I'm having problems making CAS work with Luminis 5, once I modify CAS to
enable the /bannerValidate service by following the instructions in the
Luminis 5 Banner Integration Setup Guide.
I started by deploying a "stock" CAS v3.4.5 server and adding the Luminis
service URLs in the CAS Service Manager. This works just fine.
Then I modified CAS as instructed by the Luminis 5 Banner Integration
Setup Guide. It has me add some jars and make configuration changes to
web.xml, uniqueIdGenerators.xml, argumentExtractorsConfiguration.xml,
cas-servlet.xml, deployerConfigContext.xml, and default_views.properties.
With these modifications in place, my browser gets stuck in an infinite
redirect loop between Luminis and CAS after I authenticate.
The same failures happen with version 3.3.1, which is the Sungard
recommended version, when I add the Banner modifications to it.
I have compared logs in both cases, and it appears the call to
/serviceValidate is failing when I add the Banner modifications.
WORKING LOGS:
cas.log:
2011-01-11 14:39:05,520 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
authenticated the user which provided the following credentials: [username:
admin]
<blah blah blah>
2011-01-11 14:31:25,444 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor]
- Extractor generated service for:
https://lum-admin-dev.ucsadm.oregonstate.edu:443/c/portal/login
2011-01-11 14:31:25,447 DEBUG
[org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler]
- Attempting to resolve credentials for [callbackUrl:
https://lum-admin-dev.ucsadm.oregonstate.edu:443/proxy/receptor]
2011-01-11 14:31:25,474 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor]
- Extractor generated service for:
https://lum-admin-dev.ucsadm.oregonstate.edu:443/c/portal/login
2011-01-11 14:31:25,478 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor]
- Extractor generated service for:
https://lum-admin-dev.ucsadm.oregonstate.edu:443/c/portal/login
2011-01-11 14:31:25,488 DEBUG [org.jasig.cas.util.HttpClient] - Response code
from server matched 200.
2011-01-11 14:31:25,493 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
successfully authenticated the user which provided the following credentials:
[callbackUrl: https://lum-admin-dev.ucsadm.oregonstate.edu:443/proxy/receptor]
2011-01-11 14:31:25,494 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve
ticket [ST-1-olTQxby5DIfeIMDhw9ak-cas1.onid.oregonstate.edu]
2011-01-11 14:31:25,494 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket
[ST-1-olTQxby5DIfeIMDhw9ak-cas1.onid.oregonstate.edu] found in registry.
2011-01-11 14:31:25,495 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket
[TGT-2-zmnK74enwJOWNvo7rseLN0Dpc0wNITRMHZdetYFnsfaUbMN9Kt-cas1.onid.oregonstate.edu]
to registry.
2011-01-11 14:31:25,498 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve
ticket [ST-1-olTQxby5DIfeIMDhw9ak-cas1.onid.oregonstate.edu]
2011-01-11 14:31:25,498 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket
[ST-1-olTQxby5DIfeIMDhw9ak-cas1.onid.oregonstate.edu] found in registry.
2011-01-11 14:31:25,500 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing ticket
[ST-1-olTQxby5DIfeIMDhw9ak-cas1.onid.oregonstate.edu] from registry
2011-01-11 14:31:25,522 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor]
- Extractor generated service for:
https://lum-admin-dev.ucsadm.oregonstate.edu:443/c/portal/login
2011-01-11 14:31:25,523 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor]
- Extractor generated service for:
https://lum-admin-dev.ucsadm.oregonstate.edu:443/c/portal/login
2011-01-11 14:31:25,527 DEBUG [org.jasig.cas.util.HttpClient] - Response code
from server matched 200.
2011-01-11 14:31:25,527 DEBUG
[org.jasig.cas.ticket.proxy.support.Cas20ProxyHandler] - Sent ProxyIou of
PGTIOU-1-pL9YYjeQgLzMIImF3Eew-cas1.onid.oregonstate.edu for service:
[callbackUrl: https://lum-admin-dev.ucsadm.oregonstate.edu:443/proxy/receptor]
2011-01-11 14:31:25,527 DEBUG [org.jasig.cas.web.ServiceValidateController] -
Successfully validated service ticket:
ST-1-olTQxby5DIfeIMDhw9ak-cas1.onid.oregonstate.edu
luminis_access.2011-01-11.log:
10.192.128.94 - - [11/Jan/2011:14:31:11 -0800] GET / HTTP/1.1 302 -
27355FE39C9C813EFC85409A89675493
128.193.4.147 - - [11/Jan/2011:14:31:25 -0800] GET /proxy/receptor HTTP/1.1 302
- -
128.193.4.147 - - [11/Jan/2011:14:31:25 -0800] GET
/proxy/receptor?pgtIou=PGTIOU-1-pL9YYjeQgLzMIImF3Eew-cas1.onid.oregonstate.edu&pgtId=TGT-2-zmnK74enwJOWNvo7rseLN0Dpc0wNITRMHZdetYFnsfaUbMN9Kt-cas1.onid.oregonstate.edu
HTTP/1.1 302 - -
10.192.128.94 - - [11/Jan/2011:14:31:25 -0800] GET
/c/portal/login?ticket=ST-1-olTQxby5DIfeIMDhw9ak-cas1.onid.oregonstate.edu
HTTP/1.1 302 - 27355FE39C9C813EFC85409A89675493
10.192.128.94 - - [11/Jan/2011:14:31:25 -0800] GET /index.jsp HTTP/1.1 301 191
27355FE39C9C813EFC85409A89675493
10.192.128.94 - - [11/Jan/2011:14:31:27 -0800] GET /web/luminis-admin-group
HTTP/1.1 200 9543 27355FE39C9C813EFC85409A89675493
BROKEN LOGS:
cas.log:
2011-01-11 14:39:05,520 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
authenticated the user which provided the following credentials: [username:
admin]
<blah blah blah>
2011-01-11 14:39:05,852 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor]
- Extractor generated service for:
https://lum-admin-dev.ucsadm.oregonstate.edu:443/c/portal/login
2011-01-11 14:39:05,855 DEBUG
[org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler]
- Attempting to resolve credentials for [callbackUrl:
https://lum-admin-dev.ucsadm.oregonstate.edu:443/proxy/receptor]
2011-01-11 14:39:05,875 INFO [com.sghe.cas.web.support.BannerArgumentExtractor]
- Creating a new instance of the BannerAccountsService class
2011-01-11 14:39:05,875 INFO [com.sghe.cas.principal.BannerAccountsService] -
Can I create a Banner Service Form ?
2011-01-11 14:39:05,876 INFO [com.sghe.cas.principal.BannerAccountsService] -
BANNER-ST : null
2011-01-11 14:39:05,876 INFO [com.sghe.cas.principal.BannerAccountsService] -
BANNER-SV : null
2011-01-11 14:39:05,876 INFO [com.sghe.cas.principal.BannerAccountsService] -
Insufficient data to create a Banner Service Form. This is not a Banner Service
Ticket Validate Request...
2011-01-11 14:39:05,876 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor]
- Extractor generated service for:
https://lum-admin-dev.ucsadm.oregonstate.edu:443/c/portal/login
2011-01-11 14:39:05,879 INFO [com.sghe.cas.web.support.BannerArgumentExtractor]
- Creating a new instance of the BannerAccountsService class
2011-01-11 14:39:05,879 INFO [com.sghe.cas.principal.BannerAccountsService] -
Can I create a Banner Service Form ?
2011-01-11 14:39:05,879 INFO [com.sghe.cas.principal.BannerAccountsService] -
BANNER-ST : null
2011-01-11 14:39:05,879 INFO [com.sghe.cas.principal.BannerAccountsService] -
BANNER-SV : null
2011-01-11 14:39:05,879 INFO [com.sghe.cas.principal.BannerAccountsService] -
Insufficient data to create a Banner Service Form. This is not a Banner Service
Ticket Validate Request...
2011-01-11 14:39:05,879 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor]
- Extractor generated service for:
https://lum-admin-dev.ucsadm.oregonstate.edu:443/c/portal/login
2011-01-11 14:39:05,885 DEBUG [org.jasig.cas.util.HttpClient] - Response code
from server matched 200.
2011-01-11 14:39:05,889 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
successfully authenticated the user which provided the following credentials:
[callbackUrl: https://lum-admin-dev.ucsadm.oregonstate.edu:443/proxy/receptor]
2011-01-11 14:39:05,889 TRACE
[com.sghe.cas.extension.UDCIDAuthenticationMetaDataPopulator] -
com.sghe.cas.extension.UDCIDAuthenticationMetaDataPopulator
:populateAttributes()
2011-01-11 14:39:05,997 INFO [com.sghe.cas.web.support.BannerArgumentExtractor]
- Creating a new instance of the BannerAccountsService class
2011-01-11 14:39:05,997 INFO [com.sghe.cas.principal.BannerAccountsService] -
Can I create a Banner Service Form ?
2011-01-11 14:39:05,997 INFO [com.sghe.cas.principal.BannerAccountsService] -
BANNER-ST : null
2011-01-11 14:39:05,997 INFO [com.sghe.cas.principal.BannerAccountsService] -
BANNER-SV : null
2011-01-11 14:39:05,997 INFO [com.sghe.cas.principal.BannerAccountsService] -
Insufficient data to create a Banner Service Form. This is not a Banner Service
Ticket Validate Request...
2011-01-11 14:39:05,997 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor]
- Extractor generated service for:
https://lum-admin-dev.ucsadm.oregonstate.edu:443/c/portal/login
2011-01-11 14:39:06,013 INFO [com.sghe.cas.web.support.BannerArgumentExtractor]
- Creating a new instance of the BannerAccountsService class
2011-01-11 14:39:06,013 INFO [com.sghe.cas.principal.BannerAccountsService] -
Can I create a Banner Service Form ?
2011-01-11 14:39:06,013 INFO [com.sghe.cas.principal.BannerAccountsService] -
BANNER-ST : null
2011-01-11 14:39:06,014 INFO [com.sghe.cas.principal.BannerAccountsService] -
BANNER-SV : null
2011-01-11 14:39:06,014 INFO [com.sghe.cas.principal.BannerAccountsService] -
Insufficient data to create a Banner Service Form. This is not a Banner Service
Ticket Validate Request...
2011-01-11 14:39:06,014 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor]
- Extractor generated service for:
https://lum-admin-dev.ucsadm.oregonstate.edu:443/c/portal/login
2011-01-11 14:39:06,015 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve
ticket
[TGT-1-q6Ojypd2XgoShd1DjfNhjlgX4LuGLuCDiT11yhrtv1Z9COli26-cas1.onid.oregonstate.edu]
2011-01-11 14:39:06,015 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket
[TGT-1-q6Ojypd2XgoShd1DjfNhjlgX4LuGLuCDiT11yhrtv1Z9COli26-cas1.onid.oregonstate.edu]
found in registry.
2011-01-11 14:39:06,015 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket
[ST-2-rPn30UO9MLxIdvfpguhy-cas1.onid.oregonstate.edu] to registry.
2011-01-11 14:39:06,016 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
Granted service ticket [ST-2-rPn30UO9MLxIdvfpguhy-cas1.onid.oregonstate.edu]
for service [https://lum-admin-dev.ucsadm.oregonstate.edu:443/c/portal/login]
for user [admin]
2011-01-11 14:39:06,134 INFO [com.sghe.cas.web.support.BannerArgumentExtractor]
- Creating a new instance of the BannerAccountsService class
2011-01-11 14:39:06,134 INFO [com.sghe.cas.principal.BannerAccountsService] -
Can I create a Banner Service Form ?
2011-01-11 14:39:06,134 INFO [com.sghe.cas.principal.BannerAccountsService] -
BANNER-ST : null
2011-01-11 14:39:06,134 INFO [com.sghe.cas.principal.BannerAccountsService] -
BANNER-SV : null
2011-01-11 14:39:06,134 INFO [com.sghe.cas.principal.BannerAccountsService] -
Insufficient data to create a Banner Service Form. This is not a Banner Service
Ticket Validate Request...
2011-01-11 14:39:06,134 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor]
- Extractor generated service for:
https://lum-admin-dev.ucsadm.oregonstate.edu:443/c/portal/login
luminis_access.2011-01-11.log:
10.192.128.94 - - [11/Jan/2011:14:38:53 -0800] GET / HTTP/1.1 302 - -
128.193.4.147 - - [11/Jan/2011:14:39:05 -0800] GET /proxy/receptor HTTP/1.1 302
- -
10.192.128.94 - - [11/Jan/2011:14:39:05 -0800] GET
/c/portal/login?ticket=ST-1-mRl7UWzIMRBHFfdcfLzZ-cas1.onid.oregonstate.edu
HTTP/1.1 302 - 7EAF9C932AFDFA851F69DDD58B68DC77
10.192.128.94 - - [11/Jan/2011:14:39:05 -0800] GET /jsp/cas_failed.jsp HTTP/1.1
302 - 7EAF9C932AFDFA851F69DDD58B68DC77
Specifically, it seems that CAS doesn't perform the pgt stuff quite the
same after the Banner modifications are made.
I have a ticket open with Sungard about this issue, but I am hoping
someone from the CAS community is able to help.
If there is any additional information I can provide or troubleshooting
steps I can take, please let me know!
Thanks,
Andy
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
