If you turn on DEBUG level logging on the CAS server it should give you a better indication of why the server is rejecting the ticket.
-Scott On 1/13/07, tedzo <[EMAIL PROTECTED]> wrote:
Hello, With the CAS filters set, I am redirected to CAS's login page and after successful login (username=password), I am redirected to my app's page with a ticket. However, If you notice the log entries below, the first line mentions that a ticket was granted (ST-2....). The next line complains that the just granted ticket is invalid and is not recognized. Further down, at the bottom, another ticket appears to be granted (ST-3....). I am not sure why a second one was granted. My tomcat's logs- 2007-01-13 17:38:37,758 INFO [ org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20] for service [ http://localhost:8080/DMM/login.jsp] for user [ml]> 2007-01-13 17:38:38,211 ERROR [http-8080-Processor25] client.CASReceipt:61 - validation of [[edu.yale.its.tp.cas.client.ProxyTicketValidatorproxyList=[null] [ edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[ https://localhost:8443/cas/proxyValidate] ticket=[ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20] service=[http%3A%2F%2Flocalhost%3A8080%2FDMM%2Flogin.jsp] errorCode=[INVALID_TICKET] errorMessage=[ticket 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not recognized] renew=false entireResponse=[<cas:serviceResponse xmlns:cas=' http://www.yale.edu/tp/cas' <http://www.yale.edu/tp/cas%27>> <cas:authenticationFailure code='INVALID_TICKET'> ticket 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not recognized </cas:authenticationFailure> </cas:serviceResponse> ]]]] was not successful. 2007-01-13 17:38:38,242 ERROR [http-8080-Processor25] filter.CASFilter:380 - edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidatorproxyList=[null] [ edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[ https://localhost:8443/cas/proxyValidate] ticket=[ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20] service=[http%3A%2F%2Flocalhost%3A8080%2FDMM%2Flogin.jsp] errorCode=[INVALID_TICKET] errorMessage=[ticket 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not recognized] renew=false entireResponse=[<cas:serviceResponse xmlns:cas=' http://www.yale.edu/tp/cas' <http://www.yale.edu/tp/cas%27>> <cas:authenticationFailure code='INVALID_TICKET'> ticket 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not recognized </cas:authenticationFailure> </cas:serviceResponse> ]]]] 2007-01-13 17:38:38,258 ERROR [http-8080-Processor25] [/DMM].[jsp] :253 - Servlet.service() for servlet jsp threw exception edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidatorproxyList=[null] [ edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[ https://localhost:8443/cas/proxyValidate] ticket=[ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20] service=[http%3A%2F%2Flocalhost%3A8080%2FDMM%2Flogin.jsp] errorCode=[INVALID_TICKET] errorMessage=[ticket 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not recognized] renew=false entireResponse=[<cas:serviceResponse xmlns:cas=' http://www.yale.edu/tp/cas' <http://www.yale.edu/tp/cas%27>> <cas:authenticationFailure code='INVALID_TICKET'> ticket 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not recognized </cas:authenticationFailure> </cas:serviceResponse> ]]]] at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java :62) at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser( CASFilter.java:455) ...... 2007-01-13 17:38:38,774 INFO [ org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-3-CJAKM2GaTN17LOYzwGxc12YCryRPVKe37KB-20] for service [ http://localhost:8080/DMM/login.jsp] for user [ml]> I believe everything else is correctly setup. I can access https://localhost and go to Tomcat's initial page. I have exported and imported certificates using keytool. The jvm that tomcat uses knows about the certificates as does Tomcat itself. web.xml <filter> <filter-name>CAS Filter</filter-name> <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter </filter-class> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name> <param-value>https://localhost:8443/cas/login</param-value> </init-param> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.validateUrl </param-name> <param-value>https://localhost:8443/cas/proxyValidate</param-value> </init-param> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.serviceUrl </param-name> <param-value>http://localhost:8080/DMM/login.jsp</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Filter</filter-name> <url-pattern>*.jsp</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>REQUEST</dispatcher> </filter-mapping> server.xml- <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" keystoreFile="C:\Documents and Settings\av\.keystore" keystorePass="changeit" sslProtocol="TLS"/> Any help is appreciated. Av. ------------------------------ TV dinner still cooling? Check out "Tonight's Picks"<http://us.rd.yahoo.com/evt=49979/*http://tv.yahoo.com/>on Yahoo! TV. _______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas