Single Log Out - which version
Scott Battaglia
scott.battaglia at gmail.com
Wed Aug 6 08:14:28 EDT 2008
It would be something like this (this may not be exact as I didn't validate
it):
<bean class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl "
id="servicesRegistryDao">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="ignoreAttributes" value="true" />
<property name="id" value="1" />
<property name="serviceId" value="**/**" />
</bean>
</list>
</bean>
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Wed, Aug 6, 2008 at 8:10 AM, Scott Battaglia
<scott.battaglia at gmail.com>wrote:
> On Wed, Aug 6, 2008 at 12:40 AM, Tracy12 <j_lalith at yahoo.com> wrote:
>
>>
>> Thanks scot,
>>
>> In CAS 3.0.3 it was enough to do those configurations to pass addtional
>> information to the client, but it looks to me it is not the case with CAS
>> 3.2.1.1, there wasn't any confilict with my custom principal conflicting
>> with CAS services earlier 3.0.x.
>>
>> But it looks to me now it is different, I can't understand why we preserve
>> the above feature in CAS 3.2.1.1. Any how one of the things which I
>> observed
>> is SimplePrincipal is hard wired in top level classes like
>> CentralAuthenticationServiceImpl. Which was not the case in CAS 3.0.x, Any
>> how all are observations, these changes are for some reason.
>
> I believe I've already explained in my previous email that the principal is
> used in conjunction with the Services Management tool to limit the
> attributes returned to services. In order for it to be used it has to have
> a concrete implementation it can construct.
>
>
>>
>>
>> We thougth there are two paths for us to proceed with CAS 3.2..1.1 with
>> regards to this
>>
>> 1) modify the SimplePrinical to have more properties similar to my Custom
>> Principal and with no other additional configuration.
>
>
> That's not going to work. They won't be copied over.
>
>
>>
>>
>> 2) change the deployerConfigContext.xml to have our own
>> RegisteredServiceImpl
>>
>> As above no 2 is not clear as a easy approach we did add addtional setter
>> and getters for the SimplePrincipal, the result was there wasn't any
>> errors
>> but did not pass additional attributes to the client apart from id, Do we
>> have to add the addtional attributes some where.
>
> I'm pretty sure adding a default RegisteredServicesImpl to the registry in
> configuration that basically says "please ignore attributes and just pass
> the principal along" is the easier of the two options.
>
>>
>>
>> The best we like to have is above no 2, which is not clear for us, can you
>> pls elaborate it with a example. are you refereing to the following, can
>> you provide us a sample. What exactly the service you are refering here.
>>
>> <bean
>> id="serviceRegistryDao"
>>
>> class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />
>>
>> What exactly do we have to do?
>
>
> What you really should be doing is not using custom principals now that we
> have support for attributes as a map on the Principal and populating that
> map. And then configuring in the Services Management tool the default list
> of attributes to send back to every application. But if you're not going to
> do that then you should configure the InMemoryServiceRegistryDaoImpl to have
> one RegisteredServiceImpl added to it (via the XML configuration) that sets
> the ignoreAttributes property to true and is set to cover all of your
> services.
>
>
>
>> As I described in my previous mails the success service validae protocoal
>> jsp looks as follows with additional information
>
>
> What it looks like doesn't matter if you're not going to configure the CAS
> server to ignore the Services Management tool.
>
> -Scott
>
>>
>>
>> <%@ page session="false" %><%@ taglib prefix="c"
>> uri="http://java.sun.com/jsp/jstl/core" %><%@ taglib
>> uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"
>> %><cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
>> <cas:authenticationSuccess>
>>
>>
>> <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].
>> principal.id)}</cas:user>
>>
>>
>> <cas:firstName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.firstName)}</cas:firstName>
>>
>>
>> <cas:middleName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.middleName)}</cas:middleName>
>>
>>
>> <cas:lastName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.lastName)}</cas:lastName>
>>
>>
>> <cas:displayName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.displayName)}</cas:displayName>
>>
>>
>> <cas:userType>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.userType)}</cas:userType>
>>
>> <c:if test="${not empty pgtIou}">
>>
>> <cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
>> </c:if>
>> <c:if test="${fn:length(assertion.chainedAuthentications) > 1}">
>> <cas:proxies>
>> <c:forEach var="proxy" items="${assertion.chainedAuthentications}"
>> varStatus="loopStatus" begin="0"
>> end="${fn:length(assertion.chainedAuthentications)-2}" step="1">
>> <cas:proxy>${fn:escapeXml(proxy.principal.id
>> )}</cas:proxy>
>> </c:forEach>
>> </cas:proxies>
>> </c:if>
>> </cas:authenticationSuccess>
>> </cas:serviceResponse>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> scott_battaglia wrote:
>> >
>> > It looks like your custom principal is conflicting with the Services
>> > Management tool. You can basically tell CAS to ignore the Services
>> > Management tool by essentially reconfiguring the
>> InMemoryServiceManagerDao
>> > (in the deployerConfigContext.xml).
>> >
>> > You'll need to add one RegisteredServiceImpl with a path pattern that
>> > matches all of your services (i.e. **/**) and then set the
>> > ignoreAttributes
>> > property to true.
>> >
>> > The Services Management tool exists to allow you to configure which
>> > services
>> > can see which attributes. Unfortunately its designed to work with the
>> > principals that exist with CAS.
>> >
>> > -Scott
>> >
>> > -Scott Battaglia
>> > PGP Public Key Id: 0x383733AA
>> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
>> >
>> >
>> > On Tue, Aug 5, 2008 at 4:20 AM, Tracy12 <j_lalith at yahoo.com> wrote:
>> >
>> >>
>> >> Yes I did the manual way and could produce what the error is,
>> >> I have my own JAASAuthHanlder and credential to principal resolvers
>> also
>> >> my
>> >> own Principal extends from the pricipal,
>> >>
>> >> But it gives the follwoing exception, it tries to find attribtues in
>> the
>> >> org.jasig.cas.authentication.principal.SimplePrincipal
>> >> instead of mine,
>> >>
>> >> I have defined Authhandlers and Resolvers in deployerConfigContext.xml
>> >> properly.
>> >>
>> >> Note:
>> >> ......
>> >>
>> >> My principal got more attributes than normal one and protocol jsps are
>> >> modified accordingly, this was working fine in CAS 3.0.x, is there any
>> >> change in the new version
>> >>
>> >>
>> >>
>> >> org.apache.jasper.JasperException: Exception in JSP:
>> >> /WEB-INF/view/jsp/protocol/2.0/casServiceValidationSuccess.jsp:4
>> >>
>> >> 1: <%@ page session="false" %><%@ taglib prefix="c"
>> >> uri="http://java.sun.com/jsp/jstl/core" %><%@ taglib
>> >> uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"
>> >> %><cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
>> >> 2: <cas:authenticationSuccess>
>> >> 3:
>> >>
>> >>
>> <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].
>> >> principal.id)}</cas:user>
>> >> 4:
>> >>
>> >>
>> <cas:firstName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.firstName)}</cas:firstName>
>> >> 5:
>> >>
>> >>
>> <cas:middleName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.middleName)}</cas:middleName>
>> >> 6:
>> >>
>> >>
>> <cas:lastName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.lastName)}</cas:lastName>
>> >> 7:
>> >>
>> >>
>> <cas:displayName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.displayName)}</cas:displayName>
>> >>
>> >>
>> >> Stacktrace:
>> >>
>> >>
>> >>
>> org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:451)
>> >>
>> >>
>> >>
>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:355)
>> >>
>> >>
>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
>> >>
>> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
>> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:171)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:251)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1160)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:901)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431)
>> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>> >>
>> >>
>> >>
>> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
>> >>
>> >>
>> >>
>> org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
>> >>
>> >>
>> >>
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
>> >>
>> >> root cause
>> >>
>> >> javax.servlet.ServletException: Unable to find a value for "firstName"
>> in
>> >> object of class
>> "org.jasig.cas.authentication.principal.SimplePrincipal"
>> >> using operator "."
>> >>
>> >>
>> >>
>> org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:841)
>> >>
>> >>
>> >>
>> org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:774)
>> >>
>> >>
>> >>
>> org.apache.jsp.WEB_002dINF.view.jsp.protocol._2_0.casServiceValidationSuccess_jsp._jspService(casServiceValidationSuccess_jsp.java:97)
>> >>
>> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
>> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>> >>
>> >>
>> >>
>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
>> >>
>> >>
>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
>> >>
>> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
>> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:171)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:251)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1160)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:901)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431)
>> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>> >>
>> >>
>> >>
>> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
>> >>
>> >>
>> >>
>> org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
>> >>
>> >>
>> >>
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
>> >>
>> >> root cause
>> >>
>> >> javax.servlet.jsp.el.ELException: Unable to find a value for
>> "firstName"
>> >> in
>> >> object of class
>> "org.jasig.cas.authentication.principal.SimplePrincipal"
>> >> using operator "."
>> >> org.apache.commons.el.Logger.logError(Logger.java:481)
>> >> org.apache.commons.el.Logger.logError(Logger.java:498)
>> >> org.apache.commons.el.Logger.logError(Logger.java:611)
>> >> org.apache.commons.el.ArraySuffix.evaluate(ArraySuffix.java:340)
>> >>
>> org.apache.commons.el.ComplexValue.evaluate(ComplexValue.java:145)
>> >>
>> >>
>> >>
>> org.apache.commons.el.FunctionInvocation.evaluate(FunctionInvocation.java:163)
>> >>
>> >>
>> >>
>> org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:263)
>> >>
>> >>
>> >>
>> org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:190)
>> >>
>> >>
>> >>
>> org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:924)
>> >>
>> >>
>> >>
>> org.apache.jsp.WEB_002dINF.view.jsp.protocol._2_0.casServiceValidationSuccess_jsp._jspService(casServiceValidationSuccess_jsp.java:67)
>> >>
>> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
>> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>> >>
>> >>
>> >>
>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
>> >>
>> >>
>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
>> >>
>> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
>> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:171)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:251)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1160)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:901)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
>> >>
>> >>
>> >>
>> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431)
>> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>> >>
>> >>
>> >>
>> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
>> >>
>> >>
>> >>
>> org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
>> >>
>> >>
>> >>
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
>> >>
>> >> note The full stack trace of the root cause is available in the Apache
>> >> Tomcat/5.5.25 logs.
>> >> Apache Tomcat/5.5.25
>> >>
>> >>
>> >> scott_battaglia wrote:
>> >> >
>> >> > If there really is an error then those log4j settings should have
>> >> worked.
>> >> > You can also try manually getting a ticket and then manually
>> validating
>> >> it
>> >> > in the browser to see what the error is.
>> >> >
>> >> > 3.2.1.1 and 3.2.1 only differ in a couple JSP pages not used in the
>> >> > validation part.
>> >> >
>> >> > -Scott
>> >> >
>> >> >
>> >> >
>> >> > On Mon, Aug 4, 2008 at 10:09 PM, Tracy12 <j_lalith at yahoo.com> wrote:
>> >> >
>> >> >>
>> >> >> Thanks Scott,
>> >> >>
>> >> >> Client side it throws the following exception, and to debug server
>> >> side
>> >> >> CAS
>> >> >> I changed the log4j.properties of
>> >> >>
>> /cas-server-3.2.1.1/cas-server-webapp/src/main/webapp/WEB-INF/classes
>> >> >> as follows (last couple of entries), but still I can't see any log
>> >> error
>> >> >> in cas.log as well as catalina.out
>> >> >>
>> >> >> Am I doing something wrong., Can you let me know a specific location
>> >> to
>> >> >> track the error.?
>> >> >>
>> >> >> log4j.logger.org.springframework=DEBUG
>> >> >> log4j.logger.org.jasig=DEBUG
>> >> >>
>> >> >> log4j.logger.org.jasig.cas.web.flow=DEBUG
>> >> >> log4j.logger.org.jasig.cas.authentication=DEBUG
>> >> >> log4j.logger.org.jasig.cas.services=DEBUG
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >> Client Error
>> >> >>
>> >> >> java.io.IOException: Server returned HTTP response code: 500 for
>> URL:
>> >> >>
>> >> >>
>> >>
>> https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-sKehsbEf5Spajj7bKh5i-cas
>> >> >> at
>> >> >>
>> >> >>
>> >>
>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1170)
>> >> >> at
>> >> >>
>> >> >>
>> >>
>> com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204)
>> >> >> at
>> >> edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
>> >> >> at
>> >> >>
>> >> >>
>> >>
>> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:228)
>> >> >> at
>> >> >> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:64)
>> >> >> at
>> >> >>
>> >> >>
>> >>
>> edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:344)
>> >> >> at
>> >> >>
>> >> >>
>> >>
>> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289)
>> >> >> at
>> >> >>
>> >> >>
>> >>
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>> >> >> at
>> >> >>
>> >> >>
>> >>
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>> >> >> at
>> >> >>
>> >> >>
>> >>
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
>> >> >> at
>> >> >>
>> >> >>
>> >>
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
>> >> >> at
>> >> >>
>> >> >>
>> >>
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>> >> >> at
>> >> >>
>> >> >>
>> >>
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
>> >> >> at
>> >> >>
>> >> >>
>> >>
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
>> >> >> at
>> >> >>
>> >>
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
>> >> >>
>> >> >>
>> >> >> scott_battaglia wrote:
>> >> >> >
>> >> >> > You'll have to look in the CAS logs as to why there's a 500 error
>> in
>> >> >> the
>> >> >> > server.
>> >> >> >
>> >> >> > -Scott
>> >> >> >
>> >> >> > -Scott Battaglia
>> >> >> > PGP Public Key Id: 0x383733AA
>> >> >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
>> >> >> >
>> >> >> >
>> >> >> > On Mon, Aug 4, 2008 at 8:45 PM, Tracy12 <j_lalith at yahoo.com>
>> wrote:
>> >> >> >
>> >> >> >>
>> >> >> >> I realized the reason for the invalid ticket is because I got the
>> >> >> >> firstURL
>> >> >> >> and did another hit basically I am trying to validate a ticket
>> >> twice,
>> >> >> >>
>> >> >> >> But the first exception I got was nothing related to invalid
>> ticket
>> >> >> but
>> >> >> >> something else a I stated in previous email.
>> >> >> >>
>> >> >> >> The thing which I can't understand is I got uPortal 2.5.3 with
>> Yale
>> >> >> CAS
>> >> >> >> Client workiing fine with CAS 3.0.x,
>> >> >> >>
>> >> >> >> but with the similar setup when I replace CAS 3.2.1.1 it throws
>> the
>> >> >> above
>> >> >> >> exception for the serviceValidate.
>> >> >> >>
>> >> >> >> If CAS 3.2.1.1 is compatible with Yale CAS client 2.1, I dont
>> need
>> >> to
>> >> >> do
>> >> >> >> any
>> >> >> >> configuration change in uPortal or Yale CAS client, isnt it?
>> >> >> >>
>> >> >> >> How Can I trouble shoot this more in the CAS 3.2.1.1
>> >> >> >>
>> >> >> >> Thanks
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> scott_battaglia wrote:
>> >> >> >> >
>> >> >> >> > It usually just means the ticket can't be found ;-) That
>> usually
>> >> >> >> occurs
>> >> >> >> > if
>> >> >> >> > for some reason the ticket id being passed in is wrong or
>> you've
>> >> >> tried
>> >> >> >> to
>> >> >> >> > validate a ticket twice.
>> >> >> >> >
>> >> >> >> > -Scott
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > On Mon, Aug 4, 2008 at 1:08 AM, Tracy12 <j_lalith at yahoo.com>
>> >> wrote:
>> >> >> >> >
>> >> >> >> >>
>> >> >> >> >> Hi Scott,
>> >> >> >> >>
>> >> >> >> >> I started debugging from the yale cas client. It fails the
>> >> >> >> >> SecureURL.retrieve(url); statement of the validate method
>> inside
>> >> >> the
>> >> >> >> >> ServiceTicketValidator.
>> >> >> >> >>
>> >> >> >> >> When I take a new browser instance and hit the above url which
>> >> is
>> >> >> used
>> >> >> >> in
>> >> >> >> >> SecureURL.retrieve(url). In the browser it comes with the
>> >> following
>> >> >> >> >> exception.
>> >> >> >> >>
>> >> >> >> >> url is something similar to this
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >>
>> >> >>
>> >>
>> https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-s2DXcqysNuwwc6C6xwUC-cas
>> >> >> >> >>
>> >> >> >> >> Is there any server configuration required in this new CAS
>> >> >> >> >> 3.2.1.1compared
>> >> >> >> >> to CAS 3.0.x
>> >> >> >> >>
>> >> >> >> >> I can't think this as a certificate issue as when new CAS
>> >> 3.2.1.1
>> >> >> is
>> >> >> >> >> replaced with CAS 3.0.x it works with yale cas client 2.x
>> >> >> >> >>
>> >> >> >> >> What exactly the reason for the following error
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
>> >> >> >> >> <cas:authenticationFailure code='INVALID_TICKET'>
>> >> >> >> >> ticket 'ST-1-s2DXcqysNuwwc6C6xwUC-cas' not
>> >> >> recognized
>> >> >> >> >> </cas:authenticationFailure>
>> >> >> >> >> </cas:serviceResponse>
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> scott_battaglia wrote:
>> >> >> >> >> >
>> >> >> >> >> > The Yale CAS Client works perfectly fine with the CAS
>> >> >> 3.2.1.1server
>> >> >> >> >> > release
>> >> >> >> >> > (unless there is some bug we don't know about ).
>> >> >> >> >> >
>> >> >> >> >> > -Scott
>> >> >> >> >> >
>> >> >> >> >> > -Scott Battaglia
>> >> >> >> >> > PGP Public Key Id: 0x383733AA
>> >> >> >> >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > On Fri, Aug 1, 2008 at 1:59 AM, Tracy12 <j_lalith at yahoo.com
>> >
>> >> >> wrote:
>> >> >> >> >> >
>> >> >> >> >> >>
>> >> >> >> >> >> Even though, it doesnt support single log out, it should
>> >> support
>> >> >> >> >> things
>> >> >> >> >> >> like
>> >> >> >> >> >> serviceValidate isn't it?
>> >> >> >> >> >>
>> >> >> >> >> >> But I am getting the following exception, When I replace
>> the
>> >> old
>> >> >> >> CAS
>> >> >> >> >> >> which
>> >> >> >> >> >> is 3.0.x it is working fine, which means it is nothing to
>> do
>> >> >> with
>> >> >> >> the
>> >> >> >> >> >> certificates,
>> >> >> >> >> >>
>> >> >> >> >> >> We are using yale cas client 2.1 in the uPortal.
>> >> >> >> >> >>
>> >> >> >> >> >> Thanks
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >> >> type Exception report
>> >> >> >> >> >>
>> >> >> >> >> >> message
>> >> >> >> >> >>
>> >> >> >> >> >> description The server encountered an internal error ()
>> that
>> >> >> >> prevented
>> >> >> >> >> it
>> >> >> >> >> >> from fulfilling this request.
>> >> >> >> >> >>
>> >> >> >> >> >> exception
>> >> >> >> >> >>
>> >> >> >> >> >> javax.servlet.ServletException: Unable to validate
>> >> >> >> >> ProxyTicketValidator
>> >> >> >> >> >> [[edu.yale.its.tp.cas.client.ProxyTicketValidator
>> >> >> proxyList=[null]
>> >> >> >> >> >> [edu.yale.its.tp.cas.client.ServiceTicketValidator
>> >> >> >> >> >> casValidateUrl=[https://mymachine:8443/cas/serviceValidate
>> ]
>> >> >> >> >> >> ticket=[ST-1-TWyPmOAR95g0fNryfZ1c-cas]
>> >> >> >> >> >> service=[http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin]
>> >> >> >> >> renew=false]]]
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >>
>> >> >> >>
>> >> >>
>> >>
>> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:292)
>> >> >> >> >> >>
>> >> >> >> >> >> root cause
>> >> >> >> >> >>
>> >> >> >> >> >> edu.yale.its.tp.cas.client.CASAuthenticationException:
>> Unable
>> >> to
>> >> >> >> >> validate
>> >> >> >> >> >> ProxyTicketValidator
>> >> >> >> [[edu.yale.its.tp.cas.client.ProxyTicketValidator
>> >> >> >> >> >> proxyList=[null]
>> >> >> [edu.yale.its.tp.cas.client.ServiceTicketValidator
>> >> >> >> >> >> casValidateUrl=[https://mymachine:8443/cas/serviceValidate
>> ]
>> >> >> >> >> >> ticket=[ST-1-TWyPmOAR95g0fNryfZ1c-cas]
>> >> >> >> >> >> service=[http%3A%2F%2Flalitha%3A8080%2FuPortal%2FLogin]
>> >> >> >> renew=false]]]
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >>
>> >> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:57)
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >>
>> >> >> >>
>> >> >>
>> >>
>> edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:339)
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >>
>> >> >> >>
>> >> >>
>> >>
>> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289)
>> >> >> >> >> >>
>> >> >> >> >> >> root cause
>> >> >> >> >> >>
>> >> >> >> >> >> java.io.IOException: Server returned HTTP response code:
>> 500
>> >> for
>> >> >> >> URL:
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >>
>> >> >> >>
>> >> >>
>> >>
>> https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-TWyPmOAR95g0fNryfZ1c-cas
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >>
>> >> >> >>
>> >> >>
>> >>
>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1170)
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >>
>> >> >> >>
>> >> >>
>> >>
>> com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204)
>> >> >> >> >> >>
>> >> >> >> edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >>
>> >> >> >>
>> >> >>
>> >>
>> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:216)
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >>
>> >> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:55)
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >>
>> >> >> >>
>> >> >>
>> >>
>> edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:339)
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >>
>> >> >> >>
>> >> >>
>> >>
>> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289)
>> >> >> >> >> >>
>> >> >> >> >> >> note The full stack trace of the root cause is available in
>> >> the
>> >> >> >> Apache
>> >> >> >> >> >> Tomcat/5.5.25 logs.
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >> >> John Sood wrote:
>> >> >> >> >> >> >
>> >> >> >> >> >> > No. Yale client does not support single signout.
>> >> >> >> >> >> >
>> >> >> >> >> >> > Tracy12 wrote:
>> >> >> >> >> >> >> With CAS 3.2.1.1 can't we use cas client 2.1 from
>> yale.?
>> >> >> >> >> >> >>
>> >> >> >> >> >> >> Reason is within uPortal we have CAS client 2.1 with
>> some
>> >> >> code
>> >> >> >> >> >> >> modifications,
>> >> >> >> >> >> >>
>> >> >> >> >> >> >> Is it a must that we need to use CAS Client 3.1.1 with
>> CAS
>> >> >> >> 3.2.1.1
>> >> >> >> >> >> >>
>> >> >> >> >> >> >>
>> >> >> >> >> >> >>
>> >> >> >> >> >> >> John Sood wrote:
>> >> >> >> >> >> >>
>> >> >> >> >> >> >>> I am using the following at it works for me:
>> >> >> >> >> >> >>>
>> >> >> >> >> >> >>> CAS Server 3.2.1
>> >> >> >> >> >> >>> CAS Client 3.1.1
>> >> >> >> >> >> >>>
>> >> >> >> >> >> >>> Tracy12 wrote:
>> >> >> >> >> >> >>>
>> >> >> >> >> >> >>>> Hi,
>> >> >> >> >> >> >>>>
>> >> >> >> >> >> >>>> Does CAS 3.2.1.1 fully supports Single log out?
>> >> >> >> >> >> >>>>
>> >> >> >> >> >> >>>> Do I have to download some prior version?
>> >> >> >> >> >> >>>>
>> >> >> >> >> >> >>>> Reason for this question is I can remember some
>> >> discussions
>> >> >> >> going
>> >> >> >> >> on
>> >> >> >> >> >> >>>> with
>> >> >> >> >> >> >>>> regards to this, whether to download CAS 3.2.X
>> >> >> >> >> >> >>>>
>> >> >> >> >> >> >>>> or 3.1.X
>> >> >> >> >> >> >>>>
>> >> >> >> >> >> >>>> Pls confirm for us to download the proper version.
>> >> >> >> >> >> >>>>
>> >> >> >> >> >> >>>> Also let us know which casclient version should we
>> >> download
>> >> >> >> >> >> >>>> correspondent
>> >> >> >> >> >> >>>> to
>> >> >> >> >> >> >>>> the main CAS download.
>> >> >> >> >> >> >>>>
>> >> >> >> >> >> >>>> Thanks
>> >> >> >> >> >> >>>>
>> >> >> >> >> >> >>>>
>> >> >> >> >> >> >>>>
>> >> >> >> >> >> >>> _______________________________________________
>> >> >> >> >> >> >>> Yale CAS mailing list
>> >> >> >> >> >> >>> cas at tp.its.yale.edu
>> >> >> >> >> >> >>> http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >> >> >> >> >>>
>> >> >> >> >> >> >>>
>> >> >> >> >> >> >>>
>> >> >> >> >> >> >>
>> >> >> >> >> >> >>
>> >> >> >> >> >> >
>> >> >> >> >> >> >
>> >> >> >> >> >> > _______________________________________________
>> >> >> >> >> >> > Yale CAS mailing list
>> >> >> >> >> >> > cas at tp.its.yale.edu
>> >> >> >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >> >> >> >> >
>> >> >> >> >> >> >
>> >> >> >> >> >>
>> >> >> >> >> >> --
>> >> >> >> >> >> View this message in context:
>> >> >> >> >> >>
>> >> >> >> >>
>> >> >> >>
>> >> >>
>> >>
>> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18768662.html
>> >> >> >> >> >> Sent from the CAS Users mailing list archive at Nabble.com.
>> >> >> >> >> >>
>> >> >> >> >> >> _______________________________________________
>> >> >> >> >> >> Yale CAS mailing list
>> >> >> >> >> >> cas at tp.its.yale.edu
>> >> >> >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >> >> >> >>
>> >> >> >> >> >
>> >> >> >> >> > _______________________________________________
>> >> >> >> >> > Yale CAS mailing list
>> >> >> >> >> > cas at tp.its.yale.edu
>> >> >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >>
>> >> >> >> >> --
>> >> >> >> >> View this message in context:
>> >> >> >> >>
>> >> >> >>
>> >> >>
>> >>
>> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18805727.html
>> >> >> >> >> Sent from the CAS Users mailing list archive at Nabble.com.
>> >> >> >> >>
>> >> >> >> >> _______________________________________________
>> >> >> >> >> Yale CAS mailing list
>> >> >> >> >> cas at tp.its.yale.edu
>> >> >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >> >> >>
>> >> >> >> >
>> >> >> >> > _______________________________________________
>> >> >> >> > Yale CAS mailing list
>> >> >> >> > cas at tp.its.yale.edu
>> >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >> >> >
>> >> >> >> >
>> >> >> >>
>> >> >> >> --
>> >> >> >> View this message in context:
>> >> >> >>
>> >> >>
>> >>
>> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18822609.html
>> >> >> >> Sent from the CAS Users mailing list archive at Nabble.com.
>> >> >> >>
>> >> >> >> _______________________________________________
>> >> >> >> Yale CAS mailing list
>> >> >> >> cas at tp.its.yale.edu
>> >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >> >>
>> >> >> >
>> >> >> > _______________________________________________
>> >> >> > Yale CAS mailing list
>> >> >> > cas at tp.its.yale.edu
>> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >> >
>> >> >> >
>> >> >>
>> >> >> --
>> >> >> View this message in context:
>> >> >>
>> >>
>> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18823313.html
>> >> >> Sent from the CAS Users mailing list archive at Nabble.com.
>> >> >>
>> >> >> _______________________________________________
>> >> >> Yale CAS mailing list
>> >> >> cas at tp.its.yale.edu
>> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >>
>> >> >
>> >> > _______________________________________________
>> >> > Yale CAS mailing list
>> >> > cas at tp.its.yale.edu
>> >> > http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >
>> >> >
>> >>
>> >> --
>> >> View this message in context:
>> >>
>> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18826587.html
>> >> Sent from the CAS Users mailing list archive at Nabble.com.
>> >>
>> >> _______________________________________________
>> >> Yale CAS mailing list
>> >> cas at tp.its.yale.edu
>> >> http://tp.its.yale.edu/mailman/listinfo/cas
>> >>
>> >
>> > _______________________________________________
>> > Yale CAS mailing list
>> > cas at tp.its.yale.edu
>> > http://tp.its.yale.edu/mailman/listinfo/cas
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18844212.html
>> Sent from the CAS Users mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080806/8a4efa33/attachment.html
More information about the cas
mailing list