CAS 3.21 + application -- very urgent help needed please !!
Edward Chen
edwardc at wolfram.com
Tue May 20 19:01:15 EDT 2008
Hi Adam and Scott,
I still haven't figured out what it's wrong. The test.jsp still returns
null value from request.remoteuser after CAS login. I copy and paste the
relevant log for you to take a look. Can you tell me what it's wrong?
from cas.log
2008-05-20 17:17:54,787 INFO
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - FormObjectClass
not set. Using default class of
org.jasig.cas.authentication.principal.UsernamePasswordCredentials with
formObjectName credentials and validator
org.jasig.cas.validation.UsernamePasswordCredentialsValidator.
2008-05-20 17:18:13,146 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
Starting cleaning of expired tickets from ticket registry at [Tue May 20
17:18:13 CDT 2008]
2008-05-20 17:18:13,146 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - 0
found to be removed. Removing now.
2008-05-20 17:18:13,146 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
Finished cleaning of expired tickets from ticket registry at [Tue May 20
17:18:13 CDT 2008]
2008-05-20 17:49:25,252 INFO
[org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting path for
cookies to: /cas
2008-05-20 17:49:36,674 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
authenticated the user which provided the following credentials: edwardc
2008-05-20 17:49:36,690 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service
ticket [ST-1-QSdxlfMwcFEhtscFqGPt-cas] for service
[http://casserver:8080/Recruiting/test.jsp] for user [edwardc]
from localhost.2008-05-20.log
May 20, 2008 5:17:45 PM org.apache.catalina.core.StandardContext filterStart
SEVERE: Exception starting filter CAS Validation Filter
java.lang.ClassNotFoundException:
org.jasig.cas.client.validation.Cas10TicketValidationFilter
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1362)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1208)
at
org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:207)
at
org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
at
org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
at
org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626)
at
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:448)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
May 20, 2008 5:17:45 PM org.apache.catalina.core.StandardContext filterStart
SEVERE: Exception starting filter CAS Authentication Filter
java.lang.ClassNotFoundException:
org.jasig.cas.client.authentication.AuthenticationFilter
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1362)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1208)
at
org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:207)
at
org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
at
org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
at
org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626)
at
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:448)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
May 20, 2008 5:17:56 PM org.apache.catalina.core.ApplicationContext log
INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain:
[org.apache.webapp.balancer.RuleChain:
[org.apache.webapp.balancer.rules.URLStringMatchRule: Target string:
News / Redirect URL: http://www.cnn.com],
[org.apache.webapp.balancer.rules.RequestParameterRule: Target param
name: paramName / Target param value: paramValue / Redirect URL:
http://www.yahoo.com],
[org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect URL:
http://jakarta.apache.org]]
May 20, 2008 5:17:56 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
May 20, 2008 5:17:56 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
May 20, 2008 5:17:57 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
May 20, 2008 5:17:57 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
from stdout_20080520.log
log4j:WARN No appenders could be found for logger
(org.apache.commons.digester.Digester.sax).
log4j:WARN Please initialize the log4j system properly.
2008-05-20 17:17:54,787 INFO
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <FormObjectClass
not set. Using default class of
org.jasig.cas.authentication.principal.UsernamePasswordCredentials with
formObjectName credentials and validator
org.jasig.cas.validation.UsernamePasswordCredentialsValidator.>
log4j:WARN No appenders could be found for logger
(org.apache.commons.digester.Digester.sax).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN No appenders could be found for logger
(org.apache.commons.digester.Digester.sax).
log4j:WARN Please initialize the log4j system properly.
2008-05-20 17:18:13,146 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
<Starting cleaning of expired tickets from ticket registry at [Tue May
20 17:18:13 CDT 2008]>
2008-05-20 17:18:13,146 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
<0 found to be removed. Removing now.>
2008-05-20 17:18:13,146 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
<Finished cleaning of expired tickets from ticket registry at [Tue May
20 17:18:13 CDT 2008]>
2008-05-20 17:49:25,252 INFO
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Setting path for
cookies to: /cas>
2008-05-20 17:49:36,674 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
authenticated the user which provided the following credentials: edwardc>
2008-05-20 17:49:36,690 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-1-QSdxlfMwcFEhtscFqGPt-cas] for service
[http://casserver:8080/Recruiting/test.jsp] for user [edwardc]>
Adam Rybicki wrote:
> Edward,
>
> It's hard to tell what effect your cas.war file custom build may have
> on CAS itself. Let's assume for the time being, that this is fine.
>
> Did you have a chance to look inside the Tomcat logs as the error
> message was suggesting? Getting no response from CAS could be caused
> by a certificate error. I looked at
> AbstractCasProtocolUrlBasedTicketValidator, and it is possible that
> this class would return null on a communication error with CAS
> server. It logs the error and returns null. Can you locate the log
> file? I think that the CAS Client may be actually using the log file
> of your application.
>
> Adam
>
> Edward Chen wrote:
>> Hi Scott and other experts,
>>
>> Hi,
>>
>> Just a thought about this problem. I don't know if it will make a
>> difference.
>>
>> I think maybe the CAS in my tomcat is different. Why?
>>
>> I deployed my CAS to Tomcat by other method - our own build.xml.
>>
>> CAS 3.2.1 is built with Maven 2.0.9. I generate cas.war not by Maven,
>> but by my build.xml
>>
>> The current problem seems to me that the CAS only talks itself and not
>> react to any applications. That is why there is
>>
>> "...The CAS server returned no response...." when CAS linking to an
>> application.
>>
>> What do you think?
>>
>> Edward
>>
>>
>> Scott Battaglia wrote:
>>
>>> Edward,
>>>
>>> Can you try using the CAS 20 filter and see if that works?
>>>
>>> -Scott
>>>
>>> On Fri, May 16, 2008 at 11:52 PM, Edward Chen <edwardc at wolfram.com
>>> <mailto:edwardc at wolfram.com>> wrote:
>>>
>>> Here it's what I modify below. But it still doesn't work. I have the
>>> following exception. Can you tell what 's wrong with it? Anything
>>> wrong
>>> with my cas filter?? Please help--very urgent
>>>
>>>
>>> HTTP Status 500 -
>>>
>>> ------------------------------------------------------------------------
>>>
>>> *type* Exception report
>>>
>>> *message*
>>>
>>> *description* _The server encountered an internal error () that
>>> prevented it from fulfilling this request._
>>>
>>> *exception*
>>>
>>> javax.servlet.ServletException: The CAS server returned no response.
>>>
>>> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:152)
>>>
>>> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103)
>>>
>>> *root cause*
>>>
>>> org.jasig.cas.client.validation.TicketValidationException: The CAS
>>> server returned no response.
>>>
>>> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:162)
>>>
>>> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129)
>>>
>>> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103)
>>>
>>> *note* _The full stack trace of the root cause is available in the
>>> Apache Tomcat/5.5.25 logs._
>>>
>>> ------------------------------------------------------------------------
>>>
>>>
>>> Apache Tomcat/5.5.25
>>>
>>>
>>>
>>> ..........
>>> <filter>
>>> <filter-name>CAS Authentication Filter</filter-name>
>>>
>>> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
>>> <init-param>
>>> <param-name>casServerLoginUrl</param-name>
>>> <param-value>https://casserver:8443/CAS/login</param-value>
>>> </init-param>
>>> <init-param>
>>> <param-name>service</param-name>
>>>
>>> <param-value>http://casserver:8080/Recruiting/test.jsp</param-value>
>>> </init-param>
>>> <init-param>
>>> <param-name>serverName</param-name>
>>> <param-value>casserver:8080</param-value>
>>> </init-param>
>>> </filter>
>>>
>>> <filter>
>>> <filter-name>CAS Validation Filter</filter-name>
>>>
>>> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
>>> <init-param>
>>> <param-name>casUrlServerPrefix</param-name>
>>> <param-value>https://casserver:8443/CAS</param-value>
>>> </init-param>
>>> <init-param>
>>> <param-name>serverName</param-name>
>>> <param-value>casserver:8080</param-value>
>>> </init-param>
>>> </filter>
>>>
>>> <filter>
>>> <filter-name>CAS HttpServletRequest Wrapper
>>> Filter</filter-name>
>>>
>>> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
>>> </filter>
>>>
>>> <filter-mapping>
>>> <filter-name>CAS Authentication Filter</filter-name>
>>> <url-pattern>/*</url-pattern>
>>> </filter-mapping>
>>>
>>> <filter-mapping>
>>> <filter-name>CAS Validation Filter</filter-name>
>>> <url-pattern>/*</url-pattern>
>>> </filter-mapping >
>>>
>>> <filter-mapping>
>>> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
>>> <url-pattern>/*</url-pattern>
>>> </filter-mapping >
>>> .............
>>>
>>>
>>> Edward
>>>
>>> Adam Rybicki wrote:
>>> > Scott's right, of course. The Thread Local filter is not needed for
>>> > what you need. It becomes handy if you don't have access to the
>>> > HttpServletRequest.
>>> >
>>> > Adam
>>> >
>>> > Scott Battaglia wrote:
>>> >> On Fri, May 16, 2008 at 7:32 PM, Adam Rybicki
>>> <arybicki at unicon.net <mailto:arybicki at unicon.net>
>>> >> <mailto:arybicki at unicon.net <mailto:arybicki at unicon.net>>> wrote:
>>> >>
>>> >> Edward,
>>> >>
>>> >> Cross-posting to the wrong list (cas-dev) will not speed up
>>> a reply.
>>> >>
>>> >> One thing you'll need is an additional filter. Actually,
>>> two of
>>> >> them, I think. To make getRemoteUser() work, you'll need them
>>> >> configured similar to this:
>>> >>
>>> >> <filter>
>>> >> <filter-name>CAS HttpServletRequest Wrapper
>>> Filter</filter-name>
>>> >>
>>> >>
>>> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
>>> >> </filter>
>>> >>
>>> >> <filter>
>>> >> <filter-name>CAS Assertion Thread Local
>>> Filter</filter-name>
>>> >>
>>> >>
>>> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
>>> >> </filter>
>>> >>
>>> >> <filter-mapping>
>>> >> <filter-name>CAS HttpServletRequest Wrapper
>>> Filter</filter-name>
>>> >>
>>> >> <url-pattern>/*</url-pattern>
>>> >> </filter-mapping>
>>> >>
>>> >> <filter-mapping>
>>> >> <filter-name>CAS Assertion Thread Local
>>> Filter</filter-name>
>>> >>
>>> >> <url-pattern>/*</url-pattern>
>>> >> </filter-mapping>
>>> >>
>>> >>
>>> >> What concerns me is that, while you are using the JA-SIG CAS
>>> >> Client, the exception message you included appears to have come
>>> >> from the Yale CAS Filter. I don't think you need both.
>>> >>
>>> >>
>>> >> Adam beat me to it. But you are including the configuration
>>> for the
>>> >> JASIG CAS Client but an error message from the Yale CAS client.
>>> >> That's impossible unless you have both of them configured, which I
>>> >> don't think has ever been tried. I'd recommend just sticking with
>>> >> one of them. If you merely wish to read the request.getRemoteUser,
>>> >> you also won't need the ThreadLocal filter either.
>>> >>
>>> >> -Scott
>>> >>
>>> >>
>>> >>
>>> >> Adam
>>> >>
>>> >> Edward Chen wrote:
>>> >>> I installed CAS 3.2.1 and deployed successfully with LDAP
>>> in my
>>> >>> Windows XP and Tomcat5.25. Now I want to link the simple jsp
>>> >>> application in Tomcat to CAS. I modified the CAS filter in
>>> >>> web.xml as bellow. If I comment out "CAS Validation Filter", I
>>> >>> got redirected to CAS and passed CAS login and went back
>>> to the
>>> >>> application. However, I got "null" value
>>> >>> (<%=request.getRemoteUser()%>) in my test.jsp. It should be
>>> >>> supposed to have the CAS login username. If I don't
>>> comment out
>>> >>> "CAS Validation Filter", I got redirected to CAS and
>>> passed CAS
>>> >>> login. But when CAS went back to the application, it
>>> throws out
>>> >>> exception, something like "*exception*
>>> >>> javax.servlet.ServletException: Unable to validate
>>> >>> ProxyTicketValidator
>>> >>> [[edu.yale.its.tp.cas.client.ProxyTicketValidator
>>> >>> proxyList=[null]
>>> >>> [edu.yale.its.tp.cas.client.ServiceTicketValidator ..... " It
>>> >>> seems to me that the validation doesn't work. What is
>>> wrong with
>>> >>> it? How to fix it? any recommendation?? any thing wrong
>>> with the
>>> >>> following CAS filter?? Very urgent help needed!!! ........
>>> >>> <filter> <filter-name>CAS Authentication Filter</filter-name>
>>> >>>
>>> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
>>> >>> <init-param> <param-name>casServerLoginUrl</param-name>
>>> >>> <param-value>https://xxxxxxxxx:8443/CAS/login</param-value>
>>> >>> </init-param> <init-param> <param-name>service</param-name>
>>> >>>
>>> <param-value>http://xxxxxxxxx:8080/Recruiting/test.jsp</param-value>
>>> >>> </init-param> <init-param> <param-name>serverName</param-name>
>>> >>> <param-value>xxxxxxx:8080/</param-value> </init-param>
>>> </filter>
>>> >>> <filter> <filter-name>CAS Validation Filter</filter-name>
>>> >>>
>>> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
>>> >>> <init-param> <param-name>casUrlServerPrefix</param-name>
>>> >>> <param-value>https://xxxxxxx:8443/CAS</param-value>
>>> >>> </init-param> <init-param> <param-name>serverName</param-name>
>>> >>> <param-value>xxxxxxxxxxx:8080/</param-value> </init-param>
>>> >>> </filter> <filter-mapping> <filter-name>CAS Authentication
>>> >>> Filter</filter-name> <url-pattern>/*</url-pattern>
>>> >>> </filter-mapping> <!--filter-mapping> <filter-name>CAS
>>> >>> Validation Filter</filter-name> <url-pattern>/*</url-pattern>
>>> >>> </filter-mapping --> ...................
>>> >>> ______________________________
>>> >>> _________________
>>> >>> Yale CAS mailing list
>>> >>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>>> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>>
>>> >>> http://tp.its.yale.edu/mailman/listinfo/cas
>>> >>
>>> >> _______________________________________________
>>> >> Yale CAS mailing list
>>> >> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>>> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>>
>>> >> http://tp.its.yale.edu/mailman/listinfo/cas
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> -Scott Battaglia
>>> >> PGP Public Key Id: 0x383733AA
>>> >> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>> >>
>>> ------------------------------------------------------------------------
>>> >>
>>> >> _______________________________________________
>>> >> Yale CAS mailing list
>>> >> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>>> >> http://tp.its.yale.edu/mailman/listinfo/cas
>>> >>
>>> > _______________________________________________
>>> > Yale CAS mailing list
>>> > cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>>> > http://tp.its.yale.edu/mailman/listinfo/cas
>>> >
>>>
>>> _______________________________________________
>>> Yale CAS mailing list
>>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>
>>>
>>>
>>>
>>> --
>>> -Scott Battaglia
>>> PGP Public Key Id: 0x383733AA
>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Yale CAS mailing list
>>> cas at tp.its.yale.edu
>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>
>>>
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
More information about the cas
mailing list