Hi all,
We've been using CAS (3.4.12) with Banner's BEIS server since June or so of this year without problems. Last night I rebooted the OS of the CAS server to add some storage (its a VM) but made no other changes. We're still using the same cas.war file built months ago. Since last night though, we've had some issues with users accessing Banner self-service via BEIS links. Some of the time when a user clicks on a BEIS/Self Service link it hangs and eventually gives a 500 internal service error. We haven't had any issues with any other CAS clients here - just BEIS. BEIS reports the following error in their logs: 2013-11-08 13:07:38,071 WARN [org.jasig.cas.client.validation.Saml11TicketValidationFilter.<doFilter>] - org.jasig.cas.client.validation.TicketValidationException: org.opensaml.SAMLException: 'service' and 'ticket' parameters are both required org.jasig.cas.client.validation.TicketValidationException: org.opensaml.SAMLException: 'service' and 'ticket' parameters are both required at org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:94) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188) at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) at com.sghe.sso.client.web.filter.SSOValidationFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209) at weblogic.work.ExecuteThread.run(ExecuteThread.java:178) Caused by: org.opensaml.SAMLException: 'service' and 'ticket' parameters are both required at org.opensaml.SAMLException.getInstance(Unknown Source) at org.opensaml.SAMLResponse.fromDOM(Unknown Source) at org.opensaml.SAMLResponse.<init>(Unknown Source) at org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:50) ... 19 more We've opened a case with Ellucian about the BEIS side since I think that is where the issue lies, but I thought it best to see if anyone here has seen this before or has ideas. Thanks in advance for any insight or ideas you can provide! Paul Chauvet Senior Linux Systems Administrator Chair, Information Security Oversight Committee Computer Services State University of New York at New Paltz Phone: (845) 257-3828 [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
