CAS 3.21 + application -- very urgent help needed please !!
Edward Chen
edwardc at wolfram.com
Mon May 19 23:04:42 EDT 2008
Hi Scott,
Thank you for the suggestion. One thing I don't understand in your email
about " a configuration error on the client side". Your "client side"
means the application itself, not the CAS server??
I installed CAS 3.21 successefully in Tomcat and I have done nothing to
any clients.
My application linked to CAS is an JSP application. Do I need to do
anything about it before linking to CAS? I created a very simple test
page -test.jsp. For the time being, I just want to redirect to open
test.jsp after the CAS login. Do I need to do anything to test.jsp??
Edward
Scott Battaglia wrote:
> If both of the TicketValidators are returning no response there may be
> a configuration error on the client side with regards to the server
> endpoint. If you turn on DEBUG on the server and then try and log
> into the client, you should be able to see on the server any
> validation attempts. If you see no ticket validation attempts, then
> the client is most likely misconfigured.
>
> -Scott
>
> On Mon, May 19, 2008 at 8:30 PM, Adam Rybicki <arybicki at unicon.net
> <mailto:arybicki at unicon.net>> wrote:
>
> Edward,
>
> It's hard to tell what effect your cas.war file custom build may
> have on CAS itself. Let's assume for the time being, that this is
> fine.
>
> Did you have a chance to look inside the Tomcat logs as the error
> message was suggesting? Getting no response from CAS could be
> caused by a certificate error. I looked at
> AbstractCasProtocolUrlBasedTicketValidator, and it is possible
> that this class would return null on a communication error with
> CAS server. It logs the error and returns null. Can you locate
> the log file? I think that the CAS Client may be actually using
> the log file of your application.
>
> Adam
>
> Edward Chen wrote:
>> Hi Scott and other experts,
>>
>> Hi,
>>
>> Just a thought about this problem. I don't know if it will make a
>> difference.
>>
>> I think maybe the CAS in my tomcat is different. Why?
>>
>> I deployed my CAS to Tomcat by other method - our own build.xml.
>>
>> CAS 3.2.1 is built with Maven 2.0.9. <http://2.0.9.> I generate cas.war not by Maven,
>> but by my build.xml
>>
>> The current problem seems to me that the CAS only talks itself and not
>> react to any applications. That is why there is
>>
>> "...The CAS server returned no response...." when CAS linking to an
>> application.
>>
>> What do you think?
>>
>> Edward
>>
>>
>> Scott Battaglia wrote:
>>
>>> Edward,
>>>
>>> Can you try using the CAS 20 filter and see if that works?
>>>
>>> -Scott
>>>
>>> On Fri, May 16, 2008 at 11:52 PM, Edward Chen <edwardc at wolfram.com <mailto:edwardc at wolfram.com>
>>> <mailto:edwardc at wolfram.com>> wrote:
>>>
>>> Here it's what I modify below. But it still doesn't work. I have the
>>> following exception. Can you tell what 's wrong with it? Anything
>>> wrong
>>> with my cas filter?? Please help--very urgent
>>>
>>>
>>> HTTP Status 500 -
>>>
>>> ------------------------------------------------------------------------
>>>
>>> *type* Exception report
>>>
>>> *message*
>>>
>>> *description* _The server encountered an internal error () that
>>> prevented it from fulfilling this request._
>>>
>>> *exception*
>>>
>>> javax.servlet.ServletException: The CAS server returned no response.
>>>
>>> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:152)
>>>
>>> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103)
>>>
>>> *root cause*
>>>
>>> org.jasig.cas.client.validation.TicketValidationException: The CAS
>>> server returned no response.
>>>
>>> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:162)
>>>
>>> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129)
>>>
>>> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103)
>>>
>>> *note* _The full stack trace of the root cause is available in the
>>> Apache Tomcat/5.5.25 logs._
>>>
>>> ------------------------------------------------------------------------
>>>
>>>
>>> Apache Tomcat/5.5.25
>>>
>>>
>>>
>>> ..........
>>> <filter>
>>> <filter-name>CAS Authentication Filter</filter-name>
>>>
>>> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
>>> <init-param>
>>> <param-name>casServerLoginUrl</param-name>
>>> <param-value>https://casserver:8443/CAS/login</param-value>
>>> </init-param>
>>> <init-param>
>>> <param-name>service</param-name>
>>>
>>> <param-value>http://casserver:8080/Recruiting/test.jsp</param-value>
>>> </init-param>
>>> <init-param>
>>> <param-name>serverName</param-name>
>>> <param-value>casserver:8080</param-value>
>>> </init-param>
>>> </filter>
>>>
>>> <filter>
>>> <filter-name>CAS Validation Filter</filter-name>
>>>
>>> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
>>> <init-param>
>>> <param-name>casUrlServerPrefix</param-name>
>>> <param-value>https://casserver:8443/CAS</param-value>
>>> </init-param>
>>> <init-param>
>>> <param-name>serverName</param-name>
>>> <param-value>casserver:8080</param-value>
>>> </init-param>
>>> </filter>
>>>
>>> <filter>
>>> <filter-name>CAS HttpServletRequest Wrapper
>>> Filter</filter-name>
>>>
>>> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
>>> </filter>
>>>
>>> <filter-mapping>
>>> <filter-name>CAS Authentication Filter</filter-name>
>>> <url-pattern>/*</url-pattern>
>>> </filter-mapping>
>>>
>>> <filter-mapping>
>>> <filter-name>CAS Validation Filter</filter-name>
>>> <url-pattern>/*</url-pattern>
>>> </filter-mapping >
>>>
>>> <filter-mapping>
>>> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
>>> <url-pattern>/*</url-pattern>
>>> </filter-mapping >
>>> .............
>>>
>>>
>>> Edward
>>>
>>> Adam Rybicki wrote:
>>> > Scott's right, of course. The Thread Local filter is not needed for
>>> > what you need. It becomes handy if you don't have access to the
>>> > HttpServletRequest.
>>> >
>>> > Adam
>>> >
>>> > Scott Battaglia wrote:
>>> >> On Fri, May 16, 2008 at 7:32 PM, Adam Rybicki
>>> <arybicki at unicon.net <mailto:arybicki at unicon.net> <mailto:arybicki at unicon.net>
>>> >> <mailto:arybicki at unicon.net <mailto:arybicki at unicon.net>>> wrote:
>>> >>
>>> >> Edward,
>>> >>
>>> >> Cross-posting to the wrong list (cas-dev) will not speed up
>>> a reply.
>>> >>
>>> >> One thing you'll need is an additional filter. Actually,
>>> two of
>>> >> them, I think. To make getRemoteUser() work, you'll need them
>>> >> configured similar to this:
>>> >>
>>> >> <filter>
>>> >> <filter-name>CAS HttpServletRequest Wrapper
>>> Filter</filter-name>
>>> >>
>>> >>
>>> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
>>> >> </filter>
>>> >>
>>> >> <filter>
>>> >> <filter-name>CAS Assertion Thread Local
>>> Filter</filter-name>
>>> >>
>>> >>
>>> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
>>> >> </filter>
>>> >>
>>> >> <filter-mapping>
>>> >> <filter-name>CAS HttpServletRequest Wrapper
>>> Filter</filter-name>
>>> >>
>>> >> <url-pattern>/*</url-pattern>
>>> >> </filter-mapping>
>>> >>
>>> >> <filter-mapping>
>>> >> <filter-name>CAS Assertion Thread Local
>>> Filter</filter-name>
>>> >>
>>> >> <url-pattern>/*</url-pattern>
>>> >> </filter-mapping>
>>> >>
>>> >>
>>> >> What concerns me is that, while you are using the JA-SIG CAS
>>> >> Client, the exception message you included appears to have come
>>> >> from the Yale CAS Filter. I don't think you need both.
>>> >>
>>> >>
>>> >> Adam beat me to it. But you are including the configuration
>>> for the
>>> >> JASIG CAS Client but an error message from the Yale CAS client.
>>> >> That's impossible unless you have both of them configured, which I
>>> >> don't think has ever been tried. I'd recommend just sticking with
>>> >> one of them. If you merely wish to read the request.getRemoteUser,
>>> >> you also won't need the ThreadLocal filter either.
>>> >>
>>> >> -Scott
>>> >>
>>> >>
>>> >>
>>> >> Adam
>>> >>
>>> >> Edward Chen wrote:
>>> >>> I installed CAS 3.2.1 and deployed successfully with LDAP
>>> in my
>>> >>> Windows XP and Tomcat5.25. Now I want to link the simple jsp
>>> >>> application in Tomcat to CAS. I modified the CAS filter in
>>> >>> web.xml as bellow. If I comment out "CAS Validation Filter", I
>>> >>> got redirected to CAS and passed CAS login and went back
>>> to the
>>> >>> application. However, I got "null" value
>>> >>> (<%=request.getRemoteUser()%>) in my test.jsp. It should be
>>> >>> supposed to have the CAS login username. If I don't
>>> comment out
>>> >>> "CAS Validation Filter", I got redirected to CAS and
>>> passed CAS
>>> >>> login. But when CAS went back to the application, it
>>> throws out
>>> >>> exception, something like "*exception*
>>> >>> javax.servlet.ServletException: Unable to validate
>>> >>> ProxyTicketValidator
>>> >>> [[edu.yale.its.tp.cas.client.ProxyTicketValidator
>>> >>> proxyList=[null]
>>> >>> [edu.yale.its.tp.cas.client.ServiceTicketValidator ..... " It
>>> >>> seems to me that the validation doesn't work. What is
>>> wrong with
>>> >>> it? How to fix it? any recommendation?? any thing wrong
>>> with the
>>> >>> following CAS filter?? Very urgent help needed!!! ........
>>> >>> <filter> <filter-name>CAS Authentication Filter</filter-name>
>>> >>>
>>> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
>>> >>> <init-param> <param-name>casServerLoginUrl</param-name>
>>> >>> <param-value>https://xxxxxxxxx:8443/CAS/login</param-value>
>>> >>> </init-param> <init-param> <param-name>service</param-name>
>>> >>>
>>> <param-value>http://xxxxxxxxx:8080/Recruiting/test.jsp</param-value>
>>> >>> </init-param> <init-param> <param-name>serverName</param-name>
>>> >>> <param-value>xxxxxxx:8080/</param-value> </init-param>
>>> </filter>
>>> >>> <filter> <filter-name>CAS Validation Filter</filter-name>
>>> >>>
>>> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
>>> >>> <init-param> <param-name>casUrlServerPrefix</param-name>
>>> >>> <param-value>https://xxxxxxx:8443/CAS</param-value>
>>> >>> </init-param> <init-param> <param-name>serverName</param-name>
>>> >>> <param-value>xxxxxxxxxxx:8080/</param-value> </init-param>
>>> >>> </filter> <filter-mapping> <filter-name>CAS Authentication
>>> >>> Filter</filter-name> <url-pattern>/*</url-pattern>
>>> >>> </filter-mapping> <!--filter-mapping> <filter-name>CAS
>>> >>> Validation Filter</filter-name> <url-pattern>/*</url-pattern>
>>> >>> </filter-mapping --> ...................
>>> >>> ______________________________
>>> >>> _________________
>>> >>> Yale CAS mailing list
>>> >>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu> <mailto:cas at tp.its.yale.edu>
>>> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>>
>>> >>> http://tp.its.yale.edu/mailman/listinfo/cas
>>> >>
>>> >> _______________________________________________
>>> >> Yale CAS mailing list
>>> >> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu> <mailto:cas at tp.its.yale.edu>
>>> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>>
>>> >> http://tp.its.yale.edu/mailman/listinfo/cas
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> -Scott Battaglia
>>> >> PGP Public Key Id: 0x383733AA
>>> >> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>> >>
>>> ------------------------------------------------------------------------
>>> >>
>>> >> _______________________________________________
>>> >> Yale CAS mailing list
>>> >> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu> <mailto:cas at tp.its.yale.edu>
>>> >> http://tp.its.yale.edu/mailman/listinfo/cas
>>> >>
>>> > _______________________________________________
>>> > Yale CAS mailing list
>>> > cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu> <mailto:cas at tp.its.yale.edu>
>>> > http://tp.its.yale.edu/mailman/listinfo/cas
>>> >
>>>
>>> _______________________________________________
>>> Yale CAS mailing list
>>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu> <mailto:cas at tp.its.yale.edu>
>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>
>>>
>>>
>>>
>>> --
>>> -Scott Battaglia
>>> PGP Public Key Id: 0x383733AA
>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Yale CAS mailing list
>>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>
>>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
>
> --
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
More information about the cas
mailing list