The port isn¹t the olny part that changes. The server also get changed. Here is the real error message <code> javax.servlet.ServletException: org.jasig.cas.client.validation.TicketValidationException: ticket 'ST-1-ZFpEj5RX60Zn2ek2uYyQ-cas' does not match supplied service. The original service was 'https://10.99.4.74/uPortal/Login' and the supplied service was 'https://xxxx.vccs.edu:8181/uPortal/Login'. org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(Abs tractTicketValidationFilter.java:155) root cause org.jasig.cas.client.validation.TicketValidationException: ticket 'ST-1-ZFpEj5RX60Zn2ek2uYyQ-cas' does not match supplied service. The original service was 'https://10.99.4.74/uPortal/Login' and the supplied service was 'https://xxx.vccs.edu:8181/uPortal/Login'. org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFr omServer(Cas20ServiceTicketValidator.java:73) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(Ab stractUrlBasedTicketValidator.java:188) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(Abs tractTicketValidationFilter.java:132) </code>
Here is my deployerConfigContext.xml <code> <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:security="http://www.springframework.org/schema/security"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd";> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <property name="credentialsToPrincipalResolvers"> <list> <bean class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrin cipalResolver"> <property name="credentialsToPrincipalResolver"> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToP rincipalResolver" /> </property> <property name="filter" value="(uid=%u)" /> <property name="principalAttributeName" value="uid" /> <property name="searchBase" value="ou=People,dc=vccs,dc=edu" /> <property name="contextSource" ref="contextSource" /> <property name="attributeRepository"> <ref bean="attribRepository" /> </property> </bean> </list> </property> <property name="authenticationHandlers"> <list> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredenti alsAuthenticationHandler" p:httpClient-ref="httpClient" /> <bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" > <property name="filter" value="uid=%u,ou=People,dc=vccs,dc=edu" /> <property name="contextSource" ref="contextSource" /> </bean> </list> </property> </bean> <bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl"> <property name="userMap"> <value> </value> </property> </bean> <bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource" > <constructor-arg value="ldap://xxxxx.vccs.edu:xxx"/> <property name="userDn" value="cn=xxxxx"/> <property name="password" value="xxxxx"/> </bean> <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"> <property name="backingMap"> <map> <entry key="uid" value="uid" /> <entry key="cn" value="Name" /> <entry key="sn" value="LastName" /> <entry key="Role" value="Roles"/> <entry key="givenName" value="Firstname"/> <entry key="mail" value="email"/> </map> </property> </bean> <bean id="attribRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> <property name="contextSource" ref="contextSource" /> <property name="baseDN" value="ou=People,dc=vccs,dc=edu" /> <property name="requireAllQueryAttributes" value="true" /> <property name="queryAttributeMapping"> <map> <entry key="username" value="uid" /> </map> </property> <property name="resultAttributeMapping"> <map> <!-- Mapping beetween LDAP entry attributes (key) and Principal's (value) --> <entry key="cn" value="Name"/> <entry key="sn" value="LastName"/> <entry key="Role" value="Roles"/> <entry key="givenName" value="Firstname"/> <entry key="mail" value="email"/> </map> </property> </bean> <bean class = "org.jasig.cas.services.RegisteredServiceImpl" p:id ="1" p:description="uportal" p:serviceId="**/uPortal/**" p:name="uportal_vccs" p:theme="SO261" p:allowedToProxy="true" p:enabled="true" p:ssoEnabled="true" p:anonymousAccess="false"> <property name="allowedAttributes" value="uid,Name,LastName,Firstname" /> </bean> </list> </property> </bean> </beans> </code> On 7/31/10 1:57 PM, "Scott Battaglia-2 [via Jasig]" <ml-node+2309010-800354990-235...@n4.nabble.com> wrote: > You can't be redirected to foo since its not a valid URL. Servers will > consider it relative and redirect you to /cas/login/foo (or /cas/foo) which > will redirect you to /login (since to the CAS server, that's a 404, and by > default 404 goes to /login). Try using http://www.cnn.com > <http://www.cnn.com?by-user=t> instead (or http://www.rutgers.edu > <http://www.rutgers.edu?by-user=t> ) > > As for your error, check your configuration. The response from the CAS server > shows that an extra :8181 came from somewhere. If you're not sure where, post > your configuration and one of us will try and spot it (remove any password > obviously ;-)) > > Cheers, > Scott > > > > On Fri, Jul 30, 2010 at 12:08 PM, acevedo <[hidden email] > </user/SendEmail.jtp?type=node&node=2309010&i=0> > wrote: >> >> What should I be looking at and in what file? What am I missing? World >> peace can it ever be achieved? >> >> History >> OK I have a CAS client and and CAS server setup running on a single server >> in the same server instance of Glassfish. Everything seems to be working. >> I can use themes and get attributes from my LDAP backend using the SAML >> protocol - great >> >> I have another server with uportal setup. I wanted to redirect >> authentication to my new CAS server. >> >> In the uportal "security.properties" file I'm pointing the login link to >> "https://<casserver>:8181/cas/login?service=https://<uportal_server>/uPortal/ >> Login" >> >> When I click the login button in uportal I get the CAS server login page >> with a custom theme I created (This is the correct behavior) >> >> Once I authenticate and the url redirects to the service URL, I get the >> following error on screen >> >> http 500 >> javax.servlet.ServletException: >> org.jasig.cas.client.validation.TicketValidationException: >> ticket 'ST-11-BYBKifdNjb7dstiWOlvw-cas' does >> not match supplied service. The original service was >> 'https://<uportal_server>/uPortal/Login' and the supplied service was >> 'https://<casserver>:8181/uPortal/Login'. >> >> >> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(Abstr >> actTicketValidationFilter.java:155) >> >> What the HELL!!! >> >> OK now I researched and found the "CAS Functional Tests" page >> https://wiki.jasig.org/display/CAS/CAS+Functional+Tests >> >> When I run the first three steps on the Validation Tests >> 1. visit /login?service=foo - GOOD >> 2. enter correct credentials - GOOD >> 3. you should be redirected to foo with a valid service ticket - BAD >> >> I see the follwoing URL with the CAS server "Log In successful" message >> https://<casserver>:8181/cas/login?ticket=ST-1-qQmqqJUbxDlz69hfuyTM-cas >> >> Shouldn't "foo" be somewhere in the url if everything is working right? >> -- >> View this message in context: >> http://jasig.275507.n4.nabble.com/CAS-ticket-problems-and-server-validation-t >> p2308144p2308144.html >> <http://jasig.275507.n4.nabble.com/CAS-ticket-problems-and-server-validation- >> tp2308144p2308144.html?by-user=t> >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> -- >> You are currently subscribed to [hidden email] >> </user/SendEmail.jtp?type=node&node=2309010&i=1> as: [hidden email] >> </user/SendEmail.jtp?type=node&node=2309010&i=2> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user Emilio S. Acevedo Enterprise Software Developer Virginia's Community Colleges 1-804-423-6758 -- View this message in context: http://jasig.275507.n4.nabble.com/CAS-ticket-problems-and-server-validation-tp2308144p2310376.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
