CAS 3.1.1 pgt problem

Julien Gribonvald julien.gribonvald at recia.fr
Thu Mar 6 12:34:16 EST 2008 

Hello,

I have two problems with CAS v3 that i can't solve and i tried many 
things. The first is the main one

_First problem :_

I have a problem with CAS 3.1.1 deployed with cas-toolbox from esup.

Before to deploy it i worked without problems with CAS v2 and Horde too.

I just deployed CAS V3 and all works nearly well with uPortal, at least 
the authentication seems to works in uPortal.
I tested it with a channel which request PT...
But when i try to authenticate with Horde, using phpcas 0.5.1 (esup 
package compatible with cas v3), i get always the error that I'm not 
authenticated.

After many research on log files I found where the problem comes...
 when horde request this url with the phpcas function : 
CASClient::readURL('https://dvorak.recia.fr:443/cas/proxy?targetService=&pgt=TGT-30-do9NDPd9RVHMoIBYUfskn0kRflcCb9ZHgtbGIgbnDNzkOmKylY', 
'', NULL, NULL, '') [client.php:1481]

it returns this kind of data :
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
    <cas:proxyFailure code='INVALID_REQUEST'>
        Les paramètres &#039;pgt&#039; et &#039;targetService&#039; sont 
tous deux nécessaires ( the two parameters are needed)
    </cas:proxyFailure>
</cas:serviceResponse>

It's like the CAS apps can't read parameters in the url ... Because with 
the same URL with CAS v2 this is working... i didn't change cas 
configuration on horde between cas v2 and cas v3.

and from cas I have this error :

2008-03-06 17:42:23,359 INFO 
[org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting ContextPath 
for cookies to: /cas
2008-03-06 17:43:37,657 INFO 
[org.jasig.cas.authentication.AuthenticationManagerImpl] - 
AuthenticationHandler: 
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully 
authenticated the user which provided the following credentials: Aeg00000
2008-03-06 17:43:37,665 WARN 
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - 
Converting value 0 of LDAP attribute 'ENTPersonLogin' from byte[] to String
2008-03-06 17:43:37,665 WARN 
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - 
Converting value 0 of LDAP attribute 'cn' from byte[] to String
2008-03-06 17:43:37,665 WARN 
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - 
Converting value 0 of LDAP attribute 'uid' from byte[] to String
2008-03-06 17:43:37,665 WARN 
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - 
Converting value 0 of LDAP attribute 'mail' from byte[] to String
2008-03-06 17:43:37,665 WARN 
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - 
Converting value 0 of LDAP attribute 'displayName' from byte[] to String
2008-03-06 17:43:37,678 WARN 
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - 
Converting value 0 of LDAP attribute 'ENTPersonLogin' from byte[] to String
2008-03-06 17:43:37,678 WARN 
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - 
Converting value 0 of LDAP attribute 'cn' from byte[] to String
2008-03-06 17:43:37,678 WARN 
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - 
Converting value 0 of LDAP attribute 'uid' from byte[] to String
2008-03-06 17:43:37,678 WARN 
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - 
Converting value 0 of LDAP attribute 'mail' from byte[] to String
2008-03-06 17:43:37,678 WARN 
[org.jasig.services.persondir.support.ldap.PersonAttributesMapper] - 
Converting value 0 of LDAP attribute 'displayName' from byte[] to String
2008-03-06 17:43:37,684 INFO 
[org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service 
ticket [ST-1-wE2uwB4UKbvLqGSOgz2o] for service 
[https://strauss.recia.fr/horde/login.php] for user [Aeg00000]
2008-03-06 17:43:38,006 INFO 
[org.jasig.cas.authentication.AuthenticationManagerImpl] - 
AuthenticationHandler: 
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler 
successfully authenticated the user which provided the following 
credentials: https://strauss.recia.fr/horde/casProxy.php
2008-03-06 17:43:40,026 INFO 
[org.jasig.cas.authentication.AuthenticationManagerImpl] - 
AuthenticationHandler: 
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler 
successfully authenticated the user which provided the following 
credentials: https://strauss.recia.fr/horde/casProxy.php
2008-03-06 17:43:40,029 ERROR 
[org.jasig.cas.web.ServiceValidateController] - TicketException 
generating ticket for: https://strauss.recia.fr/horde/casProxy.php
org.jasig.cas.ticket.InvalidTicketException
        at 
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:250)
        at 
org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:125)
        at 
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
        at 
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
        at 
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:857)
        at 
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792)
        at 
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:475)
        at 
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:430)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at 
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
        at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
        at 
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
        at 
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767)
        at 
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697)
        at 
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889)
        at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
        at java.lang.Thread.run(Thread.java:595)


_Second problem :_
After i have a second problem (but not important actually) I configured 
CAS to get some LDAP attributes, but i get only the principals ID that i 
ask, other attributes requested aren't shown ( i modified the good jsp 
but nothing appear), also i haven't any problems to login with different 
LDAP attributes ... I add all configurations files.



If anybody have any ideas ... thanks in advance.

And sorry for my English.

Julien G.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cas.properties
Url: http://tp.its.yale.edu/pipermail/cas/attachments/20080306/1cd88b78/attachment.pl 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: config.properties
Url: http://tp.its.yale.edu/pipermail/cas/attachments/20080306/1cd88b78/attachment-0001.pl 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: deployerConfigContext.xml
Type: text/xml
Size: 8296 bytes
Desc: not available
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20080306/1cd88b78/attachment.xml 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ldap.txt
Url: http://tp.its.yale.edu/pipermail/cas/attachments/20080306/1cd88b78/attachment.txt 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ldap-auth.xml
Type: text/xml
Size: 2582 bytes
Desc: not available
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20080306/1cd88b78/attachment-0001.xml 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: tomcat.log
Url: http://tp.its.yale.edu/pipermail/cas/attachments/20080306/1cd88b78/attachment-0002.pl

More information about the cas mailing list