Thanks Scott for the reply, I actually do have the service values matching in both the login and the validate.
Would this indicate that the only reason for "/validate" failure would be the timeout? How do you configure the sytstem for a longer timeout? -z ________________________________ From: Scott Battaglia <[email protected]> To: [email protected] Sent: Thu, January 13, 2011 12:44:43 PM Subject: Re: [cas-user] Help with "/validate?ticket=...&service=..." on a backend service If you gave service=www.yahoo.comin the first case and http://www.yahoo.com in the second case, it won't work. The other issue could be that newer versions of CAS have a shorter ticket timeout you could be hitting. On Thu, Jan 13, 2011 at 2:40 PM, Zapatero <[email protected]> wrote: Greetings, > > I'm putting together a validation API for several backend services (using > the >terms of the CAS architecture as discussed here: > http://www.jasig.org/cas/cas1-architecture >and here: > http://www.jasig.org/cas/cas2-architecture >) > >I'm following the validate protocol as specified in this document: > http://www.jasig.org/cas/protocol > > >Which CAS ticket cookie will the services need to forward to the backend for >validation? The backend servers need to resolve the ticket to a user name, >and >to do so without interferring with the ticket's use by the proper web services. > >I've been testing with the vanilla CAS installation, running on tomcat. So >far >I have not been able to get the standalone /validate (using curl) to return a >"yes" > >Examples: > >After doing a login?service=www.yahoo.com and getting >"ticket=ST-1-OXdWJBTRmZKNQdw9r5Eh-cas > >I tried to validate it with: >$ curl >'http://tomcat:9090/cas-server-webapp-3.4.3.1/validate?ticket=ST-1-OXdWJBTRmZKNQdw9r5Eh-cas&service=http%3A%2F%2Fwww.yahoo.com%2F' > > >This returns "no". > >I've also extracted CAS tickets from the cookies. I noticed that if using a >ticket that starts with "TGT" that CAS on the tomcat side throws an exception! > >Anyway, can anyone help me get a "hello world" validation to work? > >Thanks, > >-z > > >-- >You are currently subscribed to [email protected] as: >[email protected] >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
