CAS 3.21 + application -- very urgent help needed please !!
Scott Battaglia
scott.battaglia at gmail.com
Tue May 20 13:38:12 EDT 2008
The wrapper needs to be configured after:
http://www.ja-sig.org/wiki/display/CASC/CAS+Client+for+Java+3.1
-Scott
On Tue, May 20, 2008 at 1:20 PM, Edward Chen <edwardc at wolfram.com> wrote:
> Hi Scott and Adam,
>
> It seems there is a little progress for my problem. I updated the
> url-pattern as ( add "/Recruiting/* instead just /* )
> ....
> <filter-mapping>
> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
> <url-pattern>/Recruiting/*</url-pattern>
> </filter-mapping>
> <filter-mapping>
> <filter-name>CAS Validation Filter</filter-name>
> <url-pattern>/Recruiting/*</url-pattern>
> </filter-mapping>
> ....
>
> Now I can open test.jsp after CAS login. But the test.jsp
> <%=request.getRemoteUser()%> displayed null value. It's supposed
> something (an user name).
>
> How to fix it? and I want to know if it indicates the error you talked
> about.
>
> Edward
>
>
> Scott Battaglia wrote:
> > If both of the TicketValidators are returning no response there may be
> > a configuration error on the client side with regards to the server
> > endpoint. If you turn on DEBUG on the server and then try and log
> > into the client, you should be able to see on the server any
> > validation attempts. If you see no ticket validation attempts, then
> > the client is most likely misconfigured.
> >
> > -Scott
> >
> > On Mon, May 19, 2008 at 8:30 PM, Adam Rybicki <arybicki at unicon.net
> > <mailto:arybicki at unicon.net>> wrote:
> >
> > Edward,
> >
> > It's hard to tell what effect your cas.war file custom build may
> > have on CAS itself. Let's assume for the time being, that this is
> > fine.
> >
> > Did you have a chance to look inside the Tomcat logs as the error
> > message was suggesting? Getting no response from CAS could be
> > caused by a certificate error. I looked at
> > AbstractCasProtocolUrlBasedTicketValidator, and it is possible
> > that this class would return null on a communication error with
> > CAS server. It logs the error and returns null. Can you locate
> > the log file? I think that the CAS Client may be actually using
> > the log file of your application.
> >
> > Adam
> >
> > Edward Chen wrote:
> >> Hi Scott and other experts,
> >>
> >> Hi,
> >>
> >> Just a thought about this problem. I don't know if it will make a
> >> difference.
> >>
> >> I think maybe the CAS in my tomcat is different. Why?
> >>
> >> I deployed my CAS to Tomcat by other method - our own build.xml.
> >>
> >> CAS 3.2.1 is built with Maven 2.0.9. <http://2.0.9.> I generate
> cas.war not by Maven,
> >> but by my build.xml
> >>
> >> The current problem seems to me that the CAS only talks itself and
> not
> >> react to any applications. That is why there is
> >>
> >> "...The CAS server returned no response...." when CAS linking to an
> >> application.
> >>
> >> What do you think?
> >>
> >> Edward
> >>
> >>
> >> Scott Battaglia wrote:
> >>
> >>> Edward,
> >>>
> >>> Can you try using the CAS 20 filter and see if that works?
> >>>
> >>> -Scott
> >>>
> >>> On Fri, May 16, 2008 at 11:52 PM, Edward Chen <edwardc at wolfram.com<mailto:
> edwardc at wolfram.com>
> >>> <mailto:edwardc at wolfram.com>> wrote:
> >>>
> >>> Here it's what I modify below. But it still doesn't work. I
> have the
> >>> following exception. Can you tell what 's wrong with it?
> Anything
> >>> wrong
> >>> with my cas filter?? Please help--very urgent
> >>>
> >>>
> >>> HTTP Status 500 -
> >>>
> >>>
> ------------------------------------------------------------------------
> >>>
> >>> *type* Exception report
> >>>
> >>> *message*
> >>>
> >>> *description* _The server encountered an internal error () that
> >>> prevented it from fulfilling this request._
> >>>
> >>> *exception*
> >>>
> >>> javax.servlet.ServletException: The CAS server returned no
> response.
> >>>
> >>>
> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:152)
> >>>
> >>>
> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103)
> >>>
> >>> *root cause*
> >>>
> >>> org.jasig.cas.client.validation.TicketValidationException: The
> CAS
> >>> server returned no response.
> >>>
> >>>
> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:162)
> >>>
> >>>
> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129)
> >>>
> >>>
> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103)
> >>>
> >>> *note* _The full stack trace of the root cause is available in
> the
> >>> Apache Tomcat/5.5.25 logs._
> >>>
> >>>
> ------------------------------------------------------------------------
> >>>
> >>>
> >>> Apache Tomcat/5.5.25
> >>>
> >>>
> >>>
> >>> ..........
> >>> <filter>
> >>> <filter-name>CAS Authentication Filter</filter-name>
> >>>
> >>>
> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
> >>> <init-param>
> >>> <param-name>casServerLoginUrl</param-name>
> >>> <param-value>https://casserver:8443/CAS/login
> </param-value>
> >>> </init-param>
> >>> <init-param>
> >>> <param-name>service</param-name>
> >>>
> >>> <param-value>http://casserver:8080/Recruiting/test.jsp
> </param-value>
> >>> </init-param>
> >>> <init-param>
> >>> <param-name>serverName</param-name>
> >>> <param-value>casserver:8080</param-value>
> >>> </init-param>
> >>> </filter>
> >>>
> >>> <filter>
> >>> <filter-name>CAS Validation Filter</filter-name>
> >>>
> >>>
> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
> >>> <init-param>
> >>> <param-name>casUrlServerPrefix</param-name>
> >>> <param-value>https://casserver:8443/CAS</param-value>
> >>> </init-param>
> >>> <init-param>
> >>> <param-name>serverName</param-name>
> >>> <param-value>casserver:8080</param-value>
> >>> </init-param>
> >>> </filter>
> >>>
> >>> <filter>
> >>> <filter-name>CAS HttpServletRequest Wrapper
> >>> Filter</filter-name>
> >>>
> >>>
> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
> >>> </filter>
> >>>
> >>> <filter-mapping>
> >>> <filter-name>CAS Authentication Filter</filter-name>
> >>> <url-pattern>/*</url-pattern>
> >>> </filter-mapping>
> >>>
> >>> <filter-mapping>
> >>> <filter-name>CAS Validation Filter</filter-name>
> >>> <url-pattern>/*</url-pattern>
> >>> </filter-mapping >
> >>>
> >>> <filter-mapping>
> >>> <filter-name>CAS HttpServletRequest Wrapper
> Filter</filter-name>
> >>> <url-pattern>/*</url-pattern>
> >>> </filter-mapping >
> >>> .............
> >>>
> >>>
> >>> Edward
> >>>
> >>> Adam Rybicki wrote:
> >>> > Scott's right, of course. The Thread Local filter is not
> needed for
> >>> > what you need. It becomes handy if you don't have access to
> the
> >>> > HttpServletRequest.
> >>> >
> >>> > Adam
> >>> >
> >>> > Scott Battaglia wrote:
> >>> >> On Fri, May 16, 2008 at 7:32 PM, Adam Rybicki
> >>> <arybicki at unicon.net <mailto:arybicki at unicon.net> <mailto:
> arybicki at unicon.net>
> >>> >> <mailto:arybicki at unicon.net <mailto:arybicki at unicon.net>>>
> wrote:
> >>> >>
> >>> >> Edward,
> >>> >>
> >>> >> Cross-posting to the wrong list (cas-dev) will not speed
> up
> >>> a reply.
> >>> >>
> >>> >> One thing you'll need is an additional filter.
> Actually,
> >>> two of
> >>> >> them, I think. To make getRemoteUser() work, you'll
> need them
> >>> >> configured similar to this:
> >>> >>
> >>> >> <filter>
> >>> >> <filter-name>CAS HttpServletRequest Wrapper
> >>> Filter</filter-name>
> >>> >>
> >>> >>
> >>>
> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
> >>> >> </filter>
> >>> >>
> >>> >> <filter>
> >>> >> <filter-name>CAS Assertion Thread Local
> >>> Filter</filter-name>
> >>> >>
> >>> >>
> >>>
> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
> >>> >> </filter>
> >>> >>
> >>> >> <filter-mapping>
> >>> >> <filter-name>CAS HttpServletRequest Wrapper
> >>> Filter</filter-name>
> >>> >>
> >>> >> <url-pattern>/*</url-pattern>
> >>> >> </filter-mapping>
> >>> >>
> >>> >> <filter-mapping>
> >>> >> <filter-name>CAS Assertion Thread Local
> >>> Filter</filter-name>
> >>> >>
> >>> >> <url-pattern>/*</url-pattern>
> >>> >> </filter-mapping>
> >>> >>
> >>> >>
> >>> >> What concerns me is that, while you are using the JA-SIG
> CAS
> >>> >> Client, the exception message you included appears to
> have come
> >>> >> from the Yale CAS Filter. I don't think you need both.
> >>> >>
> >>> >>
> >>> >> Adam beat me to it. But you are including the configuration
> >>> for the
> >>> >> JASIG CAS Client but an error message from the Yale CAS
> client.
> >>> >> That's impossible unless you have both of them configured,
> which I
> >>> >> don't think has ever been tried. I'd recommend just
> sticking with
> >>> >> one of them. If you merely wish to read the
> request.getRemoteUser,
> >>> >> you also won't need the ThreadLocal filter either.
> >>> >>
> >>> >> -Scott
> >>> >>
> >>> >>
> >>> >>
> >>> >> Adam
> >>> >>
> >>> >> Edward Chen wrote:
> >>> >>> I installed CAS 3.2.1 and deployed successfully with
> LDAP
> >>> in my
> >>> >>> Windows XP and Tomcat5.25. Now I want to link the
> simple jsp
> >>> >>> application in Tomcat to CAS. I modified the CAS filter
> in
> >>> >>> web.xml as bellow. If I comment out "CAS Validation
> Filter", I
> >>> >>> got redirected to CAS and passed CAS login and went
> back
> >>> to the
> >>> >>> application. However, I got "null" value
> >>> >>> (<%=request.getRemoteUser()%>) in my test.jsp. It
> should be
> >>> >>> supposed to have the CAS login username. If I don't
> >>> comment out
> >>> >>> "CAS Validation Filter", I got redirected to CAS and
> >>> passed CAS
> >>> >>> login. But when CAS went back to the application, it
> >>> throws out
> >>> >>> exception, something like "*exception*
> >>> >>> javax.servlet.ServletException: Unable to validate
> >>> >>> ProxyTicketValidator
> >>> >>> [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> >>> >>> proxyList=[null]
> >>> >>> [edu.yale.its.tp.cas.client.ServiceTicketValidator
> ..... " It
> >>> >>> seems to me that the validation doesn't work. What is
> >>> wrong with
> >>> >>> it? How to fix it? any recommendation?? any thing wrong
> >>> with the
> >>> >>> following CAS filter?? Very urgent help needed!!!
> ........
> >>> >>> <filter> <filter-name>CAS Authentication
> Filter</filter-name>
> >>> >>>
> >>>
> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
> >>> >>> <init-param> <param-name>casServerLoginUrl</param-name>
> >>> >>> <param-value>https://xxxxxxxxx:8443/CAS/login
> </param-value>
> >>> >>> </init-param> <init-param>
> <param-name>service</param-name>
> >>> >>>
> >>> <param-value>http://xxxxxxxxx:8080/Recruiting/test.jsp
> </param-value>
> >>> >>> </init-param> <init-param>
> <param-name>serverName</param-name>
> >>> >>> <param-value>xxxxxxx:8080/</param-value> </init-param>
> >>> </filter>
> >>> >>> <filter> <filter-name>CAS Validation
> Filter</filter-name>
> >>> >>>
> >>>
> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
> >>> >>> <init-param>
> <param-name>casUrlServerPrefix</param-name>
> >>> >>> <param-value>https://xxxxxxx:8443/CAS</param-value>
> >>> >>> </init-param> <init-param>
> <param-name>serverName</param-name>
> >>> >>> <param-value>xxxxxxxxxxx:8080/</param-value>
> </init-param>
> >>> >>> </filter> <filter-mapping> <filter-name>CAS
> Authentication
> >>> >>> Filter</filter-name> <url-pattern>/*</url-pattern>
> >>> >>> </filter-mapping> <!--filter-mapping> <filter-name>CAS
> >>> >>> Validation Filter</filter-name>
> <url-pattern>/*</url-pattern>
> >>> >>> </filter-mapping --> ...................
> >>> >>> ______________________________
> >>> >>> _________________
> >>> >>> Yale CAS mailing list
> >>> >>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu>
> >>> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>>
> >>> >>> http://tp.its.yale.edu/mailman/listinfo/cas
> >>> >>
> >>> >> _______________________________________________
> >>> >> Yale CAS mailing list
> >>> >> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu>
> >>> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>>
> >>> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >> --
> >>> >> -Scott Battaglia
> >>> >> PGP Public Key Id: 0x383733AA
> >>> >> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >>> >>
> >>>
> ------------------------------------------------------------------------
> >>> >>
> >>> >> _______________________________________________
> >>> >> Yale CAS mailing list
> >>> >> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu> <mailto:
> cas at tp.its.yale.edu>
> >>> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >>> >>
> >>> > _______________________________________________
> >>> > Yale CAS mailing list
> >>> > cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu> <mailto:
> cas at tp.its.yale.edu>
> >>> > http://tp.its.yale.edu/mailman/listinfo/cas
> >>> >
> >>>
> >>> _______________________________________________
> >>> Yale CAS mailing list
> >>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu> <mailto:
> cas at tp.its.yale.edu>
> >>> http://tp.its.yale.edu/mailman/listinfo/cas
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> -Scott Battaglia
> >>> PGP Public Key Id: 0x383733AA
> >>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >>>
> ------------------------------------------------------------------------
> >>>
> >>> _______________________________________________
> >>> Yale CAS mailing list
> >>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> >>> http://tp.its.yale.edu/mailman/listinfo/cas
> >>>
> >>>
> >> _______________________________________________
> >> Yale CAS mailing list
> >> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >>
> >>
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> >
> >
> > --
> > -Scott Battaglia
> > PGP Public Key Id: 0x383733AA
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080520/395cf497/attachment.html
More information about the cas
mailing list