Thank you David! I didn't catch that. The logs look much better with this pointing to the client now. I had used some properties files to extract out hardcoded urls and somewhere in there set it to the server instead of the client. Great catch!
Thanks, ~Karl~ On Thu, Jun 27, 2013 at 5:38 AM, Ohsie, David <[email protected]> wrote: > This still looks a bit wrong possibly, if you want to actually use that > PGT:**** > > ** ** > > <beans:property name="proxyCallbackUrl" > value="https:/ourcasserver:443/cas/proxy/receptor" /> **** > > ** ** > > You want to put in a URI to your cas client, not your cas server. Your > cas client needs to receive the PGT. **** > > ** ** > > ** ** > > *From:* Karl Nielsen [mailto:[email protected]] > *Sent:* Wednesday, June 26, 2013 1:16 PM > > *To:* [email protected] > *Subject:* Re: [cas-user] /proxy/receptor**** > > ** ** > > Found it. Had a cached file that wasn't deploying my changes. Thanks for > your help!**** > > ** ** > > On Wed, Jun 26, 2013 at 10:45 AM, Karl Nielsen <[email protected]> > wrote:**** > > So my configuration is now: **** > > ** ** > > <beans:property name="ticketValidator">**** > > <beans:bean**** > > class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">**** > > <beans:constructor-arg index="0"**** > > value="${system.casServerUrl}/cas" />**** > > <beans:property name="proxyCallbackUrl" > value="https:/ourcasserver:443/cas/proxy/receptor" /> **** > > </beans:bean>**** > > </beans:property>**** > > ** ** > > ** ** > > And I am still seeing this error: **** > > ** ** > > 2013-06-26 10:39:44,999 ERROR > [org.jasig.cas.web.ServiceValidateController] - <Error constructing pgtUrl> > **** > > java.net.MalformedURLException: no protocol: /proxy/receptor**** > > at java.net.URL.<init>(URL.java:586)**** > > ** ** > > Coupled with this log entry: **** > > ** ** > > =============================================================**** > > WHO: audit:unknown**** > > WHAT: ST-269-BtoaD1YpciC3KLRA0uN3-ourcasserver**** > > ACTION: SERVICE_TICKET_VALIDATED**** > > APPLICATION: CAS**** > > WHEN: Wed Jun 26 10:39:45 MDT 2013**** > > CLIENT IP ADDRESS: 10.1.2.50**** > > SERVER IP ADDRESS: 10.1.2.85**** > > =============================================================**** > > ** ** > > I am going to dig a little deeper on the server to see if something is > cached somewhere, but I am not seeing it immediately...**** > > ** ** > > ** ** > > On Wed, Jun 26, 2013 at 10:16 AM, Young III, Russell Alonzo < > [email protected]> wrote:**** > > The proxyCallbackUrl should be the full URL. E.g. <beans:property > name="proxyCallbackUrl" value="https://your.url/proxy/receptor"; /> > > -Russ**** > ------------------------------ > > *From:* Karl Nielsen [[email protected]] > *Sent:* Wednesday, June 26, 2013 10:47 AM > *To:* [email protected] > *Subject:* Re: [cas-user] /proxy/receptor**** > > Looking at my configuration, I am using Spring Security this is the > section dealing with the proxy receptor: **** > > ** ** > > <beans:property name="ticketValidator">**** > > <beans:bean**** > > class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">**** > > <beans:constructor-arg index="0"**** > > value="https://ourcasserver/cas"; />**** > > <beans:property name="proxyCallbackUrl" value="/proxy/receptor" /> **** > > </beans:bean>**** > > </beans:property>**** > > ** ** > > This is the configuration that was giving me the: > java.net.MalformedURLException: no protocol: /proxy/receptor error**** > > ** ** > > To my knowledge this is the correct configuration, am I wrong?**** > > ** ** > > Thanks,**** > > ** ** > > ~Karl~ **** > > ** ** > > On Thu, Jun 20, 2013 at 7:26 PM, Young III, Russell Alonzo < > [email protected]> wrote:**** > > It looks like CAS for some reason isn't getting the full URL for the proxy > callback. In your web.xml for the proxyCallbackUrl you should have the full > URL (e.g. https://foo.bar/proxy/receptor) and just "/proxy/receptor" for > the proxyReceptorUrl.**** > ------------------------------ > > *From:* Karl Nielsen [[email protected]] > *Sent:* Thursday, June 20, 2013 4:38 PM > *To:* [email protected] > *Subject:* [cas-user] /proxy/receptor**** > > I am getting some strange errors that I am having a hard time tracking > down. I am getting this exception: **** > > ** ** > > 2013-06-20 14:56:01,350 ERROR > [org.jasig.cas.web.ServiceValidateController] - <Error constructing pgtUrl> > **** > > java.net.MalformedURLException: no protocol: /proxy/receptor**** > > at java.net.URL.<init>(URL.java:597)**** > > at java.net.URL.<init>(URL.java:494)**** > > at java.net.URL.<init>(URL.java:443)**** > > ** ** > > If I just go to my cas server in my browser it lets me login just fine. If > I go to my app, named MMP, it shows in the logs that it is verifying the > ticket and works good too. Everything is running fine, then all of a sudden > it no longer works and wont SSO. **** > > ** ** > > After this happens if I try and browse to the server in IE, I get a "There > is a problem with this website's security certificate" error. Chrome > doesn't even give me that, it just spins and spins and spins. **** > > ** ** > > It then logs an unknown user:**** > > ** ** > > =============================================================**** > > WHO: audit:unknown**** > > WHAT: ST-218-eE2tdvOIjPOaWoX92RyP-cas.mycompany.com**** > > ACTION: SERVICE_TICKET_VALIDATED**** > > APPLICATION: CAS**** > > WHEN: Thu Jun 20 14:56:01 MDT 2013**** > > CLIENT IP ADDRESS: 10.1.2.50**** > > SERVER IP ADDRESS: 10.1.2.85**** > > =============================================================**** > > ** ** > > Any idea as to how to go about debugging this? **** > > -- > You are currently subscribed to [email protected] as: [email protected] > > **** > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user**** > > -- > You are currently subscribed to [email protected] as: > [email protected] > > **** > > ** ** > > ** ** > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user**** > > ** ** > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user**** > > -- > You are currently subscribed to [email protected] as: > [email protected] > > **** > > ** ** > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user**** > > ** ** > > ** ** > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user**** > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
