Hi,
I got mod_auth_cas working without SAML. Now I am trying to enable SAML
for LDAP group based auth. But unfortunately apache returns 401. So I am
in need for help again.
In tomcat logs, there are no errors, but final result is
WHAT: ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com
ACTION: SERVICE_TICKET_VALIDATE_FAILED
Before this I see:
2015-02-11 14:38:16,202 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket [ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com]>
2015-02-11 14:38:16,202 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com] found in registry.>
2015-02-11 14:38:16,202 DEBUG
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Principal id to return
for service [HTTP and IMAP] is [kaeeli]. The default principal id is
[kaeeli].>
2015-02-11 14:38:16,202 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket
[ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com] from registry>
2015-02-11 14:38:16,202 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket [ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com]>
2015-02-11 14:38:16,202 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Wed Feb 11 14:38:16 EET 2015
CLIENT IP ADDRESS: 192.168.7.108
SERVER IP ADDRESS: 192.168.7.183
=============================================================
...
2015-02-11 14:38:16,562 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket [ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com]>
2015-02-11 14:38:16,562 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket
[ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com] does not exist.>
2015-02-11 14:38:16,566 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket [ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com]>
2015-02-11 14:38:16,566 INFO
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: ST-1-V6yYyU7eDUu1zqqh4gGm-cas.quretec.com
ACTION: SERVICE_TICKET_VALIDATE_FAILED
APPLICATION: CAS
WHEN: Wed Feb 11 14:38:16 EET 2015
CLIENT IP ADDRESS: 192.168.7.108
SERVER IP ADDRESS: 192.168.7.183
=============================================================
It seems, that service ticket is looked for twice, first time it succeeds.
Then the ticket is removed from the registry. The other attemp after that
fails.
Is this normal and expected behaviour?
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
