Hi Marvin, Thanks for the advice regarding the CAS 2.0 protocol XML response. That was where the problem was. Here is the response that was being returned:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href=" https://holin-webtv01/cas/serviceValidate?service=http%3A%2F%2Fw2008046%3A 8080%2Fsummary%2Fj_spring_cas_security_check&ticket=ST-164-uBKxQxlIv2OIMO4paoEc-cas&">here</a>.</p> </body></html> I changed my apache rewriting rules so that just the cas/login URL redirects to HTTPS, and everything works fine now. The response now returned is: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user>RSTVHH</cas:user> </cas:authenticationSuccess> </cas:serviceResponse> Thanks again, Venn On 12 April 2010 23:59, Marvin Addison <[email protected]> wrote: > > Why would HTTPS be causing problems? Could it be that cookies > > are not being set properly over SSL? > > While it's true that CAS functions differently over SSL, I don't think > that's the problem here. Since the CAS TGC cookie is only sent over > SSL, you won't get single sign-in without SSL. > > In the stack trace you shared, it's failing parsing the CAS 2.0 > protocol XML response. I've never seen this particular error before. > It would be helpful if you could capture the exact XML payload and > post it here. Manually intercepting the ticket using a Web proxy and > manually validating it is one option. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
