And here's the allowedProxyChains parameter
<init-param>
<param-name>allowedProxyChains</param-name>
<param-value>https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx
https://edns-test01.pepperdine.edu/castestP.php
https://cas.pepperdine.edu:8443/cas/clearPass</param-value>
</init-param>
we've tried the sbolan1 entry with and without :443 specified
On May 13, 2010, at 4:25 PM, Scott B wrote:
>
> I modified the code to request a Proxy ticket for the CAS ClearPass URL. I
> am now getting an 'Invalid proxy chain' error in the CAS logs.
>
>
> CAS LOGS ==================================
> 2010-05-13 16:15:17,529 INFO
> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket
> [ST-72-0uyXcQCyhbJ96AcH15rI-pcas] for service
> [https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx] for user
> [sbolan]
> 2010-05-13 16:15:17,762 INFO
> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket
> [ST-73-zly7vOwYAheDcvQUaOaE-pcas] for service
> [https://cas.pepperdine.edu:8443/cas/clearPass] for user
> [https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx?proxyResponse=true]
> 2010-05-13 16:15:17,778 INFO
> [org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl] - No Proxy
> Ticket found for
> 2010-05-13 16:15:17,779 WARN
> [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter]
> -
> org.jasig.cas.client.validation.InvalidProxyChainTicketValidationException:
> Invalid proxy chain:
> [https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx?proxyResponse=true]
> org.jasig.cas.client.validation.InvalidProxyChainTicketValidationException:
> Invalid proxy chain:
> [https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx?proxyResponse=true]
>
>
> MODIFIED C# CODE ==================================
> protected void Page_Load(object sender, EventArgs e)
> {
> if (!Page.IsPostBack)
> {
> FormsAuthenticationTicket formsAuthTicket =
> CasAuthentication.GetFormsAuthenticationTicket();
> CasAuthenticationTicket casTicket =
> CasAuthentication.ServiceTicketManager.GetTicket(formsAuthTicket.UserData);
>
> string validateUrl =
> EnhancedUriBuilder.Combine(CasAuthentication.CasServerUrlPrefix,
> "proxyValidate");
>
> //Uri url = new UriBuilder(Request.Url.Scheme,
> Request.Url.DnsSafeHost, Request.Url.Port,
> ResolveUrl("DotNetCasProxyDemoApp.application")).Uri;
> //Uri url = new
> Uri(@"https://sbolan1.pepperdine.edu/clearpass/Default.aspx";);
> Uri url = new
> Uri(@"https://cas.pepperdine.edu:8443/cas/clearPass";);
> string proxyGrantingTicket = casTicket.ProxyGrantingTicket;
> string proxyUrl =
> UrlUtil.ConstructProxyTicketRequestUrl(casTicket.ProxyGrantingTicket,
> url.AbsoluteUri);
>
> string ticket;
> try
> {
> ticket =
> CasAuthentication.GetProxyTicketIdFor(url.AbsoluteUri);
> }
> catch (InvalidOperationException ioe)
> {
> ticket = "Invalid Request: " + ioe.Message;
> }
> catch (TicketValidationException tve)
> {
> ticket = "Ticket Exception: " + tve.Message;
> }
>
> string originalTicket = ticket;
> string clickOnceValidation = validateUrl + "?service=" +
> Server.UrlEncode(url.AbsoluteUri) + "&proxyTicket=" + ticket;
>
> string appUrl = new UriBuilder(Request.Url.Scheme,
> Request.Url.DnsSafeHost, Request.Url.Port, ResolveUrl("Default.aspx"),
> "?proxyTicket=" + ticket + "&verifyUrl=" +
> Server.UrlEncode(validateUrl)).Uri.AbsoluteUri;
>
> string clearPassURL =
> @"https://cas.pepperdine.edu:8443/cas/clearPass?ticket="; + ticket;
>
> /*=======================================================*/
> /* START OWA CODE */
> string ClearPassUrl =
> "https://cas.pepperdine.edu:8443/cas/clearPass";;
>
> string ArtifactParameterName = "ticket";
> string proxyTicket = ticket;
> string ServiceParameterName = "service";
>
> //string clearPassRequest = ClearPassUrl + "?" +
> ArtifactParameterName + "=" + proxyTicket + "&" + ServiceParameterName + "="
> + @"https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx";
> string clearPassRequest = ClearPassUrl + "?" +
> ArtifactParameterName + "=" + proxyTicket + "&" + ServiceParameterName + "="
> + @"https%3A%2F%2Fcas.pepperdine.edu%3A8443%2Fcas%2FclearPass";
>
>
> string clearPassResponse;
> StreamReader reader = null;
> try
> {
> /* start get */
> // THIS IS DOING A GET
> reader = new StreamReader(new
> WebClient().OpenRead(clearPassRequest));
> clearPassResponse = reader.ReadToEnd();
> /* end get */
>
> /* start post */
> // THIS IS DOING A POST
> //WebClient client = new WebClient();
> //byte[] bret = client.UploadData(clearPassRequest,
> "POST", System.Text.Encoding.ASCII.GetBytes(""));
> //string sret =
> System.Text.Encoding.ASCII.GetString(bret);
>
> //clearPassResponse = sret;
> //client.Dispose();
> /* end post */
>
> }
> catch (Exception ex)
> {
> throw new HttpException(500, "Error getting response
> from clearPass at URL: " + clearPassRequest + ". " + ex.Message, ex);
> }
> finally
> {
> if (reader != null)
> {
> reader.Close();
> }
> }
>
> /* END OWA CODE */
> /*=======================================================*/
>
>
> StringBuilder debugText = new StringBuilder();
> debugText.AppendLine("originalTicket");
> debugText.AppendLine(originalTicket);
> debugText.AppendLine();
>
> debugText.AppendLine("Your PGT");
> debugText.AppendLine(proxyGrantingTicket);
> debugText.AppendLine();
>
> debugText.AppendLine("Target Service URL");
> debugText.AppendLine(url.AbsoluteUri);
> debugText.AppendLine();
>
> debugText.AppendLine("Proxy Ticket URL");
> debugText.AppendLine(proxyUrl);
> debugText.AppendLine();
>
> debugText.AppendLine("Proxy Ticket");
> debugText.AppendLine(ticket);
> debugText.AppendLine();
>
> debugText.AppendLine("Validate URL");
> debugText.AppendLine(validateUrl);
> debugText.AppendLine();
>
> debugText.AppendLine("ClickOnce URL");
> debugText.AppendLine(appUrl);
> debugText.AppendLine();
>
> debugText.AppendLine("ClickOnce Validation");
> debugText.AppendLine(clickOnceValidation);
> debugText.AppendLine();
>
> debugText.AppendLine("Clearpass URL");
> debugText.AppendLine(clearPassURL);
> debugText.AppendLine();
>
> debugText.AppendLine("clearPassRequest");
> debugText.AppendLine(clearPassRequest);
> debugText.AppendLine();
>
> debugText.AppendLine("clearPassResponse");
> debugText.AppendLine(clearPassResponse);
> debugText.AppendLine();
>
> DebugField.Text = debugText.ToString();
> ClickOnceUrl.Text = appUrl;
> }
> }
>
> WEBSERVER LOGS ===================================
> 137.159.68.98 - - [13/May/2010:16:15:17 -0700] "POST
> /cas/login?service=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx
> HTTP/1.1" 302 -
> 137.159.68.98 - - [13/May/2010:16:15:17 -0700] "GET
> /cas/proxyValidate?ticket=ST-72-0uyXcQCyhbJ96AcH15rI-pcas&service=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx&pgtUrl=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx%3fproxyResponse%3dtrue
> HTTP/1.1" 200 264
> 137.159.68.98 - - [13/May/2010:16:15:17 -0700] "GET
> /cas/proxy?pgt=TGT-61-Uhi5weQA9AMNbBdazEROWbdyl7lfuUD6aibUIZuMIHvDVrLgBp-pcas&targetService=https%3a%2f%2fcas.pepperdine.edu%3a8443%2fcas%2fclearPass
> HTTP/1.1" 200 193
> 137.159.9.7 - - [13/May/2010:16:15:17 -0700] "GET
> /cas/proxyValidate?service=https%3A%2F%2Fcas.pepperdine.edu%3A8443%2Fcas%2FclearPass&ticket=ST-73-zly7vOwYAheDcvQUaOaE-pcas&
> HTTP/1.1" 200 313
> 137.159.68.98 - - [13/May/2010:16:15:17 -0700] "GET
> /cas/clearPass?ticket=ST-73-zly7vOwYAheDcvQUaOaE-pcas&service=https%3A%2F%2Fcas.pepperdine.edu%3A8443%2Fcas%2FclearPass
> HTTP/1.1" 302 -
> 137.159.68.98 - - [13/May/2010:16:15:17 -0700] "GET /cas/clearPass HTTP/1.1"
> 200 177
> 137.159.68.98 - - [13/May/2010:16:15:29 -0700] "GET /logs/cas.log HTTP/1.1"
> 200 308265
>
>
>
> Scott Battaglia-2 wrote:
>>
>> You're requesting a proxy ticket for your own service. You need to
>> request
>> a proxy ticket to access the ClearPass service.
>>
>>
>> On Thu, May 13, 2010 at 5:32 PM, Scott B <[email protected]>
>> wrote:
>>
>>>
>>> I am getting the following response when contacting clearPass via the
>>> DotNetCasClient
>>>
>>> <cas:clearPassResponse xmlns:cas='http://www.yale.edu/tp/cas'>
>>> <cas:clearPassFailure>No authentication information
>>> provided.</cas:clearPassFailure>
>>> </cas:clearPassResponse>
>>>
>>> I have attached the associated C# code, web.config, C# logs, webserver
>>> logs,
>>> and CAS logs below. I used the OWA code as a template for my code.
>>>
>>> The most interesting error comes from the CAS logs
>>>
>>> 2010-05-13 14:20:42,724 WARN
>>> [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter]
>>> - org.jasig.cas.client.validation.TicketValidationException:
>>> ticket 'ST-57-beOjozKFxt5fnukAr2Yf-pcas' does not match
>>> supplied service.
>>> The original service was
>>> 'https://sbolan1.pepperdine.edu/clearpass/Default.aspx' and the supplied
>>> service was 'https://cas.pepperdine.edu:8443/cas/clearPass'.
>>>
>>> The only place CASis called with
>>> https://cas.pepeprdine.edu:8443/cas/clearPas is highlighted in the web
>>> server logs below.
>>>
>>> It is also interesting to me that CAS is granting two tickets 'ST-56' and
>>> 'ST-57'.
>>>
>>> Thanks for any help or tips in debugging this issue.
>>>
>>> ======================================================
>>> web.config ===========================================
>>> ======================================================
>>> <casClientConfig
>>> casServerLoginUrl="https://cas.pepperdine.edu:8443/cas/login";
>>> serverName="https://sbolan1.pepperdine.edu";
>>> casServerUrlPrefix="https://cas.pepperdine.edu:8443/cas";
>>> redirectAfterValidation="true"
>>> gateway="true"
>>> renew="false"
>>> ticketValidatorName="Cas20"
>>> ticketTimeTolerance="5000"
>>> singleSignOut="false"
>>> proxyTicketManager="CacheProxyTicketManager"
>>> serviceTicketManager="CacheServiceTicketManager"
>>> gatewayStatusCookieName="CasGatewayStatus"
>>>
>>>
>>>
>>> ======================================================
>>> C# code ==============================================
>>> ======================================================
>>> protected void Page_Load(object sender, EventArgs e)
>>> {
>>> if (!Page.IsPostBack)
>>> {
>>> FormsAuthenticationTicket formsAuthTicket =
>>> CasAuthentication.GetFormsAuthenticationTicket();
>>> CasAuthenticationTicket casTicket =
>>> CasAuthentication.ServiceTicketManager.GetTicket(formsAuthTicket.UserData);
>>>
>>> string validateUrl =
>>> EnhancedUriBuilder.Combine(CasAuthentication.CasServerUrlPrefix,
>>> "proxyValidate");
>>>
>>> //Uri url = new UriBuilder(Request.Url.Scheme,
>>> Request.Url.DnsSafeHost, Request.Url.Port,
>>> ResolveUrl("DotNetCasProxyDemoApp.application")).Uri;
>>> Uri url = new
>>> Uri(@"https://sbolan1.pepperdine.edu/clearpass/Default.aspx";);
>>> string proxyGrantingTicket =
>>> casTicket.ProxyGrantingTicket;
>>> string proxyUrl =
>>> UrlUtil.ConstructProxyTicketRequestUrl(casTicket.ProxyGrantingTicket,
>>> url.AbsoluteUri);
>>>
>>> string ticket;
>>> try
>>> {
>>> ticket =
>>> CasAuthentication.GetProxyTicketIdFor(url.AbsoluteUri);
>>> }
>>> catch (InvalidOperationException ioe)
>>> {
>>> ticket = "Invalid Request: " + ioe.Message;
>>> }
>>> catch (TicketValidationException tve)
>>> {
>>> ticket = "Ticket Exception: " + tve.Message;
>>> }
>>>
>>> string originalTicket = ticket;
>>> string clickOnceValidation = validateUrl + "?service=" +
>>> Server.UrlEncode(url.AbsoluteUri) + "&proxyTicket=" + ticket;
>>>
>>> string appUrl = new UriBuilder(Request.Url.Scheme,
>>> Request.Url.DnsSafeHost, Request.Url.Port, ResolveUrl("Default.aspx"),
>>> "?proxyTicket=" + ticket + "&verifyUrl=" +
>>> Server.UrlEncode(validateUrl)).Uri.AbsoluteUri;
>>>
>>> string clearPassURL =
>>> @"https://cas.pepperdine.edu:8443/cas/clearPass?ticket="; + ticket;
>>>
>>>
>>> /*=======================================================*/
>>> /* START OWA CODE */
>>> string ClearPassUrl =
>>> "https://cas.pepperdine.edu:8443/cas/clearPass";;
>>>
>>> string ArtifactParameterName = "ticket";
>>> string proxyTicket = ticket;
>>> string ServiceParameterName = "service";
>>>
>>> string clearPassRequest = ClearPassUrl + "?" +
>>> ArtifactParameterName + "=" + proxyTicket + "&" + ServiceParameterName +
>>> "="
>>> + @"https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx";
>>>
>>>
>>> string clearPassResponse;
>>> StreamReader reader = null;
>>> try
>>> {
>>> /* start get */
>>> // THIS IS DOING A GET
>>> reader = new StreamReader(new
>>> WebClient().OpenRead(clearPassRequest));
>>> clearPassResponse = reader.ReadToEnd();
>>> /* end get */
>>>
>>> /* start post */
>>> // THIS IS DOING A POST
>>> //WebClient client = new WebClient();
>>> //byte[] bret = client.UploadData(clearPassRequest,
>>> "POST", System.Text.Encoding.ASCII.GetBytes(""));
>>> //string sret =
>>> System.Text.Encoding.ASCII.GetString(bret);
>>>
>>> //clearPassResponse = sret;
>>> //client.Dispose();
>>> /* end post */
>>>
>>> }
>>> catch (Exception ex)
>>> {
>>> throw new HttpException(500, "Error getting response
>>> from clearPass at URL: " + clearPassRequest + ". " + ex.Message, ex);
>>> }
>>> finally
>>> {
>>> if (reader != null)
>>> {
>>> reader.Close();
>>> }
>>> }
>>>
>>> /* END OWA CODE */
>>>
>>> /*=======================================================*/
>>>
>>>
>>> StringBuilder debugText = new StringBuilder();
>>> debugText.AppendLine("originalTicket");
>>> debugText.AppendLine(originalTicket);
>>> debugText.AppendLine();
>>>
>>> debugText.AppendLine("Your PGT");
>>> debugText.AppendLine(proxyGrantingTicket);
>>> debugText.AppendLine();
>>>
>>> debugText.AppendLine("Target Service URL");
>>> debugText.AppendLine(url.AbsoluteUri);
>>> debugText.AppendLine();
>>>
>>> debugText.AppendLine("Proxy Ticket URL");
>>> debugText.AppendLine(proxyUrl);
>>> debugText.AppendLine();
>>>
>>> debugText.AppendLine("Proxy Ticket");
>>> debugText.AppendLine(ticket);
>>> debugText.AppendLine();
>>>
>>> debugText.AppendLine("Validate URL");
>>> debugText.AppendLine(validateUrl);
>>> debugText.AppendLine();
>>>
>>> debugText.AppendLine("ClickOnce URL");
>>> debugText.AppendLine(appUrl);
>>> debugText.AppendLine();
>>>
>>> debugText.AppendLine("ClickOnce Validation");
>>> debugText.AppendLine(clickOnceValidation);
>>> debugText.AppendLine();
>>>
>>> debugText.AppendLine("Clearpass URL");
>>> debugText.AppendLine(clearPassURL);
>>> debugText.AppendLine();
>>>
>>> debugText.AppendLine("clearPassRequest");
>>> debugText.AppendLine(clearPassRequest);
>>> debugText.AppendLine();
>>>
>>> debugText.AppendLine("clearPassResponse");
>>> debugText.AppendLine(clearPassResponse);
>>> debugText.AppendLine();
>>>
>>> DebugField.Text = debugText.ToString();
>>> ClickOnceUrl.Text = appUrl;
>>> }
>>> }
>>>
>>>
>>>
>>> ======================================================
>>> C# logs ==============================================
>>> ======================================================
>>> 2010-05-13 14:20:35,269 [7] DEBUG CasAuthenticationModule - Starting
>>> BeginRequest for /clearpass/Default.aspx
>>> 2010-05-13 14:20:35,269 [7] DEBUG CasAuthenticationModule - Ending
>>> BeginRequest for /clearpass/Default.aspx
>>> 2010-05-13 14:20:35,269 [7] DEBUG CasAuthenticationModule - Starting
>>> AuthenticateRequest for /clearpass/Default.aspx
>>> 2010-05-13 14:20:35,269 [7] DEBUG CasAuthenticationModule - Ending
>>> AuthenticateRequest for /clearpass/Default.aspx
>>> 2010-05-13 14:20:35,285 [7] DEBUG CasAuthenticationModule - Starting
>>> EndRequest for /clearpass/Default.aspx
>>> 2010-05-13 14:20:35,285 [7] DEBUG CasAuthenticationModule - Redirecting
>>> to
>>> CAS Login Page
>>> 2010-05-13 14:20:35,285 [7] DEBUG UrlUtil - ConstructServiceUri:return
>>> generated serviceUri:
>>> https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx
>>> 2010-05-13 14:20:35,300 [7] DEBUG UrlUtil - ConstructLoginRedirectUrl:
>>> redirectToUrl=>
>>> https://cas.pepperdine.edu:8443/cas/login?service=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx
>>> <
>>> 2010-05-13 14:20:35,300 [7] DEBUG CasAuthenticationModule - Ending
>>> EndRequest for /clearpass/Default.aspx
>>> 2010-05-13 14:20:42,660 [7] DEBUG CasAuthenticationModule - Starting
>>> BeginRequest for
>>> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas
>>> 2010-05-13 14:20:42,660 [7] DEBUG CasAuthenticationModule - Ending
>>> BeginRequest for
>>> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas
>>> 2010-05-13 14:20:42,660 [7] DEBUG CasAuthenticationModule - Processing
>>> Proxy
>>> Callback request
>>> 2010-05-13 14:20:42,675 [7] DEBUG UrlUtil - ConstructServiceUri:return
>>> generated serviceUri:
>>> https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx
>>> 2010-05-13 14:20:42,675 [7] DEBUG AbstractUrlTicketValidator -
>>> Validate:Constructed validation
>>> url:
>>> https://cas.pepperdine.edu:8443/cas/proxyValidate?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas&service=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx&pgtUrl=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx%3fproxyResponse%3dtrue
>>> 2010-05-13<https://cas.pepperdine.edu:8443/cas/proxyValidate?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas&service=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx&pgtUrl=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx%3fproxyResponse%3dtrue%0A2010-05-13>14:20:42,691
>>> [1] DEBUG CasAuthenticationModule - Starting
>>> BeginRequest for /clearpass/Default.aspx?proxyResponse=true
>>> 2010-05-13 14:20:42,691 [1] DEBUG CasAuthenticationModule - Processing
>>> Proxy
>>> Callback request
>>> 2010-05-13 14:20:42,691 [1] DEBUG CasAuthenticationModule - Starting
>>> EndRequest for /clearpass/Default.aspx?proxyResponse=true
>>> 2010-05-13 14:20:42,707 [1] DEBUG CasAuthenticationModule - Ending
>>> EndRequest for /clearpass/Default.aspx?proxyResponse=true
>>> 2010-05-13 14:20:42,707 [1] DEBUG CasAuthenticationModule - Starting
>>> BeginRequest for
>>>
>>> /clearpass/Default.aspx?proxyResponse=true&pgtIou=PGTIOU-23-NXdaF5TLRccbuTkdt5Xv-pcas&pgtId=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas
>>> 2010-05-13 14:20:42,722 [1] DEBUG CasAuthenticationModule - Processing
>>> Proxy
>>> Callback request
>>> 2010-05-13 14:20:42,722 [1] DEBUG CasAuthentication - Recieved
>>> proxyGrantingTicketId
>>> [TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas] for
>>> proxyGrantingTicketIou [PGTIOU-23-NXdaF5TLRccbuTkdt5Xv-pcas]
>>> 2010-05-13 14:20:42,722 [1] DEBUG CasAuthenticationModule - Starting
>>> EndRequest for
>>>
>>> /clearpass/Default.aspx?proxyResponse=true&pgtIou=PGTIOU-23-NXdaF5TLRccbuTkdt5Xv-pcas&pgtId=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas
>>> 2010-05-13 14:20:42,738 [1] DEBUG CasAuthenticationModule - Ending
>>> EndRequest for
>>>
>>> /clearpass/Default.aspx?proxyResponse=true&pgtIou=PGTIOU-23-NXdaF5TLRccbuTkdt5Xv-pcas&pgtId=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas
>>> 2010-05-13 14:20:42,738 [7] DEBUG AbstractUrlTicketValidator -
>>> Validate:Ticket validation server response:><cas:serviceResponse
>>> xmlns:cas='http://www.yale.edu/tp/cas'>
>>> <cas:authenticationSuccess>
>>> <cas:user>sbolan</cas:user>
>>>
>>>
>>>
>>> <cas:proxyGrantingTicket>PGTIOU-23-NXdaF5TLRccbuTkdt5Xv-pcas</cas:proxyGrantingTicket>
>>>
>>>
>>> </cas:authenticationSuccess>
>>> </cas:serviceResponse><
>>> 2010-05-13 14:20:42,753 [7] DEBUG UrlUtil - RemoveCasArtifactsFromUrl:
>>> redirectToUrl=>https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx<
>>> 2010-05-13 14:20:42,753 [7] DEBUG CasAuthentication -
>>> CreateFormsAuthenticationTicket:Incoming CAS Assertion:
>>> ST-56-enSPfWgYfEaBabxRLLg5-pcas
>>> 2010-05-13 14:20:42,753 [7] DEBUG CasAuthenticationModule - Starting
>>> AuthenticateRequest for
>>> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas
>>> 2010-05-13 14:20:42,769 [7] DEBUG CasAuthenticationModule - Ending
>>> AuthenticateRequest for
>>> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas
>>> 2010-05-13 14:20:42,769 [7] DEBUG CasAuthenticationModule - Starting
>>> EndRequest for
>>> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas
>>> 2010-05-13 14:20:42,769 [7] DEBUG CasAuthenticationModule - Redirecting
>>> from login callback
>>> 2010-05-13 14:20:42,785 [7] DEBUG UrlUtil - RemoveCasArtifactsFromUrl:
>>> redirectToUrl=>https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx<
>>> 2010-05-13 14:20:42,785 [7] DEBUG CasAuthenticationModule - Ending
>>> EndRequest for
>>> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas
>>> 2010-05-13 14:20:42,800 [1] DEBUG CasAuthenticationModule - Starting
>>> BeginRequest for /clearpass/Default.aspx
>>> 2010-05-13 14:20:42,800 [1] DEBUG CasAuthenticationModule - Ending
>>> BeginRequest for /clearpass/Default.aspx
>>> 2010-05-13 14:20:42,800 [1] DEBUG CasAuthenticationModule - Starting
>>> AuthenticateRequest for /clearpass/Default.aspx
>>> 2010-05-13 14:20:42,816 [1] DEBUG CasAuthenticationModule - Ending
>>> AuthenticateRequest for /clearpass/Default.aspx
>>> 2010-05-13 14:20:42,847 [1] DEBUG UrlUtil -
>>> ConstructProxyTicketRequestUrl:return generated proxy ticket request Uri:
>>>
>>> https://cas.pepperdine.edu:8443/cas/proxy?pgt=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas&targetService=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx
>>> 2010-05-13<https://cas.pepperdine.edu:8443/cas/proxy?pgt=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas&targetService=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx%0A2010-05-13>14:20:42,863
>>> [1] DEBUG UrlUtil -
>>> ConstructProxyTicketRequestUrl:return generated proxy ticket request Uri:
>>>
>>> https://cas.pepperdine.edu:8443/cas/proxy?pgt=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas&targetService=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx
>>> 2010-05-13<https://cas.pepperdine.edu:8443/cas/proxy?pgt=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas&targetService=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx%0A2010-05-13>14:20:42,863
>>> [1] DEBUG CasAuthentication - Proxy success:
>>> ST-57-beOjozKFxt5fnukAr2Yf-pcas
>>> 2010-05-13 14:20:42,972 [1] DEBUG CasAuthenticationModule - Starting
>>> EndRequest for /clearpass/Default.aspx
>>> 2010-05-13 14:20:42,972 [1] DEBUG CasAuthenticationModule - Ending
>>> EndRequest for /clearpass/Default.aspx
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ======================================================
>>> webserver logs =======================================
>>> ======================================================
>>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET
>>> /cas/login?service=https%3a%2f%2fsbolan1.pepperdine.edu
>>> %3a443%2fclearpass%2fDefault.aspx
>>> HTTP/1.1" 200 4982
>>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET /cas/css/cas.css
>>> HTTP/1.1" 304 -
>>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET
>>> /cas/js/common_rosters.js HTTP/1.1" 304 -
>>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET /cas/css/ie_cas.css
>>> HTTP/1.1" 304 -
>>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET
>>> /cas/images/pepperdine.png HTTP/1.1" 304 -
>>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET
>>> /cas/images/ja-sig-logo.gif HTTP/1.1" 304 -
>>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET
>>> /cas/images/key-point_tr.gif HTTP/1.1" 304 -
>>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET
>>> /cas/images/key-point_tl.gif HTTP/1.1" 304 -
>>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET
>>> /cas/images/key-point_br.gif HTTP/1.1" 304 -
>>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET
>>> /cas/images/key-point_bl.gif HTTP/1.1" 304 -
>>> 137.159.68.98 - - [13/May/2010:14:20:42 -0700] "POST
>>> /cas/login?service=https%3a%2f%2fsbolan1.pepperdine.edu
>>> %3a443%2fclearpass%2fDefault.aspx
>>> HTTP/1.1" 302 -
>>> 137.159.68.98 - - [13/May/2010:14:20:42 -0700] "GET
>>>
>>> /cas/proxyValidate?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas&service=https%3a%2f%
>>> 2fsbolan1.pepperdine.edu
>>> %3a443%2fclearpass%2fDefault.aspx&pgtUrl=https%3a%2f%
>>> 2fsbolan1.pepperdine.edu
>>> %3a443%2fclearpass%2fDefault.aspx%3fproxyResponse%3dtrue
>>> HTTP/1.1" 200 264
>>> 137.159.68.98 - - [13/May/2010:14:20:42 -0700] "GET
>>>
>>> /cas/proxy?pgt=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas&targetService=https%3a%2f%
>>> 2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx
>>> HTTP/1.1" 200 193
>>> 137.159.9.7 - - [13/May/2010:14:20:42 -0700] "GET
>>> /cas/proxyValidate?service=https%3A%2F%2Fcas.pepperdine.edu
>>> %3A8443%2Fcas%2FclearPass&ticket=ST-57-beOjozKFxt5fnukAr2Yf-pcas&
>>> HTTP/1.1" 200 431
>>> 137.159.68.98 - - [13/May/2010:14:20:42 -0700] "GET
>>> /cas/clearPass?ticket=ST-57-beOjozKFxt5fnukAr2Yf-pcas&service=https%3a%2f%
>>> 2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx
>>> HTTP/1.1" 302 -
>>> 137.159.68.98 - - [13/May/2010:14:20:42 -0700] "GET /cas/clearPass
>>> HTTP/1.1"
>>> 200 177
>>>
>>>
>>>
>>>
>>> ======================================================
>>> CAS logs =============================================
>>> ======================================================
>>> 2010-05-13 14:20:41,736 INFO
>>> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - Search for
>>> sAMAccountName=sbolan returned 0 results.
>>> 2010-05-13 14:20:42,393 INFO
>>> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket
>>> [ST-56-enSPfWgYfEaBabxRLLg5-pcas] for service
>>> [https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx] for user
>>> [sbolan]
>>> 2010-05-13 14:20:42,623 INFO
>>> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket
>>> [ST-57-beOjozKFxt5fnukAr2Yf-pcas] for service
>>> [https://sbolan1.pepperdine.edu/clearpass/Default.aspx] for user
>>> [
>>> https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx?proxyResponse=true
>>> ]
>>> 2010-05-13 14:20:42,635 ERROR
>>> [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket
>>> [ST-57-beOjozKFxt5fnukAr2Yf-pcas] with service
>>> [https://sbolan1.pepperdine.edu/clearpass/Default.aspx does not match
>>> supplied service [https://cas.pepperdine.edu:8443/cas/clearPass]
>>> 2010-05-13 14:20:42,724 WARN
>>> [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter]
>>> - org.jasig.cas.client.validation.TicketValidationException:
>>> ticket 'ST-57-beOjozKFxt5fnukAr2Yf-pcas' does not match
>>> supplied service.
>>> The original service was
>>> 'https://sbolan1.pepperdine.edu/clearpass/Default.aspx' and the supplied
>>> service was 'https://cas.pepperdine.edu:8443/cas/clearPass'.
>>>
>>> org.jasig.cas.client.validation.TicketValidationException:
>>> ticket 'ST-57-beOjozKFxt5fnukAr2Yf-pcas' does not match
>>> supplied service.
>>> The original service was
>>> 'https://sbolan1.pepperdine.edu/clearpass/Default.aspx' and the supplied
>>> service was 'https://cas.pepperdine.edu:8443/cas/clearPass'.
>>>
>>> at
>>>
>>> org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:73)
>>> at
>>>
>>> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)
>>> at
>>>
>>> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
>>> at
>>>
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>> at
>>>
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>> at
>>>
>>> org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
>>> at
>>>
>>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
>>> at
>>>
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>> at
>>>
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>> at
>>>
>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>> at
>>>
>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>>> at
>>>
>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>> at
>>>
>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>> at
>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
>>> at
>>>
>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>> at
>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>> at
>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>>> at
>>>
>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>> at
>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>> at java.lang.Thread.run(Thread.java:613)
>>> --
>>> View this message in context:
>>> http://jasig.275507.n4.nabble.com/Clearpass-DotNetCasClient-ticket-does-not-match-supplied-service-tp2215801p2215801.html
>>> Sent from the CAS Developers mailing list archive at Nabble.com.
>>>
>>> --
>>> You are currently subscribed to [email protected] as:
>>> [email protected]
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-dev
>>>
>>
>> --
>> You are currently subscribed to [email protected] as:
>> [email protected]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-dev
>>
>
> --
> View this message in context:
> http://jasig.275507.n4.nabble.com/Clearpass-DotNetCasClient-ticket-does-not-match-supplied-service-tp2215801p2215942.html
> Sent from the CAS Developers mailing list archive at Nabble.com.
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-dev
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
