Ross,

There is an inconsistency in the service url provided at login time and at
validation time:

 The original service was
'http://localhost:8080/casSample/index.html?' and the supplied service was
'http://localhost:8080/casSample/index.html'.

You appear to have an extra "?".

-Scott

On 9/12/07, Ross Bleakney <[EMAIL PROTECTED]> wrote:
>
> Excellent. That did point out my problem. The certificate says
> "gammel1.devqa.sersol.il.pqe" but I was using "gammel1.devqa". So, I
> changed my filter to use "gammel1.devqa.sersol.il.pqe", but now I get a
> different error:
>
> javax.servlet.ServletException: Unable to validate ProxyTicketValidator
> [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> [edu.yale.its.tp.cas.client.ServiceTicketValidator
> casValidateUrl=[
> https://gammel1.devqa.sersol.il.pqe:8443/cas/serviceValidate]
> ticket=[ST-7-iAwfbTJdvxggYhbfQSSkeFi2YZmbJkaFMM9-20]
> service=[http%3A%2F%2Flocalhost%3A8080%2FcasSample%2Findex.html]
> errorCode=[INVALID_SERVICE] errorMessage=[ticket
> 'ST-7-iAwfbTJdvxggYhbfQSSkeFi2YZmbJkaFMM9-20' does not match supplied
> service.  The original service was
> 'http://localhost:8080/casSample/index.html?' and the supplied service was
> 'http://localhost:8080/casSample/index.html'.] renew=false
> entireResponse=[<cas:serviceResponse xmlns:cas='
> http://www.yale.edu/tp/cas'>
>         <cas:authenticationFailure code='INVALID_SERVICE'>
>                 ticket 'ST-7-iAwfbTJdvxggYhbfQSSkeFi2YZmbJkaFMM9-20' does
> not match
> supplied service.  The original service was
> 'http://localhost:8080/casSample/index.html?' and the supplied service was
> 'http://localhost:8080/casSample/index.html'.
>         </cas:authenticationFailure>
> </cas:serviceResponse>
>
>
> Any ideas?
> Thanks,
> Ross
>
> Andrew Petro wrote:
> > > Is there a way to check this?
> >
> >Yes.  View something served by that machine over https:// in your web
> >browser and use its SSL certificate inspection features (typically
> >available by clicking the "lock icon").
> >
> >
> >
> >
> >RossBleakney wrote:
> >>I believe it was "gammel1.devqa" (if I understand how this is set). I
> >>don't know a lot about SSL, so I asked one of our admin guys (who has a
> >>lot more experience setting up SSL) to configure that server. I
> >>specifically asked him what he answered when prompted for first name,
> last
> >>name, etc. and he said "gammel1.devqa". Is there a way to check this? I
> am
> >>at home now, so I can't access the code (or the two machines) so I'll
> >>probably bug the list again tomorrow. But if you know of something to
> try
> >>in the morning, I very much appreciate it.
> >>Thanks,
> >>Ross
> >>
> >>     ----- Original Message -----
> >>     *From:* Scott Battaglia <mailto:[EMAIL PROTECTED]>
> >>     *To:* Yale CAS mailing list <mailto:[email protected]>
> >>     *Sent:* Tuesday, September 11, 2007 7:56 PM
> >>     *Subject:* Re: java.io.IOException: HTTPS hostname wrong
> >>
> >>     Ross,
> >>
> >>     When you created your certificates via the keytool, what did you
> >>     choose as the CN?
> >>
> >>     -Scott
> >>
> >>     <snip>
> >>
> >>------------------------------------------------------------------------
> >>
> >>_______________________________________________
> >>Yale CAS mailing list
> >>[email protected]
> >>http://tp.its.yale.edu/mailman/listinfo/cas
> >>
> >
> >------------------------------------------------------------------------
> >
> >_______________________________________________
> >Yale CAS mailing list
> >[email protected]
> >http://tp.its.yale.edu/mailman/listinfo/cas
> >
>
> _________________________________________________________________
> Can you find the hidden words? Take a break and play Seekadoo!
> http://club.live.com/seekadoo.aspx?icid=seek_hotmailtextlink1
>
>
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>


-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to