[cas-user] INVALID_TICKET after successful login

Fri, 17 May 2013 11:33:34 -0700 

Hi all!
I'm having a curious issue with a client service authenticating versus CAS 3.4.x. After a successful authentication in CAS, I come back to the client service I get an "Invalid ticket" error. 


Debugging a little around I found out that CAS  returns correctly the 
ticket, so let's suppose my ticket is: 
ST-17-SddwMHgx3Kt1rp92g4jz-cas.devels.es
I go to 
/serviceValidate?ticket=ST-17-SddwMHgx3Kt1rp92g4jz-cas.devels.es&service=http%3A%2F%2Fweburl%2Fxmlui%2Fcas-login 
and the response is:


<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
        <cas:authenticationFailure code='INVALID_TICKET'>
                no se ha reconocido el ticket 
&#039;ST-17-SddwMHgx3Kt1rp92g4jz-cas.devels.es&#039;
        </cas:authenticationFailure>
</cas:serviceResponse>


Researching a little about that code I found this: 'the ticket provided 
was not valid, or the ticket did not come from an initial login and 
"renew" was set on validation. The body of the 
<cas:authenticationFailure> block of the XML response SHOULD describe 
the exact details.'



Well, the renew flag was not set so I assume the ticket is not valid... 
but why? No /logout was accessed during all these steps, I can even see 
when I access /cas that I'm still logged in.


In tomcat's logs all I can see is:

=============================================================
WHO: mylogin

WHAT: ST-17-SddwMHgx3Kt1rp92g4jz-cas.devels.es for 
http://weburl/xmlui/cas-login

ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Fri May 17 19:06:05 WEST 2013
CLIENT IP ADDRESS: X
SERVER IP ADDRESS: Y
=============================================================

=============================================================
WHO: audit:unknown
WHAT: ST-17-SddwMHgx3Kt1rp92g4jz-cas.devels.es
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Fri May 17 19:06:06 WEST 2013
CLIENT IP ADDRESS: X
SERVER IP ADDRESS: Y
=============================================================

=============================================================
WHO: audit:unknown
WHAT: ST-17-SddwMHgx3Kt1rp92g4jz-cas.devels.es
ACTION: SERVICE_TICKET_VALIDATE_FAILED
APPLICATION: CAS
WHEN: Fri May 17 19:07:50 WEST 2013
CLIENT IP ADDRESS: X
SERVER IP ADDRESS: Y
=============================================================


The last two blocks are identical except for the ACTION. Can anyone 
bring some light on that and tell me why could that be happening?


Any help is appreciated!

Nicolás

--
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user






















					Reply via email to