Single Log Out - which version
Scott Battaglia
scott.battaglia at gmail.com
Thu Aug 7 09:50:59 EDT 2008
I sent an example configuration file in a separate message. It may not be
exact because I didn't actaully execute it but it should give you enough of
an example.
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Wed, Aug 6, 2008 at 11:59 PM, Tracy12 <j_lalith at yahoo.com> wrote:
>
> Scott,
>
> How can I add default RegisteredServicesImpl to the registry in
> configuration that basically says "please ignore attributes and just pass
> the principal along",
> Do you want for me to have org.jasig.cas.services.RegisteredServicesImpl in
> the configuration instead of
> org.jasig.cas.services.InMemoryServiceRegistryDaoImpl
>
> or
>
> How can I configure the InMemoryServiceRegistryDaoImpl to have
> one RegisteredServiceImpl added to it (via the XML configuration) that sets
> the ignoreAttributes property to true
>
>
> Without any of those if I change the source of the
> CentralAuthenticationServiceImpl and method validateServiceTicket
> to use the authentication.getPrincipal() and their attributes without
> instantiating SimplePrincipal this would solve the issue as I dont have any
> registered service isn't it? Will there be any side effects? This said I
> would like to see the above configuration done but no success so far.
>
> Thanks
>
>
>
>
>
>
> scott_battaglia wrote:
> >
> > On Wed, Aug 6, 2008 at 12:40 AM, Tracy12 <j_lalith at yahoo.com> wrote:
> >
> >>
> >> Thanks scot,
> >>
> >> In CAS 3.0.3 it was enough to do those configurations to pass addtional
> >> information to the client, but it looks to me it is not the case with
> CAS
> >> 3.2.1.1, there wasn't any confilict with my custom principal
> conflicting
> >> with CAS services earlier 3.0.x.
> >>
> >> But it looks to me now it is different, I can't understand why we
> >> preserve
> >> the above feature in CAS 3.2.1.1. Any how one of the things which I
> >> observed
> >> is SimplePrincipal is hard wired in top level classes like
> >> CentralAuthenticationServiceImpl. Which was not the case in CAS 3.0.x,
> >> Any
> >> how all are observations, these changes are for some reason.
> >
> > I believe I've already explained in my previous email that the principal
> > is
> > used in conjunction with the Services Management tool to limit the
> > attributes returned to services. In order for it to be used it has to
> > have
> > a concrete implementation it can construct.
> >
> >
> >>
> >>
> >> We thougth there are two paths for us to proceed with CAS 3.2..1.1 with
> >> regards to this
> >>
> >> 1) modify the SimplePrinical to have more properties similar to my
> Custom
> >> Principal and with no other additional configuration.
> >
> >
> > That's not going to work. They won't be copied over.
> >
> >
> >>
> >>
> >> 2) change the deployerConfigContext.xml to have our own
> >> RegisteredServiceImpl
> >>
> >> As above no 2 is not clear as a easy approach we did add addtional
> setter
> >> and getters for the SimplePrincipal, the result was there wasn't any
> >> errors
> >> but did not pass additional attributes to the client apart from id, Do
> we
> >> have to add the addtional attributes some where.
> >
> > I'm pretty sure adding a default RegisteredServicesImpl to the registry
> in
> > configuration that basically says "please ignore attributes and just pass
> > the principal along" is the easier of the two options.
> >
> >>
> >>
> >> The best we like to have is above no 2, which is not clear for us, can
> >> you
> >> pls elaborate it with a example. are you refereing to the following,
> can
> >> you provide us a sample. What exactly the service you are refering here.
> >>
> >> <bean
> >> id="serviceRegistryDao"
> >>
> >> class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" />
> >>
> >> What exactly do we have to do?
> >
> >
> > What you really should be doing is not using custom principals now that
> we
> > have support for attributes as a map on the Principal and populating that
> > map. And then configuring in the Services Management tool the default
> > list
> > of attributes to send back to every application. But if you're not going
> > to
> > do that then you should configure the InMemoryServiceRegistryDaoImpl to
> > have
> > one RegisteredServiceImpl added to it (via the XML configuration) that
> > sets
> > the ignoreAttributes property to true and is set to cover all of your
> > services.
> >
> >
> >
> >> As I described in my previous mails the success service validae
> protocoal
> >> jsp looks as follows with additional information
> >
> >
> > What it looks like doesn't matter if you're not going to configure the
> CAS
> > server to ignore the Services Management tool.
> >
> > -Scott
> >
> >>
> >>
> >> <%@ page session="false" %><%@ taglib prefix="c"
> >> uri="http://java.sun.com/jsp/jstl/core" %><%@ taglib
> >> uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"
> >> %><cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
> >> <cas:authenticationSuccess>
> >>
> >>
> >>
> <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].
> >> principal.id)}</cas:user>
> >>
> >>
> >>
> <cas:firstName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.firstName)}</cas:firstName>
> >>
> >>
> >>
> <cas:middleName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.middleName)}</cas:middleName>
> >>
> >>
> >>
> <cas:lastName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.lastName)}</cas:lastName>
> >>
> >>
> >>
> <cas:displayName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.displayName)}</cas:displayName>
> >>
> >>
> >>
> <cas:userType>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.userType)}</cas:userType>
> >>
> >> <c:if test="${not empty pgtIou}">
> >>
> >> <cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
> >> </c:if>
> >> <c:if test="${fn:length(assertion.chainedAuthentications) > 1}">
> >> <cas:proxies>
> >> <c:forEach var="proxy" items="${assertion.chainedAuthentications}"
> >> varStatus="loopStatus" begin="0"
> >> end="${fn:length(assertion.chainedAuthentications)-2}" step="1">
> >> <cas:proxy>${fn:escapeXml(proxy.principal.id
> >> )}</cas:proxy>
> >> </c:forEach>
> >> </cas:proxies>
> >> </c:if>
> >> </cas:authenticationSuccess>
> >> </cas:serviceResponse>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> scott_battaglia wrote:
> >> >
> >> > It looks like your custom principal is conflicting with the Services
> >> > Management tool. You can basically tell CAS to ignore the Services
> >> > Management tool by essentially reconfiguring the
> >> InMemoryServiceManagerDao
> >> > (in the deployerConfigContext.xml).
> >> >
> >> > You'll need to add one RegisteredServiceImpl with a path pattern that
> >> > matches all of your services (i.e. **/**) and then set the
> >> > ignoreAttributes
> >> > property to true.
> >> >
> >> > The Services Management tool exists to allow you to configure which
> >> > services
> >> > can see which attributes. Unfortunately its designed to work with the
> >> > principals that exist with CAS.
> >> >
> >> > -Scott
> >> >
> >> > -Scott Battaglia
> >> > PGP Public Key Id: 0x383733AA
> >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >> >
> >> >
> >> > On Tue, Aug 5, 2008 at 4:20 AM, Tracy12 <j_lalith at yahoo.com> wrote:
> >> >
> >> >>
> >> >> Yes I did the manual way and could produce what the error is,
> >> >> I have my own JAASAuthHanlder and credential to principal resolvers
> >> also
> >> >> my
> >> >> own Principal extends from the pricipal,
> >> >>
> >> >> But it gives the follwoing exception, it tries to find attribtues in
> >> the
> >> >> org.jasig.cas.authentication.principal.SimplePrincipal
> >> >> instead of mine,
> >> >>
> >> >> I have defined Authhandlers and Resolvers in
> deployerConfigContext.xml
> >> >> properly.
> >> >>
> >> >> Note:
> >> >> ......
> >> >>
> >> >> My principal got more attributes than normal one and protocol jsps
> are
> >> >> modified accordingly, this was working fine in CAS 3.0.x, is there
> any
> >> >> change in the new version
> >> >>
> >> >>
> >> >>
> >> >> org.apache.jasper.JasperException: Exception in JSP:
> >> >> /WEB-INF/view/jsp/protocol/2.0/casServiceValidationSuccess.jsp:4
> >> >>
> >> >> 1: <%@ page session="false" %><%@ taglib prefix="c"
> >> >> uri="http://java.sun.com/jsp/jstl/core" %><%@ taglib
> >> >> uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"
> >> >> %><cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
> >> >> 2: <cas:authenticationSuccess>
> >> >> 3:
> >> >>
> >> >>
> >>
> <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].
> >> >> principal.id)}</cas:user>
> >> >> 4:
> >> >>
> >> >>
> >>
> <cas:firstName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.firstName)}</cas:firstName>
> >> >> 5:
> >> >>
> >> >>
> >>
> <cas:middleName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.middleName)}</cas:middleName>
> >> >> 6:
> >> >>
> >> >>
> >>
> <cas:lastName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.lastName)}</cas:lastName>
> >> >> 7:
> >> >>
> >> >>
> >>
> <cas:displayName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.displayName)}</cas:displayName>
> >> >>
> >> >>
> >> >> Stacktrace:
> >> >>
> >> >>
> >> >>
> >>
> org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:451)
> >> >>
> >> >>
> >> >>
> >>
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:355)
> >> >>
> >> >>
> >>
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
> >> >>
> >> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
> >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:171)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:251)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1160)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:901)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431)
> >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >> >>
> >> >>
> >> >>
> >>
> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
> >> >>
> >> >>
> >> >>
> >>
> org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
> >> >>
> >> >> root cause
> >> >>
> >> >> javax.servlet.ServletException: Unable to find a value for
> "firstName"
> >> in
> >> >> object of class
> >> "org.jasig.cas.authentication.principal.SimplePrincipal"
> >> >> using operator "."
> >> >>
> >> >>
> >> >>
> >>
> org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:841)
> >> >>
> >> >>
> >> >>
> >>
> org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:774)
> >> >>
> >> >>
> >> >>
> >>
> org.apache.jsp.WEB_002dINF.view.jsp.protocol._2_0.casServiceValidationSuccess_jsp._jspService(casServiceValidationSuccess_jsp.java:97)
> >> >>
> >> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
> >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >> >>
> >> >>
> >> >>
> >>
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
> >> >>
> >> >>
> >>
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
> >> >>
> >> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
> >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:171)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:251)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1160)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:901)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431)
> >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >> >>
> >> >>
> >> >>
> >>
> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
> >> >>
> >> >>
> >> >>
> >>
> org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
> >> >>
> >> >> root cause
> >> >>
> >> >> javax.servlet.jsp.el.ELException: Unable to find a value for
> >> "firstName"
> >> >> in
> >> >> object of class
> >> "org.jasig.cas.authentication.principal.SimplePrincipal"
> >> >> using operator "."
> >> >> org.apache.commons.el.Logger.logError(Logger.java:481)
> >> >> org.apache.commons.el.Logger.logError(Logger.java:498)
> >> >> org.apache.commons.el.Logger.logError(Logger.java:611)
> >> >>
> >> org.apache.commons.el.ArraySuffix.evaluate(ArraySuffix.java:340)
> >> >>
> >> org.apache.commons.el.ComplexValue.evaluate(ComplexValue.java:145)
> >> >>
> >> >>
> >> >>
> >>
> org.apache.commons.el.FunctionInvocation.evaluate(FunctionInvocation.java:163)
> >> >>
> >> >>
> >> >>
> >>
> org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:263)
> >> >>
> >> >>
> >> >>
> >>
> org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:190)
> >> >>
> >> >>
> >> >>
> >>
> org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:924)
> >> >>
> >> >>
> >> >>
> >>
> org.apache.jsp.WEB_002dINF.view.jsp.protocol._2_0.casServiceValidationSuccess_jsp._jspService(casServiceValidationSuccess_jsp.java:67)
> >> >>
> >> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
> >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >> >>
> >> >>
> >> >>
> >>
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
> >> >>
> >> >>
> >>
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
> >> >>
> >> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
> >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:171)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:251)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1160)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:901)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431)
> >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >> >>
> >> >>
> >> >>
> >>
> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
> >> >>
> >> >>
> >> >>
> >>
> org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
> >> >>
> >> >>
> >> >>
> >>
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
> >> >>
> >> >> note The full stack trace of the root cause is available in the
> Apache
> >> >> Tomcat/5.5.25 logs.
> >> >> Apache Tomcat/5.5.25
> >> >>
> >> >>
> >> >> scott_battaglia wrote:
> >> >> >
> >> >> > If there really is an error then those log4j settings should have
> >> >> worked.
> >> >> > You can also try manually getting a ticket and then manually
> >> validating
> >> >> it
> >> >> > in the browser to see what the error is.
> >> >> >
> >> >> > 3.2.1.1 and 3.2.1 only differ in a couple JSP pages not used in
> the
> >> >> > validation part.
> >> >> >
> >> >> > -Scott
> >> >> >
> >> >> >
> >> >> >
> >> >> > On Mon, Aug 4, 2008 at 10:09 PM, Tracy12 <j_lalith at yahoo.com>
> wrote:
> >> >> >
> >> >> >>
> >> >> >> Thanks Scott,
> >> >> >>
> >> >> >> Client side it throws the following exception, and to debug server
> >> >> side
> >> >> >> CAS
> >> >> >> I changed the log4j.properties of
> >> >> >>
> >> /cas-server-3.2.1.1/cas-server-webapp/src/main/webapp/WEB-INF/classes
> >> >> >> as follows (last couple of entries), but still I can't see any
> log
> >> >> error
> >> >> >> in cas.log as well as catalina.out
> >> >> >>
> >> >> >> Am I doing something wrong., Can you let me know a specific
> >> location
> >> >> to
> >> >> >> track the error.?
> >> >> >>
> >> >> >> log4j.logger.org.springframework=DEBUG
> >> >> >> log4j.logger.org.jasig=DEBUG
> >> >> >>
> >> >> >> log4j.logger.org.jasig.cas.web.flow=DEBUG
> >> >> >> log4j.logger.org.jasig.cas.authentication=DEBUG
> >> >> >> log4j.logger.org.jasig.cas.services=DEBUG
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> Client Error
> >> >> >>
> >> >> >> java.io.IOException: Server returned HTTP response code: 500 for
> >> URL:
> >> >> >>
> >> >> >>
> >> >>
> >>
> https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-sKehsbEf5Spajj7bKh5i-cas
> >> >> >> at
> >> >> >>
> >> >> >>
> >> >>
> >>
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1170)
> >> >> >> at
> >> >> >>
> >> >> >>
> >> >>
> >>
> com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204)
> >> >> >> at
> >> >> edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
> >> >> >> at
> >> >> >>
> >> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:228)
> >> >> >> at
> >> >> >>
> >> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:64)
> >> >> >> at
> >> >> >>
> >> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:344)
> >> >> >> at
> >> >> >>
> >> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289)
> >> >> >> at
> >> >> >>
> >> >> >>
> >> >>
> >>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
> >> >> >> at
> >> >> >>
> >> >> >>
> >> >>
> >>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> >> >> >> at
> >> >> >>
> >> >> >>
> >> >>
> >>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> >> >> >> at
> >> >> >>
> >> >> >>
> >> >>
> >>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
> >> >> >> at
> >> >> >>
> >> >> >>
> >> >>
> >>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> >> >> >> at
> >> >> >>
> >> >> >>
> >> >>
> >>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> >> >> >> at
> >> >> >>
> >> >> >>
> >> >>
> >>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> >> >> >> at
> >> >> >>
> >> >>
> >>
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
> >> >> >>
> >> >> >>
> >> >> >> scott_battaglia wrote:
> >> >> >> >
> >> >> >> > You'll have to look in the CAS logs as to why there's a 500
> error
> >> in
> >> >> >> the
> >> >> >> > server.
> >> >> >> >
> >> >> >> > -Scott
> >> >> >> >
> >> >> >> > -Scott Battaglia
> >> >> >> > PGP Public Key Id: 0x383733AA
> >> >> >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >> >> >> >
> >> >> >> >
> >> >> >> > On Mon, Aug 4, 2008 at 8:45 PM, Tracy12 <j_lalith at yahoo.com>
> >> wrote:
> >> >> >> >
> >> >> >> >>
> >> >> >> >> I realized the reason for the invalid ticket is because I got
> >> the
> >> >> >> >> firstURL
> >> >> >> >> and did another hit basically I am trying to validate a ticket
> >> >> twice,
> >> >> >> >>
> >> >> >> >> But the first exception I got was nothing related to invalid
> >> ticket
> >> >> >> but
> >> >> >> >> something else a I stated in previous email.
> >> >> >> >>
> >> >> >> >> The thing which I can't understand is I got uPortal 2.5.3 with
> >> Yale
> >> >> >> CAS
> >> >> >> >> Client workiing fine with CAS 3.0.x,
> >> >> >> >>
> >> >> >> >> but with the similar setup when I replace CAS 3.2.1.1 it
> throws
> >> the
> >> >> >> above
> >> >> >> >> exception for the serviceValidate.
> >> >> >> >>
> >> >> >> >> If CAS 3.2.1.1 is compatible with Yale CAS client 2.1, I dont
> >> need
> >> >> to
> >> >> >> do
> >> >> >> >> any
> >> >> >> >> configuration change in uPortal or Yale CAS client, isnt it?
> >> >> >> >>
> >> >> >> >> How Can I trouble shoot this more in the CAS 3.2.1.1
> >> >> >> >>
> >> >> >> >> Thanks
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> scott_battaglia wrote:
> >> >> >> >> >
> >> >> >> >> > It usually just means the ticket can't be found ;-) That
> >> usually
> >> >> >> >> occurs
> >> >> >> >> > if
> >> >> >> >> > for some reason the ticket id being passed in is wrong or
> >> you've
> >> >> >> tried
> >> >> >> >> to
> >> >> >> >> > validate a ticket twice.
> >> >> >> >> >
> >> >> >> >> > -Scott
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > On Mon, Aug 4, 2008 at 1:08 AM, Tracy12 <j_lalith at yahoo.com>
> >> >> wrote:
> >> >> >> >> >
> >> >> >> >> >>
> >> >> >> >> >> Hi Scott,
> >> >> >> >> >>
> >> >> >> >> >> I started debugging from the yale cas client. It fails the
> >> >> >> >> >> SecureURL.retrieve(url); statement of the validate method
> >> inside
> >> >> >> the
> >> >> >> >> >> ServiceTicketValidator.
> >> >> >> >> >>
> >> >> >> >> >> When I take a new browser instance and hit the above url
> >> which
> >> >> is
> >> >> >> used
> >> >> >> >> in
> >> >> >> >> >> SecureURL.retrieve(url). In the browser it comes with the
> >> >> following
> >> >> >> >> >> exception.
> >> >> >> >> >>
> >> >> >> >> >> url is something similar to this
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-s2DXcqysNuwwc6C6xwUC-cas
> >> >> >> >> >>
> >> >> >> >> >> Is there any server configuration required in this new CAS
> >> >> >> >> >> 3.2.1.1compared
> >> >> >> >> >> to CAS 3.0.x
> >> >> >> >> >>
> >> >> >> >> >> I can't think this as a certificate issue as when new CAS
> >> >> 3.2.1.1
> >> >> >> is
> >> >> >> >> >> replaced with CAS 3.0.x it works with yale cas client 2.x
> >> >> >> >> >>
> >> >> >> >> >> What exactly the reason for the following error
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas
> '>
> >> >> >> >> >> <cas:authenticationFailure code='INVALID_TICKET'>
> >> >> >> >> >> ticket 'ST-1-s2DXcqysNuwwc6C6xwUC-cas' not
> >> >> >> recognized
> >> >> >> >> >> </cas:authenticationFailure>
> >> >> >> >> >> </cas:serviceResponse>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >> scott_battaglia wrote:
> >> >> >> >> >> >
> >> >> >> >> >> > The Yale CAS Client works perfectly fine with the CAS
> >> >> >> 3.2.1.1server
> >> >> >> >> >> > release
> >> >> >> >> >> > (unless there is some bug we don't know about ).
> >> >> >> >> >> >
> >> >> >> >> >> > -Scott
> >> >> >> >> >> >
> >> >> >> >> >> > -Scott Battaglia
> >> >> >> >> >> > PGP Public Key Id: 0x383733AA
> >> >> >> >> >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > On Fri, Aug 1, 2008 at 1:59 AM, Tracy12
> >> <j_lalith at yahoo.com>
> >> >> >> wrote:
> >> >> >> >> >> >
> >> >> >> >> >> >>
> >> >> >> >> >> >> Even though, it doesnt support single log out, it should
> >> >> support
> >> >> >> >> >> things
> >> >> >> >> >> >> like
> >> >> >> >> >> >> serviceValidate isn't it?
> >> >> >> >> >> >>
> >> >> >> >> >> >> But I am getting the following exception, When I replace
> >> the
> >> >> old
> >> >> >> >> CAS
> >> >> >> >> >> >> which
> >> >> >> >> >> >> is 3.0.x it is working fine, which means it is nothing to
> >> do
> >> >> >> with
> >> >> >> >> the
> >> >> >> >> >> >> certificates,
> >> >> >> >> >> >>
> >> >> >> >> >> >> We are using yale cas client 2.1 in the uPortal.
> >> >> >> >> >> >>
> >> >> >> >> >> >> Thanks
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >> >> type Exception report
> >> >> >> >> >> >>
> >> >> >> >> >> >> message
> >> >> >> >> >> >>
> >> >> >> >> >> >> description The server encountered an internal error ()
> >> that
> >> >> >> >> prevented
> >> >> >> >> >> it
> >> >> >> >> >> >> from fulfilling this request.
> >> >> >> >> >> >>
> >> >> >> >> >> >> exception
> >> >> >> >> >> >>
> >> >> >> >> >> >> javax.servlet.ServletException: Unable to validate
> >> >> >> >> >> ProxyTicketValidator
> >> >> >> >> >> >> [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> >> >> >> proxyList=[null]
> >> >> >> >> >> >> [edu.yale.its.tp.cas.client.ServiceTicketValidator
> >> >> >> >> >> >>
> >> casValidateUrl=[https://mymachine:8443/cas/serviceValidate]
> >> >> >> >> >> >> ticket=[ST-1-TWyPmOAR95g0fNryfZ1c-cas]
> >> >> >> >> >> >> service=[http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin]
> >> >> >> >> >> renew=false]]]
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:292)
> >> >> >> >> >> >>
> >> >> >> >> >> >> root cause
> >> >> >> >> >> >>
> >> >> >> >> >> >> edu.yale.its.tp.cas.client.CASAuthenticationException:
> >> Unable
> >> >> to
> >> >> >> >> >> validate
> >> >> >> >> >> >> ProxyTicketValidator
> >> >> >> >> [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> >> >> >> >> >> >> proxyList=[null]
> >> >> >> [edu.yale.its.tp.cas.client.ServiceTicketValidator
> >> >> >> >> >> >>
> >> casValidateUrl=[https://mymachine:8443/cas/serviceValidate]
> >> >> >> >> >> >> ticket=[ST-1-TWyPmOAR95g0fNryfZ1c-cas]
> >> >> >> >> >> >> service=[http%3A%2F%2Flalitha%3A8080%2FuPortal%2FLogin]
> >> >> >> >> renew=false]]]
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >>
> >> >> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:57)
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:339)
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289)
> >> >> >> >> >> >>
> >> >> >> >> >> >> root cause
> >> >> >> >> >> >>
> >> >> >> >> >> >> java.io.IOException: Server returned HTTP response code:
> >> 500
> >> >> for
> >> >> >> >> URL:
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-TWyPmOAR95g0fNryfZ1c-cas
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1170)
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204)
> >> >> >> >> >> >>
> >> >> >> >> edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:216)
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >>
> >> >> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:55)
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:339)
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289)
> >> >> >> >> >> >>
> >> >> >> >> >> >> note The full stack trace of the root cause is available
> >> in
> >> >> the
> >> >> >> >> Apache
> >> >> >> >> >> >> Tomcat/5.5.25 logs.
> >> >> >> >> >> >>
> >> >> >> >> >> >>
> >> >> >> >> >> >> John Sood wrote:
> >> >> >> >> >> >> >
> >> >> >> >> >> >> > No. Yale client does not support single signout.
> >> >> >> >> >> >> >
> >> >> >> >> >> >> > Tracy12 wrote:
> >> >> >> >> >> >> >> With CAS 3.2.1.1 can't we use cas client 2.1 from
> >> yale.?
> >> >> >> >> >> >> >>
> >> >> >> >> >> >> >> Reason is within uPortal we have CAS client 2.1 with
> >> some
> >> >> >> code
> >> >> >> >> >> >> >> modifications,
> >> >> >> >> >> >> >>
> >> >> >> >> >> >> >> Is it a must that we need to use CAS Client 3.1.1 with
> >> CAS
> >> >> >> >> 3.2.1.1
> >> >> >> >> >> >> >>
> >> >> >> >> >> >> >>
> >> >> >> >> >> >> >>
> >> >> >> >> >> >> >> John Sood wrote:
> >> >> >> >> >> >> >>
> >> >> >> >> >> >> >>> I am using the following at it works for me:
> >> >> >> >> >> >> >>>
> >> >> >> >> >> >> >>> CAS Server 3.2.1
> >> >> >> >> >> >> >>> CAS Client 3.1.1
> >> >> >> >> >> >> >>>
> >> >> >> >> >> >> >>> Tracy12 wrote:
> >> >> >> >> >> >> >>>
> >> >> >> >> >> >> >>>> Hi,
> >> >> >> >> >> >> >>>>
> >> >> >> >> >> >> >>>> Does CAS 3.2.1.1 fully supports Single log out?
> >> >> >> >> >> >> >>>>
> >> >> >> >> >> >> >>>> Do I have to download some prior version?
> >> >> >> >> >> >> >>>>
> >> >> >> >> >> >> >>>> Reason for this question is I can remember some
> >> >> discussions
> >> >> >> >> going
> >> >> >> >> >> on
> >> >> >> >> >> >> >>>> with
> >> >> >> >> >> >> >>>> regards to this, whether to download CAS 3.2.X
> >> >> >> >> >> >> >>>>
> >> >> >> >> >> >> >>>> or 3.1.X
> >> >> >> >> >> >> >>>>
> >> >> >> >> >> >> >>>> Pls confirm for us to download the proper version.
> >> >> >> >> >> >> >>>>
> >> >> >> >> >> >> >>>> Also let us know which casclient version should we
> >> >> download
> >> >> >> >> >> >> >>>> correspondent
> >> >> >> >> >> >> >>>> to
> >> >> >> >> >> >> >>>> the main CAS download.
> >> >> >> >> >> >> >>>>
> >> >> >> >> >> >> >>>> Thanks
> >> >> >> >> >> >> >>>>
> >> >> >> >> >> >> >>>>
> >> >> >> >> >> >> >>>>
> >> >> >> >> >> >> >>> _______________________________________________
> >> >> >> >> >> >> >>> Yale CAS mailing list
> >> >> >> >> >> >> >>> cas at tp.its.yale.edu
> >> >> >> >> >> >> >>> http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >> >> >> >> >>>
> >> >> >> >> >> >> >>>
> >> >> >> >> >> >> >>>
> >> >> >> >> >> >> >>
> >> >> >> >> >> >> >>
> >> >> >> >> >> >> >
> >> >> >> >> >> >> >
> >> >> >> >> >> >> > _______________________________________________
> >> >> >> >> >> >> > Yale CAS mailing list
> >> >> >> >> >> >> > cas at tp.its.yale.edu
> >> >> >> >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >> >> >> >> >
> >> >> >> >> >> >> >
> >> >> >> >> >> >>
> >> >> >> >> >> >> --
> >> >> >> >> >> >> View this message in context:
> >> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18768662.html
> >> >> >> >> >> >> Sent from the CAS Users mailing list archive at
> >> Nabble.com.
> >> >> >> >> >> >>
> >> >> >> >> >> >> _______________________________________________
> >> >> >> >> >> >> Yale CAS mailing list
> >> >> >> >> >> >> cas at tp.its.yale.edu
> >> >> >> >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >> >> >> >>
> >> >> >> >> >> >
> >> >> >> >> >> > _______________________________________________
> >> >> >> >> >> > Yale CAS mailing list
> >> >> >> >> >> > cas at tp.its.yale.edu
> >> >> >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >>
> >> >> >> >> >> --
> >> >> >> >> >> View this message in context:
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18805727.html
> >> >> >> >> >> Sent from the CAS Users mailing list archive at Nabble.com.
> >> >> >> >> >>
> >> >> >> >> >> _______________________________________________
> >> >> >> >> >> Yale CAS mailing list
> >> >> >> >> >> cas at tp.its.yale.edu
> >> >> >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >> >> >>
> >> >> >> >> >
> >> >> >> >> > _______________________________________________
> >> >> >> >> > Yale CAS mailing list
> >> >> >> >> > cas at tp.its.yale.edu
> >> >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >>
> >> >> >> >> --
> >> >> >> >> View this message in context:
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18822609.html
> >> >> >> >> Sent from the CAS Users mailing list archive at Nabble.com.
> >> >> >> >>
> >> >> >> >> _______________________________________________
> >> >> >> >> Yale CAS mailing list
> >> >> >> >> cas at tp.its.yale.edu
> >> >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >> >>
> >> >> >> >
> >> >> >> > _______________________________________________
> >> >> >> > Yale CAS mailing list
> >> >> >> > cas at tp.its.yale.edu
> >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >> >
> >> >> >> >
> >> >> >>
> >> >> >> --
> >> >> >> View this message in context:
> >> >> >>
> >> >>
> >>
> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18823313.html
> >> >> >> Sent from the CAS Users mailing list archive at Nabble.com.
> >> >> >>
> >> >> >> _______________________________________________
> >> >> >> Yale CAS mailing list
> >> >> >> cas at tp.its.yale.edu
> >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >>
> >> >> >
> >> >> > _______________________________________________
> >> >> > Yale CAS mailing list
> >> >> > cas at tp.its.yale.edu
> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas
> >> >> >
> >> >> >
> >> >>
> >> >> --
> >> >> View this message in context:
> >> >>
> >>
> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18826587.html
> >> >> Sent from the CAS Users mailing list archive at Nabble.com.
> >> >>
> >> >> _______________________________________________
> >> >> Yale CAS mailing list
> >> >> cas at tp.its.yale.edu
> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >> >>
> >> >
> >> > _______________________________________________
> >> > Yale CAS mailing list
> >> > cas at tp.its.yale.edu
> >> > http://tp.its.yale.edu/mailman/listinfo/cas
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >>
> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18844212.html
> >> Sent from the CAS Users mailing list archive at Nabble.com.
> >>
> >> _______________________________________________
> >> Yale CAS mailing list
> >> cas at tp.its.yale.edu
> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >>
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18863617.html
> Sent from the CAS Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080807/2a6129e7/attachment.html
More information about the cas
mailing list