Anusuya, It looks like cas redirects the browser with the service ticket (ST...). But there are no cas logs about validating the service ticket. This indicates that the target application is not processing the the service ticket correctly or is unable to connect to the cas server. Check target application configuration and logs.
Ray On Mon, 2022-10-03 at 10:54 -0700, Morning Star (vidivelli) wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi Ray, After enabling logger, 2022-10-03 10:43:36 [DEBUG] org.apereo.cas.services.RegisteredServiceAccessStrategyUtils Current authentication via ticket [TGT-1-*****S7zelhSYVY- brqalxyz300 ] allows service [https://qa7-cp.example.com/home/] to participate in the existing SSO session 2022-10-03 10:43:36 [DEBUG] org.apereo.cas.authentication.policy.RequiredHandlerAuthenticationPolicyFactory Required authentication handlers for this service [web] are [[]] 2022-10-03 10:43:36 [DEBUG] org.apereo.cas.ticket.factory.DefaultServiceTicketFactory Looking up service ticket id generator for [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl] 2022-10-03 10:43:36 [DEBUG] org.apereo.cas.ticket.registry.HazelcastTicketRegistry Adding ticket [TGT-1-*****S7zelhSYVY- brqalxyz300 ] with ttl [9223372036854775807s] 2022-10-03 10:43:36 [DEBUG] org.apereo.cas.ticket.registry.HazelcastTicketRegistry Locating map name [ticketGrantingTicketsCache] for ticket definition [DefaultTicketDefinition(implementationClass=class org.apereo.cas.ticket.TicketGrantingTicketImpl, prefix=TGT, properties=DefaultTicketDefinitionProperties(cascadeRemovals=false, storageName=ticketGrantingTicketsCache, storageTimeout=28800, storagePassword=null, excludeFromCascade=false), order=2147483647)] 2022-10-03 10:43:36 [DEBUG] org.apereo.cas.ticket.registry.HazelcastTicketRegistry Located Hazelcast map instance [ticketGrantingTicketsCache] 2022-10-03 10:43:36 [DEBUG] org.apereo.cas.ticket.registry.HazelcastTicketRegistry Added ticket [TGT-1-*****S7zelhSYVY-brqalxyz300] with ttl [9223372036854775807s] 2022-10-03 10:43:36 [DEBUG] org.apereo.cas.ticket.registry.HazelcastTicketRegistry Adding ticket [ST-1-JxIpepiwAy7W0nkTT9cgLlDUnoE- brqalxyz300 ] with ttl [10s] 2022-10-03 10:43:36 [DEBUG] org.apereo.cas.ticket.registry.HazelcastTicketRegistry Locating map name [serviceTicketsCache] for ticket definition [DefaultTicketDefinition(implementationClass=class org.apereo.cas.ticket.ServiceTicketImpl, prefix=ST, properties=DefaultTicketDefinitionProperties(cascadeRemovals=false, storageName=serviceTicketsCache, storageTimeout=10, storagePassword=null, excludeFromCascade=false), order=-2147483648)] 2022-10-03 10:43:36 [DEBUG] org.apereo.cas.ticket.registry.HazelcastTicketRegistry Located Hazelcast map instance [serviceTicketsCache] 2022-10-03 10:43:36 [DEBUG] org.apereo.cas.ticket.registry.HazelcastTicketRegistry Added ticket [ST-1-JxIpepiwAy7W0nkTT9cgLlDUnoE- brqalxyz300 ] with ttl [10s] 2022-10-03 10:43:36 [INFO] org.apereo.cas.DefaultCentralAuthenticationService Granted service ticket [ST-1-JxIpepiwAy7W0nkTT9cgLlDUnoE- brqalxyz300 ] for service [https://qa7-cp.example.com/home/] and principal [ca000...@test.com] 2022-10-03 10:43:36 [DEBUG] org.springframework.webflow.engine.Transition Completed transition execution. As a result, the flow execution has ended 2022-10-03 10:43:36 [DEBUG] org.springframework.webflow.mvc.servlet.FlowHandlerAdapter Sending external redirect to 'https://qa7-xyz.fdfffce.com/customer/?ticket=ST-1-JxIpepiwyy7W0nkTT9cgLlDUnoE-brqalint300' 2022-10-03 10:43:36 [DEBUG] org.springframework.web.servlet.DispatcherServlet Completed 302 FOUND 2022-10-03 10:43:41 [DEBUG] com.hazelcast.internal.partition.InternalPartitionService [localhost]:5701 [dev] [4.0.1] Checking partition state, version: 272 2022-10-03 10:43:41 [DEBUG] org.apache.http.impl.conn.PoolingHttpClientConnectionManager Connection manager is shutting down 2022-10-03 10:43:41 [DEBUG] org.apache.http.impl.conn.DefaultManagedHttpClientConnection http-outgoing-0: Close connection 2022-10-03 10:43:41 [DEBUG] org.apache.http.impl.conn.PoolingHttpClientConnectionManager Connection manager shut down In browser, I could see 401 unauthorized error :-( On Monday, October 3, 2022 at 10:55:01 PM UTC+5:30 Ray Bon wrote: Anusuya, What is in the cas logs? You may have to increase to debug. Ray On Mon, 2022-10-03 at 10:09 -0700, Morning Star (vidivelli) wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi all, We are developing new 5 test environments for existing CAS. With same CAS configuration and code, in one environment we are getting 401 unauthorized for ST. 1. Request URL: https://qa7-co.*******8.com/home/?ticket=ST-10-Ua6SNdU1hVuqTxhnTQ-z643rZws-brqalxyz311<http://8.com/home/?ticket=ST-10-Ua6SNdU1hVuqTxhnTQ-z643rZws-brqalxyz311> 2. Request Method: GET 3. Status Code: 401 Unauthorized 4. Remote Address: 10.34.33.44:443<http://10.34.33.44:443> 5. Referrer Policy: strict-origin-when-cross-origin Can someone help me how to get this resolved? Whether this is CAS side issue or web server issue? How to investigate it further. Any help appreciated! Regards, Anusuya. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c3cb86b625d5210befd83595c902dcfacfbe19fe.camel%40uvic.ca.
