If you gave service=www.yahoo.com in the first case and http://www.yahoo.comin the second case, it won't work.
The other issue could be that newer versions of CAS have a shorter ticket timeout you could be hitting. On Thu, Jan 13, 2011 at 2:40 PM, Zapatero <[email protected]> wrote: > Greetings, > > I'm putting together a validation API for several backend services (using > the terms of the CAS architecture as discussed here: > http://www.jasig.org/cas/cas1-architecture > and here: > http://www.jasig.org/cas/cas2-architecture > ) > > I'm following the validate protocol as specified in this document: > http://www.jasig.org/cas/protocol > > > Which CAS ticket cookie will the services need to forward to the backend > for validation? The backend servers need to resolve the ticket to a user > name, and to do so without interferring with the ticket's use by the proper > web services. > > I've been testing with the vanilla CAS installation, running on tomcat. So > far I have not been able to get the standalone /validate (using curl) to > return a "yes" > > Examples: > > After doing a login?service=www.yahoo.com and getting > "ticket=ST-1-OXdWJBTRmZKNQdw9r5Eh-cas > > I tried to validate it with: > $ curl ' > http://tomcat:9090/cas-server-webapp-3.4.3.1/validate?ticket=ST-1-OXdWJBTRmZKNQdw9r5Eh-cas&service=http%3A%2F%2Fwww.yahoo.com%2F > ' > > This returns "no". > > I've also extracted CAS tickets from the cookies. I noticed that if using > a ticket that starts with "TGT" that CAS on the tomcat side throws an > exception! > > Anyway, can anyone help me get a "hello world" validation to work? > > Thanks, > > -z > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
