Premature end of file exception

Scott Battaglia scott.battaglia at gmail.com
Thu Jun 19 10:25:30 EDT 2008 

I think I fixed it. I opened an issue in JIRA and committed a fix:

http://www.ja-sig.org/issues/browse/CAS-671

I haven't tried it with the CAS client to confirm that its okay.  There is a
test case in the CAS Server though which replicates the issue.

-Scott

-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia

On Thu, Jun 19, 2008 at 1:37 AM, tedzo <tedzo2003 at yahoo.com> wrote:

> Dale,
>
> Thanks for the response.
>
> I posted two more messages and I am not sure why the have not appeared on
> the mailing list. I will stick the contents of those emails at the end of
> this response.
>
> Yes, as you suggest, there appear to be no attributes for the user and
> hence opensaml complains about it. The question is why are there no
> attributes? Is that expected behavior for an out-of-the-box deployment of
> cas server? Out-of-the-box deployment meaning, I am using the dummy
> authenticationhandler that just verifies that username=password. I don't
> know that it matters. Do I need to do something else to ensure that the user
> has attributes?
>
>
>
> Previous message from me-
>
> ----------Previous message start---------
>
>
>
> I should mention- I am using the out-of-the-box configuration. So, I think
> that uses the Dummy authenticationHandler (username=password). I don't know
> if that makes any difference.
>
>
>
> Also, the NullPtr that I am seeing after the changes is on the client side,
> not server side.
>
>
>
> Thanks.
>
>
> ----- Original Message ----
> From: tedzo <tedzo2003 at yahoo.com>
> To: Yale CAS mailing list <cas at tp.its.yale.edu>
> Sent: Wednesday, June 18, 2008 3:30:29 PM
> Subject: Re: Premature end of file exception
>
>  Scott, Thanks for your time.
>
>
>
> There are no exceptions logged other than the one I have mentioned.
>
>
>
> I added some more debug statements and it seems that there are no
> attributes associated with the principal in question, i.e,
>
> authentication.getPrincipal().getAttributes().keySet()
>
> is an empty set. Is this expected behaviour? It also appears that the
> attributes returned from the principal is what is used to populate the
> SamlResponse with attributes. ..
>
>
>
> I went ahead and added 1 junk attribute and this what I see in the server's
> response-
>
>
>
> 2008-06-18 15:24:56,176 DEBUG
> [org.jasig.cas.client.validation.Saml11TicketValid
> ator] - <Server response: <?xml version="1.0"
> encoding="UTF-8"?><SOAP-ENV:Envelo
> pe xmlns:SOAP-ENV="
> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/<http://schemas.xmlsoap.org/soap/envelope/%22%3E%3CSOAP-ENV:Header/>
> >
> <SOAP-ENV:Body><Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
> xmlns:saml
> ="urn:oasis:names:tc:SAML:1.0:assertion"
> xmlns:samlp="urn:oasis:names:tc:SAML:1.
> 0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="
> http://www.w
> 3.org/2001/XMLSchema-instance"
> InResponseTo="_4b7c5af9f9dc935134654c8a52ef1fdd"
> IssueInstant="2008-06-18T22:24:56.114Z" MajorVersion="1" MinorVersion="1"
> Recipi
> ent="http://tedzo-wxp01.mezo.com:8080/manager/html"
> ResponseID="_0de082fa6d3
> 28fa471c472f2a85f1e32"><Status><StatusCode
> Value="samlp:Success"></StatusCode></
> Status><Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
> AssertionID="_db
> 93000bdc66d614a72b8864f8408959" IssueInstant="2008-06-18T22:24:55.598Z"
> Issuer="
> localhost" MajorVersion="1" MinorVersion="1"><Conditions
> NotBefore="2008-06-18T2
> 2:24:55.598Z"
> NotOnOrAfter="2008-06-18T22:25:25.598Z"><AudienceRestrictionCondit
> ion><Audience>http://tedzo-wxp01.mezo.com:8080/manager/html
> </Audience></Audi
>
> enceRestrictionCondition></Conditions><AttributeStatement><Subject><NameIdentifi
>
> er>test</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names
>
> :tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation></Subject><At
> tribute AttributeName="some-name-key" AttributeNamespace="
> http://www.ja-sig.org/
>
> products/cas/"><AttributeValue>some-value</AttributeValue></Attribute></Attribut
> eStatement><AuthenticationStatement
> AuthenticationInstant="2008-06-18T22:24:54.4
> 73Z"
> AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject>
>
> <NameIdentifier>test</NameIdentifier><SubjectConfirmation><ConfirmationMethod>ur
>
> n:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation>
>
> </Subject></AuthenticationStatement></Assertion></Response></SOAP-ENV:Body></SOA
> P-ENV:Envelope>>
>
>
>
> So, now, it comes across correctly. Ofcourse, I hit a NullPointer, but
> thats because of the junk attribute I added, I think.
>
>
>
> So, assuming thats the problem, why are there no attributes in the
> principal?
>
>
>
> ----------Previous message end---------
>
>
>
>
>
> Thanks.
>
>
>
> ----- Original Message ----
> From: Dale Ogilvie <Dale.Ogilvie at trimble.co.nz>
> To: Yale CAS mailing list <cas at tp.its.yale.edu>
> Sent: Wednesday, June 18, 2008 9:11:20 PM
> Subject: RE: Premature end of file exception
>
> We resolved our issues with the SAML filter by first turning on logging on
> the server to see what the debug logs showed up.
>
> /var/lib/tomcat5/webapps/cas/WEB-INF/classes/log4j.properties
> ...
> log4j.logger.org.jasig.cas=DEBUG
> ...
> tail -F /var/log/tomcat5/cas.log
>
> Then used the cas client source to debug a cas protected jsp in netbeans to
> isolate the error in the client code.
>
> Our working example returns attributes in the SAML response, possibly your
> error is related to not having any attributes to return?
>
> Dale
>
>  ------------------------------
> *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] *On
> Behalf Of *tedzo
> *Sent:* Thursday, 19 June 2008 12:30 p.m.
> *To:* Yale CAS mailing list
> *Subject:* Re: Premature end of file exception
>
>  I should mention- I am using the out-of-the-box configuration. So, I
> think that uses the Dummy authenticationHandler (username=password). I don't
> know if that makes any difference.
>
>
>
> Also, the NullPtr that I am seeing after the changes is on the client side,
> not server side.
>
>
>
> Thanks.
>
>
> ----- Original Message ----
> From: tedzo <tedzo2003 at yahoo.com>
> To: Yale CAS mailing list <cas at tp.its.yale.edu>
> Sent: Wednesday, June 18, 2008 3:30:29 PM
> Subject: Re: Premature end of file exception
>
>  Scott, Thanks for your time.
>
>
>
> There are no exceptions logged other than the one I have mentioned.
>
>
>
> I added some more debug statements and it seems that there are no
> attributes associated with the principal in question, i.e,
>
> authentication.getPrincipal().getAttributes().keySet()
>
> is an empty set. Is this expected behaviour? It also appears that the
> attributes returned from the principal is what is used to populate the
> SamlResponse with attributes. ..
>
>
>
> I went ahead and added 1 junk attribute and this what I see in the server's
> response-
>
>
>
> 2008-06-18 15:24:56,176 DEBUG
> [org.jasig.cas.client.validation.Saml11TicketValid
> ator] - <Server response: <?xml version="1.0"
> encoding="UTF-8"?><SOAP-ENV:Envelo
> pe xmlns:SOAP-ENV="
> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/<http://schemas.xmlsoap.org/soap/envelope/%22%3E%3CSOAP-ENV:Header/>
> >
> <SOAP-ENV:Body><Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
> xmlns:saml
> ="urn:oasis:names:tc:SAML:1.0:assertion"
> xmlns:samlp="urn:oasis:names:tc:SAML:1.
> 0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="
> http://www.w
> 3.org/2001/XMLSchema-instance"
> InResponseTo="_4b7c5af9f9dc935134654c8a52ef1fdd"
> IssueInstant="2008-06-18T22:24:56.114Z" MajorVersion="1" MinorVersion="1"
> Recipi
> ent="http://tedzo-wxp01.mezo.com:8080/manager/html"
> ResponseID="_0de082fa6d3
> 28fa471c472f2a85f1e32"><Status><StatusCode
> Value="samlp:Success"></StatusCode></
> Status><Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
> AssertionID="_db
> 93000bdc66d614a72b8864f8408959" IssueInstant="2008-06-18T22:24:55.598Z"
> Issuer="
> localhost" MajorVersion="1" MinorVersion="1"><Conditions
> NotBefore="2008-06-18T2
> 2:24:55.598Z"
> NotOnOrAfter="2008-06-18T22:25:25.598Z"><AudienceRestrictionCondit
> ion><Audience>http://tedzo-wxp01.mezo.com:8080/manager/html
> </Audience></Audi
>
> enceRestrictionCondition></Conditions><AttributeStatement><Subject><NameIdentifi
>
> er>test</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names
>
> :tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation></Subject><At
> tribute AttributeName="some-name-key" AttributeNamespace="
> http://www.ja-sig.org/
>
> products/cas/"><AttributeValue>some-value</AttributeValue></Attribute></Attribut
> eStatement><AuthenticationStatement
> AuthenticationInstant="2008-06-18T22:24:54.4
> 73Z"
> AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject>
>
> <NameIdentifier>test</NameIdentifier><SubjectConfirmation><ConfirmationMethod>ur
>
> n:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation>
>
> </Subject></AuthenticationStatement></Assertion></Response></SOAP-ENV:Body></SOA
> P-ENV:Envelope>>
>
>
>
> So, now, it comes across correctly. Ofcourse, I hit a NullPointer, but
> thats because of the junk attribute I added, I think.
>
>
>
> So, assuming thats the problem, why are there no attributes in the
> principal?
>
>
>
> Thanks.
>
>
> ----- Original Message ----
> From: Scott Battaglia <scott.battaglia at gmail.com>
> To: Yale CAS mailing list <cas at tp.its.yale.edu>
> Sent: Wednesday, June 18, 2008 12:42:54 PM
> Subject: Re: Premature end of file exception
>
> You have to use OpenSAML 1.1b.  The APIs as far as I know are not
> compatible between the major revisions.  Are there any exceptions logged or
> is the result just empty?
>
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn <http://www.linkedin.com/>:
> http://www.linkedin.com/in/scottbattaglia
>
> On Wed, Jun 18, 2008 at 3:27 PM, tedzo <tedzo2003 at yahoo.com> wrote:
>
>>  Its really weird. The failure appears to occur on the toString() call on
>> the SamlResponse Object in Saml10SuccessResponseView. Am I using some wrong
>> jar file to parse the xml? I am using whatever came with opensaml
>> distribution...
>>
>>
>>
>> Scott, can I use opensaml2 rather than opensaml1.1b? Would that work with
>> cas-server-3.2.1?
>>
>>
>>
>> Thanks.
>>
>>
>>  ----- Original Message ----
>> From: Scott Battaglia <scott.battaglia at gmail.com>
>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>  Sent: Wednesday, June 18, 2008 11:06:01 AM
>> Subject: Re: Premature end of file exception
>>
>> Its available from the repository:
>>
>>
>> https://www.ja-sig.org/svn/cas-clients/java-client/tags/cas-java-client-3-1-3-final/
>>
>> -Scott
>>
>> -Scott Battaglia
>> PGP Public Key Id: 0x383733AA
>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>
>> On Wed, Jun 18, 2008 at 1:50 PM, tedzo <tedzo2003 at yahoo.com> wrote:
>>
>>>  I apologize if I am being blind- where is the source code for Java
>>> client 3.1.3?
>>>
>>>
>>>
>>> Thanks.
>>>
>>>  ----- Original Message ----
>>> From: tedzo <tedzo2003 at yahoo.com>
>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>>  Sent: Wednesday, June 18, 2008 10:22:58 AM
>>> Subject: Re: Premature end of file exception
>>>
>>>  Yeah, exactly my thoughts.
>>>
>>> Let me try and add some debug statements etc and try to find whats up.
>>>
>>>
>>> ----- Original Message ----
>>> From: Scott Battaglia <scott.battaglia at gmail.com>
>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>> Sent: Wednesday, June 18, 2008 6:39:27 AM
>>> Subject: Re: Premature end of file exception
>>>
>>> So two things:
>>> 2008-06-17 23:18:53,984 ERROR [org.opensaml.SAMLResponse] - <caught a
>>> SAML excep
>>> tion while serializing XML: org.opensaml.MalformedException:
>>> AttributeStatement
>>> is invalid, requires at least one attribute>
>>>
>>> and
>>>
>>>  <Server response: <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelo
>>> pe xmlns:SOAP-ENV="
>>> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/<http://schemas.xmlsoap.org/soap/envelope/%22%3E%3CSOAP-ENV:Header/>
>>> >
>>> <SOAP-ENV:Body></SOAP-ENV:Body></SOAP-ENV:Envelope>>
>>>
>>> For whatever reason there's actually no SAML response in the message!
>>>
>>> That's kind of strange.  I haven't seen the SAML response not return
>>> anything yet.
>>>
>>> -Scott
>>>
>>>
>>> -Scott Battaglia
>>> PGP Public Key Id: 0x383733AA
>>> LinkedIn <http://www.linkedin.com/>:
>>> http://www.linkedin.com/in/scottbattaglia
>>>
>>> On Wed, Jun 18, 2008 at 2:37 AM, tedzo <tedzo2003 at yahoo.com> wrote:
>>>
>>>>  I did turn on the logs, however I didn't see anything more than what I
>>>> have mentioned in the original post. I think that may be because I haven't
>>>> turned the logs on correctly perhaps. Anyway, I have copied some suspicious
>>>> looking output from the console. It appears to be complaining about an
>>>> invalid AttributeStatement?
>>>> ...........
>>>> 2008-06-17 23:18:50,984 INFO
>>>> [org.jasig.cas.authentication.AuthenticationManager
>>>> Impl] - <AuthenticationHandler:
>>>> org.jasig.cas.authentication.handler.support.Sim
>>>> pleTestUsernamePasswordAuthenticationHandler successfully authenticated
>>>> the user
>>>>  which provided the following credentials: TEST>
>>>> 2008-06-17 23:18:50,984 DEBUG
>>>> [org.jasig.cas.authentication.principal.UsernamePa
>>>> sswordCredentialsToPrincipalResolver] - <Attempting to resolve a
>>>> principal...>
>>>> 2008-06-17 23:18:50,984 DEBUG
>>>> [org.jasig.cas.authentication.principal.UsernamePa
>>>> sswordCredentialsToPrincipalResolver] - <Creating SimplePrincipal for
>>>> [TEST]>
>>>> [Loaded org.apache.commons.lang.Validate from
>>>> file:/C:/tomcat-6/webapps/cas-serv
>>>> er-webapp-3.2.1/WEB-INF/lib/commons-lang-2.2.jar]
>>>> [Loaded org.jasig.cas.authentication.principal.SimplePrincipal from
>>>> file:/C:/tom
>>>>
>>>> cat-6/webapps/cas-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar]
>>>> [Loaded org.jasig.cas.authentication.ImmutableAuthentication from
>>>> file:/C:/tomca
>>>>
>>>> t-6/webapps/cas-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar]
>>>> [Loaded org.jasig.cas.ticket.AbstractTicket from
>>>> file:/C:/tomcat-6/webapps/cas-s
>>>> erver-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar]
>>>> [Loaded org.jasig.cas.ticket.TicketGrantingTicketImpl from
>>>> file:/C:/tomcat-6/web
>>>> apps/cas-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar]
>>>> [Loaded org.jasig.cas.ticket.ServiceTicket from
>>>> file:/C:/tomcat-6/webapps/cas-se
>>>> rver-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar]
>>>> [Loaded org.jasig.cas.ticket.ServiceTicketImpl from
>>>> file:/C:/tomcat-6/webapps/ca
>>>> s-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar]
>>>> 2008-06-17 23:18:51,000 INFO
>>>> [org.jasig.cas.CentralAuthenticationServiceImpl] -
>>>> <Granted service ticket [ST-1-p4bR3ftbfRfxvpnZHSmH-cas] for service [
>>>> http://tedzo-wxp01.mezo.com:8080/manager/html] for user [TEST]>
>>>> [Loaded org.jasig.cas.web.flow.DynamicRedirectViewSelector$1 from
>>>> file:/C:/tomca
>>>>
>>>> t-6/webapps/cas-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar]
>>>> [Loaded java.lang.NoSuchFieldError from C:\Program
>>>> Files\Java\jdk1.6.0\jre\lib\r
>>>> t.jar]
>>>> [Loaded org.springframework.web.servlet.view.RedirectView from
>>>> file:/C:/tomcat-6
>>>> /webapps/cas-server-webapp-3.2.1/WEB-INF/lib/spring-webmvc-2.5.1.jar]
>>>> 2008-06-17 23:18:53,656 DEBUG
>>>> [org.jasig.cas.client.validation.Saml11TicketValid
>>>> ationFilter] - <Attempting to validate ticket:
>>>> ST-1-p4bR3ftbfRfxvpnZHSmH-cas>
>>>> 2008-06-17 23:18:53,656 DEBUG [org.jasig.cas.client.util.CommonUtils] -
>>>> <service
>>>> Url generated: http://tedzo-wxp01.mezo.com:8080/manager/html>
>>>> 2008-06-17 23:18:53,656 DEBUG
>>>> [org.jasig.cas.client.validation.Saml11TicketValid
>>>> ator] - <Placing URL parameters in map.>
>>>> 2008-06-17 23:18:53,656 DEBUG
>>>> [org.jasig.cas.client.validation.Saml11TicketValid
>>>> ator] - <Calling template URL attribute map.>
>>>> 2008-06-17 23:18:53,656 DEBUG
>>>> [org.jasig.cas.client.validation.Saml11TicketValid
>>>> ator] - <Loading custom parameters from configuration.>
>>>> 2008-06-17 23:18:53,656 DEBUG
>>>> [org.jasig.cas.client.validation.Saml11TicketValid
>>>> ator] - <Constructing validation url:
>>>> https://tedzo-wxp01.mezo.com:8443/cas-
>>>> server-webapp-3.2.1/samlValidate?TARGET=http%3A%2F%
>>>> 2Ftedzo-wxp01.mezo.com <http://2ftedzo-wxp01.mezo.com/>%3A
>>>> 8080%2Fmanager%2Fhtml>
>>>> 2008-06-17 23:18:53,656 DEBUG
>>>> [org.jasig.cas.client.validation.Saml11TicketValid
>>>> ator] - <Retrieving response from server.>
>>>> [Loaded sun.net <http://sun.net.www.protocol.ht/>.www.protocol.https.Handler
>>>> from C:\Program Files\Java\jdk1.6.0\j
>>>> re\lib\jsse.jar]
>>>> [Loaded javax.net <http://javax.net.ssl.ht/>.ssl.HttpsURLConnection
>>>> from C:\Program Files\Java\jdk1.6.0\jre
>>>> \lib\jsse.jar]
>>>> [Loaded sun.net <http://sun.net.www.protocol.https.ht/>.www.protocol.https.HttpsURLConnectionImpl
>>>> from C:\Program Files\
>>>> Java\jdk1.6.0\jre\lib\jsse.jar]
>>>> [Loaded javax.net.ssl.HostnameVerifier from C:\Program
>>>> Files\Java\jdk1.6.0\jre\l
>>>> ......
>>>> [Loaded org.apache.log4j.NDC from
>>>> file:/C:/tomcat-6/webapps/cas-server-webapp-3.
>>>> 2.1/WEB-INF/lib/log4j-1.2.15.jar]
>>>> [Loaded org.apache.log4j.NDC$DiagnosticContext from
>>>> file:/C:/tomcat-6/webapps/ca
>>>> s-server-webapp-3.2.1/WEB-INF/lib/log4j-1.2.15.jar]
>>>> 2008-06-17 23:18:53,984 ERROR [org.opensaml.SAMLResponse] - <caught a
>>>> SAML excep
>>>> tion while serializing XML: org.opensaml.MalformedException:
>>>> AttributeStatement
>>>> is invalid, requires at least one attribute>
>>>> [Loaded sun.net <http://sun.net.www.http.hu/>.www.http.Hurryable from
>>>> C:\Program Files\Java\jdk1.6.0\jre\lib\r
>>>> t.jar]
>>>> [Loaded sun.net <http://sun.net.www.http.ch/>.www.http.ChunkedInputStream
>>>> from C:\Program Files\Java\jdk1.6.0\
>>>> jre\lib\rt.jar]
>>>> [Loaded sun.net <http://sun.net.www.protocol.http.ht/>.www.protocol.http.HttpURLConnection$HttpInputStream
>>>> from C:\Prog
>>>> ram Files\Java\jdk1.6.0\jre\lib\rt.jar]
>>>> [Loaded sun.net <http://sun.net.www.http.ke/>.www.http.KeepAliveCache$1
>>>> from C:\Program Files\Java\jdk1.6.0\jr
>>>> e\lib\rt.jar]
>>>> [Loaded sun.net <http://sun.net.www.http.cl/>.www.http.ClientVector
>>>> from C:\Program Files\Java\jdk1.6.0\jre\li
>>>> b\rt.jar]
>>>> [Loaded sun.net <http://sun.net.www.http.ke/>.www.http.KeepAliveEntry
>>>> from C:\Program Files\Java\jdk1.6.0\jre\
>>>> lib\rt.jar]
>>>> 2008-06-17 23:18:53,984 DEBUG
>>>> [org.jasig.cas.client.validation.Saml11TicketValid
>>>> ator] - <Server response: <?xml version="1.0"
>>>> encoding="UTF-8"?><SOAP-ENV:Envelo
>>>> pe xmlns:SOAP-ENV="
>>>> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/<http://schemas.xmlsoap.org/soap/envelope/%22%3E%3CSOAP-ENV:Header/>
>>>> >
>>>> <SOAP-ENV:Body></SOAP-ENV:Body></SOAP-ENV:Envelope>>
>>>> [Loaded org.opensaml.SAMLObject from
>>>> file:/C:/tomcat-6/webapps/manager/WEB-INF/l
>>>> ib/opensaml-1.1.jar]
>>>> [Loaded org.opensaml.SAMLSignedObject from
>>>> file:/C:/tomcat-6/webapps/manager/WEB
>>>> -INF/lib/opensaml-1.1.jar]
>>>> [Loaded org.opensaml.SAMLResponse from
>>>> file:/C:/tomcat-6/webapps/manager/WEB-INF
>>>> /lib/opensaml-1.1.jar]
>>>> [Loaded org.opensaml.MalformedException from
>>>> file:/C:/tomcat-6/webapps/manager/W
>>>> EB-INF/lib/opensaml-1.1.jar]
>>>> Thanks.
>>>>  ----- Original Message ----
>>>> From: Scott Battaglia <scott.battaglia at gmail.com>
>>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>>>  Sent: Tuesday, June 17, 2008 8:17:55 PM
>>>> Subject: Re: Premature end of file exception
>>>>
>>>> Can you turn on debugging to see what the actual message being sent is?
>>>>
>>>> -Scott
>>>>
>>>> On Tue, Jun 17, 2008 at 4:10 PM, tedzo <tedzo2003 at yahoo.com> wrote:
>>>>
>>>>>  Scott,
>>>>>
>>>>> Thanks for your response.
>>>>>
>>>>> I am using java client 3.1.3 and I am now seeing a different exception
>>>>> due to premature end-of-file....
>>>>>
>>>>>
>>>>>
>>>>> Any ideas?
>>>>>
>>>>> javax.servlet.ServletException: org.jasig.cas.client.validation.TicketValidationException: org.xml.sax.SAXParseException: Premature end of file.
>>>>> 	org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:155)
>>>>> 	org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
>>>>>
>>>>>  *root cause*
>>>>>
>>>>> org.jasig.cas.client.validation.TicketValidationException: org.xml.sax.SAXParseException: Premature end of file.
>>>>> 	org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:93)
>>>>> 	org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)
>>>>> 	org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
>>>>> 	org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
>>>>>
>>>>>  *root cause*
>>>>>
>>>>> org.xml.sax.SAXParseException: Premature end of file.
>>>>> 	org.opensaml.SAMLObject.fromStream(Unknown Source)
>>>>> 	org.opensaml.SAMLResponse.<init>(Unknown Source)
>>>>> 	org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:48)
>>>>> 	org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)
>>>>> 	org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
>>>>> 	org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
>>>>>
>>>>>  *root cause*
>>>>>
>>>>> org.xml.sax.SAXParseException: Premature end of file.
>>>>> 	org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
>>>>> 	org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
>>>>> 	org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
>>>>> 	org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
>>>>> 	org.apache.xerces.impl.XMLVersionDetector.determineDocVersion(Unknown Source)
>>>>> 	org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
>>>>> 	org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
>>>>> 	org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
>>>>> 	org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
>>>>> 	org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
>>>>> 	org.opensaml.XML$ParserPool.parse(Unknown Source)
>>>>> 	org.opensaml.XML$ParserPool.parse(Unknown Source)
>>>>> 	org.opensaml.SAMLObject.fromStream(Unknown Source)
>>>>> 	org.opensaml.SAMLResponse.<init>(Unknown Source)
>>>>> 	org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:48)
>>>>> 	org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)
>>>>> 	org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
>>>>> 	org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
>>>>>
>>>>>
>>>>>
>>>>> ----- Original Message ----
>>>>> From: Scott Battaglia <scott.battaglia at gmail.com>
>>>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>>>> Sent: Tuesday, June 17, 2008 12:19:55 PM
>>>>> Subject: Re: NumberFormatException in Saml11TicketValidationFilter
>>>>>
>>>>> All of our GA releases are available from the public Maven2 repo:
>>>>>
>>>>> http://repo1.maven.org/maven2/org/jasig/cas/cas-client-core/3.1.3/
>>>>>
>>>>> -Scott
>>>>>
>>>>> -Scott Battaglia
>>>>> PGP Public Key Id: 0x383733AA
>>>>> LinkedIn <http://www.linkedin.com/>:
>>>>> http://www.linkedin.com/in/scottbattaglia
>>>>>
>>>>> On Tue, Jun 17, 2008 at 3:07 PM, tedzo <tedzo2003 at yahoo.com> wrote:
>>>>>
>>>>>>  I am trying to use the Saml11TicketValidationFilter to try and get a
>>>>>> demo of some sort work. I am using Cas client 3.1.1. I get the
>>>>>> following exception after authentication-
>>>>>>
>>>>>> java.lang.NumberFormatException: For input string: ""
>>>>>> 	java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
>>>>>> 	java.lang.Integer.parseInt(Integer.java:468)
>>>>>> 	java.lang.Integer.parseInt(Integer.java:497)
>>>>>> 	org.opensaml.SAMLResponse.fromDOM(Unknown Source)
>>>>>> 	org.opensaml.SAMLResponse.<init>(Unknown Source)
>>>>>> 	org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:46)
>>>>>> 	org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:165)
>>>>>> 	org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129)
>>>>>> 	org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103)
>>>>>>
>>>>>>
>>>>>> Another thread suggests that Cas10TicketValidationFilter si broken and
>>>>>> Cas20TicketValidationFilter should be used. However, I need to use the
>>>>>> Saml11TicketValidationFilter and I guess thats broken too.
>>>>>>
>>>>>> http://www.ja-sig.org/issues/browse/CASC-41 suggests that the problem is fixed in 3.1.2.
>>>>>>
>>>>>> However, I am not able to find Java client 3.1.2.
>>>>>>
>>>>>> Any tips?
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>> ----- Original Message ----
>>>>>> From: tedzo <tedzo2003 at yahoo.com>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>>>>> Sent: Monday, June 16, 2008 10:32:12 AM
>>>>>> Subject: Re: Asml
>>>>>>
>>>>>>  Any ideas?
>>>>>>
>>>>>> ----- Original Message ----
>>>>>> From: tedzo <tedzo2003 at yahoo.com>
>>>>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>>>>> Sent: Thursday, June 12, 2008 3:30:21 PM
>>>>>> Subject: Re: Asml
>>>>>>
>>>>>>  Hmm. So who is actually making the AuthnRequest and parsing the
>>>>>> response? Or, are you saying that an attempt to access webappB will always
>>>>>> be redirected to CAS (because of the cas client) and the AuthRequest is sent
>>>>>> to and the response parsed by the CAS server?
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>>
>>>>>> ----- Original Message ----
>>>>>> From: Scott Battaglia <scott.battaglia at gmail.com>
>>>>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>>>>> Sent: Thursday, June 12, 2008 2:22:51 PM
>>>>>> Subject: Re: Asml
>>>>>>
>>>>>> I'm not sure I follow. If you've protected webapp B with the CAS
>>>>>> client (a SAML client) and configured it to speak with CAS then it should
>>>>>> always redirect to CAS.
>>>>>>
>>>>>> We're just using SAML to send back additional attributes if they are
>>>>>> available.
>>>>>>
>>>>>> -Scott
>>>>>>
>>>>>> -Scott Battaglia
>>>>>> PGP Public Key Id: 0x383733AA
>>>>>> LinkedIn <http://www.linkedin.com/>:
>>>>>> http://www.linkedin.com/in/scottbattaglia
>>>>>>
>>>>>> On Thu, Jun 12, 2008 at 2:10 PM, tedzo <tedzo2003 at yahoo.com> wrote:
>>>>>>
>>>>>>>   Scott, thanks for your response.
>>>>>>>
>>>>>>> I think I am stuck trying to demo Saml capability, mainly due to my
>>>>>>> lack of understanding of how things work...
>>>>>>> Let me first make sure what I understand is correct-
>>>>>>> 1. There is a webappA on ServerA that is protected by some entity
>>>>>>> (not CAS).
>>>>>>> 2. There is a webappB on ServerB that is protected by CAS (3.2.1)
>>>>>>> 3. The SamlTicketValidationFilter is setup on ServerB for webappB,
>>>>>>> meaning, the filter is triggered when a user attempts to access webappB.
>>>>>>> 4. The user accesses webappA, is asked to login by whatever is
>>>>>>> protecting webappA. User logsin successfully.
>>>>>>> 5. User clicks on a link to webappB from webappA.
>>>>>>> 6. At this point, normally, CAS would ask the user to login. However,
>>>>>>> I think I want CAS to make an authRequest to the entity that authenticated
>>>>>>> the user on webappA, parse the response it gets (essentially that the user
>>>>>>> is already authenticated and whatever details that go with it), and log the
>>>>>>> user in and provide access to webappB.
>>>>>>>
>>>>>>> That would make the entity on serverA that authenticated the user to
>>>>>>> webappA the IdProvider and CAS the ServiceProvider.
>>>>>>>
>>>>>>> Does this sound right or am I way of base? In order for me to demo
>>>>>>> CAS saml capability, I would at most require an entity that responds to an
>>>>>>> authRequest from CAS, is that correct?
>>>>>>>
>>>>>>> Thanks. I appreciate your time and interest.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ----- Original Message ----
>>>>>>> From: Scott Battaglia <scott.battaglia at gmail.com>
>>>>>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>>>>>> Sent: Thursday, May 22, 2008 10:04:50 AM
>>>>>>> Subject: Re:
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> If you are using the latest CAS client, you should actually only need
>>>>>>> to configure the Saml Ticket Validation Filter on the client-side (the
>>>>>>> server should already handle it).
>>>>>>>
>>>>>>> -Scott
>>>>>>>
>>>>>>> On Tue, May 20, 2008 at 7:16 PM, tedzo <tedzo2003 at yahoo.com> wrote:
>>>>>>>
>>>>>>>>  I have downloaded the new cas-server and client versions and I
>>>>>>>> want to check out saml support. How do I go about it? Specifically, I was
>>>>>>>> thinking I would
>>>>>>>> 1. get a hold of a saml client
>>>>>>>> 2. figure out what kind of  message needs to be sent to cas in order
>>>>>>>> to login/set up a session
>>>>>>>> 3. read the response from cas
>>>>>>>> 4. figure out the username from the response.
>>>>>>>>
>>>>>>>> I am not familiar with saml, so excuse my naivety. What I am looking
>>>>>>>> for-
>>>>>>>> 1. suggestions for a client, if any.
>>>>>>>> 2. What message I need to send to CAS in order to elicit a response.
>>>>>>>> 3. What kind of response can I expect.
>>>>>>>> 4. Any documents about cas/saml integration. I have been searching
>>>>>>>> the archives and haven't found anything particularly useful...
>>>>>>>>
>>>>>>>> Appreciate you time.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Yale CAS mailing list
>>>>>>>> cas at tp.its.yale.edu
>>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> -Scott Battaglia
>>>>>>> PGP Public Key Id: 0x383733AA
>>>>>>> LinkedIn <http://www.linkedin.com/>:
>>>>>>> http://www.linkedin.com/in/scottbattaglia
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Yale CAS mailing list
>>>>>>> cas at tp.its.yale.edu
>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Yale CAS mailing list
>>>>>> cas at tp.its.yale.edu
>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Yale CAS mailing list
>>>>> cas at tp.its.yale.edu
>>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Yale CAS mailing list
>>>> cas at tp.its.yale.edu
>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>>
>>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Yale CAS mailing list
>>> cas at tp.its.yale.edu
>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>
>>>
>>
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>
>
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080619/578f1f11/attachment.html

More information about the cas mailing list