I started debugging from the yale cas client. It fails the
> >> >> >> >> SecureURL.retrieve(url); statement of the validate method
> inside
> >> >> the
> >> >> >> >> ServiceTicketValidator.
> >> >> >> >>
> >> >> >> >> When I take a new browser instance and hit the above url which
> >> is
> >> >> used
> >> >> >> in
> >> >> >> >> SecureURL.retrieve(url). In the browser it comes with the
> >> following
> >> >> >> >> exception.
> >> >> >> >>
> >> >> >> >> url is something similar to this
> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-s2DXcqysNuwwc6C6xwUC-cas
> >> >> >> >>
> >> >> >> >> Is there any server configuration required in this new CAS
> >> >> >> >> 3.2.1.1compared
> >> >> >> >> to CAS 3.0.x
> >> >> >> >>
> >> >> >> >> I can't think this as a certificate issue as when new CAS
> >> 3.2.1.1
> >> >> is
> >> >> >> >> replaced with CAS 3.0.x it works with yale cas client 2.x
> >> >> >> >>
> >> >> >> >> What exactly the reason for the following error
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
> >> >> >> >> <cas:authenticationFailure code='INVALID_TICKET'>
> >> >> >> >> ticket 'ST-1-s2DXcqysNuwwc6C6xwUC-cas' not
> >> >> recognized
> >> >> >> >> </cas:authenticationFailure>
> >> >> >> >> </cas:serviceResponse>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> scott_battaglia wrote:
> >> >> >> >> >
> >> >> >> >> > The Yale CAS Client works perfectly fine with the CAS
> >> >> 3.2.1.1server
> >> >> >> >> > release
> >> >> >> >> > (unless there is some bug we don't know about ).
> >> >> >> >> >
> >> >> >> >> > -Scott
> >> >> >> >> >
> >> >> >> >> > -Scott Battaglia
> >> >> >> >> > PGP Public Key Id: 0x383733AA
> >> >> >> >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > On Fri, Aug 1, 2008 at 1:59 AM, Tracy12 <j_lalith at yahoo.com>
> >> >> wrote:
> >> >> >> >> >
> >> >> >> >> >>
> >> >> >> >> >> Even though, it doesnt support single log out, it should
> >> support
> >> >> >> >> things
> >> >> >> >> >> like
> >> >> >> >> >> serviceValidate isn't it?
> >> >> >> >> >>
> >> >> >> >> >> But I am getting the following exception, When I replace the
> >> old
> >> >> >> CAS
> >> >> >> >> >> which
> >> >> >> >> >> is 3.0.x it is working fine, which means it is nothing to do
> >> >> with
> >> >> >> the
> >> >> >> >> >> certificates,
> >> >> >> >> >>
> >> >> >> >> >> We are using yale cas client 2.1 in the uPortal.
> >> >> >> >> >>
> >> >> >> >> >> Thanks
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >> type Exception report
> >> >> >> >> >>
> >> >> >> >> >> message
> >> >> >> >> >>
> >> >> >> >> >> description The server encountered an internal error () that
> >> >> >> prevented
> >> >> >> >> it
> >> >> >> >> >> from fulfilling this request.
> >> >> >> >> >>
> >> >> >> >> >> exception
> >> >> >> >> >>
> >> >> >> >> >> javax.servlet.ServletException: Unable to validate
> >> >> >> >> ProxyTicketValidator
> >> >> >> >> >> [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> >> >> proxyList=[null]
> >> >> >> >> >> [edu.yale.its.tp.cas.client.ServiceTicketValidator
> >> >> >> >> >> casValidateUrl=[https://mymachine:8443/cas/serviceValidate]
> >> >> >> >> >> ticket=[ST-1-TWyPmOAR95g0fNryfZ1c-cas]
> >> >> >> >> >> service=[http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin]
> >> >> >> >> renew=false]]]
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:292)
> >> >> >> >> >>
> >> >> >> >> >> root cause
> >> >> >> >> >>
> >> >> >> >> >> edu.yale.its.tp.cas.client.CASAuthenticationException:
> Unable
> >> to
> >> >> >> >> validate
> >> >> >> >> >> ProxyTicketValidator
> >> >> >> [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> >> >> >> >> >> proxyList=[null]
> >> >> [edu.yale.its.tp.cas.client.ServiceTicketValidator
> >> >> >> >> >> casValidateUrl=[https://mymachine:8443/cas/serviceValidate]
> >> >> >> >> >> ticket=[ST-1-TWyPmOAR95g0fNryfZ1c-cas]
> >> >> >> >> >> service=[http%3A%2F%2Flalitha%3A8080%2FuPortal%2FLogin]
> >> >> >> renew=false]]]
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >>
> >> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:57)
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:339)
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289)
> >> >> >> >> >>
> >> >> >> >> >> root cause
> >> >> >> >> >>
> >> >> >> >> >> java.io.IOException: Server returned HTTP response code: 500
> >> for
> >> >> >> URL:
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-TWyPmOAR95g0fNryfZ1c-cas
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1170)
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204)
> >> >> >> >> >>
> >> >> >> edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:216)
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >>
> >> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:55)
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:339)
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289)
> >> >> >> >> >>
> >> >> >> >> >> note The full stack trace of the root cause is available in
> >> the
> >> >> >> Apache
> >> >> >> >> >> Tomcat/5.5.25 logs.
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >> John Sood wrote:
> >> >> >> >> >> >
> >> >> >> >> >> > No. Yale client does not support single signout.
> >> >> >> >> >> >
> >> >> >> >> >> > Tracy12 wrote:
> >> >> >> >> >> >> With CAS 3.2.1.1 can't we use cas client 2.1 from yale.?
> >> >> >> >> >> >>
> >> >> >> >> >> >> Reason is within uPortal we have CAS client 2.1 with some
> >> >> code
> >> >> >> >> >> >> modifications,
> >> >> >> >> >> >>
> >> >> >> >> >> >> Is it a must that we need to use CAS Client 3.1.1 with
> CAS
> >> >> >> 3.2.1.1
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >> >> John Sood wrote:
> >> >> >> >> >> >>
> >> >> >> >> >> >>> I am using the following at it works for me:
> >> >> >> >> >> >>>
> >> >> >> >> >> >>> CAS Server 3.2.1
> >> >> >> >> >> >>> CAS Client 3.1.1
> >> >> >> >> >> >>>
> >> >> >> >> >> >>> Tracy12 wrote:
> >> >> >> >> >> >>>
> >> >> >> >> >> >>>> Hi,
> >> >> >> >> >> >>>>
> >> >> >> >> >> >>>> Does CAS 3.2.1.1 fully supports Single log out?
> >> >> >> >> >> >>>>
> >> >> >> >> >> >>>> Do I have to download some prior version?
> >> >> >> >> >> >>>>
> >> >> >> >> >> >>>> Reason for this question is I can remember some
> >> discussions
> >> >> >> going
> >> >> >> >> on
> >> >> >> >> >> >>>> with
> >> >> >> >> >> >>>> regards to this, whether to download CAS 3.2.X
> >> >> >> >> >> >>>>
> >> >> >> >> >> >>>> or 3.1.X
> >> >> >> >> >> >>>>
> >> >> >> >> >> >>>> Pls confirm for us to download the proper version.
> >> >> >> >> >> >>>>
> >> >> >> >> >> >>>> Also let us know which casclient version should we
> >> download
> >> >> >> >> >> >>>> correspondent
> >> >> >> >> >> >>>> to
> >> >> >> >> >> >>>> the main CAS download.
> >> >> >> >> >> >>>>
> >> >> >> >> >> >>>> Thanks
> >> >> >> >> >> >>>>
> >> >> >> >> >> >>>>
> >> >> >> >> >> >>>>
> >> >> >> >> >> >>> _______________________________________________
> >> >> >> >> >> >>> Yale CAS mailing list
> >> >> >> >> >> >>> cas at tp.its.yale.edu
> >> >> >> >> >> >>> http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >> >> >> >>>
> >> >> >> >> >> >>>
> >> >> >> >> >> >>>
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > _______________________________________________
> >> >> >> >> >> > Yale CAS mailing list
> >> >> >> >> >> > cas at tp.its.yale.edu
> >> >> >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >>
> >> >> >> >> >> --
> >> >> >> >> >> View this message in context:
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18768662.html
> >> >> >> >> >> Sent from the CAS Users mailing list archive at Nabble.com.
> >> >> >> >> >>
> >> >> >> >> >> _______________________________________________
> >> >> >> >> >> Yale CAS mailing list
> >> >> >> >> >> cas at tp.its.yale.edu
> >> >> >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >> >> >>
> >> >> >> >> >
> >> >> >> >> > _______________________________________________
> >> >> >> >> > Yale CAS mailing list
> >> >> >> >> > cas at tp.its.yale.edu
> >> >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >>
> >> >> >> >> --
> >> >> >> >> View this message in context:
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18805727.html
> >> >> >> >> Sent from the CAS Users mailing list archive at Nabble.com.
> >> >> >> >>
> >> >> >> >> _______________________________________________
> >> >> >> >> Yale CAS mailing list
> >> >> >> >> cas at tp.its.yale.edu
> >> >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >> >>
> >> >> >> >
> >> >> >> > _______________________________________________
> >> >> >> > Yale CAS mailing list
> >> >> >> > cas at tp.its.yale.edu
> >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >> >
> >> >> >> >
> >> >> >>
> >> >> >> --
> >> >> >> View this message in context:
> >> >> >>
> >> >>
> >>
> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18822609.html
> >> >> >> Sent from the CAS Users mailing list archive at Nabble.com.
> >> >> >>
> >> >> >> _______________________________________________
> >> >> >> Yale CAS mailing list
> >> >> >> cas at tp.its.yale.edu
> >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >>
> >> >> >
> >> >> > _______________________________________________
> >> >> > Yale CAS mailing list
> >> >> > cas at tp.its.yale.edu
> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >
> >> >> >
> >> >>
> >> >> --
> >> >> View this message in context:
> >> >>
> >>
> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18823313.html
> >> >> Sent from the CAS Users mailing list archive at Nabble.com.
> >> >>
> >> >> _______________________________________________
> >> >> Yale CAS mailing list
> >> >> cas at tp.its.yale.edu
> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >> >>
> >> >
> >> > _______________________________________________
> >> > Yale CAS mailing list
> >> > cas at tp.its.yale.edu
> >> > http://tp.its.yale.edu/mailman/listinfo/cas
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >>
> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18826587.html
> >> Sent from the CAS Users mailing list archive at Nabble.com.
> >>
> >> _______________________________________________
> >> Yale CAS mailing list
> >> cas at tp.its.yale.edu
> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >>
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18844212.html
> Sent from the CAS Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080806/9715f57f/attachment.html
More information about the cas
mailing list