Hi, CAS worked fine till that error
Mybe it's something concern to our remember me feature? Thanks. ray. -----Original Message----- From: ray [mailto:[email protected]] Sent: Wednesday, February 26, 2014 6:44 PM To: [email protected] Subject: [cas-user] error on cas client on Prod Hi, I am having an error from my cas client (Spring secutiry): Failed to provide a CAS service ticket to validate On cas side the logs seems right: WHO: idanf WHAT: ST-146-xh4JZaIjtvemElJoEmfT-cas for https://mywebsite.com/login ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Wed Feb 26 16:43:34 UTC 2014 CLIENT IP ADDRESS: 194.90.18.242 SERVER IP ADDRESS: mycas.com ============================================================= 2014-02-26 16:43:34,457 DEBUG [org.jasig.cas.web.flow.TerminateWebSessionListener] - <Terminate web session 9E468754A1B6905779CC27E2C3BDECC9 in 2 seconds> 2014-02-26 16:43:34,647 DEBUG [org.jasig.cas.authentication.principal.SamlService] - <Attempted to extract Request from HttpServletRequest. Results:> 2014-02-26 16:43:34,648 DEBUG [org.jasig.cas.authentication.principal.SamlService] - <Request Body: <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="18b35fd7-97d1-4b65-9529-df3ed4043d78" IssueInstant="2014-02-26T16:43:16Z"><samlp:AssertionArtifact>ST-146-xh4JZaIjtvemElJoEmfT-cas</samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope>> 2014-02-26 16:43:34,648 DEBUG [org.jasig.cas.authentication.principal.SamlService] - <Extracted ArtifactId: ST-146-xh4JZaIjtvemElJoEmfT-cas> 2014-02-26 16:43:34,648 DEBUG [org.jasig.cas.authentication.principal.SamlService] - <Extracted Request Id: 18b35fd7-97d1-4b65-9529-df3ed4043d78> 2014-02-26 16:43:34,648 DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor generated service for: https://mywebsite.com/login> 2014-02-26 16:43:34,649 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-146-xh4JZaIjtvemElJoEmfT-cas]> 2014-02-26 16:43:34,649 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [ST-146-xh4JZaIjtvemElJoEmfT-cas] found in registry.> 2014-02-26 16:43:34,650 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Principal id to return for service [HTTPS] is [idanf]. The default principal id is [idanf].> 2014-02-26 16:43:34,650 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket [ST-146-xh4JZaIjtvemElJoEmfT-cas] from registry> 2014-02-26 16:43:34,650 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-146-xh4JZaIjtvemElJoEmfT-cas]> Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-146-xh4JZaIjtvemElJoEmfT-cas ACTION: SERVICE_TICKET_VALIDATED APPLICATION: CAS WHEN: Wed Feb 26 16:43:34 UTC 2014 CLIENT IP ADDRESS: 54.84.136.123 SERVER IP ADDRESS: mycas.com ============================================================= On the client side logs: 2014-02-26 16:46:30,117 DEBUG [http-bio-8080-exec-1] - Checking match of request : '/login'; against '/api/**' -- 2014-02-26 16:46:30,118 DEBUG [http-bio-8080-exec-1] - Authentication attempt using org.springframework.security.cas.authentication.CasAuthenticationProvider 2014-02-26 16:46:30,118 DEBUG [http-bio-8080-exec-1] - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Failed to provide a CAS service ticket to validate 2014-02-26 16:46:30,118 DEBUG [http-bio-8080-exec-1] - Updated SecurityContextHolder to contain null Authentication 2014-02-26 16:46:30,118 DEBUG [http-bio-8080-exec-1] - Delegating to authentication failure handler org.springframework.security.cas.web.CasAuthenticationFilter$CasAuthenticationFailureHandler@6c05cd35 2014-02-26 16:46:30,118 DEBUG [http-bio-8080-exec-1] - serviceTicketRequest = true 2014-02-26 16:46:30,118 DEBUG [http-bio-8080-exec-1] - No failure URL set, sending 401 Unauthorized error 2014-02-26 16:46:30,118 DEBUG [http-bio-8080-exec-1] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 2014-02-26 16:46:30,118 DEBUG [http-bio-8080-exec-1] - SecurityContextHolder now cleared, as request processing completed 2014-02-26 16:46:31,879 DEBUG [http-bio-8080-exec-10] - Checking match of request : '/login'; against '/api/**' 2014-02-26 16:46:31,879 DEBUG [http-bio-8080-exec-10] - Checking match of request : '/login'; against '/resources/**' 2014-02-26 16:46:31,879 DEBUG [http-bio-8080-exec-10] - /login at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' -- 2014-02-26 16:46:31,880 DEBUG [http-bio-8080-exec-10] - Authentication attempt using org.springframework.security.cas.authentication.CasAuthenticationProvider 2014-02-26 16:46:31,880 DEBUG [http-bio-8080-exec-10] - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Failed to provide a CAS service ticket to validate 2014-02-26 16:46:31,880 DEBUG [http-bio-8080-exec-10] - Updated SecurityContextHolder to contain null Authentication 2014-02-26 16:46:31,880 DEBUG [http-bio-8080-exec-10] - Delegating to authentication failure handler org.springframework.security.cas.web.CasAuthenticationFilter$CasAuthenticationFailureHandler@6c05cd35 2014-02-26 16:46:31,880 DEBUG [http-bio-8080-exec-10] - serviceTicketRequest = true 2014-02-26 16:46:31,880 DEBUG [http-bio-8080-exec-10] - No failure URL set, sending 401 Unauthorized error 2014-02-26 16:46:31,880 DEBUG [http-bio-8080-exec-10] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 2014-02-26 16:46:31,880 DEBUG [http-bio-8080-exec-10] - SecurityContextHolder now cleared, as request processing completed 2014-02-26 16:46:32,297 DEBUG [http-bio-8080-exec-8] - Checking match of request : '/login'; against '/api/**' 2014-02-26 16:46:32,297 DEBUG [http-bio-8080-exec-8] - Checking match of request : '/login'; against '/resources/**' 2014-02-26 16:46:32,297 DEBUG [http-bio-8080-exec-8] - /login at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' -- 2014-02-26 16:46:32,298 DEBUG [http-bio-8080-exec-8] - Authentication attempt using org.springframework.security.cas.authentication.CasAuthenticationProvider 2014-02-26 16:46:32,298 DEBUG [http-bio-8080-exec-8] - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Failed to provide a CAS service ticket to validate 2014-02-26 16:46:32,298 DEBUG [http-bio-8080-exec-8] - Updated SecurityContextHolder to contain null Authentication 2014-02-26 16:46:32,298 DEBUG [http-bio-8080-exec-8] - Delegating to authentication failure handler org.springframework.security.cas.web.CasAuthenticationFilter$CasAuthenticationFailureHandler@6c05cd35 2014-02-26 16:46:32,298 DEBUG [http-bio-8080-exec-8] - serviceTicketRequest = true 2014-02-26 16:46:32,298 DEBUG [http-bio-8080-exec-8] - No failure URL set, sending 401 Unauthorized error 2014-02-26 16:46:32,298 DEBUG [http-bio-8080-exec-8] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 2014-02-26 16:46:32,298 DEBUG [http-bio-8080-exec-8] - SecurityContextHolder now cleared, as request processing completed Any idea? thanks. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user This e-mail and the information it contains may be privileged and/or confidential. It is intended solely for the use of the named recipient(s). If you are not the intended recipient you may not disclose, copy, distribute or retain any part of this message or attachments. If you have received this e-mail in error please notify the sender immediately [by clicking 'Reply'] and delete this e-mail. This e-mail and the information it contains may be privileged and/or confidential. It is intended solely for the use of the named recipient(s). If you are not the intended recipient you may not disclose, copy, distribute or retain any part of this message or attachments. If you have received this e-mail in error please notify the sender immediately [by clicking 'Reply'] and delete this e-mail. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
