Tim, If you want to parse the XML, I believe the endpoint is "serviceValidate" and not "validate".
-Scott On 5/21/07, Tim Speevack <[EMAIL PROTECTED]> wrote:
Scott, The response that's causing the exception at: edu.yale.its.tp.cas.client.ServiceTicketValidator.validate( ServiceTicketValidator.java:221) is literally "yes\ntms64\n", which is obviously not xml. Tim Can you see what the XML response back from CAS was? There may be an invalid character in there (as evidenced by Content is not allowed in prolog.). -Scott On 5/17/07, Tim Speevack <[EMAIL PROTECTED]> wrote: > > > Apologies to all who have answered these questions a billion times, > but... > > I'm trying to get tomcat/spring/acegi to talk to CAS. I've gotten it > working to some degree, but am now stuck on the following error: > > [Fatal Error] :1:1: Content is not allowed in prolog. > May 17, 2007 2:06:14 PM edu.yale.its.tp.cas.client.CASReceipt getReceipt > SEVERE: edu.yale.its.tp.cas.client.CASAuthenticationException: > Unable to validate ProxyTicketValidator > [ [edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] > [edu.yale.its.tp.cas.client.ServiceTicketValidator > casValidateUrl=[https://secure.its.yale.edu/cas/servlet/validate ] > ticket=[ST-11059954-4vXxKMmEaRychGbtR62b] > > service=[http%3A%2F%2Fyag- > client-36.art.yale.edu%3A8080%2Fyuagit%2Fsecure%2Ftest.jsp] > > renew=false > entireResponse=[yes > <my netid> > ]]]] > > I've gone through all the online references I can find, but can't get > past this error. Clearly I'm getting a valid ticket & login succeeds, > so I'm assuming that this has something to do with SSL & Tomcat. I've > followed all the posts related to keytool, but still no luck. > > Here's how things are configured: > > JVM: JAVA_HOME=C:\jdk1.6.0 > > TOMCAT: CATALINA_HOME=C:\tomcat > server.xml was modified to enable SSL, and keystore & trust are > explicitly defined: > <Connector port="8443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" > maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > keystoreFile="C:\DOCUME~1\<my netid>\.keystore" > keystorePass="changeit" > truststoreFile="C:/jdk1.6.0/jre/lib/security/cacerts" > /> > > KEYSTORE: I created a batch file since I had to run this more than once: > > > @echo off > set USERKEYSTORE=C:\DOCUME~1\tms64\.keystore > set JVMKEYSTORE=%JAVA_HOME%\jre\lib\security\cacerts > > keytool -delete -alias tomcat -keystore "%USERKEYSTORE%" \ > -keypass changeit -storepass changeit -keyalg RSA > > keytool -delete -alias tomcat -keystore "%JVMKEYSTORE%" \ > -keypass changeit -storepass changeit -keyalg RSA > > keytool -genkey -alias tomcat -keystore %USERKEYSTORE% \ > -validity 9999 -keypass changeit -storepass changeit -keyalg RSA \ > -dname "CN=<mymachinename>.art.yale.edu, OU=artgallery, O=yale, > L=newhaven, S=ct, C=us" > > keytool -export -alias tomcat -keystore %USERKEYSTORE% \ > -file server.crt -keypass changeit -storepass changeit -keyalg RSA > > keytool -import -file server.crt -alias tomcat -keystore %JVMKEYSTORE% > \ > -keypass changeit -storepass changeit -keyalg RSA > > > All references I found on this process were somewhat vague. For example > > http://www.ja-sig.org/products/cas/server/ssl/index.html shows: > > %JAVA_HOME%\bin\keytool -export -alias tomcat -keypass changeit -file > %FILE_NAME% > %JAVA_HOME%\bin\keytool -import -file server.crt -keypass changeit > -keystore %JAVA_HOME%/jre/lib/security/cacerts > %JAVA_HOME%\bin\keytool -import -file server.crt -keypass changeit > > It's not clear from this example whether %FILE_NAME% and server.crt are > intended to be the same files, though after reading > http://tp.its.yale.edu/pipermail/cas-dev/2007-April/001751.html it would > > appear that that is the intention. > > I'm sure I've missed a critical point somewhere, but I'm not at all > familiar with ssl setup so it's not obvious. I'm fairly sure that the > remainder of the setup is correct, but I can provide gory details of the > > webapp configuration, spring, acegi, etc. > > Any help will be much appreciated! > Tim > > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
-- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
