Hi Team, I have successfully implemented CAS 3.5.2 with my spring based web application. now when I deployed CAS server on another physical machine "http://192.168.200.22:8080/cas-server-webapp-3.5.2/ " and my application on say http://xyz.com and I trying to do authentication I am getting below log in client side application.
on CAS server log I found that ticket is generated and validated successsfully. and on the browser I am getting message "authentication failed". [venice] DEBUG [03 Aug 2013 13:21:10,393] [] [] [] HashMapBackedSessionMappingStorage.removeBySessionById(69) | No mapping for session found. Ignoring. [venice] DEBUG [03 Aug 2013 13:21:12,718] [] [] [] SingleSignOutHandler.recordSession(118) | Recording session for token ST-1-7UOGr7pdalRudKKXtWbV-cas01.example.org [venice] DEBUG [03 Aug 2013 13:21:12,719] [] [] [] HashMapBackedSessionMappingStorage.removeBySessionById(60) | Attempting to remove Session=[327ce7b41fc17bc3180718d7ca9d] [venice] DEBUG [03 Aug 2013 13:21:12,719] [] [] [] HashMapBackedSessionMappingStorage.removeBySessionById(69) | No mapping for session found. Ignoring. [venice] DEBUG [03 Aug 2013 13:21:12,723] [] [] [] Saml11TicketValidator.constructValidationUrl(116) | Placing URL parameters in map. [venice] DEBUG [03 Aug 2013 13:21:12,723] [] [] [] Saml11TicketValidator.constructValidationUrl(124) | Calling template URL attribute map. [venice] DEBUG [03 Aug 2013 13:21:12,724] [] [] [] Saml11TicketValidator.constructValidationUrl(127) | Loading custom parameters from configuration. [venice] DEBUG [03 Aug 2013 13:21:12,725] [] [] [] Saml11TicketValidator.validate(202) | Constructing validation url: http://192.168.200.22:8080/cas-server-webapp-3.5.2/samlValidate?TARGET=http%3A%2F%2F%2Feqa.nihilent.com%2FVenice_URL%2Fj_spring_cas_security_check [venice] DEBUG [03 Aug 2013 13:21:12,726] [] [] [] Saml11TicketValidator.validate(206) | Retrieving response from server. [venice] DEBUG [03 Aug 2013 13:21:13,295] [] [] [] Saml11TicketValidator.validate(214) | Server response: <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Body><saml1p:Response IssueInstant="2013-08-03T07:34:59.944Z" MajorVersion="1" MinorVersion="1" Recipient="http:///eqa.nihilent.com/Venice_URL/j_spring_cas_security_check<http://eqa.nihilent.com/Venice_URL/j_spring_cas_security_check>" ResponseID="_3a51b0ffa0df6cf56b9ef090958e239d" xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol"><saml1p:Status><saml1p:StatusCode Value="saml1p:Success"/></saml1p:Status><saml1:Assertion AssertionID="_163c3f34804521f1907f128ba079eebe" IssueInstant="2013-08-03T07:34:59.944Z" Issuer="localhost" MajorVersion="1" MinorVersion="1" xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion"><saml1:Conditions NotBefore="2013-08-03T07:34:59.944Z" NotOnOrAfter="2013-08-03T07:35:29.944Z"><saml1:AudienceRestrictionCondition><saml1:Audience>http:///eqa.nihilent.com/Venice_URL/j_spring_cas_security_check</saml1:Audience></saml1:AudienceRestrictionCondition></saml1:Conditions><saml1:AuthenticationStatement<http://eqa.nihilent.com/Venice_URL/j_spring_cas_security_check%3c/saml1:Audience%3e%3c/saml1:AudienceRestrictionCondition%3e%3c/saml1:Conditions%3e%3csaml1:AuthenticationStatement> AuthenticationInstant="2013-08-03T07:34:59.646Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><saml1:Subject><saml1:NameIdentifier>[email protected]</saml1:NameIdentifier><saml1:SubjectConfirmation><saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</saml1:ConfirmationMethod></saml1:SubjectConfirmation></saml1:Subject></saml1:AuthenticationStatement></saml1:Assertion></saml1p:Response></SOAP-ENV:Body></SOAP-ENV:Envelope<mailto:[email protected]%3c/saml1:NameIdentifier%3e%3csaml1:SubjectConfirmation%3e%3csaml1:ConfirmationMethod%3eurn:oasis:names:tc:SAML:1.0:cm:artifact%3c/saml1:ConfirmationMethod%3e%3c/saml1:SubjectConfirmation%3e%3c/saml1:Subject%3e%3c/saml1:AuthenticationStatement%3e%3c/saml1:Assertion%3e%3c/saml1p:Response%3e%3c/SOAP-ENV:Body%3e%3c/SOAP-ENV:Envelope>> [venice] ERROR [03 Aug 2013 13:21:13,306] [] [] [] XML.registerSchemas(?) | Unable to parse SAML 1.0 Schemas: org.xml.sax.SAXParseException: schema_reference.4: Failed to read schema document 'xml.xsd', because 1) could not find the document; 2) the document could not be read; 3) the root element of the document is not <xsd:schema>. [venice] ERROR [03 Aug 2013 13:21:13,308] [] [] [] XML.registerSchemas(?) | Unable to parse SAML 1.1 Schemas: org.xml.sax.SAXParseException: schema_reference.4: Failed to read schema document 'xml.xsd', because 1) could not find the document; 2) the document could not be read; 3) the root element of the document is not <xsd:schema>. [venice] DEBUG [03 Aug 2013 13:21:13,316] [] [] [] Saml11TicketValidator.isValidAssertion(138) | skipping expired assertion... Is it because of time difference in both physical machine or some specific configuraiton need to be done when CAS server is deployed on separate physical machine? Any hint will be great help. it's very urgnet. Thanks and Regards, Rohit Kotecha -**************Nihilent*************** " *** All information contained in this communication is confidential, proprietary, privileged and is intended for the addressees only. If youhave received this E-mail in error please notify mail administrator by telephone on +91-20-39846100 or E-mail the sender by replying to this message, and then delete this E-mail and other copies of it from your computer system. Any unauthorized dissemination,publication, transfer or use of the contents of this communication, with or without modifications is punishable under the relevant law. Nihilent has scanned this mail with current virus checking technologies. However, Nihilent makes no representations or warranties to the effect that this communication is virus-free. Nihilent reserves the right to monitor all E-mail communications through its Corporate Network. *** " *************************************************************************- -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
