It looks like you're attempting to validate a TGT and not an ST.
On Wed, Nov 21, 2012 at 11:37 AM, Joey Daughtery <[email protected]>wrote: > After looking at the logs, I see the following which may be the reason why > the validation is failing. Should I not be attempting to validate a TGT? > > 2012-11-21 16:34:55,449 [http-bio-443-exec-10] ERROR > org.apache.catalina.core.ContainerBase.[Catalina].[owf.dev.wisrd.org].[/cas].[cas]- > Servlet.service() for servlet [cas] in context with path [/cas] threw > exception [Request processing failed; nested exception is > java.lang.ClassCastException: Ticket [ > TGT-52-01Kant4DzlPvIJ5Jo0NISURt4lVtPlnlN1aJwjLIGJzNsZdnb6-owf.dev.wisrd.orgis > of type class org.jasig.cas.ticket.TicketGrantingTicketImpl when we were > expecting interface org.jasig.cas.ticket.ServiceTicket] with root cause > java.lang.ClassCastException: Ticket [ > TGT-52-01Kant4DzlPvIJ5Jo0NISURt4lVtPlnlN1aJwjLIGJzNsZdnb6-owf.dev.wisrd.orgis > of type class org.jasig.cas.ticket.TicketGrantingTicketImpl when we were > expecting interface org.jasig.cas.ticket.ServiceTicket > at > org.jasig.cas.ticket.registry.AbstractTicketRegistry.getTicket_aroundBody0(AbstractTicketRegistry.java:55) > at > org.jasig.cas.ticket.registry.AbstractTicketRegistry.getTicket_aroundBody1$advice(AbstractTicketRegistry.java:57) > at > org.jasig.cas.ticket.registry.AbstractTicketRegistry.getTicket(AbstractTicketRegistry.java:1) > at > org.jasig.cas.CentralAuthenticationServiceImpl.validateServiceTicket_aroundBody8(CentralAuthenticationServiceImpl.java:341) > at > org.jasig.cas.CentralAuthenticationServiceImpl.validateServiceTicket_aroundBody9$advice(CentralAuthenticationServiceImpl.java:57) > at > org.jasig.cas.CentralAuthenticationServiceImpl.validateServiceTicket(CentralAuthenticationServiceImpl.java:1) > at sun.reflect.GeneratedMethodAccessor736.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:601) > at > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) > at > org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80) > at > org.perf4j.aop.AbstractTimingAspect$1.proceed(AbstractTimingAspect.java:47) > at > org.perf4j.aop.AgnosticTimingAspect.runProfiledMethod(AgnosticTimingAspect.java:53) > at > org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspect.java:45) > at sun.reflect.GeneratedMethodAccessor426.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:601) > at > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621) > at > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610) > at > org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161) > at > org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80) > at > com.github.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:126) > at sun.reflect.GeneratedMethodAccessor425.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:601) > at > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621) > at > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610) > at > org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161) > at > org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) > at $Proxy24.validateServiceTicket(Unknown Source) > at > org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:146) > at > org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153) > at > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48) > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923) > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852) > at > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882) > at > org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > at > org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:128) > at > org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:57) > at > org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:185) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:151) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:269) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515) > at > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) > at java.lang.Thread.run(Thread.java:722) > > > > On Wed, Nov 21, 2012 at 11:30 AM, Joey Daughtery < > [email protected]> wrote: > >> Ok, it does help to pass the parameters after building them in the code. >> However, I am now getting html response indicating CAS Server is not >> available and that something went wrong. >> >> Taking a look at the cas log, shows the ticket failed validation after i >> get the login ticket: >> Login: >> 2012-11-21 16:20:34,568 INFO >> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: [username: joe.daughtery.usa] >> WHAT: >> TGT-50-FGwdbh403CvOJIFLDgqGXc0qISS0qSaCpewpEQw66GnmGsd6Re-owf.dev.wisrd.org >> ACTION: TICKET_GRANTING_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Wed Nov 21 16:20:34 UTC 2012 >> CLIENT IP ADDRESS: 208.101.221.137 >> SERVER IP ADDRESS: 10.29.28.43 >> ============================================================= >> >> Attempt to validate ticket from login: >> ============================================================= >> WHO: joe.daughtery.usa >> WHAT: >> TGT-50-FGwdbh403CvOJIFLDgqGXc0qISS0qSaCpewpEQw66GnmGsd6Re-owf.dev.wisrd.org >> ACTION: SERVICE_TICKET_VALIDATE_FAILED >> APPLICATION: CAS >> WHEN: Wed Nov 21 16:20:46 UTC 2012 >> CLIENT IP ADDRESS: 208.101.221.137 >> SERVER IP ADDRESS: 10.29.28.43 >> ============================================================= >> >> I am actually, calling the login url, obtaining the ticket returned and >> for testing purposes, calling the serviceValidate to make sure I can >> validate the ticket. Note that I am using the same HttpClient to execute >> the login and validate calls to make sure I have the same session id. >> >> Any thoughts on what might be wrong? >> >> Thanks >> >> Joe >> >> >> On Wed, Nov 21, 2012 at 10:04 AM, Scott Battaglia < >> [email protected]> wrote: >> >>> The response from the CAS server indicates that it doesn't think you are >>> :-) >>> >>> Can you post one of the service validate URLs generated (i.e. from an >>> Apache access log on the CAS side)? Maybe there is some encoding issue. >>> >>> >>> On Wed, Nov 21, 2012 at 10:02 AM, Joey Daughtery < >>> [email protected]> wrote: >>> >>>> Yes, I am sending both service and ticket parameters. >>>> >>>> Thanks >>>> >>>> Joe >>>> >>>> >>>> On Wed, Nov 21, 2012 at 9:58 AM, Scott Battaglia < >>>> [email protected]> wrote: >>>> >>>>> Are you passing both a service parameter and a ticket parameter when >>>>> you call validate? >>>>> >>>>> >>>>> On Wed, Nov 21, 2012 at 9:44 AM, Joey Daughtery < >>>>> [email protected]> wrote: >>>>> >>>>>> Jerome >>>>>> Thanks for the response. The following is the response: >>>>>> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> >>>>>> <cas:authenticationFailure code='INVALID_REQUEST'> >>>>>> 'service' and 'ticket' parameters are both >>>>>> required >>>>>> </cas:authenticationFailure> >>>>>> </cas:serviceResponse> >>>>>> >>>>>> Thanks >>>>>> >>>>>> Joe >>>>>> >>>>>> On Wed, Nov 21, 2012 at 9:33 AM, jleleu <[email protected]> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> The log you posted told you that you have been authenticated (CASTGC >>>>>>> cookie created), though it didn't tell you that your ticket has been >>>>>>> validated. >>>>>>> Is it the complete log ? >>>>>>> >>>>>>> What is the exact response from the /serviceValidate url ? Issue >>>>>>> with ticket or service ? HTTP code ? >>>>>>> >>>>>>> Thanks, >>>>>>> Jérôme >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> You are currently subscribed to [email protected] as: >>>>>>> [email protected] >>>>>>> >>>>>>> To unsubscribe, change settings or access archives, see >>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>> >>>>>> >>>>>> -- >>>>>> You are currently subscribed to [email protected] as: >>>>>> [email protected] >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> To unsubscribe, change settings or access archives, see >>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>> >>>>>> >>>>> -- >>>>> You are currently subscribed to [email protected] as: >>>>> [email protected] >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>> >>>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> >>>> >>>> >>>> >>>> >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> >>> >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
