RE: [cas-user] Help with Saml11TicketValidationFilter

Fco Javier Carreras Calero Fri, 10 Sep 2010 03:01:01 -0700

Hi,

I added the following lines to the log4j.xml in the cas server:


   <logger name="org.jasig.services.persondir" additivity="true">
        <level value="DEBUG" />
        <appender-ref ref="cas" />
    </logger>

Then show the result of cas.log

2010-09-10 11:48:55,334 DEBUG
[org.jasig.cas.services.DefaultServicesManagerImpl] - Adding registered
service
https://fjcarreras.diasoftcordoba.local/CAS/services/j_acegi_cas_security_ch
eck
2010-09-10 11:48:55,335 DEBUG
[org.jasig.cas.services.DefaultServicesManagerImpl] - Adding registered
service https://localhost:8443/mywebapp/protected/
2010-09-10 11:48:55,338 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - Loaded 2 services.
2010-09-10 11:48:55,600 DEBUG
[org.jasig.cas.util.AutowiringSchedulerFactoryBean] - Autowired the
following triggers defined in application context:
[triggerJobDetailTicketRegistryCleaner,
periodicServiceRegistryReloaderTrigger]
2010-09-10 11:48:56,074 INFO
[org.jasig.cas.util.AutowiringSchedulerFactoryBean] - Starting Quartz
Scheduler now
2010-09-10 11:48:56,278 DEBUG
[org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController] -
Found action method [public org.springframework.web.servlet.ModelAndView
org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController.del
eteRegisteredService(javax.servlet.http.HttpServletRequest,javax.servlet.htt
p.HttpServletResponse)]
2010-09-10 11:48:56,278 DEBUG
[org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController] -
Found action method [public org.springframework.web.servlet.ModelAndView
org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController.man
age(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResp
onse)]
2010-09-10 11:49:11,767 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
Beginning ticket cleanup.
2010-09-10 11:49:11,768 DEBUG
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
Attempting to acquire ticket cleanup lock.
2010-09-10 11:49:11,769 DEBUG
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
Acquired lock.  Proceeding with cleanup.
2010-09-10 11:49:11,770 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - 0
tickets found to be removed.
2010-09-10 11:49:11,770 DEBUG
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
Releasing ticket cleanup lock.
2010-09-10 11:49:11,771 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
Finished ticket cleanup.
2010-09-10 11:49:26,944 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction]
- Setting path for cookies to: /CAS
2010-09-10 11:49:26,944 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction]
- Setting path for cookies to: /CAS
2010-09-10 11:49:26,952 DEBUG
[org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated
service for: https://localhost:8443/mywebapp/protected/
2010-09-10 11:49:26,953 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in
FlowScope: https://localhost:8443/mywebapp/protected/
2010-09-10 11:49:26,953 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in
FlowScope: https://localhost:8443/mywebapp/protected/
2010-09-10 11:49:27,147 DEBUG
[org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated
service for: https://localhost:8443/mywebapp/protected/
2010-09-10 11:49:31,535 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler successfully
authenticated the user which provided the following credentials: [username:
user1]
2010-09-10 11:49:31,536 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincip
alResolver] - Attempting to resolve a principal...
2010-09-10 11:49:31,537 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincip
alResolver] - Creating SimplePrincipal for [user1]
2010-09-10 11:49:31,543 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket
[TGT-1-qQNUmHncDKCRGCqLgaj14DYvbhshpnLOmMNbHJPHKpENAJBulm-CAS] to registry.
2010-09-10 11:49:31,548 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed cookie
with name [CASPRIVACY]
2010-09-10 11:49:31,550 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Added cookie
with name [CASTGC] and value
[TGT-1-qQNUmHncDKCRGCqLgaj14DYvbhshpnLOmMNbHJPHKpENAJBulm-CAS]
2010-09-10 11:49:31,574 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to
retrieve ticket
[TGT-1-qQNUmHncDKCRGCqLgaj14DYvbhshpnLOmMNbHJPHKpENAJBulm-CAS]
2010-09-10 11:49:31,575 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket
[TGT-1-qQNUmHncDKCRGCqLgaj14DYvbhshpnLOmMNbHJPHKpENAJBulm-CAS] found in
registry.
2010-09-10 11:49:31,577 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket
[ST-1-qZjeYDkcot2gLlYsFZu1-CAS] to registry.
2010-09-10 11:49:31,577 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket
[ST-1-qZjeYDkcot2gLlYsFZu1-CAS] for service
[https://localhost:8443/mywebapp/protected/] for user [user1]
2010-09-10 11:49:31,650 DEBUG
[org.jasig.cas.web.support.SamlArgumentExtractor] - Extractor generated
service for: https://localhost:8443/mywebapp/protected/
2010-09-10 11:49:31,676 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to
retrieve ticket [ST-1-qZjeYDkcot2gLlYsFZu1-CAS]
2010-09-10 11:49:31,676 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket
[ST-1-qZjeYDkcot2gLlYsFZu1-CAS] found in registry.
2010-09-10 11:49:31,682 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing ticket
[ST-1-qZjeYDkcot2gLlYsFZu1-CAS] from registry
2010-09-10 11:50:55,383 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading registered
services.
2010-09-10 11:50:55,486 DEBUG
[org.jasig.cas.services.DefaultServicesManagerImpl] - Adding registered
service
https://fjcarreras.diasoftcordoba.local/CAS/services/j_acegi_cas_security_ch
eck
2010-09-10 11:50:55,486 DEBUG
[org.jasig.cas.services.DefaultServicesManagerImpl] - Adding registered
service https://localhost:8443/mywebapp/protected/
2010-09-10 11:50:55,488 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - Loaded 2 services.
2010-09-10 11:52:55,385 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading registered
services.
2010-09-10 11:52:55,509 DEBUG
[org.jasig.cas.services.DefaultServicesManagerImpl] - Adding registered
service
https://fjcarreras.diasoftcordoba.local/CAS/services/j_acegi_cas_security_ch
eck
2010-09-10 11:52:55,510 DEBUG
[org.jasig.cas.services.DefaultServicesManagerImpl] - Adding registered
service https://localhost:8443/mywebapp/protected/
2010-09-10 11:52:55,510 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - Loaded 2 services.


On the client added the file log4j.xml and get the following log:

2010-09-10 11:48:34,901 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[serverName] loaded from FilterConfig.getInitParameter with value
[https://localhost:8443]
2010-09-10 11:48:34,901 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[serverName] loaded from FilterConfig.getInitParameter with value
[https://localhost:8443]
2010-09-10 11:48:34,902 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[service] not found.  Using default value [null]
2010-09-10 11:48:34,902 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[service] not found.  Using default value [null]
2010-09-10 11:48:34,903 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[artifactParameterName] not found.  Using default value [ticket]
2010-09-10 11:48:34,903 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[artifactParameterName] not found.  Using default value [ticket]
2010-09-10 11:48:34,903 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[serviceParameterName] not found.  Using default value [service]
2010-09-10 11:48:34,903 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[serviceParameterName] not found.  Using default value [service]
2010-09-10 11:48:34,903 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[encodeServiceUrl] not found.  Using default value [true]
2010-09-10 11:48:34,903 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[encodeServiceUrl] not found.  Using default value [true]
2010-09-10 11:48:34,904 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[exceptionOnValidationFailure] not found.  Using default value [true]
2010-09-10 11:48:34,904 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[exceptionOnValidationFailure] not found.  Using default value [true]
2010-09-10 11:48:34,904 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[redirectAfterValidation] loaded from FilterConfig.getInitParameter with
value [true]
2010-09-10 11:48:34,904 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[redirectAfterValidation] loaded from FilterConfig.getInitParameter with
value [true]
2010-09-10 11:48:34,904 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[useSession] not found.  Using default value [true]
2010-09-10 11:48:34,904 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[useSession] not found.  Using default value [true]
2010-09-10 11:48:34,908 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[casServerUrlPrefix] loaded from FilterConfig.getInitParameter with value
[https://fjcarreras.diasoftcordoba.local/CAS/]
2010-09-10 11:48:34,908 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[casServerUrlPrefix] loaded from FilterConfig.getInitParameter with value
[https://fjcarreras.diasoftcordoba.local/CAS/]
2010-09-10 11:48:34,909 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[tolerance] not found.  Using default value [1000]
2010-09-10 11:48:34,909 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[tolerance] not found.  Using default value [1000]
2010-09-10 11:48:34,909 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[renew] not found.  Using default value [false]
2010-09-10 11:48:34,909 INFO
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Property
[renew] not found.  Using default value [false]
2010-09-10 11:48:34,911 INFO
[org.jasig.cas.client.authentication.AuthenticationFilter] - Property
[serverName] loaded from FilterConfig.getInitParameter with value
[https://localhost:8443]
2010-09-10 11:48:34,912 INFO
[org.jasig.cas.client.authentication.AuthenticationFilter] - Property
[service] not found.  Using default value [null]
2010-09-10 11:48:34,912 INFO
[org.jasig.cas.client.authentication.AuthenticationFilter] - Property
[artifactParameterName] not found.  Using default value [ticket]
2010-09-10 11:48:34,912 INFO
[org.jasig.cas.client.authentication.AuthenticationFilter] - Property
[serviceParameterName] not found.  Using default value [service]
2010-09-10 11:48:34,912 INFO
[org.jasig.cas.client.authentication.AuthenticationFilter] - Property
[encodeServiceUrl] not found.  Using default value [true]
2010-09-10 11:48:34,913 INFO
[org.jasig.cas.client.authentication.AuthenticationFilter] - Property
[casServerLoginUrl] loaded from FilterConfig.getInitParameter with value
[https://fjcarreras.diasoftcordoba.local/CAS/login]
2010-09-10 11:48:34,913 INFO
[org.jasig.cas.client.authentication.AuthenticationFilter] - Property
[renew] loaded from FilterConfig.getInitParameter with value [false]
2010-09-10 11:48:34,913 INFO
[org.jasig.cas.client.authentication.AuthenticationFilter] - Property
[gateway] loaded from FilterConfig.getInitParameter with value [false]
2010-09-10 11:48:34,913 INFO
[org.jasig.cas.client.authentication.AuthenticationFilter] - Property
[gatewayStorageClass] not found.  Using default value [null]
2010-09-10 11:48:34,914 INFO
[org.jasig.cas.client.util.HttpServletRequestWrapperFilter] - Property
[roleAttribute] not found.  Using default value [null]
2010-09-10 11:48:34,914 INFO
[org.jasig.cas.client.util.HttpServletRequestWrapperFilter] - Property
[ignoreCase] not found.  Using default value [false]
2010-09-10 11:49:24,306 DEBUG [org.jasig.cas.client.util.CommonUtils] -
serviceUrl generated: https://localhost:8443/mywebapp/protected/
2010-09-10 11:49:24,307 DEBUG
[org.jasig.cas.client.authentication.AuthenticationFilter] - no ticket and
no assertion found
2010-09-10 11:49:24,307 DEBUG
[org.jasig.cas.client.authentication.AuthenticationFilter] - Constructed
service url: https://localhost:8443/mywebapp/protected/
2010-09-10 11:49:24,308 DEBUG
[org.jasig.cas.client.authentication.AuthenticationFilter] - redirecting to
"https://fjcarreras.diasoftcordoba.local/CAS/login?service=https%3A%2F%2Floc
alhost%3A8443%2Fmywebapp%2Fprotected%2F"
2010-09-10 11:49:26,603 DEBUG [org.jasig.cas.client.util.CommonUtils] -
serviceUrl generated: https://localhost:8443/mywebapp/protected/
2010-09-10 11:49:26,604 DEBUG
[org.jasig.cas.client.authentication.AuthenticationFilter] - no ticket and
no assertion found
2010-09-10 11:49:26,604 DEBUG
[org.jasig.cas.client.authentication.AuthenticationFilter] - Constructed
service url: https://localhost:8443/mywebapp/protected/
2010-09-10 11:49:26,604 DEBUG
[org.jasig.cas.client.authentication.AuthenticationFilter] - redirecting to
"https://fjcarreras.diasoftcordoba.local/CAS/login?service=https%3A%2F%2Floc
alhost%3A8443%2Fmywebapp%2Fprotected%2F"
2010-09-10 11:49:31,596 DEBUG [org.jasig.cas.client.util.CommonUtils] -
serviceUrl generated: https://localhost:8443/mywebapp/protected/
2010-09-10 11:49:31,597 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Attempting
to validate ticket: ST-1-qZjeYDkcot2gLlYsFZu1-CAS
2010-09-10 11:49:31,597 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Attempting
to validate ticket: ST-1-qZjeYDkcot2gLlYsFZu1-CAS
2010-09-10 11:49:31,597 DEBUG [org.jasig.cas.client.util.CommonUtils] -
serviceUrl generated: https://localhost:8443/mywebapp/protected/
2010-09-10 11:49:31,597 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidator] - Placing URL
parameters in map.
2010-09-10 11:49:31,597 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidator] - Placing URL
parameters in map.
2010-09-10 11:49:31,597 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidator] - Calling template
URL attribute map.
2010-09-10 11:49:31,597 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidator] - Calling template
URL attribute map.
2010-09-10 11:49:31,597 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidator] - Loading custom
parameters from configuration.
2010-09-10 11:49:31,597 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidator] - Loading custom
parameters from configuration.
2010-09-10 11:49:31,597 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidator] - Constructing
validation url:
https://fjcarreras.diasoftcordoba.local/CAS/samlValidate?TARGET=https%3A%2F%
2Flocalhost%3A8443%2Fmywebapp%2Fprotected%2F
2010-09-10 11:49:31,597 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidator] - Constructing
validation url:
https://fjcarreras.diasoftcordoba.local/CAS/samlValidate?TARGET=https%3A%2F%
2Flocalhost%3A8443%2Fmywebapp%2Fprotected%2F
2010-09-10 11:49:31,598 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidator] - Retrieving
response from server.
2010-09-10 11:49:31,598 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidator] - Retrieving
response from server.
2010-09-10 11:49:31,880 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidator] - Server response:
<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/
><SOAP-ENV:Body><Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
IssueInstant="2010-09-10T09:49:31.703Z" MajorVersion="1" MinorVersion="1"
Recipient="https://localhost:8443/mywebapp/protected/";
ResponseID="_8dc4de6907690ec10e1964d329666273"><Status><StatusCode
Value="samlp:Success"></StatusCode></Status><Assertion
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="_b693b3066f8b0fe0c69b371b58235d83"
IssueInstant="2010-09-10T09:49:31.703Z" Issuer="localhost" MajorVersion="1"
MinorVersion="1"><Conditions NotBefore="2010-09-10T09:49:31.703Z"
NotOnOrAfter="2010-09-10T09:50:01.703Z"><AudienceRestrictionCondition><Audie
nce>https://localhost:8443/mywebapp/protected/</Audience></AudienceRestricti
onCondition></Conditions><AuthenticationStatement
AuthenticationInstant="2010-09-10T09:49:31.543Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><
NameIdentifier>user1</NameIdentifier><SubjectConfirmation><ConfirmationMetho
d>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfi
rmation></Subject></AuthenticationStatement></Assertion></Response></SOAP-EN
V:Body></SOAP-ENV:Envelope>
2010-09-10 11:49:31,880 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidator] - Server response:
<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/
><SOAP-ENV:Body><Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
IssueInstant="2010-09-10T09:49:31.703Z" MajorVersion="1" MinorVersion="1"
Recipient="https://localhost:8443/mywebapp/protected/";
ResponseID="_8dc4de6907690ec10e1964d329666273"><Status><StatusCode
Value="samlp:Success"></StatusCode></Status><Assertion
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="_b693b3066f8b0fe0c69b371b58235d83"
IssueInstant="2010-09-10T09:49:31.703Z" Issuer="localhost" MajorVersion="1"
MinorVersion="1"><Conditions NotBefore="2010-09-10T09:49:31.703Z"
NotOnOrAfter="2010-09-10T09:50:01.703Z"><AudienceRestrictionCondition><Audie
nce>https://localhost:8443/mywebapp/protected/</Audience></AudienceRestricti
onCondition></Conditions><AuthenticationStatement
AuthenticationInstant="2010-09-10T09:49:31.543Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><
NameIdentifier>user1</NameIdentifier><SubjectConfirmation><ConfirmationMetho
d>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfi
rmation></Subject></AuthenticationStatement></Assertion></Response></SOAP-EN
V:Body></SOAP-ENV:Envelope>
2010-09-10 11:49:31,934 DEBUG [org.apache.xml.security.Init] -
Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315,
org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitCommen
ts)
2010-09-10 11:49:31,934 DEBUG [org.apache.xml.security.Init] -
Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithC
omments,
org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithCommen
ts)
2010-09-10 11:49:31,937 DEBUG [org.apache.xml.security.Init] -
Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#,
org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitCo
mments)
2010-09-10 11:49:31,937 DEBUG [org.apache.xml.security.Init] -
Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments,
org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithCo
mments)
2010-09-10 11:49:31,945 DEBUG [org.apache.xml.security.Init] -
Transform.register(http://www.w3.org/2000/09/xmldsig#base64,
org.apache.xml.security.transforms.implementations.TransformBase64Decode)
2010-09-10 11:49:31,946 DEBUG [org.apache.xml.security.Init] -
Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315,
org.apache.xml.security.transforms.implementations.TransformC14N)
2010-09-10 11:49:31,947 DEBUG [org.apache.xml.security.Init] -
Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComme
nts,
org.apache.xml.security.transforms.implementations.TransformC14NWithComments
)
2010-09-10 11:49:31,948 DEBUG [org.apache.xml.security.Init] -
Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#,
org.apache.xml.security.transforms.implementations.TransformC14NExclusive)
2010-09-10 11:49:31,948 DEBUG [org.apache.xml.security.Init] -
Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments,
org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWit
hComments)
2010-09-10 11:49:31,950 DEBUG [org.apache.xml.security.Init] -
Transform.register(http://www.w3.org/TR/1999/REC-xpath-19991116,
org.apache.xml.security.transforms.implementations.TransformXPath)
2010-09-10 11:49:31,951 DEBUG [org.apache.xml.security.Init] -
Transform.register(http://www.w3.org/2000/09/xmldsig#enveloped-signature,
org.apache.xml.security.transforms.implementations.TransformEnvelopedSignatu
re)
2010-09-10 11:49:31,952 DEBUG [org.apache.xml.security.Init] -
Transform.register(http://www.w3.org/TR/1999/REC-xslt-19991116,
org.apache.xml.security.transforms.implementations.TransformXSLT)
2010-09-10 11:49:31,955 DEBUG [org.apache.xml.security.Init] -
Transform.register(http://www.w3.org/2002/04/xmldsig-filter2,
org.apache.xml.security.transforms.implementations.TransformXPath2Filter)
2010-09-10 11:49:31,955 DEBUG [org.apache.xml.security.Init] -
Transform.register(http://www.w3.org/2002/06/xmldsig-filter2,
org.apache.xml.security.transforms.implementations.TransformXPath2Filter)
2010-09-10 11:49:31,958 DEBUG
[org.apache.xml.security.algorithms.SignatureAlgorithm] - Init() called
2010-09-10 11:49:31,962 DEBUG [org.apache.xml.security.Init] -
SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#dsa-sha1,
org.apache.xml.security.algorithms.implementations.SignatureDSA)
2010-09-10 11:49:31,962 DEBUG
[org.apache.xml.security.algorithms.SignatureAlgorithm] - Try to register
http://www.w3.org/2000/09/xmldsig#dsa-sha1
org.apache.xml.security.algorithms.implementations.SignatureDSA
2010-09-10 11:49:31,964 DEBUG [org.apache.xml.security.Init] -
SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#rsa-sha1,
org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$Signatur
eRSASHA1)
2010-09-10 11:49:31,964 DEBUG
[org.apache.xml.security.algorithms.SignatureAlgorithm] - Try to register
http://www.w3.org/2000/09/xmldsig#rsa-sha1
org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$Signatur
eRSASHA1
2010-09-10 11:49:31,974 DEBUG [org.apache.xml.security.Init] -
SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#hmac-sha1,
org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHm
acSHA1)
2010-09-10 11:49:31,974 DEBUG
[org.apache.xml.security.algorithms.SignatureAlgorithm] - Try to register
http://www.w3.org/2000/09/xmldsig#hmac-sha1
org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHm
acSHA1
2010-09-10 11:49:31,975 DEBUG [org.apache.xml.security.Init] -
SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-md5,
org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$Signatur
eRSAMD5)
2010-09-10 11:49:31,975 DEBUG
[org.apache.xml.security.algorithms.SignatureAlgorithm] - Try to register
http://www.w3.org/2001/04/xmldsig-more#rsa-md5
org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$Signatur
eRSAMD5
2010-09-10 11:49:31,976 DEBUG [org.apache.xml.security.Init] -
SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-ripem
d160,
org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$Signatur
eRSARIPEMD160)
2010-09-10 11:49:31,976 DEBUG
[org.apache.xml.security.algorithms.SignatureAlgorithm] - Try to register
http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$Signatur
eRSARIPEMD160
2010-09-10 11:49:31,977 DEBUG [org.apache.xml.security.Init] -
SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha25
6,
org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$Signatur
eRSASHA256)
2010-09-10 11:49:31,977 DEBUG
[org.apache.xml.security.algorithms.SignatureAlgorithm] - Try to register
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$Signatur
eRSASHA256
2010-09-10 11:49:31,977 DEBUG [org.apache.xml.security.Init] -
SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha38
4,
org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$Signatur
eRSASHA384)
2010-09-10 11:49:31,977 DEBUG
[org.apache.xml.security.algorithms.SignatureAlgorithm] - Try to register
http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$Signatur
eRSASHA384
2010-09-10 11:49:31,978 DEBUG [org.apache.xml.security.Init] -
SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha51
2,
org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$Signatur
eRSASHA512)
2010-09-10 11:49:31,978 DEBUG
[org.apache.xml.security.algorithms.SignatureAlgorithm] - Try to register
http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$Signatur
eRSASHA512
2010-09-10 11:49:31,979 DEBUG [org.apache.xml.security.Init] -
SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-md5,
org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHm
acMD5)
2010-09-10 11:49:31,979 DEBUG
[org.apache.xml.security.algorithms.SignatureAlgorithm] - Try to register
http://www.w3.org/2001/04/xmldsig-more#hmac-md5
org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHm
acMD5
2010-09-10 11:49:31,980 DEBUG [org.apache.xml.security.Init] -
SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-ripe
md160,
org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHm
acRIPEMD160)
2010-09-10 11:49:31,980 DEBUG
[org.apache.xml.security.algorithms.SignatureAlgorithm] - Try to register
http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHm
acRIPEMD160
2010-09-10 11:49:31,981 DEBUG [org.apache.xml.security.Init] -
SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha2
56,
org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHm
acSHA256)
2010-09-10 11:49:31,981 DEBUG
[org.apache.xml.security.algorithms.SignatureAlgorithm] - Try to register
http://www.w3.org/2001/04/xmldsig-more#hmac-sha256
org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHm
acSHA256
2010-09-10 11:49:31,981 DEBUG [org.apache.xml.security.Init] -
SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha3
84,
org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHm
acSHA384)
2010-09-10 11:49:31,981 DEBUG
[org.apache.xml.security.algorithms.SignatureAlgorithm] - Try to register
http://www.w3.org/2001/04/xmldsig-more#hmac-sha384
org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHm
acSHA384
2010-09-10 11:49:31,982 DEBUG [org.apache.xml.security.Init] -
SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha5
12,
org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHm
acSHA512)
2010-09-10 11:49:31,982 DEBUG
[org.apache.xml.security.algorithms.SignatureAlgorithm] - Try to register
http://www.w3.org/2001/04/xmldsig-more#hmac-sha512
org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHm
acSHA512
2010-09-10 11:49:31,992 DEBUG [org.apache.xml.security.Init] - Register
Resolver:
org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP: A
simple resolver for requests to HTTP space
2010-09-10 11:49:31,995 DEBUG [org.apache.xml.security.Init] - Register
Resolver:
org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesyst
em: A simple resolver for requests to the local file system
2010-09-10 11:49:31,996 DEBUG [org.apache.xml.security.Init] - Register
Resolver:
org.apache.xml.security.utils.resolver.implementations.ResolverFragment: A
simple resolver for requests of same-document URIs
2010-09-10 11:49:31,997 DEBUG [org.apache.xml.security.Init] - Register
Resolver:
org.apache.xml.security.utils.resolver.implementations.ResolverXPointer: A
simple resolver for requests of XPointer fragents
2010-09-10 11:49:32,001 DEBUG [org.apache.xml.security.Init] - Register
Resolver:
org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver
: Can extract RSA public keys
2010-09-10 11:49:32,003 DEBUG [org.apache.xml.security.Init] - Register
Resolver:
org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver
: Can extract DSA public keys
2010-09-10 11:49:32,003 DEBUG [org.apache.xml.security.Init] - Register
Resolver:
org.apache.xml.security.keys.keyresolver.implementations.X509CertificateReso
lver: Can extract public keys from X509 certificates
2010-09-10 11:49:32,005 DEBUG [org.apache.xml.security.Init] - Register
Resolver:
org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver:
Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate from
the storages
2010-09-10 11:49:32,006 DEBUG [org.apache.xml.security.Init] - Register
Resolver:
org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodReso
lver: Resolves keys and certificates using ResourceResolvers
2010-09-10 11:49:32,008 DEBUG [org.apache.xml.security.Init] - Register
Resolver:
org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameReso
lver: Uses an X509 SubjectName to retrieve a certificate from the storages
2010-09-10 11:49:32,009 DEBUG [org.apache.xml.security.Init] - Register
Resolver:
org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialRes
olver: Uses an X509 IssuerName and IssuerSerial to retrieve a certificate
from the storages
2010-09-10 11:49:32,010 DEBUG [org.apache.xml.security.Init] - Now I try to
bind prefixes:
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] - Now I try to
bind ds to http://www.w3.org/2000/09/xmldsig#
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] - Now I try to
bind xenc to http://www.w3.org/2001/04/xmlenc#
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] - Now I try to
bind experimental to http://www.xmlsecurity.org/experimental#
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] - Now I try to
bind dsig-xpath-old to http://www.w3.org/2002/04/xmldsig-filter2
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] - Now I try to
bind dsig-xpath to http://www.w3.org/2002/06/xmldsig-filter2
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] - Now I try to
bind ec to http://www.w3.org/2001/10/xml-exc-c14n#
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] - Now I try to
bind xx to http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] - XX_init
116 ms
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] -   XX_prng
0 ms
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] -   XX_parsing
11 ms
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] -
XX_configure_i18n                 4 ms
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] -
XX_configure_reg_c14n             17 ms
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] -
XX_configure_reg_jcemapper        4 ms
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] -
XX_configure_reg_keyInfo          13 ms
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] -
XX_configure_reg_keyResolver      11 ms
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] -
XX_configure_reg_prefixes         1 ms
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] -
XX_configure_reg_resourceresolver 9 ms
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] -
XX_configure_reg_sigalgos         27 ms
2010-09-10 11:49:32,011 DEBUG [org.apache.xml.security.Init] -
XX_configure_reg_transforms       18 ms
2010-09-10 11:49:32,379 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] -
Successfully authenticated user: user1
2010-09-10 11:49:32,379 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] -
Successfully authenticated user: user1
2010-09-10 11:49:32,379 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Redirecting
after successful ticket validation.
2010-09-10 11:49:32,379 DEBUG
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Redirecting
after successful ticket validation.
2010-09-10 11:49:32,379 DEBUG [org.jasig.cas.client.util.CommonUtils] -
serviceUrl generated: https://localhost:8443/mywebapp/protected/

-----Mensaje original-----
De: Marvin Addison [mailto:[email protected]] 
Enviado el: miércoles, 08 de septiembre de 2010 16:12
Para: [email protected]
Asunto: Re: [cas-user] Help with Saml11TicketValidationFilter

> I have configured the management services but attributes do not appear on
> the client

Let's confirm you are successfully retrieving logs on the server.
Turn up org.jasig.services.persondir to DEBUG and you should see
entries like the following in the cas.log file on authentication:

2010-09-08 00:00:06,978 DEBUG
[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] -
Retrieved
attributes='[NamedPersonImpl[name=somebody,attributes={accountState=[ACTIVE]
,
authId=[somebody], Formatted Name=[somebody], passwordState=[ACTIVE],
uid=[12345], virginiaTechAffiliation=[VT-EMPLOYEE-FORMER, VT-STUDENT,
VT-ALUM-CONSTITUENT, VT-ALUM]}]]' for query='{username=[somebody]}',
isFirstQuery=false,
currentlyConsidering='org.jasig.services.persondir.support.ldap.LdapPersonAt
tribute...@35b284a4',
resultAttributes='null'
2010-09-08 00:00:06,978 DEBUG
[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] -
Retrieved
attributes='[NamedPersonImpl[name=somebody,attributes={LOA=[UNDEFINED]}]]'
for query='{username=[somebody]}', isFirstQuery=false,
currentlyConsidering='edu.vt.middleware.cas.persondir.StaticPersonAttributes
d...@5b224686',
resultAttributes='[NamedPersonImpl[name=somebody,attributes={accountState=[A
CTIVE],
authId=[somebody], Formatted Name=[somebody], passwordState=[ACTIVE],
uid=[12345], virginiaTechAffiliation=[VT-EMPLOYEE-FORMER, VT-STUDENT,
VT-ALUM-CONSTITUENT, VT-ALUM]}]]'
2010-09-08 00:00:06,978 DEBUG
[org.jasig.services.persondir.support.MergingPersonAttributeDaoImpl] -
Aggregated search results
'[NamedPersonImpl[name=somebody,attributes={accountState=[ACTIVE],
authId=[somebody], Formatted Name=[somebody], passwordState=[ACTIVE],
uid=[12345], virginiaTechAffiliation=[VT-EMPLOYEE-FORMER, VT-STUDENT,
VT-ALUM-CONSTITUENT, VT-ALUM], LOA=[UNDEFINED]}]]' for
query='{username=[somebody]}'

On the client, turn up org.jasig.cas.client.validation to DEBUG, which
will print out the raw response returned from the server.  Please
verify it's a SAML 1.1 AttributeStatement containing the entries you
expect.

M

-- 
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] Help with Saml11TicketValidationFilter

Reply via email to