Is your CAS server allowed to "call back" to your own personal machine? There may be outbound firewall rules in effect.
On Thu, May 6, 2010 at 4:35 PM, Scott B <[email protected]> wrote: > > I am working on getting clearpass working with CAS. At this point I am > unable to get a proxy ticket from CAS. I am able to authenticate to CAS > but > the GetProxyTicketFor() request causes a java.net.SocketTimeoutException on > the CAS server. > > I have attached the web.config file, CAS server logs, Trace logs, and CAS > xml sections that I believe are relevant to my problem. > > I have tried to run a test application based on the CAS OWA code. I have > also attempted to run the code included in the > DotNetCasClient.Secure.GetProxyTickets.aspx. Both projects return the same > error when requesting the proxy ticket. > > > Any help is much appreicated. > > thanks, > > Scott B > > WEB.CONFIG > =========================== > <casClientConfig > casServerLoginUrl="https://cas.pepperdine.edu:8443/cas/login"; > serverName="https://sbolan1.pepperdine.edu"; > casServerUrlPrefix="https://cas.pepperdine.edu:8443/cas/"; > redirectAfterValidation="true" > useSession="false" > gateway="false" > renew="false" > ticketValidatorName="Cas20" > ticketTimeTolerance="5000" > singleSignOut="false" > proxyGrantingTicketReceptor="true" > > proxyCallbackUrl="https://sbolan1.pepperdine.edu/clearpass/Default.aspx"; > /> > > > TRACE LOGS FROM .NET APPLICATION (interesting sections in bold) > =========================== > 2010-05-06 11:43:51,070 [1] INFO > DotNetCasClient.Validation.AbstractUrlTicketValidator - Set > CasServerUrlPrefix property: https://cas.pepperdine.edu:8443/cas/ > 2010-05-06 <https://cas.pepperdine.edu:8443/cas/%0A2010-05-06>11:43:51,086 > [1] INFO > DotNetCasClient.Validation.AbstractUrlTicketValidator - Set > EncodeServiceUrl > property: False > 2010-05-06 11:43:51,102 [1] INFO > DotNetCasClient.Validation.AbstractUrlTicketValidator - Set Renew property: > False > 2010-05-06 11:43:51,117 [1] DEBUG CasAuthenticationModule - > OnAuthenticateRequest:starting:Summary: > Session: contextSession[unavailable] -- applicationSession[unavailable] > Request: authcookie [NULL] authticket [NULL] > Response: statusCode>200< > Context: Context.User[NULL] > Thread.CurrentPrincipal[Type>GenericPrincipal< Identity[Name>< > AuthenticationType>< IsAuthenticated>False]] > 2010-05-06 11:43:51,117 [1] DEBUG CasAuthenticationModule - > OnAuthenticateRequest:starting with cookie[ASP.NET_SessionId]=NULL > 2010-05-06 11:43:51,133 [1] DEBUG CasAuthentication - > ConstructServiceUri:return generated serviceUri: > https://sbolan1.pepperdine.edu/clearpass/Default.aspx > 2010-05-06 11:43:51,148 [1] DEBUG CasAuthentication - > ConstructLoginRedirectUrl: > redirectToUrl=> > https://cas.pepperdine.edu:8443/cas/login?service=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx > < > 2010-05-06 11:43:57,758 [1] DEBUG CasAuthenticationModule - > OnAuthenticateRequest:starting:Summary: > Session: contextSession[unavailable] -- applicationSession[unavailable] > Request: authcookie [NULL] authticket [NULL] > Response: statusCode>200< > Context: Context.User[NULL] > Thread.CurrentPrincipal[Type>GenericPrincipal< Identity[Name>< > AuthenticationType>< IsAuthenticated>False]] > 2010-05-06 11:43:57,758 [1] DEBUG CasAuthenticationModule - > OnAuthenticateRequest:starting with cookie[ASP.NET_SessionId]=NULL > 2010-05-06 11:43:57,773 [1] DEBUG CasAuthentication - > ConstructServiceUri:return generated serviceUri: > https://sbolan1.pepperdine.edu/clearpass/Default.aspx > 2010-05-06 11:43:57,773 [1] DEBUG > DotNetCasClient.Validation.AbstractUrlTicketValidator - > Validate:Constructed > validation > url: > https://cas.pepperdine.edu:8443/cas/serviceValidate?ticket=ST-14-JsASdz3NAx4SUR9Uncaa-pcas&service=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx&pgtUrl=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx > 2010-05-06<https://cas.pepperdine.edu:8443/cas/serviceValidate?ticket=ST-14-JsASdz3NAx4SUR9Uncaa-pcas&service=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx&pgtUrl=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx%0A2010-05-06>11:44:03,211 > [1] DEBUG > DotNetCasClient.Validation.AbstractUrlTicketValidator - Validate:Ticket > validation server response:><cas:serviceResponse > xmlns:cas='http://www.yale.edu/tp/cas'> > <cas:authenticationSuccess> > <cas:user>sbolan</cas:user> > > > </cas:authenticationSuccess> > </cas:serviceResponse>< > 2010-05-06 11:44:03,227 [1] INFO > DotNetCasClient.Proxy.ProxyGrantingTicketStorage - ProxyGrantingTicketIou > is > null, check ProxyCallbackUrl config > 2010-05-06 11:44:03,227 [1] DEBUG CasAuthentication - > CreateFormsAuthenticationTicket:Incoming CAS Assertion: > ST-14-JsASdz3NAx4SUR9Uncaa-pcas > 2010-05-06 11:44:03,242 [1] DEBUG CasAuthenticationModule - > OnAuthenticateRequest:starting:Summary: > Session: contextSession[unavailable] -- applicationSession[unavailable] > Request: authcookie [Name>.ASPXAUTH< Expires>1/1/0001 12:00:00 AM<] > authticket [name>sbolan< userdata>ST-14-JsASdz3NAx4SUR9Uncaa-pcas< > issuedate>5/6/2010 11:44:03 AM< expiration>5/6/2010 11:54:03 AM< > expired>False< ispersistent>False<] > Response: statusCode>200< > Context: Context.User[Type>GenericPrincipal< Identity[Name>sbolan< > AuthenticationType>Forms< IsAuthenticated>True]] > Thread.CurrentPrincipal[Type>GenericPrincipal< Identity[Name>< > AuthenticationType>< IsAuthenticated>False]] > 2010-05-06 11:44:03,242 [1] DEBUG CasAuthenticationModule - > OnAuthenticateRequest:starting with cookie[ASP.NET_SessionId]=NULL > 2010-05-06 11:44:03,289 [1] DEBUG DotNetCasClient.Security.CasPrincipal - > GetProxyTicketFor:No ProxyGrantingTicket was supplied --> returning null > > > > CAS SERVER LOGS > =========================== > 2010-05-06 11:43:57,064 INFO > [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - Search for > sAMAccountName=sbolan returned 0 results. > 2010-05-06 11:43:57,783 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket > [ST-14-JsASdz3NAx4SUR9Uncaa-pcas] for service > [https://sbolan1.pepperdine.edu/clearpass/Default.aspx] for user [sbolan] > 2010-05-06 11:44:02,986 ERROR [org.jasig.cas.util.HttpClient] - > java.net.SocketTimeoutException: connect timed out > java.net.SocketTimeoutException: connect timed out > at java.net.PlainSocketImpl.socketConnect(Native Method) > at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333) > at > java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195) > at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182) > at java.net.Socket.connect(Socket.java:524) > at sun.net.NetworkClient.doConnect(NetworkClient.java:152) > at sun.net.www.http.HttpClient.openServer(HttpClient.java:388) > at sun.net.www.http.HttpClient.openServer(HttpClient.java:523) > at > sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:278) > <removed> > at > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > ... 39 more > > > CAS XML > =========================== > > > <init-param> > <param-name>allowedProxyChains</param-name> > > <param-value>https://sbolan1.pepperdine.edu/clearpass/Default.aspx > </param-value> > </init-param> > > Activated at runtime as the of time in this log: > 2010-05-05 16:33:23,491 INFO > [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter] > - Property [allowedProxyChains] loaded from FilterConfig.getInitParameter > with value [https://sbolan1.pepperdine.edu/clearpass/Default.aspx] > > -- > View this message in context: > http://jasig.275507.n4.nabble.com/Clearpass-DotNetCasClient-Proxy-Ticket-error-tp2133333p2133333.html > Sent from the CAS Developers mailing list archive at Nabble.com. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
