Re: [cas-user] deploying CAS with Sungard's Banner extensions

Wed, 12 Jan 2011 12:13:39 -0800 

On Wed, 12 Jan 2011, Marvin Addison wrote:


From the attached log, I can see that authentication and principal
resolution with attributes is working correctly.


I think Luminis is correct to use
/serviceValidate for a standard Luminis login process to their portal.


I see from your logs that Luminis is indeed hitting /serviceValidate
and correctly requesting a proxy ticket.  I also see that the proxy
callback from CAS succeeds, so the request should be granted a PGT.
Do you receive that on the Luminis side?  This is smelling like a
client-side problem in any case.


This is the entire access log from Luminis this morning:

10.192.128.94 - - [12/Jan/2011:09:57:37 -0800] GET / HTTP/1.1 302 - 
7EAF9C932AFDFA851F69DDD58B68DC77
128.193.4.147 - - [12/Jan/2011:09:58:07 -0800] GET /proxy/receptor HTTP/1.1 302 
- -
10.192.128.94 - - [12/Jan/2011:09:58:07 -0800] GET 
/c/portal/login?ticket=ST-1-YzE3fNffFr6JhTqZ5eDv-cas1.onid.oregonstate.edu 
HTTP/1.1 302 - 7EAF9C932AFDFA851F69DDD58B68DC77
10.192.128.94 - - [12/Jan/2011:09:58:07 -0800] GET /jsp/cas_failed.jsp HTTP/1.1 
302 - 7EAF9C932AFDFA851F69DDD58B68DC77

10.192.128.94 is my workstation.  128.193.4.147 is the CAS server.
However, when I use stock 3.4.5 CAS (no Banner modifications) there is an additional HTTP GET: 

10.192.128.94 - - [10/Jan/2011:10:27:47 -0800] GET / HTTP/1.1 302 - 
4371282E1B9CAD1A8B617A4DF8C9D037
128.193.4.147 - - [10/Jan/2011:10:27:58 -0800] GET /proxy/receptor HTTP/1.1 302 
- -
128.193.4.147 - - [10/Jan/2011:10:27:58 -0800] GET 
/proxy/receptor?pgtIou=PGTIOU-1-WhdMT1U6BOPp535XH6op-cas1.onid.oregonstate.edu&pgtId=TGT-2-iaEiZ34D9my591v2xhn7uQbCo6efjOyOEQ7DSNR7Xv9OUnWdUT-cas1.onid.oregonstate.edu
 HTTP/1.1 302 - -
10.192.128.94 - - [10/Jan/2011:10:27:58 -0800] GET 
/c/portal/login?ticket=ST-1-DcnWygCaZArqej1KLeEo-cas1.onid.oregonstate.edu 
HTTP/1.1 302 - 4371282E1B9CAD1A8B617A4DF8C9D037
10.192.128.94 - - [10/Jan/2011:10:27:58 -0800] GET /index.jsp HTTP/1.1 301 191 
4371282E1B9CAD1A8B617A4DF8C9D037
Why are there 2 calls to /proxy/receptor in the working case, but only 1 in the failing case? 

Do you have any suggestions to debug the client side on Luminis?

Thanks,
        Andy

--
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to