So, like this?
<param-value>
https://edns-test01.pepperdine.edu/cas-example
https://cas.pepperdine.edu:8443/cas/clearPass
https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx
https://cas.pepperdine.edu:8443/cas/clearPass
https://edns-test01.pepperdine.edu/castestP.php
https://cas.pepperdine.edu:8443/cas/clearPass
</param-value>
On May 13, 2010, at 4:44 PM, Scott Battaglia wrote:
> That's one chain. Proxy chains need to be separated by line breaks (if I
> remember correctly).
>
> Cheers,
> Scott
>
>
> On Thu, May 13, 2010 at 7:41 PM, Cary, Kim <[email protected]> wrote:
> And here's the allowedProxyChains parameter
>
> <init-param>
> <param-name>allowedProxyChains</param-name>
>
> <param-value>https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx
> https://edns-test01.pepperdine.edu/castestP.php
> https://cas.pepperdine.edu:8443/cas/clearPass</param-value>
> </init-param>
>
> we've tried the sbolan1 entry with and without :443 specified
>
> On May 13, 2010, at 4:25 PM, Scott B wrote:
>
> >
> > I modified the code to request a Proxy ticket for the CAS ClearPass URL. I
> > am now getting an 'Invalid proxy chain' error in the CAS logs.
> >
> >
> > CAS LOGS ==================================
> > 2010-05-13 16:15:17,529 INFO
> > [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket
> > [ST-72-0uyXcQCyhbJ96AcH15rI-pcas] for service
> > [https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx] for user
> > [sbolan]
> > 2010-05-13 16:15:17,762 INFO
> > [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket
> > [ST-73-zly7vOwYAheDcvQUaOaE-pcas] for service
> > [https://cas.pepperdine.edu:8443/cas/clearPass] for user
> > [https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx?proxyResponse=true]
> > 2010-05-13 16:15:17,778 INFO
> > [org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl] - No Proxy
> > Ticket found for
> > 2010-05-13 16:15:17,779 WARN
> > [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter]
> > -
> > org.jasig.cas.client.validation.InvalidProxyChainTicketValidationException:
> > Invalid proxy chain:
> > [https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx?proxyResponse=true]
> > org.jasig.cas.client.validation.InvalidProxyChainTicketValidationException:
> > Invalid proxy chain:
> > [https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx?proxyResponse=true]
> >
> >
> > MODIFIED C# CODE ==================================
> > protected void Page_Load(object sender, EventArgs e)
> > {
> > if (!Page.IsPostBack)
> > {
> > FormsAuthenticationTicket formsAuthTicket =
> > CasAuthentication.GetFormsAuthenticationTicket();
> > CasAuthenticationTicket casTicket =
> > CasAuthentication.ServiceTicketManager.GetTicket(formsAuthTicket.UserData);
> >
> > string validateUrl =
> > EnhancedUriBuilder.Combine(CasAuthentication.CasServerUrlPrefix,
> > "proxyValidate");
> >
> > //Uri url = new UriBuilder(Request.Url.Scheme,
> > Request.Url.DnsSafeHost, Request.Url.Port,
> > ResolveUrl("DotNetCasProxyDemoApp.application")).Uri;
> > //Uri url = new
> > Uri(@"https://sbolan1.pepperdine.edu/clearpass/Default.aspx";);
> > Uri url = new
> > Uri(@"https://cas.pepperdine.edu:8443/cas/clearPass";);
> > string proxyGrantingTicket = casTicket.ProxyGrantingTicket;
> > string proxyUrl =
> > UrlUtil.ConstructProxyTicketRequestUrl(casTicket.ProxyGrantingTicket,
> > url.AbsoluteUri);
> >
> > string ticket;
> > try
> > {
> > ticket =
> > CasAuthentication.GetProxyTicketIdFor(url.AbsoluteUri);
> > }
> > catch (InvalidOperationException ioe)
> > {
> > ticket = "Invalid Request: " + ioe.Message;
> > }
> > catch (TicketValidationException tve)
> > {
> > ticket = "Ticket Exception: " + tve.Message;
> > }
> >
> > string originalTicket = ticket;
> > string clickOnceValidation = validateUrl + "?service=" +
> > Server.UrlEncode(url.AbsoluteUri) + "&proxyTicket=" + ticket;
> >
> > string appUrl = new UriBuilder(Request.Url.Scheme,
> > Request.Url.DnsSafeHost, Request.Url.Port, ResolveUrl("Default.aspx"),
> > "?proxyTicket=" + ticket + "&verifyUrl=" +
> > Server.UrlEncode(validateUrl)).Uri.AbsoluteUri;
> >
> > string clearPassURL =
> > @"https://cas.pepperdine.edu:8443/cas/clearPass?ticket="; + ticket;
> >
> > /*=======================================================*/
> > /* START OWA CODE */
> > string ClearPassUrl =
> > "https://cas.pepperdine.edu:8443/cas/clearPass";;
> >
> > string ArtifactParameterName = "ticket";
> > string proxyTicket = ticket;
> > string ServiceParameterName = "service";
> >
> > //string clearPassRequest = ClearPassUrl + "?" +
> > ArtifactParameterName + "=" + proxyTicket + "&" + ServiceParameterName + "="
> > + @"https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx";
> > string clearPassRequest = ClearPassUrl + "?" +
> > ArtifactParameterName + "=" + proxyTicket + "&" + ServiceParameterName + "="
> > + @"https%3A%2F%2Fcas.pepperdine.edu%3A8443%2Fcas%2FclearPass";
> >
> >
> > string clearPassResponse;
> > StreamReader reader = null;
> > try
> > {
> > /* start get */
> > // THIS IS DOING A GET
> > reader = new StreamReader(new
> > WebClient().OpenRead(clearPassRequest));
> > clearPassResponse = reader.ReadToEnd();
> > /* end get */
> >
> > /* start post */
> > // THIS IS DOING A POST
> > //WebClient client = new WebClient();
> > //byte[] bret = client.UploadData(clearPassRequest,
> > "POST", System.Text.Encoding.ASCII.GetBytes(""));
> > //string sret =
> > System.Text.Encoding.ASCII.GetString(bret);
> >
> > //clearPassResponse = sret;
> > //client.Dispose();
> > /* end post */
> >
> > }
> > catch (Exception ex)
> > {
> > throw new HttpException(500, "Error getting response
> > from clearPass at URL: " + clearPassRequest + ". " + ex.Message, ex);
> > }
> > finally
> > {
> > if (reader != null)
> > {
> > reader.Close();
> > }
> > }
> >
> > /* END OWA CODE */
> > /*=======================================================*/
> >
> >
> > StringBuilder debugText = new StringBuilder();
> > debugText.AppendLine("originalTicket");
> > debugText.AppendLine(originalTicket);
> > debugText.AppendLine();
> >
> > debugText.AppendLine("Your PGT");
> > debugText.AppendLine(proxyGrantingTicket);
> > debugText.AppendLine();
> >
> > debugText.AppendLine("Target Service URL");
> > debugText.AppendLine(url.AbsoluteUri);
> > debugText.AppendLine();
> >
> > debugText.AppendLine("Proxy Ticket URL");
> > debugText.AppendLine(proxyUrl);
> > debugText.AppendLine();
> >
> > debugText.AppendLine("Proxy Ticket");
> > debugText.AppendLine(ticket);
> > debugText.AppendLine();
> >
> > debugText.AppendLine("Validate URL");
> > debugText.AppendLine(validateUrl);
> > debugText.AppendLine();
> >
> > debugText.AppendLine("ClickOnce URL");
> > debugText.AppendLine(appUrl);
> > debugText.AppendLine();
> >
> > debugText.AppendLine("ClickOnce Validation");
> > debugText.AppendLine(clickOnceValidation);
> > debugText.AppendLine();
> >
> > debugText.AppendLine("Clearpass URL");
> > debugText.AppendLine(clearPassURL);
> > debugText.AppendLine();
> >
> > debugText.AppendLine("clearPassRequest");
> > debugText.AppendLine(clearPassRequest);
> > debugText.AppendLine();
> >
> > debugText.AppendLine("clearPassResponse");
> > debugText.AppendLine(clearPassResponse);
> > debugText.AppendLine();
> >
> > DebugField.Text = debugText.ToString();
> > ClickOnceUrl.Text = appUrl;
> > }
> > }
> >
> > WEBSERVER LOGS ===================================
> > 137.159.68.98 - - [13/May/2010:16:15:17 -0700] "POST
> > /cas/login?service=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx
> > HTTP/1.1" 302 -
> > 137.159.68.98 - - [13/May/2010:16:15:17 -0700] "GET
> > /cas/proxyValidate?ticket=ST-72-0uyXcQCyhbJ96AcH15rI-pcas&service=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx&pgtUrl=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx%3fproxyResponse%3dtrue
> > HTTP/1.1" 200 264
> > 137.159.68.98 - - [13/May/2010:16:15:17 -0700] "GET
> > /cas/proxy?pgt=TGT-61-Uhi5weQA9AMNbBdazEROWbdyl7lfuUD6aibUIZuMIHvDVrLgBp-pcas&targetService=https%3a%2f%2fcas.pepperdine.edu%3a8443%2fcas%2fclearPass
> > HTTP/1.1" 200 193
> > 137.159.9.7 - - [13/May/2010:16:15:17 -0700] "GET
> > /cas/proxyValidate?service=https%3A%2F%2Fcas.pepperdine.edu%3A8443%2Fcas%2FclearPass&ticket=ST-73-zly7vOwYAheDcvQUaOaE-pcas&
> > HTTP/1.1" 200 313
> > 137.159.68.98 - - [13/May/2010:16:15:17 -0700] "GET
> > /cas/clearPass?ticket=ST-73-zly7vOwYAheDcvQUaOaE-pcas&service=https%3A%2F%2Fcas.pepperdine.edu%3A8443%2Fcas%2FclearPass
> > HTTP/1.1" 302 -
> > 137.159.68.98 - - [13/May/2010:16:15:17 -0700] "GET /cas/clearPass HTTP/1.1"
> > 200 177
> > 137.159.68.98 - - [13/May/2010:16:15:29 -0700] "GET /logs/cas.log HTTP/1.1"
> > 200 308265
> >
> >
> >
> > Scott Battaglia-2 wrote:
> >>
> >> You're requesting a proxy ticket for your own service. You need to
> >> request
> >> a proxy ticket to access the ClearPass service.
> >>
> >>
> >> On Thu, May 13, 2010 at 5:32 PM, Scott B <[email protected]>
> >> wrote:
> >>
> >>>
> >>> I am getting the following response when contacting clearPass via the
> >>> DotNetCasClient
> >>>
> >>> <cas:clearPassResponse xmlns:cas='http://www.yale.edu/tp/cas'>
> >>> <cas:clearPassFailure>No authentication information
> >>> provided.</cas:clearPassFailure>
> >>> </cas:clearPassResponse>
> >>>
> >>> I have attached the associated C# code, web.config, C# logs, webserver
> >>> logs,
> >>> and CAS logs below. I used the OWA code as a template for my code.
> >>>
> >>> The most interesting error comes from the CAS logs
> >>>
> >>> 2010-05-13 14:20:42,724 WARN
> >>> [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter]
> >>> - org.jasig.cas.client.validation.TicketValidationException:
> >>> ticket 'ST-57-beOjozKFxt5fnukAr2Yf-pcas' does not match
> >>> supplied service.
> >>> The original service was
> >>> 'https://sbolan1.pepperdine.edu/clearpass/Default.aspx' and the supplied
> >>> service was 'https://cas.pepperdine.edu:8443/cas/clearPass'.
> >>>
> >>> The only place CASis called with
> >>> https://cas.pepeprdine.edu:8443/cas/clearPas is highlighted in the web
> >>> server logs below.
> >>>
> >>> It is also interesting to me that CAS is granting two tickets 'ST-56' and
> >>> 'ST-57'.
> >>>
> >>> Thanks for any help or tips in debugging this issue.
> >>>
> >>> ======================================================
> >>> web.config ===========================================
> >>> ======================================================
> >>> <casClientConfig
> >>> casServerLoginUrl="https://cas.pepperdine.edu:8443/cas/login";
> >>> serverName="https://sbolan1.pepperdine.edu";
> >>> casServerUrlPrefix="https://cas.pepperdine.edu:8443/cas";
> >>> redirectAfterValidation="true"
> >>> gateway="true"
> >>> renew="false"
> >>> ticketValidatorName="Cas20"
> >>> ticketTimeTolerance="5000"
> >>> singleSignOut="false"
> >>> proxyTicketManager="CacheProxyTicketManager"
> >>> serviceTicketManager="CacheServiceTicketManager"
> >>> gatewayStatusCookieName="CasGatewayStatus"
> >>>
> >>>
> >>>
> >>> ======================================================
> >>> C# code ==============================================
> >>> ======================================================
> >>> protected void Page_Load(object sender, EventArgs e)
> >>> {
> >>> if (!Page.IsPostBack)
> >>> {
> >>> FormsAuthenticationTicket formsAuthTicket =
> >>> CasAuthentication.GetFormsAuthenticationTicket();
> >>> CasAuthenticationTicket casTicket =
> >>> CasAuthentication.ServiceTicketManager.GetTicket(formsAuthTicket.UserData);
> >>>
> >>> string validateUrl =
> >>> EnhancedUriBuilder.Combine(CasAuthentication.CasServerUrlPrefix,
> >>> "proxyValidate");
> >>>
> >>> //Uri url = new UriBuilder(Request.Url.Scheme,
> >>> Request.Url.DnsSafeHost, Request.Url.Port,
> >>> ResolveUrl("DotNetCasProxyDemoApp.application")).Uri;
> >>> Uri url = new
> >>> Uri(@"https://sbolan1.pepperdine.edu/clearpass/Default.aspx";);
> >>> string proxyGrantingTicket =
> >>> casTicket.ProxyGrantingTicket;
> >>> string proxyUrl =
> >>> UrlUtil.ConstructProxyTicketRequestUrl(casTicket.ProxyGrantingTicket,
> >>> url.AbsoluteUri);
> >>>
> >>> string ticket;
> >>> try
> >>> {
> >>> ticket =
> >>> CasAuthentication.GetProxyTicketIdFor(url.AbsoluteUri);
> >>> }
> >>> catch (InvalidOperationException ioe)
> >>> {
> >>> ticket = "Invalid Request: " + ioe.Message;
> >>> }
> >>> catch (TicketValidationException tve)
> >>> {
> >>> ticket = "Ticket Exception: " + tve.Message;
> >>> }
> >>>
> >>> string originalTicket = ticket;
> >>> string clickOnceValidation = validateUrl + "?service=" +
> >>> Server.UrlEncode(url.AbsoluteUri) + "&proxyTicket=" + ticket;
> >>>
> >>> string appUrl = new UriBuilder(Request.Url.Scheme,
> >>> Request.Url.DnsSafeHost, Request.Url.Port, ResolveUrl("Default.aspx"),
> >>> "?proxyTicket=" + ticket + "&verifyUrl=" +
> >>> Server.UrlEncode(validateUrl)).Uri.AbsoluteUri;
> >>>
> >>> string clearPassURL =
> >>> @"https://cas.pepperdine.edu:8443/cas/clearPass?ticket="; + ticket;
> >>>
> >>>
> >>> /*=======================================================*/
> >>> /* START OWA CODE */
> >>> string ClearPassUrl =
> >>> "https://cas.pepperdine.edu:8443/cas/clearPass";;
> >>>
> >>> string ArtifactParameterName = "ticket";
> >>> string proxyTicket = ticket;
> >>> string ServiceParameterName = "service";
> >>>
> >>> string clearPassRequest = ClearPassUrl + "?" +
> >>> ArtifactParameterName + "=" + proxyTicket + "&" + ServiceParameterName +
> >>> "="
> >>> + @"https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx";
> >>>
> >>>
> >>> string clearPassResponse;
> >>> StreamReader reader = null;
> >>> try
> >>> {
> >>> /* start get */
> >>> // THIS IS DOING A GET
> >>> reader = new StreamReader(new
> >>> WebClient().OpenRead(clearPassRequest));
> >>> clearPassResponse = reader.ReadToEnd();
> >>> /* end get */
> >>>
> >>> /* start post */
> >>> // THIS IS DOING A POST
> >>> //WebClient client = new WebClient();
> >>> //byte[] bret = client.UploadData(clearPassRequest,
> >>> "POST", System.Text.Encoding.ASCII.GetBytes(""));
> >>> //string sret =
> >>> System.Text.Encoding.ASCII.GetString(bret);
> >>>
> >>> //clearPassResponse = sret;
> >>> //client.Dispose();
> >>> /* end post */
> >>>
> >>> }
> >>> catch (Exception ex)
> >>> {
> >>> throw new HttpException(500, "Error getting response
> >>> from clearPass at URL: " + clearPassRequest + ". " + ex.Message, ex);
> >>> }
> >>> finally
> >>> {
> >>> if (reader != null)
> >>> {
> >>> reader.Close();
> >>> }
> >>> }
> >>>
> >>> /* END OWA CODE */
> >>>
> >>> /*=======================================================*/
> >>>
> >>>
> >>> StringBuilder debugText = new StringBuilder();
> >>> debugText.AppendLine("originalTicket");
> >>> debugText.AppendLine(originalTicket);
> >>> debugText.AppendLine();
> >>>
> >>> debugText.AppendLine("Your PGT");
> >>> debugText.AppendLine(proxyGrantingTicket);
> >>> debugText.AppendLine();
> >>>
> >>> debugText.AppendLine("Target Service URL");
> >>> debugText.AppendLine(url.AbsoluteUri);
> >>> debugText.AppendLine();
> >>>
> >>> debugText.AppendLine("Proxy Ticket URL");
> >>> debugText.AppendLine(proxyUrl);
> >>> debugText.AppendLine();
> >>>
> >>> debugText.AppendLine("Proxy Ticket");
> >>> debugText.AppendLine(ticket);
> >>> debugText.AppendLine();
> >>>
> >>> debugText.AppendLine("Validate URL");
> >>> debugText.AppendLine(validateUrl);
> >>> debugText.AppendLine();
> >>>
> >>> debugText.AppendLine("ClickOnce URL");
> >>> debugText.AppendLine(appUrl);
> >>> debugText.AppendLine();
> >>>
> >>> debugText.AppendLine("ClickOnce Validation");
> >>> debugText.AppendLine(clickOnceValidation);
> >>> debugText.AppendLine();
> >>>
> >>> debugText.AppendLine("Clearpass URL");
> >>> debugText.AppendLine(clearPassURL);
> >>> debugText.AppendLine();
> >>>
> >>> debugText.AppendLine("clearPassRequest");
> >>> debugText.AppendLine(clearPassRequest);
> >>> debugText.AppendLine();
> >>>
> >>> debugText.AppendLine("clearPassResponse");
> >>> debugText.AppendLine(clearPassResponse);
> >>> debugText.AppendLine();
> >>>
> >>> DebugField.Text = debugText.ToString();
> >>> ClickOnceUrl.Text = appUrl;
> >>> }
> >>> }
> >>>
> >>>
> >>>
> >>> ======================================================
> >>> C# logs ==============================================
> >>> ======================================================
> >>> 2010-05-13 14:20:35,269 [7] DEBUG CasAuthenticationModule - Starting
> >>> BeginRequest for /clearpass/Default.aspx
> >>> 2010-05-13 14:20:35,269 [7] DEBUG CasAuthenticationModule - Ending
> >>> BeginRequest for /clearpass/Default.aspx
> >>> 2010-05-13 14:20:35,269 [7] DEBUG CasAuthenticationModule - Starting
> >>> AuthenticateRequest for /clearpass/Default.aspx
> >>> 2010-05-13 14:20:35,269 [7] DEBUG CasAuthenticationModule - Ending
> >>> AuthenticateRequest for /clearpass/Default.aspx
> >>> 2010-05-13 14:20:35,285 [7] DEBUG CasAuthenticationModule - Starting
> >>> EndRequest for /clearpass/Default.aspx
> >>> 2010-05-13 14:20:35,285 [7] DEBUG CasAuthenticationModule - Redirecting
> >>> to
> >>> CAS Login Page
> >>> 2010-05-13 14:20:35,285 [7] DEBUG UrlUtil - ConstructServiceUri:return
> >>> generated serviceUri:
> >>> https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx
> >>> 2010-05-13 14:20:35,300 [7] DEBUG UrlUtil - ConstructLoginRedirectUrl:
> >>> redirectToUrl=>
> >>> https://cas.pepperdine.edu:8443/cas/login?service=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx
> >>> <
> >>> 2010-05-13 14:20:35,300 [7] DEBUG CasAuthenticationModule - Ending
> >>> EndRequest for /clearpass/Default.aspx
> >>> 2010-05-13 14:20:42,660 [7] DEBUG CasAuthenticationModule - Starting
> >>> BeginRequest for
> >>> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas
> >>> 2010-05-13 14:20:42,660 [7] DEBUG CasAuthenticationModule - Ending
> >>> BeginRequest for
> >>> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas
> >>> 2010-05-13 14:20:42,660 [7] DEBUG CasAuthenticationModule - Processing
> >>> Proxy
> >>> Callback request
> >>> 2010-05-13 14:20:42,675 [7] DEBUG UrlUtil - ConstructServiceUri:return
> >>> generated serviceUri:
> >>> https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx
> >>> 2010-05-13 14:20:42,675 [7] DEBUG AbstractUrlTicketValidator -
> >>> Validate:Constructed validation
> >>> url:
> >>> https://cas.pepperdine.edu:8443/cas/proxyValidate?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas&service=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx&pgtUrl=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx%3fproxyResponse%3dtrue
> >>> 2010-05-13<https://cas.pepperdine.edu:8443/cas/proxyValidate?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas&service=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx&pgtUrl=https%3a%2f%2fsbolan1.pepperdine.edu%3a443%2fclearpass%2fDefault.aspx%3fproxyResponse%3dtrue%0A2010-05-13>14:20:42,691
> >>> [1] DEBUG CasAuthenticationModule - Starting
> >>> BeginRequest for /clearpass/Default.aspx?proxyResponse=true
> >>> 2010-05-13 14:20:42,691 [1] DEBUG CasAuthenticationModule - Processing
> >>> Proxy
> >>> Callback request
> >>> 2010-05-13 14:20:42,691 [1] DEBUG CasAuthenticationModule - Starting
> >>> EndRequest for /clearpass/Default.aspx?proxyResponse=true
> >>> 2010-05-13 14:20:42,707 [1] DEBUG CasAuthenticationModule - Ending
> >>> EndRequest for /clearpass/Default.aspx?proxyResponse=true
> >>> 2010-05-13 14:20:42,707 [1] DEBUG CasAuthenticationModule - Starting
> >>> BeginRequest for
> >>>
> >>> /clearpass/Default.aspx?proxyResponse=true&pgtIou=PGTIOU-23-NXdaF5TLRccbuTkdt5Xv-pcas&pgtId=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas
> >>> 2010-05-13 14:20:42,722 [1] DEBUG CasAuthenticationModule - Processing
> >>> Proxy
> >>> Callback request
> >>> 2010-05-13 14:20:42,722 [1] DEBUG CasAuthentication - Recieved
> >>> proxyGrantingTicketId
> >>> [TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas] for
> >>> proxyGrantingTicketIou [PGTIOU-23-NXdaF5TLRccbuTkdt5Xv-pcas]
> >>> 2010-05-13 14:20:42,722 [1] DEBUG CasAuthenticationModule - Starting
> >>> EndRequest for
> >>>
> >>> /clearpass/Default.aspx?proxyResponse=true&pgtIou=PGTIOU-23-NXdaF5TLRccbuTkdt5Xv-pcas&pgtId=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas
> >>> 2010-05-13 14:20:42,738 [1] DEBUG CasAuthenticationModule - Ending
> >>> EndRequest for
> >>>
> >>> /clearpass/Default.aspx?proxyResponse=true&pgtIou=PGTIOU-23-NXdaF5TLRccbuTkdt5Xv-pcas&pgtId=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas
> >>> 2010-05-13 14:20:42,738 [7] DEBUG AbstractUrlTicketValidator -
> >>> Validate:Ticket validation server response:><cas:serviceResponse
> >>> xmlns:cas='http://www.yale.edu/tp/cas'>
> >>> <cas:authenticationSuccess>
> >>> <cas:user>sbolan</cas:user>
> >>>
> >>>
> >>>
> >>> <cas:proxyGrantingTicket>PGTIOU-23-NXdaF5TLRccbuTkdt5Xv-pcas</cas:proxyGrantingTicket>
> >>>
> >>>
> >>> </cas:authenticationSuccess>
> >>> </cas:serviceResponse><
> >>> 2010-05-13 14:20:42,753 [7] DEBUG UrlUtil - RemoveCasArtifactsFromUrl:
> >>> redirectToUrl=>https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx<
> >>> 2010-05-13 14:20:42,753 [7] DEBUG CasAuthentication -
> >>> CreateFormsAuthenticationTicket:Incoming CAS Assertion:
> >>> ST-56-enSPfWgYfEaBabxRLLg5-pcas
> >>> 2010-05-13 14:20:42,753 [7] DEBUG CasAuthenticationModule - Starting
> >>> AuthenticateRequest for
> >>> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas
> >>> 2010-05-13 14:20:42,769 [7] DEBUG CasAuthenticationModule - Ending
> >>> AuthenticateRequest for
> >>> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas
> >>> 2010-05-13 14:20:42,769 [7] DEBUG CasAuthenticationModule - Starting
> >>> EndRequest for
> >>> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas
> >>> 2010-05-13 14:20:42,769 [7] DEBUG CasAuthenticationModule - Redirecting
> >>> from login callback
> >>> 2010-05-13 14:20:42,785 [7] DEBUG UrlUtil - RemoveCasArtifactsFromUrl:
> >>> redirectToUrl=>https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx<
> >>> 2010-05-13 14:20:42,785 [7] DEBUG CasAuthenticationModule - Ending
> >>> EndRequest for
> >>> /clearpass/Default.aspx?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas
> >>> 2010-05-13 14:20:42,800 [1] DEBUG CasAuthenticationModule - Starting
> >>> BeginRequest for /clearpass/Default.aspx
> >>> 2010-05-13 14:20:42,800 [1] DEBUG CasAuthenticationModule - Ending
> >>> BeginRequest for /clearpass/Default.aspx
> >>> 2010-05-13 14:20:42,800 [1] DEBUG CasAuthenticationModule - Starting
> >>> AuthenticateRequest for /clearpass/Default.aspx
> >>> 2010-05-13 14:20:42,816 [1] DEBUG CasAuthenticationModule - Ending
> >>> AuthenticateRequest for /clearpass/Default.aspx
> >>> 2010-05-13 14:20:42,847 [1] DEBUG UrlUtil -
> >>> ConstructProxyTicketRequestUrl:return generated proxy ticket request Uri:
> >>>
> >>> https://cas.pepperdine.edu:8443/cas/proxy?pgt=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas&targetService=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx
> >>> 2010-05-13<https://cas.pepperdine.edu:8443/cas/proxy?pgt=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas&targetService=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx%0A2010-05-13>14:20:42,863
> >>> [1] DEBUG UrlUtil -
> >>> ConstructProxyTicketRequestUrl:return generated proxy ticket request Uri:
> >>>
> >>> https://cas.pepperdine.edu:8443/cas/proxy?pgt=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas&targetService=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx
> >>> 2010-05-13<https://cas.pepperdine.edu:8443/cas/proxy?pgt=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas&targetService=https%3a%2f%2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx%0A2010-05-13>14:20:42,863
> >>> [1] DEBUG CasAuthentication - Proxy success:
> >>> ST-57-beOjozKFxt5fnukAr2Yf-pcas
> >>> 2010-05-13 14:20:42,972 [1] DEBUG CasAuthenticationModule - Starting
> >>> EndRequest for /clearpass/Default.aspx
> >>> 2010-05-13 14:20:42,972 [1] DEBUG CasAuthenticationModule - Ending
> >>> EndRequest for /clearpass/Default.aspx
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> ======================================================
> >>> webserver logs =======================================
> >>> ======================================================
> >>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET
> >>> /cas/login?service=https%3a%2f%2fsbolan1.pepperdine.edu
> >>> %3a443%2fclearpass%2fDefault.aspx
> >>> HTTP/1.1" 200 4982
> >>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET /cas/css/cas.css
> >>> HTTP/1.1" 304 -
> >>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET
> >>> /cas/js/common_rosters.js HTTP/1.1" 304 -
> >>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET /cas/css/ie_cas.css
> >>> HTTP/1.1" 304 -
> >>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET
> >>> /cas/images/pepperdine.png HTTP/1.1" 304 -
> >>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET
> >>> /cas/images/ja-sig-logo.gif HTTP/1.1" 304 -
> >>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET
> >>> /cas/images/key-point_tr.gif HTTP/1.1" 304 -
> >>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET
> >>> /cas/images/key-point_tl.gif HTTP/1.1" 304 -
> >>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET
> >>> /cas/images/key-point_br.gif HTTP/1.1" 304 -
> >>> 137.159.68.98 - - [13/May/2010:14:20:35 -0700] "GET
> >>> /cas/images/key-point_bl.gif HTTP/1.1" 304 -
> >>> 137.159.68.98 - - [13/May/2010:14:20:42 -0700] "POST
> >>> /cas/login?service=https%3a%2f%2fsbolan1.pepperdine.edu
> >>> %3a443%2fclearpass%2fDefault.aspx
> >>> HTTP/1.1" 302 -
> >>> 137.159.68.98 - - [13/May/2010:14:20:42 -0700] "GET
> >>>
> >>> /cas/proxyValidate?ticket=ST-56-enSPfWgYfEaBabxRLLg5-pcas&service=https%3a%2f%
> >>> 2fsbolan1.pepperdine.edu
> >>> %3a443%2fclearpass%2fDefault.aspx&pgtUrl=https%3a%2f%
> >>> 2fsbolan1.pepperdine.edu
> >>> %3a443%2fclearpass%2fDefault.aspx%3fproxyResponse%3dtrue
> >>> HTTP/1.1" 200 264
> >>> 137.159.68.98 - - [13/May/2010:14:20:42 -0700] "GET
> >>>
> >>> /cas/proxy?pgt=TGT-45-T05rL3V2vCubkbnMvD9JJdzw2m5Ww1adSG6GLLa27Z7jfmcham-pcas&targetService=https%3a%2f%
> >>> 2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx
> >>> HTTP/1.1" 200 193
> >>> 137.159.9.7 - - [13/May/2010:14:20:42 -0700] "GET
> >>> /cas/proxyValidate?service=https%3A%2F%2Fcas.pepperdine.edu
> >>> %3A8443%2Fcas%2FclearPass&ticket=ST-57-beOjozKFxt5fnukAr2Yf-pcas&
> >>> HTTP/1.1" 200 431
> >>> 137.159.68.98 - - [13/May/2010:14:20:42 -0700] "GET
> >>> /cas/clearPass?ticket=ST-57-beOjozKFxt5fnukAr2Yf-pcas&service=https%3a%2f%
> >>> 2fsbolan1.pepperdine.edu%2fclearpass%2fDefault.aspx
> >>> HTTP/1.1" 302 -
> >>> 137.159.68.98 - - [13/May/2010:14:20:42 -0700] "GET /cas/clearPass
> >>> HTTP/1.1"
> >>> 200 177
> >>>
> >>>
> >>>
> >>>
> >>> ======================================================
> >>> CAS logs =============================================
> >>> ======================================================
> >>> 2010-05-13 14:20:41,736 INFO
> >>> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - Search for
> >>> sAMAccountName=sbolan returned 0 results.
> >>> 2010-05-13 14:20:42,393 INFO
> >>> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket
> >>> [ST-56-enSPfWgYfEaBabxRLLg5-pcas] for service
> >>> [https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx] for user
> >>> [sbolan]
> >>> 2010-05-13 14:20:42,623 INFO
> >>> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket
> >>> [ST-57-beOjozKFxt5fnukAr2Yf-pcas] for service
> >>> [https://sbolan1.pepperdine.edu/clearpass/Default.aspx] for user
> >>> [
> >>> https://sbolan1.pepperdine.edu:443/clearpass/Default.aspx?proxyResponse=true
> >>> ]
> >>> 2010-05-13 14:20:42,635 ERROR
> >>> [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket
> >>> [ST-57-beOjozKFxt5fnukAr2Yf-pcas] with service
> >>> [https://sbolan1.pepperdine.edu/clearpass/Default.aspx does not match
> >>> supplied service [https://cas.pepperdine.edu:8443/cas/clearPass]
> >>> 2010-05-13 14:20:42,724 WARN
> >>> [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter]
> >>> - org.jasig.cas.client.validation.TicketValidationException:
> >>> ticket 'ST-57-beOjozKFxt5fnukAr2Yf-pcas' does not match
> >>> supplied service.
> >>> The original service was
> >>> 'https://sbolan1.pepperdine.edu/clearpass/Default.aspx' and the supplied
> >>> service was 'https://cas.pepperdine.edu:8443/cas/clearPass'.
> >>>
> >>> org.jasig.cas.client.validation.TicketValidationException:
> >>> ticket 'ST-57-beOjozKFxt5fnukAr2Yf-pcas' does not match
> >>> supplied service.
> >>> The original service was
> >>> 'https://sbolan1.pepperdine.edu/clearpass/Default.aspx' and the supplied
> >>> service was 'https://cas.pepperdine.edu:8443/cas/clearPass'.
> >>>
> >>> at
> >>>
> >>> org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:73)
> >>> at
> >>>
> >>> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)
> >>> at
> >>>
> >>> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
> >>> at
> >>>
> >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> >>> at
> >>>
> >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> >>> at
> >>>
> >>> org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
> >>> at
> >>>
> >>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
> >>> at
> >>>
> >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> >>> at
> >>>
> >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> >>> at
> >>>
> >>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> >>> at
> >>>
> >>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> >>> at
> >>>
> >>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> >>> at
> >>>
> >>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> >>> at
> >>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
> >>> at
> >>>
> >>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> >>> at
> >>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
> >>> at
> >>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
> >>> at
> >>>
> >>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> >>> at
> >>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> >>> at java.lang.Thread.run(Thread.java:613)
> >>> --
> >>> View this message in context:
> >>> http://jasig.275507.n4.nabble.com/Clearpass-DotNetCasClient-ticket-does-not-match-supplied-service-tp2215801p2215801.html
> >>> Sent from the CAS Developers mailing list archive at Nabble.com.
> >>>
> >>> --
> >>> You are currently subscribed to [email protected] as:
> >>> [email protected]
> >>> To unsubscribe, change settings or access archives, see
> >>> http://www.ja-sig.org/wiki/display/JSG/cas-dev
> >>>
> >>
> >> --
> >> You are currently subscribed to [email protected] as:
> >> [email protected]
> >> To unsubscribe, change settings or access archives, see
> >> http://www.ja-sig.org/wiki/display/JSG/cas-dev
> >>
> >
> > --
> > View this message in context:
> > http://jasig.275507.n4.nabble.com/Clearpass-DotNetCasClient-ticket-does-not-match-supplied-service-tp2215801p2215942.html
> > Sent from the CAS Developers mailing list archive at Nabble.com.
> >
> > --
> > You are currently subscribed to [email protected] as:
> > [email protected]
> > To unsubscribe, change settings or access archives, see
> > http://www.ja-sig.org/wiki/display/JSG/cas-dev
>
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-dev
>
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-dev
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
