Hi, I'm new to CAS and also the community.
I have a new CAS setup working, but I'm facing this same problem reported by Conan. I wonder if you found a solution or the cause of this issue? Best regards. Daniel. On Friday, May 27, 2016 at 2:33:53 AM UTC-5, Conan Malone wrote: > > cas.log shows nothing at all and cas-management.log shows the > '[org.jasig.cas.client.util.CommonUtils] - Server returned HTTP response > code: 403 for URL:' error that I posted above. The only apps I have > installed right now are cas and the management app, can log into CAS fine > with casuser goes to the 'Login successful' page. > > On Thursday, May 26, 2016 at 5:53:41 PM UTC+1, Misagh Moayyed wrote: >> >> Does the CAS server produce any logs when it attempts to validate that >> ticket? Can you log into any other apps beside the management webapp? >> >> >> >> *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Conan >> Malone >> *Sent:* Thursday, May 26, 2016 2:11 AM >> *To:* CAS Community <[email protected]> >> *Subject:* [cas-user] Cas-Service-Management-Overlay still not working >> (more info) >> >> >> >> Hi, >> >> >> >> I'm making a new post as I feel there maybe wasn't enough information in >> my last one for anyone to help me out. >> >> >> >> I have downloaded the cas-overlay-template and >> cas-service-management-overlay (4.2.2), copied the correct files to >> /etc/cas/ and ran mvnw clean package on both of them with build success so >> that all seems fine. (both deployed in tomcat as ROOT.war and >> cas-services.war). >> >> >> >> I can go to https://mycasdomain.com/ and it goes to the login page, I >> can then log in with casuser,Mellon and this works fine (also can do RADIUS >> authentication). My problem seems to be with the cas-services-management >> as when I go to https://mycasdomain.com/cas-services/ (looking at >> network on chrome) I get redirected to manage.html which redirects to the >> login page as expected with url ' >> https://mycasdomain/login?service=https%3A%2F%2Fmycasdomain%2Fcas-services%2Fcallback%3Fclient_name%3DCasClient'. >> >> The page has the 'Services Management Web Application' box at the top so I >> assume services are correctly set up. I then log in with casuser,Mellon >> and get 'The CAS management webapp is unavailable' screen. >> >> >> >> The login page redirected me to ' >> https://mycasdomain.com/cas-services/callback?client_name=CasClient&ticket=ST-7-1df43YSsUctajcAt1miS-mycasdomain.com' >> >> and gave a HTTP status 500. >> >> >> >> But looking through logs I find that I get a HTTP status 403 just before >> I get the 500 on a different address which is >> https://mycasdomain.com/p3/serviceValidate?ticket=ST-7-1df43YSsUctajcAt1miS-mycasdomain.com&service=https%3A%2F%2Fmycasdomain.com%2Fcas-services%2Fcallback%3Fclient_name%3DCasClient'. >> >> If I put this address in my browser I get presented with >> >> >> >> >> ---------------------------------------------------------------------------------- >> >> >> >> <cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas";> >> >> <cas:authenticationSuccess> >> >> <cas:user>casuser</cas:user> >> >> <cas:attributes> >> >> >> <cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed> >> >> <cas:isFromNewLogin>true</cas:isFromNewLogin> >> >> >> <cas:authenticationDate>2016-05-26T09:53:00.011+01:00</cas:authenticationDate> >> >> </cas:attributes> >> >> </cas:authenticationSuccess> >> >> </cas:serviceResponse> >> >> >> >> >> ---------------------------------------------------------------------------------- >> >> >> >> I'll put snippets from the parts I have changed in cas.properties, >> cas-management.properties below. *Can someone have a look through this >> and see if I am missing anything? * >> >> >> >> *p.s. I also have my CAS server behind a load balancer so it needs to go >> out the network to https://mycasdomain.com/ <https://mycasdomain.com/> and >> come back in through the load balancer back to the CAS server.. But I was >> thinking if there is a problem with this surely the normal cas login >> wouldn't work?* >> >> >> >> Thanks in advance, >> >> Conan >> >> >> >> >> >> ----------------------snippets and logs---------------------- >> >> >> >> server.name=https://mycasdomain.com >> >> server.prefix=${server.name} >> >> >> >> # security configuration based on IP address to access the /status and >> /statistics pages >> >> cas.securityContext.adminpages.ip=127\.0\.0\.1 >> >> >> >> >> >> ## >> >> # Unique CAS node name >> >> # host.name is used to generate unique Service Ticket IDs and >> SAMLArtifacts. This is usually set to the specific >> >> # hostname of the machine running the CAS node, but it could be any label >> so long as it is unique in the cluster. >> >> host.name=mycasdomain.com >> >> >> >> ---------------------- >> >> >> >> # CAS >> >> cas.host=https://mycasdomain.com >> >> cas.prefix=${cas.host} >> >> >> cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${cas.prefix}/login >> >> >> >> # Management >> >> cas-management.host=${cas.host} >> >> cas-management.prefix=${cas-management.host}/cas-services >> >> >> cas-management.securityContext.serviceProperties.service=${cas-management.prefix}/callback >> >> >> >> # Security >> >> cas-management.securityContext.serviceProperties.adminRoles=ROLE_ADMIN >> >> pac4j.callback.defaultUrl=/manage.html >> >> >> >> # views >> >> cas-management.viewResolver.basename=default_views >> >> >> >> ## >> >> # User details file location that contains list of users >> >> # who are allowed access to the management webapp: >> >> # >> >> user.details.file.location = file:/etc/cas/user-details.properties >> >> >> >> ## >> >> # JSON Service Registry >> >> # >> >> # Directory location where JSON service files may be found. >> >> service.registry.config.location=file:/etc/cas/services >> >> >> >> ---------------------- >> >> >> >> 2016-05-26 10:05:23,048 ERROR [org.jasig.cas.client.util.CommonUtils] - >> Server returned HTTP response code: 403 for URL: >> https://mycasdomain.com/p3/serviceValidate?ticket=ST-9-MbZeb0hglH5p4OW3HUAn-mycasdomain.com&service=https%3A%2F%2Fmycasdomain.com%2Fcas-services%2Fcallback%3Fclient_name%3DCasClient >> >> java.io.IOException: Server returned HTTP response code: 403 for URL: >> https://mycasdomain.com/p3/serviceValidate?ticket=ST-9-MbZeb0hglH5p4OW3HUAn-mycasdomain.com&service=https%3A%2F%2Fmycasdomain.com%2Fcas-services%2Fcallback%3Fclient_name%3DCasClient >> >> at >> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1840) >> >> at >> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441) >> >> at >> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) >> >> at >> org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:431) >> >> at >> org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) >> >> at >> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) >> >> at >> org.pac4j.cas.client.CasClient.retrieveUserProfile(CasClient.java:321) >> >> at >> org.pac4j.cas.client.CasClient.retrieveUserProfile(CasClient.java:83) >> >> at >> org.pac4j.core.client.BaseClient.getUserProfile(BaseClient.java:99) >> >> at >> org.pac4j.core.client.BaseClient.getUserProfile(BaseClient.java:48) >> >> at >> org.pac4j.springframework.web.CallbackController.callback(CallbackController.java:81) >> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >> >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> >> at java.lang.reflect.Method.invoke(Method.java:498) >> >> at >> org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:222) >> >> at >> org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137) >> >> at >> org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110) >> >> at >> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:814) >> >> at >> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:737) >> >> at >> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) >> >> at >> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959) >> >> at >> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893) >> >> at >> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) >> >> at >> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) >> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:620) >> >> at >> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) >> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> >> at >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> >> at >> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) >> >> at >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) >> >> at >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) >> >> at >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> >> at >> org.jasig.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:62) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >> >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >> >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) >> >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) >> >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >> >> at >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) >> >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >> >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) >> >> at >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040) >> >> at >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607) >> >> at >> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) >> >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) >> >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) >> >> at >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >> >> at java.lang.Thread.run(Thread.java:745) >> >> >> >> >> >> >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f4f814e4-0dac-4996-ab4d-ac795b3848aa%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f4f814e4-0dac-4996-ab4d-ac795b3848aa%40apereo.org?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/a/apereo.org/d/optout. >> > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b1e90456-eda3-4c52-a1db-50b136b0e3e4%40apereo.org.
