Fw: Premature end of file exception

Scott Battaglia scott.battaglia at gmail.com
Thu Jun 19 22:30:00 EDT 2008 

There's a couple more unfinished issues.  You can grab it from SVN though
(or at least grab the one file).
-Scott

-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia

On Thu, Jun 19, 2008 at 6:12 PM, tedzo <tedzo2003 at yahoo.com> wrote:

> It appears that 3.2.2 is not available as yet. When is it expected to be
> released?
>
> Thanks.
>
> ----- Forwarded Message ----
> From: Scott Battaglia <scott.battaglia at gmail.com>
> To: Yale CAS mailing list <cas at tp.its.yale.edu>
> Sent: Thursday, June 19, 2008 7:25:30 AM
> Subject: Re: Premature end of file exception
>
> I think I fixed it. I opened an issue in JIRA and committed a fix:
>
> http://www.ja-sig.org/issues/browse/CAS-671
>
> I haven't tried it with the CAS client to confirm that its okay.  There is
> a test case in the CAS Server though which replicates the issue.
>
> -Scott
>
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
> On Thu, Jun 19, 2008 at 1:37 AM, tedzo <tedzo2003 at yahoo.com> wrote:
>
>>  Dale,
>>
>> Thanks for the response.
>>
>> I posted two more messages and I am not sure why the have not appeared on
>> the mailing list. I will stick the contents of those emails at the end of
>> this response.
>>
>> Yes, as you suggest, there appear to be no attributes for the user and
>> hence opensaml complains about it. The question is why are there no
>> attributes? Is that expected behavior for an out-of-the-box deployment of
>> cas server? Out-of-the-box deployment meaning, I am using the dummy
>> authenticationhandler that just verifies that username=password. I don't
>> know that it matters. Do I need to do something else to ensure that the user
>> has attributes?
>>
>>
>>
>> Previous message from me-
>>
>> ----------Previous message start---------
>>
>>
>>
>> I should mention- I am using the out-of-the-box configuration. So, I think
>> that uses the Dummy authenticationHandler (username=password). I don't know
>> if that makes any difference.
>>
>>
>>
>> Also, the NullPtr that I am seeing after the changes is on the client
>> side, not server side.
>>
>>
>>
>> Thanks.
>>
>>
>>   ----- Original Message ----
>> From: tedzo <tedzo2003 at yahoo.com>
>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>> Sent: Wednesday, June 18, 2008 3:30:29 PM
>> Subject: Re: Premature end of file exception
>>
>>   Scott, Thanks for your time.
>>
>>
>>
>> There are no exceptions logged other than the one I have mentioned.
>>
>>
>>
>> I added some more debug statements and it seems that there are no
>> attributes associated with the principal in question, i.e,
>>
>> authentication.getPrincipal().getAttributes().keySet()
>>
>> is an empty set. Is this expected behaviour? It also appears that the
>> attributes returned from the principal is what is used to populate the
>> SamlResponse with attributes. ..
>>
>>
>>
>> I went ahead and added 1 junk attribute and this what I see in the
>> server's response-
>>
>>
>>
>> 2008-06-18 15:24:56,176 DEBUG
>> [org.jasig.cas.client.validation.Saml11TicketValid
>> ator] - <Server response: <?xml version="1.0"
>> encoding="UTF-8"?><SOAP-ENV:Envelo
>> pe xmlns:SOAP-ENV="
>> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/<http://schemas.xmlsoap.org/soap/envelope/%22%3E%3CSOAP-ENV:Header/>
>> >
>> <SOAP-ENV:Body><Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
>> xmlns:saml
>> ="urn:oasis:names:tc:SAML:1.0:assertion"
>> xmlns:samlp="urn:oasis:names:tc:SAML:1.
>> 0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="
>> http://www.w
>> 3.org/2001/XMLSchema-instance"
>> InResponseTo="_4b7c5af9f9dc935134654c8a52ef1fdd"
>> IssueInstant="2008-06-18T22:24:56.114Z" MajorVersion="1" MinorVersion="1"
>> Recipi
>> ent="http://tedzo-wxp01.mezo.com:8080/manager/html"
>> ResponseID="_0de082fa6d3
>> 28fa471c472f2a85f1e32"><Status><StatusCode
>> Value="samlp:Success"></StatusCode></
>> Status><Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
>> AssertionID="_db
>> 93000bdc66d614a72b8864f8408959" IssueInstant="2008-06-18T22:24:55.598Z"
>> Issuer="
>> localhost" MajorVersion="1" MinorVersion="1"><Conditions
>> NotBefore="2008-06-18T2
>> 2:24:55.598Z"
>> NotOnOrAfter="2008-06-18T22:25:25.598Z"><AudienceRestrictionCondit
>> ion><Audience>http://tedzo-wxp01.mezo.com:8080/manager/html
>> </Audience></Audi
>>
>> enceRestrictionCondition></Conditions><AttributeStatement><Subject><NameIdentifi
>>
>> er>test</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names
>>
>> :tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation></Subject><At
>> tribute AttributeName="some-name-key" AttributeNamespace="
>> http://www.ja-sig.org/
>>
>> products/cas/"><AttributeValue>some-value</AttributeValue></Attribute></Attribut
>> eStatement><AuthenticationStatement
>> AuthenticationInstant="2008-06-18T22:24:54.4
>> 73Z"
>> AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject>
>>
>> <NameIdentifier>test</NameIdentifier><SubjectConfirmation><ConfirmationMethod>ur
>>
>> n:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation>
>>
>> </Subject></AuthenticationStatement></Assertion></Response></SOAP-ENV:Body></SOA
>> P-ENV:Envelope>>
>>
>>
>>
>> So, now, it comes across correctly. Ofcourse, I hit a NullPointer, but
>> thats because of the junk attribute I added, I think.
>>
>>
>>
>> So, assuming thats the problem, why are there no attributes in the
>> principal?
>>
>>
>>
>> ----------Previous message end---------
>>
>>
>>
>>
>>
>> Thanks.
>>
>>
>>
>>  ----- Original Message ----
>> From: Dale Ogilvie <Dale.Ogilvie at trimble.co.nz>
>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>  Sent: Wednesday, June 18, 2008 9:11:20 PM
>> Subject: RE: Premature end of file exception
>>
>> We resolved our issues with the SAML filter by first turning on logging on
>> the server to see what the debug logs showed up.
>>
>> /var/lib/tomcat5/webapps/cas/WEB-INF/classes/log4j.properties
>> ...
>> log4j.logger.org.jasig.cas=DEBUG
>> ...
>> tail -F /var/log/tomcat5/cas.log
>>
>> Then used the cas client source to debug a cas protected jsp in netbeans
>> to isolate the error in the client code.
>>
>> Our working example returns attributes in the SAML response, possibly your
>> error is related to not having any attributes to return?
>>
>> Dale
>>
>>  ------------------------------
>> *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
>> *On Behalf Of *tedzo
>> *Sent:* Thursday, 19 June 2008 12:30 p.m.
>> *To:* Yale CAS mailing list
>> *Subject:* Re: Premature end of file exception
>>
>>  I should mention- I am using the out-of-the-box configuration. So, I
>> think that uses the Dummy authenticationHandler (username=password). I don't
>> know if that makes any difference.
>>
>>
>>
>> Also, the NullPtr that I am seeing after the changes is on the client
>> side, not server side.
>>
>>
>>
>> Thanks.
>>
>>
>> ----- Original Message ----
>> From: tedzo <tedzo2003 at yahoo.com>
>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>> Sent: Wednesday, June 18, 2008 3:30:29 PM
>> Subject: Re: Premature end of file exception
>>
>>  Scott, Thanks for your time.
>>
>>
>>
>> There are no exceptions logged other than the one I have mentioned.
>>
>>
>>
>> I added some more debug statements and it seems that there are no
>> attributes associated with the principal in question, i.e,
>>
>> authentication.getPrincipal().getAttributes().keySet()
>>
>> is an empty set. Is this expected behaviour? It also appears that the
>> attributes returned from the principal is what is used to populate the
>> SamlResponse with attributes. ..
>>
>>
>>
>> I went ahead and added 1 junk attribute and this what I see in the
>> server's response-
>>
>>
>>
>> 2008-06-18 15:24:56,176 DEBUG
>> [org.jasig.cas.client.validation.Saml11TicketValid
>> ator] - <Server response: <?xml version="1.0"
>> encoding="UTF-8"?><SOAP-ENV:Envelo
>> pe xmlns:SOAP-ENV="
>> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/<http://schemas.xmlsoap.org/soap/envelope/%22%3E%3CSOAP-ENV:Header/>
>> >
>> <SOAP-ENV:Body><Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
>> xmlns:saml
>> ="urn:oasis:names:tc:SAML:1.0:assertion"
>> xmlns:samlp="urn:oasis:names:tc:SAML:1.
>> 0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="
>> http://www.w
>> 3.org/2001/XMLSchema-instance"
>> InResponseTo="_4b7c5af9f9dc935134654c8a52ef1fdd"
>> IssueInstant="2008-06-18T22:24:56.114Z" MajorVersion="1" MinorVersion="1"
>> Recipi
>> ent="http://tedzo-wxp01.mezo.com:8080/manager/html"
>> ResponseID="_0de082fa6d3
>> 28fa471c472f2a85f1e32"><Status><StatusCode
>> Value="samlp:Success"></StatusCode></
>> Status><Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
>> AssertionID="_db
>> 93000bdc66d614a72b8864f8408959" IssueInstant="2008-06-18T22:24:55.598Z"
>> Issuer="
>> localhost" MajorVersion="1" MinorVersion="1"><Conditions
>> NotBefore="2008-06-18T2
>> 2:24:55.598Z"
>> NotOnOrAfter="2008-06-18T22:25:25.598Z"><AudienceRestrictionCondit
>> ion><Audience>http://tedzo-wxp01.mezo.com:8080/manager/html
>> </Audience></Audi
>>
>> enceRestrictionCondition></Conditions><AttributeStatement><Subject><NameIdentifi
>>
>> er>test</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names
>>
>> :tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation></Subject><At
>> tribute AttributeName="some-name-key" AttributeNamespace="
>> http://www.ja-sig.org/
>>
>> products/cas/"><AttributeValue>some-value</AttributeValue></Attribute></Attribut
>> eStatement><AuthenticationStatement
>> AuthenticationInstant="2008-06-18T22:24:54.4
>> 73Z"
>> AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject>
>>
>> <NameIdentifier>test</NameIdentifier><SubjectConfirmation><ConfirmationMethod>ur
>>
>> n:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation>
>>
>> </Subject></AuthenticationStatement></Assertion></Response></SOAP-ENV:Body></SOA
>> P-ENV:Envelope>>
>>
>>
>>
>> So, now, it comes across correctly. Ofcourse, I hit a NullPointer, but
>> thats because of the junk attribute I added, I think.
>>
>>
>>
>> So, assuming thats the problem, why are there no attributes in the
>> principal?
>>
>>
>>
>> Thanks.
>>
>>
>> ----- Original Message ----
>> From: Scott Battaglia <scott.battaglia at gmail.com>
>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>> Sent: Wednesday, June 18, 2008 12:42:54 PM
>> Subject: Re: Premature end of file exception
>>
>> You have to use OpenSAML 1.1b.  The APIs as far as I know are not
>> compatible between the major revisions.  Are there any exceptions logged or
>> is the result just empty?
>>
>> -Scott Battaglia
>> PGP Public Key Id: 0x383733AA
>> LinkedIn <http://www.linkedin.com/>:
>> http://www.linkedin.com/in/scottbattaglia
>>
>> On Wed, Jun 18, 2008 at 3:27 PM, tedzo <tedzo2003 at yahoo.com> wrote:
>>
>>>  Its really weird. The failure appears to occur on the toString() call
>>> on the SamlResponse Object in Saml10SuccessResponseView. Am I using some
>>> wrong jar file to parse the xml? I am using whatever came with opensaml
>>> distribution...
>>>
>>>
>>>
>>> Scott, can I use opensaml2 rather than opensaml1.1b? Would that work with
>>> cas-server-3.2.1?
>>>
>>>
>>>
>>> Thanks.
>>>
>>>
>>>  ----- Original Message ----
>>> From: Scott Battaglia <scott.battaglia at gmail.com>
>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>>  Sent: Wednesday, June 18, 2008 11:06:01 AM
>>> Subject: Re: Premature end of file exception
>>>
>>> Its available from the repository:
>>>
>>>
>>> https://www.ja-sig.org/svn/cas-clients/java-client/tags/cas-java-client-3-1-3-final/
>>>
>>> -Scott
>>>
>>> -Scott Battaglia
>>> PGP Public Key Id: 0x383733AA
>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>>
>>> On Wed, Jun 18, 2008 at 1:50 PM, tedzo <tedzo2003 at yahoo.com> wrote:
>>>
>>>>  I apologize if I am being blind- where is the source code for Java
>>>> client 3.1.3?
>>>>
>>>>
>>>>
>>>> Thanks.
>>>>
>>>>  ----- Original Message ----
>>>> From: tedzo <tedzo2003 at yahoo.com>
>>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>>>  Sent: Wednesday, June 18, 2008 10:22:58 AM
>>>> Subject: Re: Premature end of file exception
>>>>
>>>>  Yeah, exactly my thoughts.
>>>>
>>>> Let me try and add some debug statements etc and try to find whats up.
>>>>
>>>>
>>>> ----- Original Message ----
>>>> From: Scott Battaglia <scott.battaglia at gmail.com>
>>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>>> Sent: Wednesday, June 18, 2008 6:39:27 AM
>>>> Subject: Re: Premature end of file exception
>>>>
>>>> So two things:
>>>> 2008-06-17 23:18:53,984 ERROR [org.opensaml.SAMLResponse] - <caught a
>>>> SAML excep
>>>> tion while serializing XML: org.opensaml.MalformedException:
>>>> AttributeStatement
>>>> is invalid, requires at least one attribute>
>>>>
>>>> and
>>>>
>>>>  <Server response: <?xml version="1.0"
>>>> encoding="UTF-8"?><SOAP-ENV:Envelo
>>>> pe xmlns:SOAP-ENV="
>>>> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/<http://schemas.xmlsoap.org/soap/envelope/%22%3E%3CSOAP-ENV:Header/>
>>>> >
>>>> <SOAP-ENV:Body></SOAP-ENV:Body></SOAP-ENV:Envelope>>
>>>>
>>>> For whatever reason there's actually no SAML response in the message!
>>>>
>>>> That's kind of strange.  I haven't seen the SAML response not return
>>>> anything yet.
>>>>
>>>> -Scott
>>>>
>>>>
>>>> -Scott Battaglia
>>>> PGP Public Key Id: 0x383733AA
>>>> LinkedIn <http://www.linkedin.com/>:
>>>> http://www.linkedin.com/in/scottbattaglia
>>>>
>>>> On Wed, Jun 18, 2008 at 2:37 AM, tedzo <tedzo2003 at yahoo.com> wrote:
>>>>
>>>>>  I did turn on the logs, however I didn't see anything more than what
>>>>> I have mentioned in the original post. I think that may be because I haven't
>>>>> turned the logs on correctly perhaps. Anyway, I have copied some suspicious
>>>>> looking output from the console. It appears to be complaining about an
>>>>> invalid AttributeStatement?
>>>>> ...........
>>>>> 2008-06-17 23:18:50,984 INFO
>>>>> [org.jasig.cas.authentication.AuthenticationManager
>>>>> Impl] - <AuthenticationHandler:
>>>>> org.jasig.cas.authentication.handler.support.Sim
>>>>> pleTestUsernamePasswordAuthenticationHandler successfully authenticated
>>>>> the user
>>>>>  which provided the following credentials: TEST>
>>>>> 2008-06-17 23:18:50,984 DEBUG
>>>>> [org.jasig.cas.authentication.principal.UsernamePa
>>>>> sswordCredentialsToPrincipalResolver] - <Attempting to resolve a
>>>>> principal...>
>>>>> 2008-06-17 23:18:50,984 DEBUG
>>>>> [org.jasig.cas.authentication.principal.UsernamePa
>>>>> sswordCredentialsToPrincipalResolver] - <Creating SimplePrincipal for
>>>>> [TEST]>
>>>>> [Loaded org.apache.commons.lang.Validate from
>>>>> file:/C:/tomcat-6/webapps/cas-serv
>>>>> er-webapp-3.2.1/WEB-INF/lib/commons-lang-2.2.jar]
>>>>> [Loaded org.jasig.cas.authentication.principal.SimplePrincipal from
>>>>> file:/C:/tom
>>>>>
>>>>> cat-6/webapps/cas-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar]
>>>>> [Loaded org.jasig.cas.authentication.ImmutableAuthentication from
>>>>> file:/C:/tomca
>>>>>
>>>>> t-6/webapps/cas-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar]
>>>>> [Loaded org.jasig.cas.ticket.AbstractTicket from
>>>>> file:/C:/tomcat-6/webapps/cas-s
>>>>> erver-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar]
>>>>> [Loaded org.jasig.cas.ticket.TicketGrantingTicketImpl from
>>>>> file:/C:/tomcat-6/web
>>>>> apps/cas-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar]
>>>>> [Loaded org.jasig.cas.ticket.ServiceTicket from
>>>>> file:/C:/tomcat-6/webapps/cas-se
>>>>> rver-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar]
>>>>> [Loaded org.jasig.cas.ticket.ServiceTicketImpl from
>>>>> file:/C:/tomcat-6/webapps/ca
>>>>> s-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar]
>>>>> 2008-06-17 23:18:51,000 INFO
>>>>> [org.jasig.cas.CentralAuthenticationServiceImpl] -
>>>>> <Granted service ticket [ST-1-p4bR3ftbfRfxvpnZHSmH-cas] for service [
>>>>> http://tedzo-wxp01.mezo.com:8080/manager/html] for user [TEST]>
>>>>> [Loaded org.jasig.cas.web.flow.DynamicRedirectViewSelector$1 from
>>>>> file:/C:/tomca
>>>>>
>>>>> t-6/webapps/cas-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar]
>>>>> [Loaded java.lang.NoSuchFieldError from C:\Program
>>>>> Files\Java\jdk1.6.0\jre\lib\r
>>>>> t.jar]
>>>>> [Loaded org.springframework.web.servlet.view.RedirectView from
>>>>> file:/C:/tomcat-6
>>>>> /webapps/cas-server-webapp-3.2.1/WEB-INF/lib/spring-webmvc-2.5.1.jar]
>>>>> 2008-06-17 23:18:53,656 DEBUG
>>>>> [org.jasig.cas.client.validation.Saml11TicketValid
>>>>> ationFilter] - <Attempting to validate ticket:
>>>>> ST-1-p4bR3ftbfRfxvpnZHSmH-cas>
>>>>> 2008-06-17 23:18:53,656 DEBUG [org.jasig.cas.client.util.CommonUtils] -
>>>>> <service
>>>>> Url generated: http://tedzo-wxp01.mezo.com:8080/manager/html>
>>>>> 2008-06-17 23:18:53,656 DEBUG
>>>>> [org.jasig.cas.client.validation.Saml11TicketValid
>>>>> ator] - <Placing URL parameters in map.>
>>>>> 2008-06-17 23:18:53,656 DEBUG
>>>>> [org.jasig.cas.client.validation.Saml11TicketValid
>>>>> ator] - <Calling template URL attribute map.>
>>>>> 2008-06-17 23:18:53,656 DEBUG
>>>>> [org.jasig.cas.client.validation.Saml11TicketValid
>>>>> ator] - <Loading custom parameters from configuration.>
>>>>> 2008-06-17 23:18:53,656 DEBUG
>>>>> [org.jasig.cas.client.validation.Saml11TicketValid
>>>>> ator] - <Constructing validation url:
>>>>> https://tedzo-wxp01.mezo.com:8443/cas-
>>>>> server-webapp-3.2.1/samlValidate?TARGET=http%3A%2F%
>>>>> 2Ftedzo-wxp01.mezo.com <http://2ftedzo-wxp01.mezo.com/>%3A
>>>>> 8080%2Fmanager%2Fhtml>
>>>>> 2008-06-17 23:18:53,656 DEBUG
>>>>> [org.jasig.cas.client.validation.Saml11TicketValid
>>>>> ator] - <Retrieving response from server.>
>>>>> [Loaded sun.net <http://sun.net.www.protocol.ht/>.www.protocol.https.Handler
>>>>> from C:\Program Files\Java\jdk1.6.0\j
>>>>> re\lib\jsse.jar]
>>>>> [Loaded javax.net <http://javax.net.ssl.ht/>.ssl.HttpsURLConnection
>>>>> from C:\Program Files\Java\jdk1.6.0\jre
>>>>> \lib\jsse.jar]
>>>>> [Loaded sun.net <http://sun.net.www.protocol.https.ht/>.www.protocol.https.HttpsURLConnectionImpl
>>>>> from C:\Program Files\
>>>>> Java\jdk1.6.0\jre\lib\jsse.jar]
>>>>> [Loaded javax.net.ssl.HostnameVerifier from C:\Program
>>>>> Files\Java\jdk1.6.0\jre\l
>>>>> ......
>>>>> [Loaded org.apache.log4j.NDC from
>>>>> file:/C:/tomcat-6/webapps/cas-server-webapp-3.
>>>>> 2.1/WEB-INF/lib/log4j-1.2.15.jar]
>>>>> [Loaded org.apache.log4j.NDC$DiagnosticContext from
>>>>> file:/C:/tomcat-6/webapps/ca
>>>>> s-server-webapp-3.2.1/WEB-INF/lib/log4j-1.2.15.jar]
>>>>> 2008-06-17 23:18:53,984 ERROR [org.opensaml.SAMLResponse] - <caught a
>>>>> SAML excep
>>>>> tion while serializing XML: org.opensaml.MalformedException:
>>>>> AttributeStatement
>>>>> is invalid, requires at least one attribute>
>>>>> [Loaded sun.net <http://sun.net.www.http.hu/>.www.http.Hurryable from
>>>>> C:\Program Files\Java\jdk1.6.0\jre\lib\r
>>>>> t.jar]
>>>>> [Loaded sun.net <http://sun.net.www.http.ch/>.www.http.ChunkedInputStream
>>>>> from C:\Program Files\Java\jdk1.6.0\
>>>>> jre\lib\rt.jar]
>>>>> [Loaded sun.net <http://sun.net.www.protocol.http.ht/>.www.protocol.http.HttpURLConnection$HttpInputStream
>>>>> from C:\Prog
>>>>> ram Files\Java\jdk1.6.0\jre\lib\rt.jar]
>>>>> [Loaded sun.net <http://sun.net.www.http.ke/>.www.http.KeepAliveCache$1
>>>>> from C:\Program Files\Java\jdk1.6.0\jr
>>>>> e\lib\rt.jar]
>>>>> [Loaded sun.net <http://sun.net.www.http.cl/>.www.http.ClientVector
>>>>> from C:\Program Files\Java\jdk1.6.0\jre\li
>>>>> b\rt.jar]
>>>>> [Loaded sun.net <http://sun.net.www.http.ke/>.www.http.KeepAliveEntry
>>>>> from C:\Program Files\Java\jdk1.6.0\jre\
>>>>> lib\rt.jar]
>>>>> 2008-06-17 23:18:53,984 DEBUG
>>>>> [org.jasig.cas.client.validation.Saml11TicketValid
>>>>> ator] - <Server response: <?xml version="1.0"
>>>>> encoding="UTF-8"?><SOAP-ENV:Envelo
>>>>> pe xmlns:SOAP-ENV="
>>>>> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/<http://schemas.xmlsoap.org/soap/envelope/%22%3E%3CSOAP-ENV:Header/>
>>>>> >
>>>>> <SOAP-ENV:Body></SOAP-ENV:Body></SOAP-ENV:Envelope>>
>>>>> [Loaded org.opensaml.SAMLObject from
>>>>> file:/C:/tomcat-6/webapps/manager/WEB-INF/l
>>>>> ib/opensaml-1.1.jar]
>>>>> [Loaded org.opensaml.SAMLSignedObject from
>>>>> file:/C:/tomcat-6/webapps/manager/WEB
>>>>> -INF/lib/opensaml-1.1.jar]
>>>>> [Loaded org.opensaml.SAMLResponse from
>>>>> file:/C:/tomcat-6/webapps/manager/WEB-INF
>>>>> /lib/opensaml-1.1.jar]
>>>>> [Loaded org.opensaml.MalformedException from
>>>>> file:/C:/tomcat-6/webapps/manager/W
>>>>> EB-INF/lib/opensaml-1.1.jar]
>>>>> Thanks.
>>>>>  ----- Original Message ----
>>>>> From: Scott Battaglia <scott.battaglia at gmail.com>
>>>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>>>>  Sent: Tuesday, June 17, 2008 8:17:55 PM
>>>>> Subject: Re: Premature end of file exception
>>>>>
>>>>> Can you turn on debugging to see what the actual message being sent is?
>>>>>
>>>>> -Scott
>>>>>
>>>>> On Tue, Jun 17, 2008 at 4:10 PM, tedzo <tedzo2003 at yahoo.com> wrote:
>>>>>
>>>>>>  Scott,
>>>>>>
>>>>>> Thanks for your response.
>>>>>>
>>>>>> I am using java client 3.1.3 and I am now seeing a different exception
>>>>>> due to premature end-of-file....
>>>>>>
>>>>>>
>>>>>>
>>>>>> Any ideas?
>>>>>>
>>>>>> javax.servlet.ServletException: org.jasig.cas.client.validation.TicketValidationException: org.xml.sax.SAXParseException: Premature end of file.
>>>>>> 	org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:155)
>>>>>> 	org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
>>>>>>
>>>>>>  *root cause*
>>>>>>
>>>>>> org.jasig.cas.client.validation.TicketValidationException: org.xml.sax.SAXParseException: Premature end of file.
>>>>>> 	org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:93)
>>>>>> 	org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)
>>>>>> 	org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
>>>>>> 	org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
>>>>>>
>>>>>>  *root cause*
>>>>>>
>>>>>> org.xml.sax.SAXParseException: Premature end of file.
>>>>>> 	org.opensaml.SAMLObject.fromStream(Unknown Source)
>>>>>> 	org.opensaml.SAMLResponse.<init>(Unknown Source)
>>>>>> 	org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:48)
>>>>>> 	org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)
>>>>>> 	org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
>>>>>> 	org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
>>>>>>
>>>>>>  *root cause*
>>>>>>
>>>>>> org.xml.sax.SAXParseException: Premature end of file.
>>>>>> 	org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
>>>>>> 	org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
>>>>>> 	org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
>>>>>> 	org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
>>>>>> 	org.apache.xerces.impl.XMLVersionDetector.determineDocVersion(Unknown Source)
>>>>>> 	org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
>>>>>> 	org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
>>>>>> 	org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
>>>>>> 	org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
>>>>>> 	org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
>>>>>> 	org.opensaml.XML$ParserPool.parse(Unknown Source)
>>>>>> 	org.opensaml.XML$ParserPool.parse(Unknown Source)
>>>>>> 	org.opensaml.SAMLObject.fromStream(Unknown Source)
>>>>>> 	org.opensaml.SAMLResponse.<init>(Unknown Source)
>>>>>> 	org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:48)
>>>>>> 	org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)
>>>>>> 	org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
>>>>>> 	org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
>>>>>>
>>>>>>
>>>>>>
>>>>>> ----- Original Message ----
>>>>>> From: Scott Battaglia <scott.battaglia at gmail.com>
>>>>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>>>>> Sent: Tuesday, June 17, 2008 12:19:55 PM
>>>>>> Subject: Re: NumberFormatException in Saml11TicketValidationFilter
>>>>>>
>>>>>> All of our GA releases are available from the public Maven2 repo:
>>>>>>
>>>>>> http://repo1.maven.org/maven2/org/jasig/cas/cas-client-core/3.1.3/
>>>>>>
>>>>>> -Scott
>>>>>>
>>>>>> -Scott Battaglia
>>>>>> PGP Public Key Id: 0x383733AA
>>>>>> LinkedIn <http://www.linkedin.com/>:
>>>>>> http://www.linkedin.com/in/scottbattaglia
>>>>>>
>>>>>> On Tue, Jun 17, 2008 at 3:07 PM, tedzo <tedzo2003 at yahoo.com> wrote:
>>>>>>
>>>>>>>  I am trying to use the Saml11TicketValidationFilter to try and get
>>>>>>> a demo of some sort work. I am using Cas client 3.1.1. I get the
>>>>>>> following exception after authentication-
>>>>>>>
>>>>>>> java.lang.NumberFormatException: For input string: ""
>>>>>>> 	java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
>>>>>>> 	java.lang.Integer.parseInt(Integer.java:468)
>>>>>>> 	java.lang.Integer.parseInt(Integer.java:497)
>>>>>>> 	org.opensaml.SAMLResponse.fromDOM(Unknown Source)
>>>>>>> 	org.opensaml.SAMLResponse.<init>(Unknown Source)
>>>>>>> 	org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:46)
>>>>>>> 	org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:165)
>>>>>>> 	org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129)
>>>>>>> 	org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103)
>>>>>>>
>>>>>>>
>>>>>>> Another thread suggests that Cas10TicketValidationFilter si broken
>>>>>>> and Cas20TicketValidationFilter should be used. However, I need to use the
>>>>>>> Saml11TicketValidationFilter and I guess thats broken too.
>>>>>>>
>>>>>>> http://www.ja-sig.org/issues/browse/CASC-41 suggests that the problem is fixed in 3.1.2.
>>>>>>>
>>>>>>> However, I am not able to find Java client 3.1.2.
>>>>>>>
>>>>>>> Any tips?
>>>>>>>
>>>>>>> Thanks.
>>>>>>>
>>>>>>> ----- Original Message ----
>>>>>>> From: tedzo <tedzo2003 at yahoo.com>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>>>>>> Sent: Monday, June 16, 2008 10:32:12 AM
>>>>>>> Subject: Re: Asml
>>>>>>>
>>>>>>>  Any ideas?
>>>>>>>
>>>>>>> ----- Original Message ----
>>>>>>> From: tedzo <tedzo2003 at yahoo.com>
>>>>>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>>>>>> Sent: Thursday, June 12, 2008 3:30:21 PM
>>>>>>> Subject: Re: Asml
>>>>>>>
>>>>>>>  Hmm. So who is actually making the AuthnRequest and parsing the
>>>>>>> response? Or, are you saying that an attempt to access webappB will always
>>>>>>> be redirected to CAS (because of the cas client) and the AuthRequest is sent
>>>>>>> to and the response parsed by the CAS server?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Thanks.
>>>>>>>
>>>>>>>
>>>>>>> ----- Original Message ----
>>>>>>> From: Scott Battaglia <scott.battaglia at gmail.com>
>>>>>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>>>>>> Sent: Thursday, June 12, 2008 2:22:51 PM
>>>>>>> Subject: Re: Asml
>>>>>>>
>>>>>>> I'm not sure I follow. If you've protected webapp B with the CAS
>>>>>>> client (a SAML client) and configured it to speak with CAS then it should
>>>>>>> always redirect to CAS.
>>>>>>>
>>>>>>> We're just using SAML to send back additional attributes if they are
>>>>>>> available.
>>>>>>>
>>>>>>> -Scott
>>>>>>>
>>>>>>> -Scott Battaglia
>>>>>>> PGP Public Key Id: 0x383733AA
>>>>>>> LinkedIn <http://www.linkedin.com/>:
>>>>>>> http://www.linkedin.com/in/scottbattaglia
>>>>>>>
>>>>>>> On Thu, Jun 12, 2008 at 2:10 PM, tedzo <tedzo2003 at yahoo.com> wrote:
>>>>>>>
>>>>>>>>   Scott, thanks for your response.
>>>>>>>>
>>>>>>>> I think I am stuck trying to demo Saml capability, mainly due to my
>>>>>>>> lack of understanding of how things work...
>>>>>>>> Let me first make sure what I understand is correct-
>>>>>>>> 1. There is a webappA on ServerA that is protected by some entity
>>>>>>>> (not CAS).
>>>>>>>> 2. There is a webappB on ServerB that is protected by CAS (3.2.1)
>>>>>>>> 3. The SamlTicketValidationFilter is setup on ServerB for webappB,
>>>>>>>> meaning, the filter is triggered when a user attempts to access webappB.
>>>>>>>> 4. The user accesses webappA, is asked to login by whatever is
>>>>>>>> protecting webappA. User logsin successfully.
>>>>>>>> 5. User clicks on a link to webappB from webappA.
>>>>>>>> 6. At this point, normally, CAS would ask the user to login.
>>>>>>>> However, I think I want CAS to make an authRequest to the entity that
>>>>>>>> authenticated the user on webappA, parse the response it gets (essentially
>>>>>>>> that the user is already authenticated and whatever details that go with
>>>>>>>> it), and log the user in and provide access to webappB.
>>>>>>>>
>>>>>>>> That would make the entity on serverA that authenticated the user to
>>>>>>>> webappA the IdProvider and CAS the ServiceProvider.
>>>>>>>>
>>>>>>>> Does this sound right or am I way of base? In order for me to demo
>>>>>>>> CAS saml capability, I would at most require an entity that responds to an
>>>>>>>> authRequest from CAS, is that correct?
>>>>>>>>
>>>>>>>> Thanks. I appreciate your time and interest.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ----- Original Message ----
>>>>>>>> From: Scott Battaglia <scott.battaglia at gmail.com>
>>>>>>>> To: Yale CAS mailing list <cas at tp.its.yale.edu>
>>>>>>>> Sent: Thursday, May 22, 2008 10:04:50 AM
>>>>>>>> Subject: Re:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> If you are using the latest CAS client, you should actually only
>>>>>>>> need to configure the Saml Ticket Validation Filter on the client-side (the
>>>>>>>> server should already handle it).
>>>>>>>>
>>>>>>>> -Scott
>>>>>>>>
>>>>>>>> On Tue, May 20, 2008 at 7:16 PM, tedzo <tedzo2003 at yahoo.com> wrote:
>>>>>>>>
>>>>>>>>>  I have downloaded the new cas-server and client versions and I
>>>>>>>>> want to check out saml support. How do I go about it? Specifically, I was
>>>>>>>>> thinking I would
>>>>>>>>> 1. get a hold of a saml client
>>>>>>>>> 2. figure out what kind of  message needs to be sent to cas in
>>>>>>>>> order to login/set up a session
>>>>>>>>> 3. read the response from cas
>>>>>>>>> 4. figure out the username from the response.
>>>>>>>>>
>>>>>>>>> I am not familiar with saml, so excuse my naivety. What I am
>>>>>>>>> looking for-
>>>>>>>>> 1. suggestions for a client, if any.
>>>>>>>>> 2. What message I need to send to CAS in order to elicit a
>>>>>>>>> response.
>>>>>>>>> 3. What kind of response can I expect.
>>>>>>>>> 4. Any documents about cas/saml integration. I have been searching
>>>>>>>>> the archives and haven't found anything particularly useful...
>>>>>>>>>
>>>>>>>>> Appreciate you time.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Yale CAS mailing list
>>>>>>>>> cas at tp.its.yale.edu
>>>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> -Scott Battaglia
>>>>>>>> PGP Public Key Id: 0x383733AA
>>>>>>>> LinkedIn <http://www.linkedin.com/>:
>>>>>>>> http://www.linkedin.com/in/scottbattaglia
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Yale CAS mailing list
>>>>>>>> cas at tp.its.yale.edu
>>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Yale CAS mailing list
>>>>>>> cas at tp.its.yale.edu
>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Yale CAS mailing list
>>>>>> cas at tp.its.yale.edu
>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Yale CAS mailing list
>>>>> cas at tp.its.yale.edu
>>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Yale CAS mailing list
>>>> cas at tp.its.yale.edu
>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> Yale CAS mailing list
>>> cas at tp.its.yale.edu
>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>
>>>
>>
>>
>>
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080619/fa59aa2f/attachment.html

More information about the cas mailing list