Tom,
I am letting forms authentication do all the work so the "protected" page,
which is in a subfolder with a separate web.config that is referenced has no
code in it but still generates the error described below. Here's it's
web.config:
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
Here is my main web.config modified to remove any sensitive server and
application references.
I'm not sure if the TGT is really the problem or if something else is causing
this.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="casClientConfig"
type="DotNetCasClient.Configuration.CasClientConfiguration, DotNetCasClient" />
</configSections>
<system.web>
<customErrors mode="Off">
<error statusCode="503" redirect="/ServerBusy.aspx" />
</customErrors>
<!-- Other system.web elements here -->
<httpModules>
<add name="DotNetCasClient"
type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" />
</httpModules>
<trace enabled="true" />
<authentication mode="Forms">
<forms loginUrl="https://example.edu/cas/login"; timeout="30"
defaultUrl="~/Default.aspx" cookieless="UseCookies" slidingExpiration="true"
path="/MyApp/" />
</authentication>
<compilation debug="true" />
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<remove name="DotNetCasClient" />
<add name="DotNetCasClient"
type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" />
</modules>
</system.webServer>
<system.diagnostics>
<trace autoflush="true" useGlobalLock="false" />
<sharedListeners>
<!--
Writing trace output to a log file is recommended.
IMPORTANT:
The user account under which the containing application pool runs
must have privileges to create and modify the trace log file.
-->
<add name="TraceFile" type="System.Diagnostics.TextWriterTraceListener"
initializeData="E:\wwwroot\DotNetCasClient.Log" traceOutputOptions="DateTime" />
</sharedListeners>
<sources>
<!-- Provides diagnostic information on module configuration parameters.
-->
<source name="DotNetCasClient.Config" switchName="Config"
switchType="System.Diagnostics.SourceSwitch">
<listeners>
<add name="TraceFile" />
</listeners>
</source>
<!-- Traces IHttpModule lifecycle events and meaningful operations
performed therein. -->
<source name="DotNetCasClient.HttpModule" switchName="HttpModule"
switchType="System.Diagnostics.SourceSwitch">
<listeners>
<add name="TraceFile" />
</listeners>
</source>
<!-- Provides protocol message and routing information. -->
<source name="DotNetCasClient.Protocol" switchName="Protocol"
switchType="System.Diagnostics.SourceSwitch">
<listeners>
<add name="TraceFile" />
</listeners>
</source>
<!-- Provides details on security operations and notable security
conditions. -->
<source name="DotNetCasClient.Security" switchName="Security"
switchType="System.Diagnostics.SourceSwitch">
<listeners>
<add name="TraceFile" />
</listeners>
</source>
</sources>
<switches>
<!--
Set trace switches to appropriate logging level. Recommended values in
order of increasing verbosity:
- Off
- Error
- Warning
- Information
- Verbose
-->
<!--
Config category displays detailed information about
CasAuthenticationModule configuration.
The output of this category is only displayed when the module is
initialized, which happens
for the first request following application/server startup.
-->
<add name="Config" value="Verbose" />
<!--
Set this category to Verbose to trace HttpModule lifecycle events in
CasAuthenticationModule.
This category produces voluminous output in Verbose mode and should be
avoided except for
limited periods of time troubleshooting vexing integration problems.
-->
<add name="HttpModule" value="Verbose" />
<!--
Set to Verbose to display protocol messages between the client and server.
This category is very helpful for troubleshooting integration problems.
-->
<add name="Protocol" value="Verbose" />
<!--
Displays important security-related information.
-->
<add name="Security" value="Verbose" />
</switches>
</system.diagnostics>
<casClientConfig casServerLoginUrl="https://example.edu/cas/login/";
casServerUrlPrefix="https://example.edu/cas/"; serverName="server.example.edu"
notAuthorizedUrl="~/NotAuthorized.aspx"
cookiesRequiredUrl="~/CookiesRequired.aspx" redirectAfterValidation="true"
renew="false" singleSignOut="true" ticketValidatorName="Saml11"
serviceTicketManager="CacheServiceTicketManager" />
</configuration>
Thanks!
**********************
Mark Reynolds
IT Manager
Parking Services Department
Joe Frank Harris Commons
University Of Georgia
80 Carlton Street
Athens, GA 30602-6004
706-542-7364
[email protected]<mailto:[email protected]>
From: Tom O'Neill [mailto:[email protected]]
Sent: Friday, May 15, 2015 3:25 PM
To: [email protected]
Subject: RE: [cas-user] .Net CAS Client error
Mark,
Would you be able to post a chunk of your .NET code?
Based on the error message and the feedback you received it sounds like you
could be missing a step.
The lack of a TGT (Ticket Granting Ticket) would explain why you are seeing a
ST (Service Ticket) error.
The TGT is assigned when a successful authentication occurs and is then used to
request a ST for a particular service.
Thanks,
Tom O'Neill
Senior Consultant
Strata Information Group
[email protected]<mailto:[email protected]>
Mobile : (401) 644-4847
Corporate : (619) 296-0170
From: Mark B Reynolds [mailto:[email protected]]
Sent: Friday, May 15, 2015 2:37 PM
To: [email protected]<mailto:[email protected]>
Subject: RE: [cas-user] .Net CAS Client error
Our systems admin rep said our CAS server is version 3.5.1.
Again, any guidance in resolving the error below would be appreciated.
Thanks,
**********************
Mark Reynolds
IT Manager
Parking Services Department
Joe Frank Harris Commons
University Of Georgia
80 Carlton Street
Athens, GA 30602-6004
706-542-7364
[email protected]<mailto:[email protected]>
From: John Gasper [mailto:[email protected]]
Sent: Thursday, May 14, 2015 2:08 PM
To: [email protected]<mailto:[email protected]>
Subject: Re: [cas-user] .Net CAS Client error
Hi Mark,
What version of CAS Server are you using?
John
From: Mark B Reynolds <[email protected]<mailto:[email protected]>>
Reply-To: <[email protected]<mailto:[email protected]>>
Date: Thursday, May 14, 2015 at 10:34 AM
To: <[email protected]<mailto:[email protected]>>
Subject: [cas-user] .Net CAS Client error
We're being asked to switch our web applications over to use CAS instead of
LDAP. I am a novice at this but I know I need to pull in some attributes,
which requires the use of SAML 1.1 in the .Net CAS client. Unfortunately,
although it was working at one point, I have started getting errors that occur
when I change the ticketValidatorName configuration from Cas20 to Saml11.
I have even tried using the sample website from the .Net CAS client on GitHub.
It works when I set ticketValidatorName="Cas20" but when I change it to Saml11,
the site errors. I have also tried a blank website copying the web.config
settings from the Wiki and updating them to point to our dev CAS server and
application along with a "protected" ASP.NET folder (separate web.config with a
deny ? entry) and that also fails.
I have been unable to determine whether the issue is with my server, the .Net
CAS client, the configuration, or the CAS server. I enlisted the help of our
systems administration group which runs the CAS server but they could not
determine why this error occurred only to say a ticket granting ticket (?)was
not being requested.
Any assistance would be appreciated in helping resolve this issue.
The error I'm getting is:
{"failure":"true","exception.message":"org.springframework.webflow.execution.ActionExecutionException:
Exception thrown executing
org.jasig.cas.web.flow.GenerateServiceTicketAction@ad5b8da<mailto:org.jasig.cas.web.flow.GenerateServiceTicketAction@ad5b8da>
in state 'generateServiceTicket' of flow 'login' -- action execution
attributes were
'map[[empty]]'","exception.stacktrace":"org.springframework.webflow.execution.ActionExecutionException:
Exception thrown executing
org.jasig.cas.web.flow.GenerateServiceTicketAction@ad5b8da<mailto:org.jasig.cas.web.flow.GenerateServiceTicketAction@ad5b8da>
in state 'generateServiceTicket' of flow 'login' -- action execution
attributes were 'map[[empty]]'\n\tat
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:60)\n\tat
org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)\n\tat
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)\n\tat
org.springframework.webflow.execution.AnnotatedAction.execute(AnnotatedAction.java:145)\n\tat
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)\n\tat
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)\n\tat
org.springframework.webflow.engine.State.enter(State.java:194)\n\tat
org.springframework.webflow.engine.Transition.execute(Transition.java:227)\n\tat
org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)\n\tat
org.springframework.webflow.engine.State.enter(State.java:194)\n\tat
org.springframework.webflow.engine.Transition.execute(Transition.java:227)\n\tat
org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)\n\tat
org.springframework.webflow.engine.State.enter(State.java:194)\n\tat
org.springframework.webflow.engine.Transition.execute(Transition.java:227)\n\tat
org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51)\n\tat
org.springframework.webflow.engine.State.enter(State.java:194)\n\tat
org.springframework.webflow.engine.Flow.start(Flow.java:535)\n\tat
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:366)\n\tat
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:225)\n\tat
org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)\n\tat
org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193)\n\tat
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)\n\tat
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)\n\tat
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)\n\tat
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)\n\tat
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)\n\tat
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)\n\tat
org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:128)\n\tat
org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:57)\n\tat
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)\n\tat
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)\n\tat
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)\n\tat
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)\n\tat
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)\n\tat
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)\n\tat
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)\n\tat
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)\n\tat
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)\n\tat
com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)\n\tat
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)\n\tat
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)\n\tat
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)\n\tat
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)\n\tat
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)\n\tat
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)\n\tat
org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:600)\n\tat
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:555)\n\tat
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)\n\tat
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)\n\tat
org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:865)\n\tat
org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)\n\tat
org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1556)\n\tat
java.lang.Thread.run(Thread.java:701)\nCaused by:
java.lang.IllegalArgumentException: 'principal' cannot be null.\nCheck the
correctness of @Audit annotation at the following audit point: execution(public
abstract java.lang.String
org.jasig.cas.CentralAuthenticationService.grantServiceTicket(java.lang.String,org.jasig.cas.authentication.principal.Service))\n\tat
com.github.inspektr.audit.AuditActionContext.assertNotNull(AuditActionContext.java:81)\n\tat
com.github.inspektr.audit.AuditActionContext.<init>(AuditActionContext.java:63)\n\tat
com.github.inspektr.audit.AuditTrailManagementAspect.executeAuditCode(AuditTrailManagementAspect.java:149)\n\tat
com.github.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:139)\n\tat
sun.reflect.GeneratedMethodAccessor73.invoke(Unknown Source)\n\tat
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat
java.lang.reflect.Method.invoke(Method.java:622)\n\tat
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)\n\tat
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)\n\tat
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)\n\tat
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)\n\tat
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)\n\tat
org.perf4j.aop.AbstractTimingAspect$1.proceed(AbstractTimingAspect.java:47)\n\tat
org.perf4j.aop.AgnosticTimingAspect.runProfiledMethod(AgnosticTimingAspect.java:53)\n\tat
org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspect.java:45)\n\tat
sun.reflect.GeneratedMethodAccessor72.invoke(Unknown Source)\n\tat
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat
java.lang.reflect.Method.invoke(Method.java:622)\n\tat
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)\n\tat
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)\n\tat
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)\n\tat
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)\n\tat
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)\n\tat
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)\n\tat
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)\n\tat
com.sun.proxy.$Proxy27.grantServiceTicket(Unknown Source)\n\tat
org.jasig.cas.web.flow.GenerateServiceTicketAction.doExecute(GenerateServiceTicketAction.java:52)\n\tat
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)\n\tat
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)\n\t...
52 more\n"}
Thanks in advance!
**********************
Mark Reynolds
IT Manager
Parking Services Department
Joe Frank Harris Commons
University Of Georgia
80 Carlton Street
Athens, GA 30602-6004
706-542-7364
[email protected]<mailto:[email protected]>
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
