Okay, that would make sense. If that is the case then that just means
you need to modify the following line:
<action-state id="generateServiceTicket">
<action bean="generateServiceTicketAction" />
<transition on="success" to ="warn" />
<transition on="error" to="viewLoginForm" />
<transition on="gateway" to="redirect" />
</action-state>
to go to "startAuthenticate" instead of "viewLoginForm" on error. If
you can log a JIRA issue into the CAS Web Site project I'll update the
web site with the new information (if this works ;-)).
Thanks
-Scott
Stephen A. Cochran wrote:
> On Jun 20, 2006, at 9:36 AM, Scott Battaglia wrote:
>
>
>> I just attempted this using Apache Tomcat 5.5.17 and Firefox using a
>> certificate signed by CACert.org (and trusted by my JVM). I had no
>> issues with CAS getting and validating a certificate.
>>
>> At the DEBUG level, CAS should tell you whether their was a
>> certificate
>> found in the request or not. If there was not, that means Tomcat did
>> not properly receive the certificate.
>>
>
> Nothing was showing up in the logs, but think I might ahve just found
> the missing part. Logs of the failure are below, but if I read them
> correctly, the problem is the browser had a invalid TGT (in this case
> because I had restarted tomcat), and that caused the flow to not hit
> the x509 authhandler.
>
> If my guess is correct, this would also explain why often first thing
> in the morning or after a long time away from the computer I would
> see the error, assuming I had an expired TGT still in my browser.
>
> All supposition, thoughts?
>
> Steve
>
> 2006-06-20 10:51:26,879 DEBUG
> [org.jasig.cas.web.flow.TicketGrantingTicketExistsAction] - Action
> 'org.jasig.cas.web.flow.TicketGrantingTicketExistsAction' beginning
> execution
> 2006-06-20 10:51:26,879 DEBUG
> [org.jasig.cas.web.flow.TicketGrantingTicketExistsAction] - Action
> 'org.jasig.cas.web.flow.TicketGrantingTicketExistsAction' completed
> execution; result event is [EMAIL PROTECTED] source =
> [EMAIL PROTECTED], id =
> 'ticketGrantingTicketExists', stateId = [null], parameters = [null]]
> 2006-06-20 10:51:26,879 DEBUG
> [org.jasig.cas.web.flow.HasServiceCheckAction] - Action
> 'org.jasig.cas.web.flow.HasServiceCheckAction' beginning execution
> 2006-06-20 10:51:26,880 DEBUG
> [org.jasig.cas.web.flow.HasServiceCheckAction] - Action
> 'org.jasig.cas.web.flow.HasServiceCheckAction' completed execution;
> result event is [EMAIL PROTECTED] source =
> [EMAIL PROTECTED], id =
> 'hasService', stateId = [null], parameters = [null]]
> 2006-06-20 10:51:26,880 DEBUG
> [org.jasig.cas.web.flow.RenewRequestCheckAction] - Action
> 'org.jasig.cas.web.flow.RenewRequestCheckAction' beginning execution
> 2006-06-20 10:51:26,880 DEBUG
> [org.jasig.cas.web.flow.RenewRequestCheckAction] - Action
> 'org.jasig.cas.web.flow.RenewRequestCheckAction' completed execution;
> result event is [EMAIL PROTECTED] source =
> [EMAIL PROTECTED], id =
> 'generateServiceTicket', stateId = [null], parameters = [null]]
> 2006-06-20 10:51:26,881 DEBUG
> [org.jasig.cas.web.flow.GenerateServiceTicketAction] - Action
> 'org.jasig.cas.web.flow.GenerateServiceTicketAction' beginning execution
> 2006-06-20 10:51:26,883 DEBUG
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to
> retrieve ticket [TGT-2-YrPewFU2jnKcTCWj4Py00oTdIRjwlgcx5Nc-50]
> 2006-06-20 10:51:26,884 DEBUG
> [org.jasig.cas.web.flow.GenerateServiceTicketAction] - Action
> 'org.jasig.cas.web.flow.GenerateServiceTicketAction' completed
> execution; result event is [EMAIL PROTECTED] source =
> [EMAIL PROTECTED], id =
> 'error', stateId = [null], parameters = [null]]
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
