The CAS server is giving you a Server 500 error it appears. Which most likely means there is a problem with your CAS server. You should check your CAS log.
-Scott On Thu, Feb 12, 2009 at 2:56 PM, schneisc <[email protected]> wrote: > I imported our root CA, issuing CA and the cert for the CAS server itself > with 'keytool --import ... -file [the 3 files.cer]' > > This is the error I see in the logs (server names changed the theCASserver > and theAPP): > > Feb 12, 2009 1:49:18 PM > org.jasig.cas.client.validation.AbstractCasProtocolUrlBa > sedTicketValidator retrieveResponseFromServer > SEVERE: java.io.IOException: Server returned HTTP response code: 500 for > URL: ht > > tps://theCASserver:8443/cas/serviceValidate?service=http%3A%2F%2FtheAPP%3A8080%2Fjsp-examples%2Fnum%2Fnumguess.jsp&ticket=ST-9-EJePacM2bwZ0DM > 0uebEv-cas& > java.io.IOException: Server returned HTTP response code: 500 for URL: > https://theCASserver:8443/cas/serviceValidate?service=http%3A%2F%2FtheAPP%3A8080%2Fjsp-examples%2Fnum%2Fnumguess.jsp&ticket=ST-9-EJePacM2bwZ0DM0uebEv-c > as& > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon > nection.java:1153) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Http > sURLConnectionImpl.java:234) > at > org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketVali > > dator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java > :35) > at > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.valid > ate(AbstractUrlBasedTicketValidator.java:178) > at > org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilt > er(AbstractTicketValidationFilter.java:132) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl > icationFilterChain.java:215) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF > ilterChain.java:188) > at > org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(Aut > henticationFilter.java:111) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl > icationFilterChain.java:215) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF > ilterChain.java:188) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV > alve.java:210) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextV > alve.java:174) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica > torBase.java:433) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j > ava:127) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j > ava:117) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal > ve.java:108) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav > a:151) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java > :870) > at > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.p > rocessConnection(Http11BaseProtocol.java:665) > at > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpo > int.java:528) > at > org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFol > lowerWorkerThread.java:81) > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP > ool.java:685) > at java.lang.Thread.run(Thread.java:595) > > > --- On *Thu, 2/12/09, Scott Battaglia <[email protected]>* wrote: > > From: Scott Battaglia <[email protected]> > Subject: Re: [cas-user] Basic CAS question - auths every request? > To: [email protected] > Date: Thursday, February 12, 2009, 1:25 PM > > > Do you have your certificates set up correctly so that the application > trusts the CAS cert? > > > On Thu, Feb 12, 2009 at 2:18 PM, schneisc <[email protected]> wrote: > >> The article that you reference is what I started working from, but I'm >> still having difficulties. When I have the validation filter enabled, I get >> this exception: >> >> javax.servlet.ServletException: The >> CAS server returned no response. >> >> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:155) >> >> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) >> >> *root cause* >> >> org.jasig.cas.client.validation.TicketValidationException: The CAS server >> returned no response. >> >> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:181) >> >> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) >> >> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) >> >> >> This is the entry in web.xml that I removed for my previous post: >> >> <filter> >> <filter-name>CAS Validation Filter</filter-name> >> >> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >> <init-param> >> <param-name>casServerUrlPrefix</param-name> >> <param-value>https://theCASserver:8443/cas</param-value> >> </init-param> >> </filter> >> >> <filter-mapping> >> <filter-name>CAS Validation Filter</filter-name> >> <url-pattern>/num/*</url-pattern> >> </filter-mapping> >> >> Any ideas on what the config should look like if my app needs this >> validation filter setup? >> >> Thanks, >> Sam >> >> --- On *Thu, 2/12/09, Scott Battaglia <[email protected]>* wrote: >> >> From: Scott Battaglia <[email protected]> >> Subject: Re: [cas-user] Basic CAS question - auths every request? >> To: [email protected] >> Date: Thursday, February 12, 2009, 10:45 AM >> >> >> Please follow this example which is for the web application and what I >> directed you to before: >> >> http://www.ja-sig.org/wiki/display/CASC/web.xml+for+Tomcat+5.5+Tomcat+Manager >> >> This works. If you choose to ignore it and remove validation filters, >> then its not going to work. >> >> -Scott >> >> >> On Thu, Feb 12, 2009 at 11:37 AM, schneisc <[email protected]> wrote: >> >>> I'm guessing I have a small error somewhere, but I don't see it. Here's >>> the web.xml edited with "theCASserver" and "theAPP" as the two hosts >>> (otherwise all is the same). What I see is this: >>> >>> 1) First request gets forwarded to CAS for login >>> 1a) << successful login happens >> >>> 1b) redirect to app: >>> >>> http://theAPP:8080/jsp-examples/num/numguess.jsp?ticket=ST-6-LQm9NC4DQMTbbNOGbTBx-cas >>> >>> 2) every subsequent request redirects to the the CAS server and gets >>> bounced back to the the theAPP with a new ticket: >>> >>> http://theAPP:8080/jsp-examples/num/numguess.jsp?ticket=ST-6-LQm9NC4DQMTbbNOGbTBx-cas >>> >>> some web.xml snippets: >>> >>> <context-param> >>> <param-name>serverName</param-name> >>> <param-value>http://theAPP:8080</param-value> >>> </context-param> >>> >>> <filter> >>> <filter-name>CAS Authentication Filter</filter-name> >>> >>> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> >>> >>> <init-param> >>> <param-name>casServerLoginUrl</param-name> >>> <param-value>https://theCASserver:8443/cas/login</param-value> >>> >>> </init-param> >>> </filter> >>> >>> <filter> >>> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> >>> >>> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> >>> </filter> >>> >>> <filter-mapping> >>> <filter-name>CAS Authentication Filter</filter-name> >>> <url-pattern>/num/*</url-pattern> >>> </filter-mapping> >>> >>> <filter-mapping> >>> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> >>> <url-pattern>/num/*</url-pattern> >>> </filter-mapping> >>> >>> >>> I originally had the CAS validation Filter setup in "theAPP" as well, but >>> I took it out thinking that should actually be running on "theCASserver" so >>> I took it out. >>> >>> <filter-name>CAS Validation Filter</filter-name> >>> >>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>> >>> It's a bit confusing following the example web.xml since the CAS server >>> and the secured app are the same host and it's not entirely clear which >>> filters and config params belong to which "app" (I'm running on two >>> different hosts). Any help would be greatly appreciated. >>> >>> -Sam >>> >>> --- On *Wed, 2/11/09, Scott Battaglia <[email protected]>*wrote: >>> >>> From: Scott Battaglia <[email protected]> >>> Subject: Re: [cas-user] Basic CAS question - auths every request? >>> To: [email protected] >>> Date: Wednesday, February 11, 2009, 9:10 PM >>> >>> You've probably misconfigured the client or disabled sessions. That >>> example Tomcat 5.5 Tomcat Manager web.xml should work fine and only go to >>> CAS once. >>> >>> -Scott >>> >>> >>> On Wed, Feb 11, 2009 at 5:26 PM, Sam <[email protected]> wrote: >>> >>>> I have configured CAS and a single client app (configure being used >>>> rather loosely, as I didn't configure much). What I did was setup the >>>> client app similar to >>>> http://www.ja-sig.org/wiki/display/CASC/web.xml+for+Tomcat+5.5+Tomcat+Manager(I >>>> am running tomcat 5.5 as well). CAS is running on a separate server with >>>> a valid cert (this is dev environment). I created my own password >>>> validator >>>> that seems to be working just fine. >>>> >>>> I have the app running under HTTP for now and I have noticed that it >>>> sends a request to CAS with every request to the server. It gets a new >>>> ticket to validate and calls the CAS validation service (and succeeds >>>> without a problem). The first request through it presents a login screen - >>>> subsequent requests simply validate the new ticket. >>>> >>>> My question is this: >>>> >>>> Should the app be sending a request to CAS with every request it gets? >>>> This is what seems to be happening and is very noticeable because it >>>> switches back and forth between HTTP & HTTPS because I'm running the app >>>> under HTTP. It seems a bit inefficient to validate the user with every >>>> request and I'm wondering if I've misconfigured something (I'm using the >>>> CAS >>>> 3 client and associated filters). >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
