Scott-
This is the xml response I receive from the cas server upon validation
(from the logs of my Apache2::AuthCAS client)

CAS(2714): validate_service_ticket: response page: <cas:serviceResponse
xmlns:cas='http://www.yale.edu/tp/cas'>\n\t<cas:authenticationSuccess>\n\t\t<cas:user>rrotsted</cas:user>\n\n\n\t</cas:authenticationSuccess>\n</cas:serviceResponse>\n,
referer:
https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2F



[Wed Oct 17 12:33:10 2007] [alert] [client 128.223.61.74] CAS(2714):
validate_service_ticket: valid service ticket, user='rrotsted', referer:
https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2F
[Wed Oct 17 12:33:10 2007] [alert] [client 128.223.61.74] CAS(2714):
validate_service_ticket: proxying and no pgtiou in response from CAS,
referer:
https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2F
[Wed Oct 17 12:33:10 2007] [alert] [client 128.223.61.74] CAS(2714):
redirect: redirecting to url: 'https://slam.uoregon.edu/cas/error/'
service: 'https%3A%2F%2Fdrupal.uoregon.edu%2F', referer:
https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2F


This is a snippet from my CAS server's log:

2007-10-17 12:23:41,954 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler
successfully authenticated the user which provided the following
credentials: rrotsted>
2007-10-17 12:23:41,955 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-12-6eQREff7chhEcaMM6bGdLw07UWkmtfc1Mjb-20] for service
[https://drupal.uoregon.edu/] for user [rrotsted]>
2007-10-17 12:23:42,021 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
failed to authenticate the user which provided the following
credentials: https://drupal.uoregon.edu/>
2007-10-17 12:23:42,021 ERROR
[org.jasig.cas.web.ServiceValidateController] - <TicketException
generating ticket for: https://drupal.uoregon.edu/>
org.jasig.cas.ticket.TicketCreationException:
error.authentication.credentials.bad


Thanks!
-Bob



Scott Battaglia wrote:
> Bob,
> 
> Any chance you can capture the XML response that the CAS server returns on
> ticket validation?
> 
> -Scott
> 
> On 10/9/07, Bob Rotsted <[EMAIL PROTECTED]> wrote:
>> Scott Battaglia wrote:
>>> Bob,
>>>
>>> It looks like it tried to make a proxy granting ticket for
>>> https://drupal.uoregon.edu/ but was unable to (adding logging for the
>>> HttpBasedAuthenticationHandler might narrow down the reason.
>>>
>>> -Scott
>>>
>>> On 10/4/07, Bob Rotsted <[EMAIL PROTECTED]> wrote:
>>>> Hi all,
>>>> I am using Tomcat behind Apache with Apache2::AuthCAS for my services.
>>>> As I understand it, in order to get CAS to authenticate correctly I
>> must
>>>> first import my CAS server's SSL certificate into the java keystore. As
>>>> of now, I have imported my public ssl key into the java keystore with
>>>> alias 'tomcat' yet I am still getting a "Invalid Service Response"
>>>> error. This is what shows up in my cas.log when I try to authenticate:
>>>>
>>>> 2007-10-04 11:45:03,676 INFO
>>>> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
>>>> AuthenticationHandler:
>>>>
>>>>
>> org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler
>>>> successfully authenticated the user which provided the following
>>>> credentials: rrotsted
>>>> 2007-10-04 11:45:03,677 INFO
>>>> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service
>>>> ticket [ST-5-GItdoxQZzuUR0PTfhhO3wy6FZzGXuesRA61-20] for service
>>>> [https://drupal.uoregon.edu] for user [rrotsted]
>>>> 2007-10-04 11:45:03,731 INFO
>>>> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
>>>> AuthenticationHandler:
>>>>
>>>>
>> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
>>>> failed to authenticate the user which provided the following
>>>> credentials: https://drupal.uoregon.edu/
>>>> 2007-10-04 11:45:03,732 ERROR
>>>> [org.jasig.cas.web.ServiceValidateController] - TicketException
>>>> generating ticket for: https://drupal.uoregon.edu/
>>>> org.jasig.cas.ticket.TicketCreationException:
>>>> error.authentication.credentials.bad
>>>>         at
>>>>
>>>>
>> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
>>>> (CentralAuthenticationServiceImpl.java:271)
>>>>         at
>>>> org.jasig.cas.web.ServiceValidateController.handleRequestInternal(
>>>> ServiceValidateController.java:124)
>>>>         at
>>>> org.springframework.web.servlet.mvc.AbstractController.handleRequest(
>>>> AbstractController.java:153)
>>>>         at
>>>>
>> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(
>>>> SimpleControllerHandlerAdapter.java:48)
>>>>         at
>>>> org.springframework.web.servlet.DispatcherServlet.doDispatch(
>>>> DispatcherServlet.java:857)
>>>>         at
>>>> org.springframework.web.servlet.DispatcherServlet.doService(
>>>> DispatcherServlet.java:792)
>>>>         at
>>>> org.springframework.web.servlet.FrameworkServlet.processRequest(
>>>> FrameworkServlet.java:475)
>>>>         at
>>>> org.springframework.web.servlet.FrameworkServlet.doGet(
>>>> FrameworkServlet.java:430)
>>>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>>>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>>>         at
>>>> org.jasig.cas.web.init.SafeDispatcherServlet.service(
>>>> SafeDispatcherServlet.java:115)
>>>>         at
>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
>>>> ApplicationFilterChain.java:269)
>>>>         at
>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(
>>>> ApplicationFilterChain.java:188)
>>>>         at
>>>> org.apache.catalina.core.StandardWrapperValve.invoke(
>>>> StandardWrapperValve.java:213)
>>>>         at
>>>> org.apache.catalina.core.StandardContextValve.invoke(
>>>> StandardContextValve.java:174)
>>>>         at
>>>> org.apache.catalina.core.StandardHostValve.invoke(
>> StandardHostValve.java
>>>> :127)
>>>>         at
>>>> org.apache.catalina.valves.ErrorReportValve.invoke(
>> ErrorReportValve.java
>>>> :117)
>>>>         at
>>>> org.apache.catalina.core.StandardEngineValve.invoke(
>>>> StandardEngineValve.java:108)
>>>>         at
>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
>>>> :151)
>>>>         at
>>>> org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
>>>>         at
>>>> org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
>>>>         at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java
>>>> :773)
>>>>         at
>>>> org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java
>>>> :703)
>>>>         at
>>>> org.apache.jk.common.ChannelSocket$SocketConnection.runIt(
>>>> ChannelSocket.java:895)
>>>>         at
>>>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
>>>> ThreadPool.java:689)
>>>>         at java.lang.Thread.run(Thread.java:619)
>>>> Caused by: error.authentication.credentials.bad
>>>>         at
>>>>
>> org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException
>>>> .<clinit>(BadCredentialsAuthenticationException.java:25)
>>>>         at
>>>> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(
>>>> AuthenticationManagerImpl.java:108)
>>>>         at
>>>>
>> org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(
>>>> CentralAuthenticationServiceImpl.java:383)
>>>>         at
>>>> org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(
>>>> AuthenticationViaFormAction.java:107)
>>>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>         at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(
>> NativeMethodAccessorImpl.java
>>>> :39)
>>>>         at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(
>>>> DelegatingMethodAccessorImpl.java:25)
>>>>         at java.lang.reflect.Method.invoke(Method.java:597)
>>>>         at
>>>> org.springframework.webflow.util.DispatchMethodInvoker.invoke(
>>>> DispatchMethodInvoker.java:103)
>>>>         at
>>>> org.springframework.webflow.action.MultiAction.doExecute(
>> MultiAction.java
>>>> :136)
>>>>         at
>>>> org.springframework.webflow.action.AbstractAction.execute(
>>>> AbstractAction.java:203)
>>>>         at
>>>> org.springframework.webflow.engine.AnnotatedAction.execute(
>>>> AnnotatedAction.java:142)
>>>>         at
>>>> org.springframework.webflow.engine.ActionExecutor.execute(
>>>> ActionExecutor.java:61)
>>>>         at
>>>> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java
>>>> :180)
>>>>         at org.springframework.webflow.engine.State.enter(State.java
>> :200)
>>>>         at
>>>> org.springframework.webflow.engine.Transition.execute(Transition.java
>> :229)
>>>>         at
>>>> org.springframework.webflow.engine.TransitionableState.onEvent(
>>>> TransitionableState.java:112)
>>>>         at org.springframework.webflow.engine.Flow.onEvent(Flow.java
>> :572)
>>>>         at
>>>>
>>>>
>> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent
>>>> (RequestControlContextImpl.java:208)
>>>>         at
>>>> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java
>>>> :185)
>>>>         at org.springframework.webflow.engine.State.enter(State.java
>> :200)
>>>>         at
>>>> org.springframework.webflow.engine.Transition.execute(Transition.java
>> :229)
>>>>         at
>>>> org.springframework.webflow.engine.TransitionableState.onEvent(
>>>> TransitionableState.java:112)
>>>>         at org.springframework.webflow.engine.Flow.onEvent(Flow.java
>> :572)
>>>>         at
>>>>
>>>>
>> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent
>>>> (RequestControlContextImpl.java:208)
>>>>         at
>>>> org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(
>>>> FlowExecutionImpl.java:214)
>>>>         at
>>>> org.springframework.webflow.executor.FlowExecutorImpl.resume(
>>>> FlowExecutorImpl.java:245)
>>>>         at
>>>>
>>>>
>> org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest
>>>> (FlowRequestHandler.java:115)
>>>>         at
>>>>
>>>>
>> org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal
>>>> (FlowController.java:172)
>>>>         at
>>>> org.springframework.web.servlet.mvc.AbstractController.handleRequest(
>>>> AbstractController.java:153)
>>>>         at
>>>>
>> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(
>>>> SimpleControllerHandlerAdapter.java:48)
>>>>         at
>>>> org.springframework.web.servlet.DispatcherServlet.doDispatch(
>>>> DispatcherServlet.java:857)
>>>>         at
>>>> org.springframework.web.servlet.DispatcherServlet.doService(
>>>> DispatcherServlet.java:792)
>>>>         at
>>>> org.springframework.web.servlet.FrameworkServlet.processRequest(
>>>> FrameworkServlet.java:475)
>>>>         at
>>>> org.springframework.web.servlet.FrameworkServlet.doPost(
>>>> FrameworkServlet.java:440)
>>>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
>>>>         ... 17 more
>>>>
>>>> Any suggestions would be greatly appreciated!
>>>>
>>>> Thanks,
>>>> Bob Rotsted
>>>> _______________________________________________
>>>> Yale CAS mailing list
>>>> [email protected]
>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Yale CAS mailing list
>>> [email protected]
>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>> Scott-
>>
>> After turning up logging for the
>> HttpBasedServiceCredentialsAuthenticationHandler on my CAS server, I was
>> unable to further diagnose the problem. I did however notice an error
>> from my AuthCAS service's log file. It appears that the service is
>> unable to validate service tickets. Any suggestions?
>>
>> [Mon Oct 08 09:57:57 2007] [alert] [client 128.223.61.74] CAS(7104):
>> setHeader: Setting header: Location =
>> https://slam.uoregon.edu/cas/error/?login_url=https://slam.uoregon.edu:
>>
>> 443/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2Fuser&errcode=Invalid
>> Service Response, referer:
>> https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.e
>> du%2Fuser
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig: Apache Config:
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     DbDataSource => sid=cas;host=localhost;port=3306
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     DbDriver => mysql
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     DbPass => ******
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     DbSessionTable => cas_sessions
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     DbUser => cas
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     ErrorUrl => https://slam.uoregon.edu/cas/error/
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     Host => slam.uoregon.edu
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     LogLevel => 4
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     LoginUri => /cas/login
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     LogoutUri => /cas/logout
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     NumProxyTickets => 1
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     Port => 443
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     PretendBasicAuth => undef
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     ProxyService => false
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     ProxyUri => /cas/proxy
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     ProxyValidateUri => /cas/proxyValidate
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     RemoveTicket => 546548
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     Service => https://drupal.uoregon.edu/user
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     ServiceValidateUri => /cas/serviceValidate
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     SessionCookieDomain => undef
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     SessionCookieName => APACHECAS
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> getApacheConfig:     SessionTimeout => 1800
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> cleanup: counter=1
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> delete_expired_sessions: deleting sessions older than '1191835704'
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> delete_expired_sessions: error deleting expired sessions
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> authenticate: authenticated=''
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> parse_query_parameters: PARAM: 'ticket' =>
>> 'ST-3-spLH0qDZlrwr2FTgO9nbY5FHJVwrB12i7IR-20'
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> authenticate: cookie found:
>> '__utma=32862522.1333826686.1189012244.1189012244.1189012244.1;
>> __utmz=32862522.1
>> 189012244.1.1.utmccn=
>> (organic)|utmcsr=google|utmctr=microcomputer+services|utmcmd=organic;
>> PHPSESSID=625f1c99702ad93d9488a5c5a14c6b8b'
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> authenticate: no session id found
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> validate_service_ticket: Validating service ticket
>> 'ST-3-spLH0qDZlrwr2FTgO9nbY5FHJVwrB12i7IR-20' for service
>> 'https%3A%2F%2Fdrupal.uoregon.edu%2Fuser'
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> validate_service_ticket: request URL:
>> '/cas/proxyValidate?pgtUrl=https://drupal.uoregon.edu/user&service=http
>>
>> s%3A%2F%2Fdrupal.uoregon.edu%2Fuser&ticket=ST-3-spLH0qDZlrwr2FTgO9nbY5FHJVwrB12i7IR-20'
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> validate_service_ticket: response page:
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> validate_service_ticket: invalid service response
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> redirect: redirecting to url: 'https://slam.uoregon.edu/cas/error/'
>> service: 'https%3A%2F%2Fdrupal.uoregon.ed
>> u%2Fuser'
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> setHeader: Setting header: CAS_FILTER_CAS_HOST = slam.uoregon.edu
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> setHeader: Setting header: CAS_FILTER_CAS_PORT = 443
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> setHeader: Setting header: CAS_FILTER_CAS_LOGIN_URI = /cas/login
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> setHeader: Setting header: CAS_FILTER_SERVICE =
>> https%3A%2F%2Fdrupal.uoregon.edu%2Fuser
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> redirect: redirecting to error page
>> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106):
>> setHeader: Setting header: Location =
>> https://slam.uoregon.edu/cas/error/?login_url=https://slam.uoregon.edu:
>>
>> 443/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2Fuser&errcode=Invalid
>> Service Response
>>
>>
>> _______________________________________________
>> Yale CAS mailing list
>> [email protected]
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to