Scott- This is the xml response I receive from the cas server upon validation (from the logs of my Apache2::AuthCAS client)
CAS(2714): validate_service_ticket: response page: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>\n\t<cas:authenticationSuccess>\n\t\t<cas:user>rrotsted</cas:user>\n\n\n\t</cas:authenticationSuccess>\n</cas:serviceResponse>\n, referer: https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2F [Wed Oct 17 12:33:10 2007] [alert] [client 128.223.61.74] CAS(2714): validate_service_ticket: valid service ticket, user='rrotsted', referer: https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2F [Wed Oct 17 12:33:10 2007] [alert] [client 128.223.61.74] CAS(2714): validate_service_ticket: proxying and no pgtiou in response from CAS, referer: https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2F [Wed Oct 17 12:33:10 2007] [alert] [client 128.223.61.74] CAS(2714): redirect: redirecting to url: 'https://slam.uoregon.edu/cas/error/' service: 'https%3A%2F%2Fdrupal.uoregon.edu%2F', referer: https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2F This is a snippet from my CAS server's log: 2007-10-17 12:23:41,954 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler successfully authenticated the user which provided the following credentials: rrotsted> 2007-10-17 12:23:41,955 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-12-6eQREff7chhEcaMM6bGdLw07UWkmtfc1Mjb-20] for service [https://drupal.uoregon.edu/] for user [rrotsted]> 2007-10-17 12:23:42,021 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler failed to authenticate the user which provided the following credentials: https://drupal.uoregon.edu/> 2007-10-17 12:23:42,021 ERROR [org.jasig.cas.web.ServiceValidateController] - <TicketException generating ticket for: https://drupal.uoregon.edu/> org.jasig.cas.ticket.TicketCreationException: error.authentication.credentials.bad Thanks! -Bob Scott Battaglia wrote: > Bob, > > Any chance you can capture the XML response that the CAS server returns on > ticket validation? > > -Scott > > On 10/9/07, Bob Rotsted <[EMAIL PROTECTED]> wrote: >> Scott Battaglia wrote: >>> Bob, >>> >>> It looks like it tried to make a proxy granting ticket for >>> https://drupal.uoregon.edu/ but was unable to (adding logging for the >>> HttpBasedAuthenticationHandler might narrow down the reason. >>> >>> -Scott >>> >>> On 10/4/07, Bob Rotsted <[EMAIL PROTECTED]> wrote: >>>> Hi all, >>>> I am using Tomcat behind Apache with Apache2::AuthCAS for my services. >>>> As I understand it, in order to get CAS to authenticate correctly I >> must >>>> first import my CAS server's SSL certificate into the java keystore. As >>>> of now, I have imported my public ssl key into the java keystore with >>>> alias 'tomcat' yet I am still getting a "Invalid Service Response" >>>> error. This is what shows up in my cas.log when I try to authenticate: >>>> >>>> 2007-10-04 11:45:03,676 INFO >>>> [org.jasig.cas.authentication.AuthenticationManagerImpl] - >>>> AuthenticationHandler: >>>> >>>> >> org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler >>>> successfully authenticated the user which provided the following >>>> credentials: rrotsted >>>> 2007-10-04 11:45:03,677 INFO >>>> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service >>>> ticket [ST-5-GItdoxQZzuUR0PTfhhO3wy6FZzGXuesRA61-20] for service >>>> [https://drupal.uoregon.edu] for user [rrotsted] >>>> 2007-10-04 11:45:03,731 INFO >>>> [org.jasig.cas.authentication.AuthenticationManagerImpl] - >>>> AuthenticationHandler: >>>> >>>> >> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler >>>> failed to authenticate the user which provided the following >>>> credentials: https://drupal.uoregon.edu/ >>>> 2007-10-04 11:45:03,732 ERROR >>>> [org.jasig.cas.web.ServiceValidateController] - TicketException >>>> generating ticket for: https://drupal.uoregon.edu/ >>>> org.jasig.cas.ticket.TicketCreationException: >>>> error.authentication.credentials.bad >>>> at >>>> >>>> >> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket >>>> (CentralAuthenticationServiceImpl.java:271) >>>> at >>>> org.jasig.cas.web.ServiceValidateController.handleRequestInternal( >>>> ServiceValidateController.java:124) >>>> at >>>> org.springframework.web.servlet.mvc.AbstractController.handleRequest( >>>> AbstractController.java:153) >>>> at >>>> >> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle( >>>> SimpleControllerHandlerAdapter.java:48) >>>> at >>>> org.springframework.web.servlet.DispatcherServlet.doDispatch( >>>> DispatcherServlet.java:857) >>>> at >>>> org.springframework.web.servlet.DispatcherServlet.doService( >>>> DispatcherServlet.java:792) >>>> at >>>> org.springframework.web.servlet.FrameworkServlet.processRequest( >>>> FrameworkServlet.java:475) >>>> at >>>> org.springframework.web.servlet.FrameworkServlet.doGet( >>>> FrameworkServlet.java:430) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>>> at >>>> org.jasig.cas.web.init.SafeDispatcherServlet.service( >>>> SafeDispatcherServlet.java:115) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( >>>> ApplicationFilterChain.java:269) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter( >>>> ApplicationFilterChain.java:188) >>>> at >>>> org.apache.catalina.core.StandardWrapperValve.invoke( >>>> StandardWrapperValve.java:213) >>>> at >>>> org.apache.catalina.core.StandardContextValve.invoke( >>>> StandardContextValve.java:174) >>>> at >>>> org.apache.catalina.core.StandardHostValve.invoke( >> StandardHostValve.java >>>> :127) >>>> at >>>> org.apache.catalina.valves.ErrorReportValve.invoke( >> ErrorReportValve.java >>>> :117) >>>> at >>>> org.apache.catalina.core.StandardEngineValve.invoke( >>>> StandardEngineValve.java:108) >>>> at >>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java >>>> :151) >>>> at >>>> org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200) >>>> at >>>> org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) >>>> at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java >>>> :773) >>>> at >>>> org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java >>>> :703) >>>> at >>>> org.apache.jk.common.ChannelSocket$SocketConnection.runIt( >>>> ChannelSocket.java:895) >>>> at >>>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( >>>> ThreadPool.java:689) >>>> at java.lang.Thread.run(Thread.java:619) >>>> Caused by: error.authentication.credentials.bad >>>> at >>>> >> org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException >>>> .<clinit>(BadCredentialsAuthenticationException.java:25) >>>> at >>>> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate( >>>> AuthenticationManagerImpl.java:108) >>>> at >>>> >> org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket( >>>> CentralAuthenticationServiceImpl.java:383) >>>> at >>>> org.jasig.cas.web.flow.AuthenticationViaFormAction.submit( >>>> AuthenticationViaFormAction.java:107) >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> at >>>> sun.reflect.NativeMethodAccessorImpl.invoke( >> NativeMethodAccessorImpl.java >>>> :39) >>>> at >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke( >>>> DelegatingMethodAccessorImpl.java:25) >>>> at java.lang.reflect.Method.invoke(Method.java:597) >>>> at >>>> org.springframework.webflow.util.DispatchMethodInvoker.invoke( >>>> DispatchMethodInvoker.java:103) >>>> at >>>> org.springframework.webflow.action.MultiAction.doExecute( >> MultiAction.java >>>> :136) >>>> at >>>> org.springframework.webflow.action.AbstractAction.execute( >>>> AbstractAction.java:203) >>>> at >>>> org.springframework.webflow.engine.AnnotatedAction.execute( >>>> AnnotatedAction.java:142) >>>> at >>>> org.springframework.webflow.engine.ActionExecutor.execute( >>>> ActionExecutor.java:61) >>>> at >>>> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java >>>> :180) >>>> at org.springframework.webflow.engine.State.enter(State.java >> :200) >>>> at >>>> org.springframework.webflow.engine.Transition.execute(Transition.java >> :229) >>>> at >>>> org.springframework.webflow.engine.TransitionableState.onEvent( >>>> TransitionableState.java:112) >>>> at org.springframework.webflow.engine.Flow.onEvent(Flow.java >> :572) >>>> at >>>> >>>> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent >>>> (RequestControlContextImpl.java:208) >>>> at >>>> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java >>>> :185) >>>> at org.springframework.webflow.engine.State.enter(State.java >> :200) >>>> at >>>> org.springframework.webflow.engine.Transition.execute(Transition.java >> :229) >>>> at >>>> org.springframework.webflow.engine.TransitionableState.onEvent( >>>> TransitionableState.java:112) >>>> at org.springframework.webflow.engine.Flow.onEvent(Flow.java >> :572) >>>> at >>>> >>>> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent >>>> (RequestControlContextImpl.java:208) >>>> at >>>> org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent( >>>> FlowExecutionImpl.java:214) >>>> at >>>> org.springframework.webflow.executor.FlowExecutorImpl.resume( >>>> FlowExecutorImpl.java:245) >>>> at >>>> >>>> >> org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest >>>> (FlowRequestHandler.java:115) >>>> at >>>> >>>> >> org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal >>>> (FlowController.java:172) >>>> at >>>> org.springframework.web.servlet.mvc.AbstractController.handleRequest( >>>> AbstractController.java:153) >>>> at >>>> >> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle( >>>> SimpleControllerHandlerAdapter.java:48) >>>> at >>>> org.springframework.web.servlet.DispatcherServlet.doDispatch( >>>> DispatcherServlet.java:857) >>>> at >>>> org.springframework.web.servlet.DispatcherServlet.doService( >>>> DispatcherServlet.java:792) >>>> at >>>> org.springframework.web.servlet.FrameworkServlet.processRequest( >>>> FrameworkServlet.java:475) >>>> at >>>> org.springframework.web.servlet.FrameworkServlet.doPost( >>>> FrameworkServlet.java:440) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) >>>> ... 17 more >>>> >>>> Any suggestions would be greatly appreciated! >>>> >>>> Thanks, >>>> Bob Rotsted >>>> _______________________________________________ >>>> Yale CAS mailing list >>>> [email protected] >>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>> >>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Yale CAS mailing list >>> [email protected] >>> http://tp.its.yale.edu/mailman/listinfo/cas >> >> Scott- >> >> After turning up logging for the >> HttpBasedServiceCredentialsAuthenticationHandler on my CAS server, I was >> unable to further diagnose the problem. I did however notice an error >> from my AuthCAS service's log file. It appears that the service is >> unable to validate service tickets. Any suggestions? >> >> [Mon Oct 08 09:57:57 2007] [alert] [client 128.223.61.74] CAS(7104): >> setHeader: Setting header: Location = >> https://slam.uoregon.edu/cas/error/?login_url=https://slam.uoregon.edu: >> >> 443/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2Fuser&errcode=Invalid >> Service Response, referer: >> https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.e >> du%2Fuser >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: Apache Config: >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: DbDataSource => sid=cas;host=localhost;port=3306 >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: DbDriver => mysql >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: DbPass => ****** >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: DbSessionTable => cas_sessions >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: DbUser => cas >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: ErrorUrl => https://slam.uoregon.edu/cas/error/ >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: Host => slam.uoregon.edu >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: LogLevel => 4 >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: LoginUri => /cas/login >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: LogoutUri => /cas/logout >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: NumProxyTickets => 1 >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: Port => 443 >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: PretendBasicAuth => undef >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: ProxyService => false >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: ProxyUri => /cas/proxy >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: ProxyValidateUri => /cas/proxyValidate >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: RemoveTicket => 546548 >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: Service => https://drupal.uoregon.edu/user >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: ServiceValidateUri => /cas/serviceValidate >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: SessionCookieDomain => undef >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: SessionCookieName => APACHECAS >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> getApacheConfig: SessionTimeout => 1800 >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> cleanup: counter=1 >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> delete_expired_sessions: deleting sessions older than '1191835704' >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> delete_expired_sessions: error deleting expired sessions >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> authenticate: authenticated='' >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> parse_query_parameters: PARAM: 'ticket' => >> 'ST-3-spLH0qDZlrwr2FTgO9nbY5FHJVwrB12i7IR-20' >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> authenticate: cookie found: >> '__utma=32862522.1333826686.1189012244.1189012244.1189012244.1; >> __utmz=32862522.1 >> 189012244.1.1.utmccn= >> (organic)|utmcsr=google|utmctr=microcomputer+services|utmcmd=organic; >> PHPSESSID=625f1c99702ad93d9488a5c5a14c6b8b' >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> authenticate: no session id found >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> validate_service_ticket: Validating service ticket >> 'ST-3-spLH0qDZlrwr2FTgO9nbY5FHJVwrB12i7IR-20' for service >> 'https%3A%2F%2Fdrupal.uoregon.edu%2Fuser' >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> validate_service_ticket: request URL: >> '/cas/proxyValidate?pgtUrl=https://drupal.uoregon.edu/user&service=http >> >> s%3A%2F%2Fdrupal.uoregon.edu%2Fuser&ticket=ST-3-spLH0qDZlrwr2FTgO9nbY5FHJVwrB12i7IR-20' >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> validate_service_ticket: response page: >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> validate_service_ticket: invalid service response >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> redirect: redirecting to url: 'https://slam.uoregon.edu/cas/error/' >> service: 'https%3A%2F%2Fdrupal.uoregon.ed >> u%2Fuser' >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> setHeader: Setting header: CAS_FILTER_CAS_HOST = slam.uoregon.edu >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> setHeader: Setting header: CAS_FILTER_CAS_PORT = 443 >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> setHeader: Setting header: CAS_FILTER_CAS_LOGIN_URI = /cas/login >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> setHeader: Setting header: CAS_FILTER_SERVICE = >> https%3A%2F%2Fdrupal.uoregon.edu%2Fuser >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> redirect: redirecting to error page >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): >> setHeader: Setting header: Location = >> https://slam.uoregon.edu/cas/error/?login_url=https://slam.uoregon.edu: >> >> 443/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2Fuser&errcode=Invalid >> Service Response >> >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
