Error validating ticket

Scott Battaglia scott.battaglia at gmail.com
Fri Aug 15 15:12:36 EDT 2008 

Have you configured it according to the documentation?

http://www.ja-sig.org/wiki/display/CASUM/RESTful+API

Also any reason why you can't use the standard CAS login page?

-Scott

-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia


On Fri, Aug 15, 2008 at 2:28 PM, Jason Roscoe <jroscoe at riteaid.com> wrote:

>  OK, I downloaded CAS 3.3 and am trying to use the Restful API.  Below is
> the code I have to generate a Ticket Granting Ticket, but the response code
> from the post is a 302, location header is http://localhost:9089/cas/login.,
> so it returns me the login page code
>
>
>
> setAuthenticationUrl("http://localhost:9089/cas/tickets");
>
>             PostMethod postMethod = *new* PostMethod(authenticationUrl);
>
>             GetMethod getMethod = *new* GetMethod();
>
>
>
>             NameValuePair[] data = {
>
>                         *new* NameValuePair("username", username),
>
>                         *new* NameValuePair("password", password)
>
>             };
>
>
>
>             postMethod.setRequestBody(data);
>
> postMethod.setRequestBody(data);
>
>
>
>             *try* {
>
>                   statusCode = client.executeMethod(postMethod);
>
>
>
>                   *logger*.debug("status code: " + statusCode);
>
>
>
>                   *if* (statusCode != HttpStatus.*SC_OK*) {
>
>                         *if* (statusCode == HttpStatus.*
> SC_MOVED_PERMANENTLY*
>
>                        || statusCode == HttpStatus.*SC_MOVED_TEMPORARILY*
>
>                        || statusCode == HttpStatus.*SC_SEE_OTHER*
>
>                        || statusCode == HttpStatus.*SC_TEMPORARY_REDIRECT*
> ) {
>
>                      String redirectLocation;
>
>                      Header locationHeader = postMethod
>
>                            .getResponseHeader("location");
>
>
>                      *if* (locationHeader != *null*) {
>
>                          redirectLocation = locationHeader.getValue();
>
>                          *logger*.debug("locationHeader = "
> +locationHeader.getValue());
>
>                          getMethod = *new* GetMethod(redirectLocation);
>
>                          statusCode = client.executeMethod(getMethod);
>
>                          *logger*.debug("Status code = "+statusCode);
>
>                          *if* (statusCode != HttpStatus.*SC_OK*) {
>
>                            *logger*.error("Method failed: " +
> getMethod.getStatusLine());
>
>                          }
>
> //                       Read the response body.
>
>                          *byte*[] responseBody =
> getMethod.getResponseBody();
>
>
>
>                          // Deal with the response.
>
>                          // Use caution: ensure correct character encoding
> and is not binary data
>
>                          System.*out*.println(*new* String(responseBody));
>
>                      } *else* {
>
>                          // The response is invalid and did not provide
> the new
>
>                          // location for
>
>                          // the resource. Report an error or possibly
> handle the
>
>                          // response
>
>                          // like a 404 Not Found error.
>
>                      }
>
>                  }
>
>                   }
>
>
>
> //                Read the response body.
>
>             *byte*[] responseBody = getMethod.getResponseBody();
>
>
>
>             // Deal with the response.
>
>             // Use caution: ensure correct character encoding and is not
> binary data
>
>             System.*out*.println(*new* String(responseBody));
>
>
>
>
>
>
>
>             } *catch* (HttpException e) {
>
>                   *logger*.error("Fatal protocol violation: " +
> e.getMessage());
>
>                   e.printStackTrace();
>
>             } *catch* (IOException e) {
>
>                   *logger*.error("Fatal transport error: " +
> e.getMessage());
>
>                   e.printStackTrace();
>
>             } *finally* {
>
>                   // Release the connection.
>
>                   postMethod.releaseConnection();
>
>             }
>
>
>
> Jason Roscoe
>
> Systems Engineer II
>
> Rite Aid Corporation
>
> (717) 761-2633 ext. 5581
>
> jroscoe at riteaid.com
>   ------------------------------
>
> *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] *On
> Behalf Of *Scott Battaglia
> *Sent:* Friday, August 15, 2008 9:45 AM
>
> *To:* Yale CAS mailing list
> *Subject:* Re: Error validating ticket
>
>
>
> You should never use the CAS Cookie token for anything (in theory you
> shouldn't access it at all ;-)).  You can only validate Service Tickets
> using the validate methods.
>
> Any reason why you can't use the CAS login page?
>
> If you have to collect the username/password and pass it to CAS (which we
> don't recommend) you have a couple options.  You can use the login form as
> part of an iframe (which I think is detailed in our wiki) or look at the new
> RESTful API.
>
> -Scott
>
>  On Fri, Aug 15, 2008 at 9:25 AM, Jason Roscoe <jroscoe at riteaid.com>
> wrote:
>
> Here is what we are trying to accomplish.  We have our own login screen
> that is invoking the cas/login method.  We are sending an HTTP get request
> to the default CAS login page, retrieving the lt token, and then sending an
> HTTP post request to CAS with the username/password/lt in the body of the
> post.  We wrote our own Authentication handler and implemented it into cas
> as a jar.  We are successfully authenticating, and then getting the CASTGC
> value and setting that as our token.  I'm thinking this is not the correct
> value for our validation token that we want to use for SSO, right?  We are
> not sending a "service" parameter to the /cas/login url, as we just want to
> get the validated token and continue with our login process code.  If you
> need any code we are using, I can certainly supply that.  We are currently
> using IBM WAS 6.1 and using j_security_check, but need to switch to CAS for
> SSO.
>
>
>
> Thanks for your help!!
>
>
>  ------------------------------
>
> *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] *On
> Behalf Of *Scott Battaglia
> *Sent:* Friday, August 15, 2008 9:07 AM
> *To:* Yale CAS mailing list
> *Subject:* Re: Error validating ticket
>
>
>
> Are you trying to validate a TicketGrantingTicket?  If so how did your
> application get access to that TGT?
>
> -Scott
>
> On Fri, Aug 15, 2008 at 8:38 AM, Jason Roscoe <jroscoe at riteaid.com> wrote:
>
> I am trying to use the serviceValidate method to validate a cas ticket, but
> I get this error:
>
>
>
> Error 500: Request processing failed; nested exception is
> java.lang.ClassCastException: Ticket
> [TGT-11-j45Ct4n0q1vPyG3oF5FflbWYMjONJxeW6WjDz6Ub6tc3EUq5z9-cas is of type
> class org.jasig.cas.ticket.TicketGrantingTicketImpl when we were expecting
> interface org.jasig.cas.ticket.ServiceTicket
>
>
>
> How can I fix this?
>
>
>
> Thanks
>
>
>  ------------------------------
>
> Disclaimer: This e-mail message is intended only for the personal use of
> the recipient(s) named above. If you are not an intended recipient, you
> may not review, copy or distribute this message. If you have received this
> communication in error, please notify us immediately by e-mail and delete
> the original message.
>
> This e-mail expresses views only of the sender, which are not to be
> attributed to Rite Aid Corporation and may not be copied or distributed
> without this statement.
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
>
>  ------------------------------
>
> Disclaimer: This e-mail message is intended only for the personal use of
> the recipient(s) named above. If you are not an intended recipient, you
> may not review, copy or distribute this message. If you have received this
> communication in error, please notify us immediately by e-mail and delete
> the original message.
>
> This e-mail expresses views only of the sender, which are not to be
> attributed to Rite Aid Corporation and may not be copied or distributed
> without this statement.
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
> ------------------------------
> Disclaimer: This e-mail message is intended only for the personal use of
> the recipient(s) named above. If you are not an intended recipient, you
> may not review, copy or distribute this message. If you have received this
> communication in error, please notify us immediately by e-mail and delete
> the original message.
>
> This e-mail expresses views only of the sender, which are not to be
> attributed to Rite Aid Corporation and may not be copied or distributed
> without this statement.
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080815/2615e7dd/attachment.html

More information about the cas mailing list