CAS 3.21 + application -- very urgent help needed please !!
wadii
wadii_a at yahoo.fr
Wed May 21 11:20:36 EDT 2008
Hi,
javax.servlet.ServletException: The CAS server returned no response.
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:152)
org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103)
org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:78)
cause mère
org.jasig.cas.client.validation.TicketValidationException: The CAS server returned no response.
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:162)
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129)
org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103)
org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:78)
I have this error when I add TicketValidationFilter and HttpServletRequestWrapperFilter in my web.xml but only when I add there <filter-mapping> tags !!!
Thanks for your help.
Wadii
----- Message d'origine ----
De : Andrew R Feller <afelle1 at lsu.edu>
À : Yale CAS mailing list <cas at tp.its.yale.edu>
Envoyé le : Mercredi, 21 Mai 2008, 13h27mn 43s
Objet : RE: CAS 3.21 + application -- very urgent help needed please !!
Edward,
You are on the right track: you must integrate a CAS client with you
Java web app and configure the CAS client to communicate with a CAS server.
Here are links for each within the JA-SIG wiki:
Latest CAS client: 3.1.1 (http://www.ja-sig.org/wiki/display/CASC/CAS+Client+for+Java+3.1)
In order to get the authenticated user via request.getRemoteUser(), you
must declare the HttpServletRequestWrapperFilter filter along with the AuthenticationFilter
and TicketValidationFilter filters. For a simple configuration, try using
the web.xml configuration over Spring.
Andrew R Feller, Analyst
University Information Systems
200 Fred Frey Building
Louisiana State University
Baton Rouge , LA , 70803
(225) 578-3737 (Office)
(225) 578-6400 (Fax)
-----Original Message-----
From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] On
Behalf Of Edward Chen
Sent: Tuesday, May 20, 2008 11:24 PM
To: Yale CAS mailing list
Subject: Re: CAS 3.21 + application -- very urgent help needed please !!
I am kind of understanding...
In order to display request.getRemoteUser() value in my test.jsp, I
need
to integrate cas client 3.1.1 to my application, for Recruiting
application. The reason why my current test.jsp returns null value is
because I haven't integrate cas client 3.21 with my application, Is it
correct?
I am done with the server side configuration, right?
If so, how to integrate cas client 3.11 to my java/jsp application? do
you have an instruction?
Edward
Scott Battaglia wrote:
> When CASifying an application, you integrate the CAS client with
your
> application. You don't integrate the CAS client with the CAS
server
> software. The CAS client library is what allows the application to
> communicate with the CAS server.
>
> You should be configuring the wrapper on YOUR application if you
want
> access to request.getRemoteUser().
>
> -Scott
>
> On Tue, May 20, 2008 at 11:22 PM, Edward Chen
<edwardc at wolfram.com
> <mailto:edwardc at wolfram.com>> wrote:
>
> Adam and Scott,
>
> It seems to me that I missing the client
configuration. I tried to
> locate HttpServletRequestWrapperFilter
file but I don't find them
> in my
> cas 3.21 folder. So, I download
"cas-client-3.1.1-release" and I find
> HttpServletRequestWrapperFilter file in
it. I wonder if I need to
> integrate client into server. If yes, how
to integrate
> case-client-3.1.1? using maven? ??
>
> I am stuck in this problem.
>
> Edward
>
> Adam Rybicki wrote:
> > Edward,
> >
> > It's hard to tell what effect your
cas.war file custom build may
> have
> > on CAS itself. Let's assume for
the time being, that this is fine.
> >
> > Did you have a chance to look inside
the Tomcat logs as the error
> > message was suggesting? Getting
no response from CAS could be
> caused
> > by a certificate error. I
looked at
> >
AbstractCasProtocolUrlBasedTicketValidator, and it is possible that
> > this class would return null on a
communication error with CAS
> > server. It logs the error and
returns null. Can you locate the log
> > file? I think that the CAS
Client may be actually using the log
> file
> > of your application.
> >
> > Adam
> >
> > Edward Chen wrote:
> >> Hi Scott and other experts,
> >>
> >> Hi,
> >>
> >> Just a thought about this
problem. I don't know if it will make a
> >> difference.
> >>
> >> I think maybe the CAS in my
tomcat is different. Why?
> >>
> >> I deployed my CAS to Tomcat by
other method - our own build.xml.
> >>
> >> CAS 3.2.1 is built with Maven
2.0.9. <http://2.0.9.> I generate
> cas.war not by Maven,
> >> but by my build.xml
> >>
> >> The current problem seems to me
that the CAS only talks itself
> and not
> >> react to any applications. That
is why there is
> >>
> >> "...The CAS server returned
no response...." when CAS linking to an
> >> application.
> >>
> >> What do you think?
> >>
> >> Edward
> >>
> >>
> >> Scott Battaglia wrote:
> >>
> >>> Edward,
> >>>
> >>> Can you try using the CAS 20
filter and see if that works?
> >>>
> >>> -Scott
> >>>
> >>> On Fri, May 16, 2008 at 11:52
PM, Edward Chen
> <edwardc at wolfram.com
<mailto:edwardc at wolfram.com>
> >>>
<mailto:edwardc at wolfram.com <mailto:edwardc at wolfram.com>>>
wrote:
> >>>
> >>> Here
it's what I modify below. But it still doesn't work.
> I have the
> >>>
following exception. Can you tell what 's wrong with it?
> Anything
> >>> wrong
> >>> with
my cas filter?? Please help--very urgent
> >>>
> >>>
> >>>
HTTP Status 500 -
> >>>
> >>>
>
------------------------------------------------------------------------
> >>>
> >>>
*type* Exception report
> >>>
> >>>
*message*
> >>>
> >>>
*description* _The server encountered an internal error ()
> that
> >>>
prevented it from fulfilling this request._
> >>>
> >>>
*exception*
> >>>
> >>>
javax.servlet.ServletException: The CAS server returned no
> response.
> >>>
> >>>
>
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:152)
> >>>
> >>>
>
org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103)
> >>>
> >>> *root
cause*
> >>>
> >>>
org.jasig.cas.client.validation.TicketValidationException:
> The CAS
> >>> server
returned no response.
> >>>
> >>>
>
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:162)
> >>>
> >>>
>
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129)
> >>>
> >>>
>
org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103)
> >>>
> >>>
*note* _The full stack trace of the root cause is
> available in the
> >>>
Apache Tomcat/5.5.25 logs._
> >>>
> >>>
>
------------------------------------------------------------------------
> >>>
> >>>
>
>>> Apache
Tomcat/5.5.25
> >>>
> >>>
> >>>
> >>>
..........
> >>>
<filter>
>
>>>
<filter-name>CAS Authentication Filter</filter-name>
> >>>
> >>>
>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
> >>> <init-param>
>
>>>
<param-name>casServerLoginUrl</param-name>
>
>>>
>
<param-value>https://casserver:8443/CAS/login</param-value>
>
>>>
</init-param>
>
>>>
<init-param>
> >>>
<param-name>service</param-name>
> >>>
> >>>
>
<param-value>http://casserver:8080/Recruiting/test.jsp</param-value>
>
>>>
</init-param>
>
>>>
<init-param>
>
>>>
<param-name>serverName</param-name>
>
>>>
<param-value>casserver:8080</param-value>
>
>>>
</init-param>
>
>>>
</filter>
> >>>
>
>>>
<filter>
>
>>>
<filter-name>CAS Validation Filter</filter-name>
> >>>
> >>>
>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
>
>>>
<init-param>
>
>>>
<param-name>casUrlServerPrefix</param-name>
>
>>>
<param-value>https://casserver:8443/CAS</param-value>
>
>>>
</init-param>
>
>>>
<init-param>
>
>>>
<param-name>serverName</param-name>
>
>>>
<param-value>casserver:8080</param-value>
>
>>>
</init-param>
>
>>>
</filter>
> >>>
>
>>> <filter>
>
>>>
<filter-name>CAS HttpServletRequest Wrapper
> >>>
Filter</filter-name>
> >>>
> >>>
> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
>
>>> </filter>
> >>>
>
>>> <filter-mapping>
>
>>>
<filter-name>CAS Authentication Filter</filter-name>
>
>>>
<url-pattern>/*</url-pattern>
>
>>> </filter-mapping>
> >>>
>
>>> <filter-mapping>
>
>>>
<filter-name>CAS Validation Filter</filter-name>
>
>>>
<url-pattern>/*</url-pattern>
>
>>> </filter-mapping >
> >>>
>
>>> <filter-mapping>
>
>>>
<filter-name>CAS HttpServletRequest Wrapper
> Filter</filter-name>
>
>>>
<url-pattern>/*</url-pattern>
>
>>> </filter-mapping >
> >>>
.............
> >>>
> >>>
> >>>
Edward
> >>>
> >>> Adam
Rybicki wrote:
> >>> >
Scott's right, of course. The Thread Local filter is
> not needed for
> >>> >
what you need. It becomes handy if you don't have
> access to the
> >>> >
HttpServletRequest.
> >>> >
> >>> >
Adam
> >>> >
> >>> >
Scott Battaglia wrote:
> >>>
>> On Fri, May 16, 2008 at 7:32 PM, Adam Rybicki
> >>>
<arybicki at unicon.net <mailto:arybicki at unicon.net>
> <mailto:arybicki at unicon.net
<mailto:arybicki at unicon.net>>
> >>>
>> <mailto:arybicki at unicon.net
> <mailto:arybicki at unicon.net>
<mailto:arybicki at unicon.net
>
<mailto:arybicki at unicon.net>>>> wrote:
> >>>
>>
> >>>
>> Edward,
> >>>
>>
> >>>
>> Cross-posting to the wrong list (cas-dev) will
not
> speed up
> >>> a
reply.
> >>>
>>
> >>>
>> One thing you'll need is an additional filter.
> Actually,
> >>> two
of
> >>>
>> them, I think. To make getRemoteUser()
work,
> you'll need them
> >>>
>> configured similar to this:
> >>>
>>
> >>>
>> <filter>
> >>>
>> <filter-name>CAS
HttpServletRequest Wrapper
> >>>
Filter</filter-name>
> >>>
>>
> >>>
>>
> >>>
>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
> >>>
>> </filter>
> >>>
>>
> >>>
>> <filter>
> >>>
>> <filter-name>CAS
Assertion Thread Local
> >>>
Filter</filter-name>
> >>>
>>
> >>>
>>
> >>>
>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
> >>>
>> </filter>
> >>>
>>
> >>>
>> <filter-mapping>
> >>>
>> <filter-name>CAS
HttpServletRequest Wrapper
> >>>
Filter</filter-name>
> >>>
>>
> >>>
>>
<url-pattern>/*</url-pattern>
> >>>
>> </filter-mapping>
> >>>
>>
> >>>
>> <filter-mapping>
> >>>
>> <filter-name>CAS
Assertion Thread Local
> >>>
Filter</filter-name>
> >>>
>>
> >>>
>> <url-pattern>/*</url-pattern>
> >>>
>> </filter-mapping>
> >>>
>>
> >>>
>>
> >>>
>> What concerns me is that, while you are using
the
> JA-SIG CAS
> >>>
>> Client, the exception message you included
appears
> to have come
> >>>
>> from the Yale CAS Filter. I don't think
you need both.
> >>>
>>
> >>>
>>
> >>>
>> Adam beat me to it. But you are including the
> configuration
> >>> for
the
> >>>
>> JASIG CAS Client but an error message from the Yale CAS
> client.
> >>>
>> That's impossible unless you have both of them
> configured, which I
> >>>
>> don't think has ever been tried. I'd recommend just
> sticking with
> >>>
>> one of them. If you merely wish to read the
> request.getRemoteUser,
> >>>
>> you also won't need the ThreadLocal filter either.
> >>>
>>
> >>>
>> -Scott
> >>>
>>
> >>>
>>
> >>>
>>
> >>>
>> Adam
> >>>
>>
> >>>
>> Edward Chen wrote:
> >>>
>>> I installed CAS 3.2.1 and deployed
successfully
> with LDAP
> >>> in my
> >>>
>>> Windows XP and Tomcat5.25. Now I want to
link the
> simple jsp
> >>>
>>> application in Tomcat to CAS. I modified
the CAS
> filter in
> >>>
>>> web.xml as bellow. If I comment out
"CAS
> Validation Filter", I
> >>>
>>> got redirected to CAS and passed CAS login
and
> went back
> >>> to
the
> >>>
>>> application. However, I got
"null" value
> >>>
>>> (<%=request.getRemoteUser()%>) in my
test.jsp. It
> should be
> >>>
>>> supposed to have the CAS login username.
If I don't
> >>>
comment out
> >>>
>>> "CAS Validation Filter", I got
redirected to CAS and
> >>>
passed CAS
> >>>
>>> login. But when CAS went back to the
application, it
> >>>
throws out
> >>>
>>> exception, something like
"*exception*
> >>>
>>> javax.servlet.ServletException: Unable to
validate
> >>>
>>> ProxyTicketValidator
> >>>
>>> [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> >>>
>>> proxyList=[null]
> >>>
>>>
[edu.yale.its.tp.cas.client.ServiceTicketValidator
> ..... " It
> >>>
>>> seems to me that the validation doesn't
work. What is
> >>> wrong
with
> >>>
>>> it? How to fix it? any recommendation??
any thing
> wrong
> >>> with
the
> >>>
>>> following CAS filter?? Very urgent help
needed!!!
> ........
> >>>
>>> <filter> <filter-name>CAS Authentication
> Filter</filter-name>
> >>>
>>>
> >>>
>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
> >>>
>>> <init-param>
>
<param-name>casServerLoginUrl</param-name>
> >>>
>>>
>
<param-value>https://xxxxxxxxx:8443/CAS/login</param-value>
> >>>
>>> </init-param> <init-param>
>
<param-name>service</param-name>
> >>>
>>>
> >>>
>
<param-value>http://xxxxxxxxx:8080/Recruiting/test.jsp</param-value>
> >>>
>>> </init-param> <init-param>
>
<param-name>serverName</param-name>
> >>>
>>>
<param-value>xxxxxxx:8080/</param-value> </init-param>
> >>> </filter>
> >>>
>>> <filter> <filter-name>CAS
Validation
> Filter</filter-name>
> >>>
>>>
> >>>
>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
> >>>
>>> <init-param>
>
<param-name>casUrlServerPrefix</param-name>
> >>>
>>>
<param-value>https://xxxxxxx:8443/CAS</param-value>
> >>>
>>> </init-param> <init-param>
>
<param-name>serverName</param-name>
> >>>
>>> <param-value>xxxxxxxxxxx:8080/</param-value>
> </init-param>
> >>>
>>> </filter> <filter-mapping>
<filter-name>CAS
> Authentication
> >>>
>>> Filter</filter-name>
<url-pattern>/*</url-pattern>
> >>>
>>> </filter-mapping> <!--filter-mapping>
<filter-name>CAS
> >>>
>>> Validation Filter</filter-name>
> <url-pattern>/*</url-pattern>
> >>>
>>> </filter-mapping -->
...................
> >>>
>>> ______________________________
> >>>
>>> _________________
> >>>
>>> Yale CAS mailing list
> >>>
>>> cas at tp.its.yale.edu
<mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu
<mailto:cas at tp.its.yale.edu>>
> >>>
<mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu
<mailto:cas at tp.its.yale.edu>>>
> >>>
>>>
http://tp.its.yale.edu/mailman/listinfo/cas
> >>>
>>
> >>>
>>
_______________________________________________
> >>>
>> Yale CAS mailing list
> >>>
>> cas at tp.its.yale.edu
<mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu
<mailto:cas at tp.its.yale.edu>>
> >>>
<mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu
<mailto:cas at tp.its.yale.edu>>>
> >>>
>> http://tp.its.yale.edu/mailman/listinfo/cas
> >>>
>>
> >>>
>>
> >>>
>>
> >>>
>>
> >>>
>> --
> >>>
>> -Scott Battaglia
> >>>
>> PGP Public Key Id: 0x383733AA
> >>>
>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >>>
>>
> >>>
>
------------------------------------------------------------------------
> >>>
>>
> >>>
>> _______________________________________________
> >>>
>> Yale CAS mailing list
> >>>
>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu
<mailto:cas at tp.its.yale.edu>>
> >>>
>> http://tp.its.yale.edu/mailman/listinfo/cas
> >>>
>>
> >>> >
_______________________________________________
> >>> > Yale CAS mailing list
> >>> >
cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu
<mailto:cas at tp.its.yale.edu>>
> >>> >
http://tp.its.yale.edu/mailman/listinfo/cas
> >>> >
> >>>
> >>>
_______________________________________________
> >>> Yale CAS mailing list
> >>> cas at tp.its.yale.edu
<mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu
<mailto:cas at tp.its.yale.edu>>
> >>>
http://tp.its.yale.edu/mailman/listinfo/cas
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> -Scott Battaglia
> >>> PGP Public Key Id: 0x383733AA
> >>> LinkedIn:
http://www.linkedin.com/in/scottbattaglia
> >>>
>
------------------------------------------------------------------------
> >>>
> >>>
_______________________________________________
> >>> Yale CAS mailing list
> >>> cas at tp.its.yale.edu
<mailto:cas at tp.its.yale.edu>
> >>>
http://tp.its.yale.edu/mailman/listinfo/cas
> >>>
> >>>
> >>
> >>
_______________________________________________
> >> Yale CAS mailing list
> >> cas at tp.its.yale.edu
<mailto:cas at tp.its.yale.edu>
> >>
http://tp.its.yale.edu/mailman/listinfo/cas
> >>
> >>
> >
_______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> >
http://tp.its.yale.edu/mailman/listinfo/cas
> >
>
>
_______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
<mailto:cas at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
>
> --
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080521/3bb6a0f8/attachment.html
More information about the cas
mailing list