I modified the code to request a Proxy ticket for the CAS ClearPass URL. I am now getting an 'Invalid proxy chain' error in the CAS logs.
CAS LOGS ================================== 2010-05-13 16:15:17,529 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-72-0uyXcQCyhbJ96AcH15rI-pcas] for service [https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx] for user [sbolan] 2010-05-13 16:15:17,762 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-73-zly7vOwYAheDcvQUaOaE-pcas] for service [https://cas.pepperdine.edu:8443/cas/clearPass] for user [https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx?proxyResponse=true] 2010-05-13 16:15:17,778 INFO [org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl] - No Proxy Ticket found for 2010-05-13 16:15:17,779 WARN [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter] - org.jasig.cas.client.validation.InvalidProxyChainTicketValidationException: Invalid proxy chain: [https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx?proxyResponse=true] org.jasig.cas.client.validation.InvalidProxyChainTicketValidationException: Invalid proxy chain: [https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx?proxyResponse=true] MODIFIED C# CODE ================================== protected void Page_Load(object sender, EventArgs e) { if (!Page.IsPostBack) { FormsAuthenticationTicket formsAuthTicket = CasAuthentication.GetFormsAuthenticationTicket(); CasAuthenticationTicket casTicket = CasAuthentication.ServiceTicketManager.GetTicket(formsAuthTicket.UserData); string validateUrl = EnhancedUriBuilder.Combine(CasAuthentication.CasServerUrlPrefix, "proxyValidate"); //Uri url = new UriBuilder(Request.Url.Scheme, Request.Url.DnsSafeHost, Request.Url.Port, ResolveUrl("DotNetCasProxyDemoApp.application")).Uri; //Uri url = new Uri(@"https://sbolan1.pepperdine.edu/clearpass/Default.aspx";); Uri url = new Uri(@"https://cas.pepperdine.edu:8443/cas/clearPass";); string proxyGrantingTicket = casTicket.ProxyGrantingTicket; string proxyUrl = UrlUtil.ConstructProxyTicketRequestUrl(casTicket.ProxyGrantingTicket, url.AbsoluteUri); string ticket; try { ticket = CasAuthentication.GetProxyTicketIdFor(url.AbsoluteUri); } catch (InvalidOperationException ioe) { ticket = "Invalid Request: " + ioe.Message; } catch (TicketValidationException tve) { ticket = "Ticket Exception: " + tve.Message; } string originalTicket = ticket; string clickOnceValidation = validateUrl + "?service=" + Server.UrlEncode(url.AbsoluteUri) + "&proxyTicket=" + ticket; string appUrl = new UriBuilder(Request.Url.Scheme, Request.Url.DnsSafeHost, Request.Url.Port, ResolveUrl("Default.aspx"), "?proxyTicket=" + ticket + "&verifyUrl=" + Server.UrlEncode(validateUrl)).Uri.AbsoluteUri; string clearPassURL = @"https://cas.pepperdine.edu:8443/cas/clearPass?ticket="; + ticket; /*=======================================================*/ /* START OWA CODE */ string ClearPassUrl = "https://cas.pepperdine.edu:8443/cas/clearPass";; string ArtifactParameterName = "ticket"; string proxyTicket = ticket; string ServiceParameterName = "service"; //string clearPassRequest = ClearPassUrl + "?" + ArtifactParameterName + "=" + proxyTicket + "&" + ServiceParameterName + "=" + @"https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx"; string clearPassRequest = ClearPassUrl + "?" + ArtifactParameterName + "=" + proxyTicket + "&" + ServiceParameterName + "=" + @"https%3A%2F%2Fcas.pepperdine.edu%3A8443%2Fcas%2FclearPass"; string clearPassResponse; StreamReader reader = null; try { /* start get */ // THIS IS DOING A GET reader = new StreamReader(new WebClient().OpenRead(clearPassRequest)); clearPassResponse = reader.ReadToEnd(); /* end get */ /* start post */ // THIS IS DOING A POST //WebClient client = new WebClient(); //byte[] bret = client.UploadData(clearPassRequest, "POST", System.Text.Encoding.ASCII.GetBytes("")); //string sret = System.Text.Encoding.ASCII.GetString(bret); //clearPassResponse = sret; //client.Dispose(); /* end post */ } catch (Exception ex) { throw new HttpException(500, "Error getting response from clearPass at URL: " + clearPassRequest + ". " + ex.Message, ex); } finally { if (reader != null) { reader.Close(); } } /* END OWA CODE */ /*=======================================================*/ StringBuilder debugText = new StringBuilder(); debugText.AppendLine("originalTicket"); debugText.AppendLine(originalTicket); debugText.AppendLine(); debugText.AppendLine("Your PGT"); debugText.AppendLine(proxyGrantingTicket); debugText.AppendLine(); debugText.AppendLine("Target Service URL"); debugText.AppendLine(url.AbsoluteUri); debugText.AppendLine(); debugText.AppendLine("Proxy Ticket URL"); debugText.AppendLine(proxyUrl); debugText.AppendLine(); debugText.AppendLine("Proxy Ticket"); debugText.AppendLine(ticket); debugText.AppendLine(); debugText.AppendLine("Validate URL"); debugText.AppendLine(validateUrl); debugText.AppendLine(); debugText.AppendLine("ClickOnce URL"); debugText.AppendLine(appUrl); debugText.AppendLine(); debugText.AppendLine("ClickOnce Validation"); debugText.AppendLine(clickOnceValidation); debugText.AppendLine(); debugText.AppendLine("Clearpass URL"); debugText.AppendLine(clearPassURL); debugText.AppendLine(); debugText.AppendLine("clearPassRequest"); debugText.AppendLine(clearPassRequest); debugText.AppendLine(); debugText.AppendLine("clearPassResponse"); debugText.AppendLine(clearPassResponse); debugText.AppendLine(); DebugField.Text = debugText.ToString(); ClickOnceUrl.Text = appUrl; } } WEBSERVER LOGS =================================== 137.159.68.98 - - [13/May/2010:16:15:17 -0700] "POST /cas/login?service=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx HTTP/1.1" 302 - 137.159.68.98 - - [13/May/2010:16:15:17 -0700] "GET /cas/proxyValidate?ticket=ST-72-0uyXcQCyhbJ96AcH15rI-pcas&service=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx&pgtUrl=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx%3fproxyResponse%3dtrue HTTP/1.1" 200 264 137.159.68.98 - - [13/May/2010:16:15:17 -0700] "GET /cas/proxy?pgt=TGT-61-Uhi5weQA9AMNbBdazEROWbdyl7lfuUD6aibUIZuMIHvDVrLgBp-pcas&targetService=https%3a%2f%2fcas.pepperdine.edu%3a8443%2fcas%2fclearPass HTTP/1.1" 200 193 137.159.9.7 - - [13/May/2010:16:15:17 -0700] "GET /cas/proxyValidate?service=https%3A%2F%2Fcas.pepperdine.edu%3A8443%2Fcas%2FclearPass&ticket=ST-73-zly7vOwYAheDcvQUaOaE-pcas& HTTP/1.1" 200 313 137.159.68.98 - - [13/May/2010:16:15:17 -0700] "GET /cas/clearPass?ticket=ST-73-zly7vOwYAheDcvQUaOaE-pcas&service=https%3A%2F%2Fcas.pepperdine.edu%3A8443%2Fcas%2FclearPass HTTP/1.1" 302 - 137.159.68.98 - - [13/May/2010:16:15:17 -0700] "GET /cas/clearPass HTTP/1.1" 200 177 137.159.68.98 - - [13/May/2010:16:15:29 -0700] "GET /logs/cas.log HTTP/1.1" 200 308265 Scott Battaglia-2 wrote: > > You're requesting a proxy ticket for your own service. You need to > request > a proxy ticket to access the ClearPass service. > > > On Thu, May 13, 2010 at 5:32 PM, Scott B <[email protected]> > wrote: > >> >> I am getting the following response when contacting clearPass via the >> DotNetCasClient >> >> <cas:clearPassResponse xmlns:cas='http://www.yale.edu/tp/cas'> >> <cas:clearPassFailure>No authentication information >> provided.</cas:clearPassFailure> >> </cas:clearPassResponse> >> >> I have attached the associated C# code, web.config, C# logs, webserver >> logs, >> and CAS logs below. I used the OWA code as a template for my code. >> >> The most interesting error comes from the CAS logs >> >> 2010-05-13 14:20:42,724 WARN >> [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter] >> - org.jasig.cas.client.validation.TicketValidationException: >> ticket 'ST-57-beOjozKFxt5fnukAr2Yf-pcas' does not match >> supplied service. >> The original service was >> 'https://sbolan1.pepperdine.edu/clearpass/Default.aspx' and the supplied >> service was 'https://cas.pepperdine.edu:8443/cas/clearPass'. >> >> The only place CASis called with >> https://cas.pepeprdine.edu:8443/cas/clearPas is highlighted in the web >> server logs below. >> >> It is also interesting to me that CAS is granting two tickets 'ST-56' and >> 'ST-57'. >> >> Thanks for any help or tips in debugging this issue. >> >> ====================================================== >> web.config =========================================== >> ====================================================== >> <casClientConfig >> casServerLoginUrl="https://cas.pepperdine.edu:8443/cas/login"; >> serverName="https://sbolan1.pepperdine.edu"; >> casServerUrlPrefix="https://cas.pepperdine.edu:8443/cas"; >> redirectAfterValidation="true" >> gateway="true" >> renew="false" >> ticketValidatorName="Cas20" >> ticketTimeTolerance="5000" >> singleSignOut="false" >> proxyTicketManager="CacheProxyTicketManager" >> serviceTicketManager="CacheServiceTicketManager" >> gatewayStatusCookieName="CasGatewayStatus" >> >> >> >> ====================================================== >> C# code ============================================== >> ====================================================== >> protected void Page_Load(object sender, EventArgs e) >> { >> if (!Page.IsPostBack) >> { >> FormsAuthenticationTicket formsAuthTicket = >> CasAuthentication.GetFormsAuthenticationTicket(); >> CasAuthenticationTicket casTicket = >> CasAuthentication.ServiceTicketManager.GetTicket(formsAuthTicket.UserData); >> >> string validateUrl = >> EnhancedUriBuilder.Combine(CasAuthentication.CasServerUrlPrefix, >> "proxyValidate"); >> >> //Uri url = new UriBuilder(Request.Url.Scheme, >> Request.Url.DnsSafeHost, Request.Url.Port, >> ResolveUrl("DotNetCasProxyDemoApp.application")).Uri; >> Uri url = new >> Uri(@"https://sbolan1.pepperdine.edu/clearpass/Default.aspx";); >> string proxyGrantingTicket = >> casTicket.ProxyGrantingTicket; >> string proxyUrl = >> UrlUtil.ConstructProxyTicketRequestUrl(casTicket.ProxyGrantingTicket, >> url.AbsoluteUri); >> >> string ticket; >> try >> { >> ticket = >> CasAuthentication.GetProxyTicketIdFor(url.AbsoluteUri); >> } >> catch (InvalidOperationException ioe) >> { >> ticket = "Invalid Request: " + ioe.Message; >> } >> catch (TicketValidationException tve) >> { >> ticket = "Ticket Exception: " + tve.Message; >> } >> >> string originalTicket = ticket; >> string clickOnceValidation = validateUrl + "?service=" + >> Server.UrlEncode(url.AbsoluteUri) + "&proxyTicket=" + ticket; >> >> string appUrl = new UriBuilder(Request.Url.Scheme, >> Request.Url.DnsSafeHost, Request.Url.Port, ResolveUrl("Default.aspx"), >> "?proxyTicket=" + ticket + "&verifyUrl=" + >> Server.UrlEncode(validateUrl)).Uri.AbsoluteUri; >> >> string clearPassURL = >> @"https://cas.pepperdine.edu:8443/cas/clearPass?ticket="; + ticket; >> >> >> /*=======================================================*/ >> /* START OWA CODE */ >> string ClearPassUrl = >> "https://cas.pepperdine.edu:8443/cas/clearPass";; >> >> string ArtifactParameterName = "ticket"; >> string proxyTicket = ticket; >> string ServiceParameterName = "service"; >> >> string clearPassRequest = ClearPassUrl + "?" + >> ArtifactParameterName + "=" + proxyTicket + "&" + ServiceParameterName + >> "=" >> + @"https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx"; >> >> >> string clearPassResponse; >> StreamReader reader = null; >> try >> { >> /* start get */ >> // THIS IS DOING A GET >> reader = new StreamReader(new >> WebClient().OpenRead(clearPassRequest)); >> clearPassResponse = reader.ReadToEnd(); >> /* end get */ >> >> /* start post */ >> // THIS IS DOING A POST >> //WebClient client = new WebClient(); >> //byte[] bret = client.UploadData(clearPassRequest, >> "POST", System.Text.Encoding.ASCII.GetBytes("")); >> //string sret = >> System.Text.Encoding.ASCII.GetString(bret); >> >> //clearPassResponse = sret; >> //client.Dispose(); >> /* end post */ >> >> } >> catch (Exception ex) >> { >> throw new HttpException(500, "Error getting response >> from clearPass at URL: " + clearPassRequest + ". " + ex.Message, ex); >> } >> finally >> { >> if (reader != null) >> { >> reader.Close(); >> } >> } >> >> /* END OWA CODE */ >> >> /*=======================================================*/ >> >> >> StringBuilder debugText = new StringBuilder(); >> debugText.AppendLine("originalTicket"); >> debugText.AppendLine(originalTicket); >> debugText.AppendLine(); >> >> debugText.AppendLine("Your PGT"); >> debugText.AppendLine(proxyGrantingTicket); >> debugText.AppendLine(); >> >> debugText.AppendLine("Target Service URL"); >> debugText.AppendLine(url.AbsoluteUri); >> debugText.AppendLine(); >> >> debugText.AppendLine("Proxy Ticket URL"); >> debugText.AppendLine(proxyUrl); >> debugText.AppendLine(); >> >> debugText.AppendLine("Proxy Ticket"); >> debugText.AppendLine(ticket); >> debugText.AppendLine(); >> >> debugText.AppendLine("Validate URL"); >> debugText.AppendLine(validateUrl); >> debugText.AppendLine(); >> >> debugText.AppendLine("ClickOnce URL"); >> debugText.AppendLine(appUrl); >> debugText.AppendLine(); >> >> debugText.AppendLine("ClickOnce Validation"); >> debugText.AppendLine(clickOnceValidation); >> debugText.AppendLine(); >> >> debugText.AppendLine("Clearpass URL"); >> debugText.AppendLine(clearPassURL); >> debugText.AppendLine(); >> >> debugText.AppendLine("clearPassRequest"); >> debugText.AppendLine(clearPassRequest); >> debugText.AppendLine(); >> >> debugText.AppendLine("clearPassResponse"); >> debugText.AppendLine(clearPassResponse); >> debugText.AppendLine(); >> >> DebugField.Text = debugText.ToString(); >> ClickOnceUrl.Text = appUrl; >> } >> } >> >> >> >> ====================================================== >> C# logs ============================================== >> ====================================================== >> 2010-05-13 14:20:35,269 [7] DEBUG CasAuthenticationModule - Starting >> BeginRequest for /clearpass/Default.aspx >> 2010-05-13 14:20:35,269 [7] DEBUG CasAuthenticationModule - Ending >> BeginRequest for /clearpass/Default.aspx >> 2010-05-13 14:20:35,269 [7] DEBUG CasAuthenticationModule - Starting >> AuthenticateRequest for /clearpass/Default.aspx >> 2010-05-13 14:20:35,269 [7] DEBUG CasAuthenticationModule - Ending >> AuthenticateRequest for /clearpass/Default.aspx >> 2010-05-13 14:20:35,285 [7] DEBUG CasAuthenticationModule - Starting >> EndRequest for /clearpass/Default.aspx >> 2010-05-13 14:20:35,285 [7] DEBUG CasAuthenticationModule - Redirecting >> to >> CAS Login Page >> 2010-05-13 14:20:35,285 [7] DEBUG UrlUtil - ConstructServiceUri:return >> generated serviceUri: >> https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx >> 2010-05-13 14:20:35,300 [7] DEBUG UrlUtil - ConstructLoginRedirectUrl: >> redirectToUrl=> >> https://cas.pepperdine.edu:8443/cas/login?service=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx >> < >> 2010-05-13 14:20:35,300 [7] DEBUG CasAuthenticationModule - Ending >> EndRequest for /clearpass/Default.aspx >> 2010-05-13 14:20:42,660 [7] DEBUG CasAuthenticationModule - Starting >> BeginRequest for >> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas >> 2010-05-13 14:20:42,660 [7] DEBUG CasAuthenticationModule - Ending >> BeginRequest for >> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas >> 2010-05-13 14:20:42,660 [7] DEBUG CasAuthenticationModule - Processing >> Proxy >> Callback request >> 2010-05-13 14:20:42,675 [7] DEBUG UrlUtil - ConstructServiceUri:return >> generated serviceUri: >> https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx >> 2010-05-13 14:20:42,675 [7] DEBUG AbstractUrlTicketValidator - >> Validate:Constructed validation >> url: >> https://cas.pepperdine.edu:8443/cas/proxyValidate?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas&service=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx&pgtUrl=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx%3fproxyResponse%3dtrue >> 2010-05-13<https://cas.pepperdine.edu:8443/cas/proxyValidate?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas&service=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx&pgtUrl=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx%3fproxyResponse%3dtrue%0A2010-05-13>14:20:42,691 >> [1] DEBUG CasAuthenticationModule - Starting >> BeginRequest for /clearpass/Default.aspx?proxyResponse=true >> 2010-05-13 14:20:42,691 [1] DEBUG CasAuthenticationModule - Processing >> Proxy >> Callback request >> 2010-05-13 14:20:42,691 [1] DEBUG CasAuthenticationModule - Starting >> EndRequest for /clearpass/Default.aspx?proxyResponse=true >> 2010-05-13 14:20:42,707 [1] DEBUG CasAuthenticationModule - Ending >> EndRequest for /clearpass/Default.aspx?proxyResponse=true >> 2010-05-13 14:20:42,707 [1] DEBUG CasAuthenticationModule - Starting >> BeginRequest for >> >> /clearpass/Default.aspx?proxyResponse=true&pgtIou=PGTIOU-23-NXdaF5TLRccbuTkdt5Xv-pcas&pgtId=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas >> 2010-05-13 14:20:42,722 [1] DEBUG CasAuthenticationModule - Processing >> Proxy >> Callback request >> 2010-05-13 14:20:42,722 [1] DEBUG CasAuthentication - Recieved >> proxyGrantingTicketId >> [TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas] for >> proxyGrantingTicketIou [PGTIOU-23-NXdaF5TLRccbuTkdt5Xv-pcas] >> 2010-05-13 14:20:42,722 [1] DEBUG CasAuthenticationModule - Starting >> EndRequest for >> >> /clearpass/Default.aspx?proxyResponse=true&pgtIou=PGTIOU-23-NXdaF5TLRccbuTkdt5Xv-pcas&pgtId=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas >> 2010-05-13 14:20:42,738 [1] DEBUG CasAuthenticationModule - Ending >> EndRequest for >> >> /clearpass/Default.aspx?proxyResponse=true&pgtIou=PGTIOU-23-NXdaF5TLRccbuTkdt5Xv-pcas&pgtId=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas >> 2010-05-13 14:20:42,738 [7] DEBUG AbstractUrlTicketValidator - >> Validate:Ticket validation server response:><cas:serviceResponse >> xmlns:cas='http://www.yale.edu/tp/cas'> >> <cas:authenticationSuccess> >> <cas:user>sbolan</cas:user> >> >> >> >> <cas:proxyGrantingTicket>PGTIOU-23-NXdaF5TLRccbuTkdt5Xv-pcas</cas:proxyGrantingTicket> >> >> >> </cas:authenticationSuccess> >> </cas:serviceResponse>< >> 2010-05-13 14:20:42,753 [7] DEBUG UrlUtil - RemoveCasArtifactsFromUrl: >> redirectToUrl=>https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx< >> 2010-05-13 14:20:42,753 [7] DEBUG CasAuthentication - >> CreateFormsAuthenticationTicket:Incoming CAS Assertion: >> ST-56-enSPfWgYfEaBabxRLLg5-pcas >> 2010-05-13 14:20:42,753 [7] DEBUG CasAuthenticationModule - Starting >> AuthenticateRequest for >> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas >> 2010-05-13 14:20:42,769 [7] DEBUG CasAuthenticationModule - Ending >> AuthenticateRequest for >> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas >> 2010-05-13 14:20:42,769 [7] DEBUG CasAuthenticationModule - Starting >> EndRequest for >> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas >> 2010-05-13 14:20:42,769 [7] DEBUG CasAuthenticationModule - Redirecting >> from login callback >> 2010-05-13 14:20:42,785 [7] DEBUG UrlUtil - RemoveCasArtifactsFromUrl: >> redirectToUrl=>https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx< >> 2010-05-13 14:20:42,785 [7] DEBUG CasAuthenticationModule - Ending >> EndRequest for >> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas >> 2010-05-13 14:20:42,800 [1] DEBUG CasAuthenticationModule - Starting >> BeginRequest for /clearpass/Default.aspx >> 2010-05-13 14:20:42,800 [1] DEBUG CasAuthenticationModule - Ending >> BeginRequest for /clearpass/Default.aspx >> 2010-05-13 14:20:42,800 [1] DEBUG CasAuthenticationModule - Starting >> AuthenticateRequest for /clearpass/Default.aspx >> 2010-05-13 14:20:42,816 [1] DEBUG CasAuthenticationModule - Ending >> AuthenticateRequest for /clearpass/Default.aspx >> 2010-05-13 14:20:42,847 [1] DEBUG UrlUtil - >> ConstructProxyTicketRequestUrl:return generated proxy ticket request Uri: >> >> https://cas.pepperdine.edu:8443/cas/proxy?pgt=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas&targetService=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx >> 2010-05-13<https://cas.pepperdine.edu:8443/cas/proxy?pgt=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas&targetService=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx%0A2010-05-13>14:20:42,863 >> [1] DEBUG UrlUtil - >> ConstructProxyTicketRequestUrl:return generated proxy ticket request Uri: >> >> https://cas.pepperdine.edu:8443/cas/proxy?pgt=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas&targetService=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx >> 2010-05-13<https://cas.pepperdine.edu:8443/cas/proxy?pgt=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas&targetService=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx%0A2010-05-13>14:20:42,863 >> [1] DEBUG CasAuthentication - Proxy success: >> ST-57-beOjozKFxt5fnukAr2Yf-pcas >> 2010-05-13 14:20:42,972 [1] DEBUG CasAuthenticationModule - Starting >> EndRequest for /clearpass/Default.aspx >> 2010-05-13 14:20:42,972 [1] DEBUG CasAuthenticationModule - Ending >> EndRequest for /clearpass/Default.aspx >> >> >> >> >> >> >> >> >> >> ====================================================== >> webserver logs ======================================= >> ====================================================== >> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET >> /cas/login?service=https%3a%2f%2fsbolan1.pepperdine.edu >> %3a443%2fclearpass%2fDefault.aspx >> HTTP/1.1" 200 4982 >> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET /cas/css/cas.css >> HTTP/1.1" 304 - >> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET >> /cas/js/common_rosters.js HTTP/1.1" 304 - >> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET /cas/css/ie_cas.css >> HTTP/1.1" 304 - >> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET >> /cas/images/pepperdine.png HTTP/1.1" 304 - >> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET >> /cas/images/ja-sig-logo.gif HTTP/1.1" 304 - >> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET >> /cas/images/key-point_tr.gif HTTP/1.1" 304 - >> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET >> /cas/images/key-point_tl.gif HTTP/1.1" 304 - >> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET >> /cas/images/key-point_br.gif HTTP/1.1" 304 - >> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET >> /cas/images/key-point_bl.gif HTTP/1.1" 304 - >> 137.159.68.98 - - [13/May/2010:14:20:42 -0700] "POST >> /cas/login?service=https%3a%2f%2fsbolan1.pepperdine.edu >> %3a443%2fclearpass%2fDefault.aspx >> HTTP/1.1" 302 - >> 137.159.68.98 - - [13/May/2010:14:20:42 -0700] "GET >> >> /cas/proxyValidate?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas&service=https%3a%2f% >> 2fsbolan1.pepperdine.edu >> %3a443%2fclearpass%2fDefault.aspx&pgtUrl=https%3a%2f% >> 2fsbolan1.pepperdine.edu >> %3a443%2fclearpass%2fDefault.aspx%3fproxyResponse%3dtrue >> HTTP/1.1" 200 264 >> 137.159.68.98 - - [13/May/2010:14:20:42 -0700] "GET >> >> /cas/proxy?pgt=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas&targetService=https%3a%2f% >> 2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx >> HTTP/1.1" 200 193 >> 137.159.9.7 - - [13/May/2010:14:20:42 -0700] "GET >> /cas/proxyValidate?service=https%3A%2F%2Fcas.pepperdine.edu >> %3A8443%2Fcas%2FclearPass&ticket=ST-57-beOjozKFxt5fnukAr2Yf-pcas& >> HTTP/1.1" 200 431 >> 137.159.68.98 - - [13/May/2010:14:20:42 -0700] "GET >> /cas/clearPass?ticket=ST-57-beOjozKFxt5fnukAr2Yf-pcas&service=https%3a%2f% >> 2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx >> HTTP/1.1" 302 - >> 137.159.68.98 - - [13/May/2010:14:20:42 -0700] "GET /cas/clearPass >> HTTP/1.1" >> 200 177 >> >> >> >> >> ====================================================== >> CAS logs ============================================= >> ====================================================== >> 2010-05-13 14:20:41,736 INFO >> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - Search for >> sAMAccountName=sbolan returned 0 results. >> 2010-05-13 14:20:42,393 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket >> [ST-56-enSPfWgYfEaBabxRLLg5-pcas] for service >> [https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx] for user >> [sbolan] >> 2010-05-13 14:20:42,623 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket >> [ST-57-beOjozKFxt5fnukAr2Yf-pcas] for service >> [https://sbolan1.pepperdine.edu/clearpass/Default.aspx] for user >> [ >> https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx?proxyResponse=true >> ] >> 2010-05-13 14:20:42,635 ERROR >> [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket >> [ST-57-beOjozKFxt5fnukAr2Yf-pcas] with service >> [https://sbolan1.pepperdine.edu/clearpass/Default.aspx does not match >> supplied service [https://cas.pepperdine.edu:8443/cas/clearPass] >> 2010-05-13 14:20:42,724 WARN >> [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter] >> - org.jasig.cas.client.validation.TicketValidationException: >> ticket 'ST-57-beOjozKFxt5fnukAr2Yf-pcas' does not match >> supplied service. >> The original service was >> 'https://sbolan1.pepperdine.edu/clearpass/Default.aspx' and the supplied >> service was 'https://cas.pepperdine.edu:8443/cas/clearPass'. >> >> org.jasig.cas.client.validation.TicketValidationException: >> ticket 'ST-57-beOjozKFxt5fnukAr2Yf-pcas' does not match >> supplied service. >> The original service was >> 'https://sbolan1.pepperdine.edu/clearpass/Default.aspx' and the supplied >> service was 'https://cas.pepperdine.edu:8443/cas/clearPass'. >> >> at >> >> org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:73) >> at >> >> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188) >> at >> >> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) >> at >> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >> at >> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >> at >> >> org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48) >> at >> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) >> at >> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >> at >> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >> at >> >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >> at >> >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) >> at >> >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >> at >> >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >> at >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) >> at >> >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >> at >> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) >> at >> >> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >> at >> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >> at java.lang.Thread.run(Thread.java:613) >> -- >> View this message in context: >> http://jasig.275507.n4.nabble.com/Clearpass-DotNetCasClient-ticket-does-not-match-supplied-service-tp2215801p2215801.html >> Sent from the CAS Developers mailing list archive at Nabble.com. >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- View this message in context: http://jasig.275507.n4.nabble.com/Clearpass-DotNetCasClient-ticket-does-not-match-supplied-service-tp2215801p2215942.html Sent from the CAS Developers mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
