Bob, This indicates that you received a successful response from CAS: CAS(2714): validate_service_ticket: response page: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas' <http://www.yale.edu/tp/cas%27> >\n\t<cas:authenticationSucces s>\n\t\t<cas:user>rrotsted</cas:user>\n\n\n\t</cas:authenticationSuccess>\n</cas:serviceResponse>\n,
The exception on the CAS side means it was unable to validate the proxy url which means it didn't send back a proxy ticket. -Scott On 10/17/07, Bob Rotsted <[EMAIL PROTECTED]> wrote: > > Scott- > This is the xml response I receive from the cas server upon validation > (from the logs of my Apache2::AuthCAS client) > > CAS(2714): validate_service_ticket: response page: <cas:serviceResponse > xmlns:cas='http://www.yale.edu/tp/cas' > >\n\t<cas:authenticationSuccess>\n\t\t<cas:user>rrotsted</cas:user>\n\n\n\t</cas:authenticationSuccess>\n</cas:serviceResponse>\n, > referer: > > https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2F > > > > [Wed Oct 17 12:33:10 2007] [alert] [client 128.223.61.74] CAS(2714): > validate_service_ticket: valid service ticket, user='rrotsted', referer: > > https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2F > [Wed Oct 17 12:33:10 2007] [alert] [client 128.223.61.74] CAS(2714): > validate_service_ticket: proxying and no pgtiou in response from CAS, > referer: > > https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2F > [Wed Oct 17 12:33:10 2007] [alert] [client 128.223.61.74] CAS(2714): > redirect: redirecting to url: 'https://slam.uoregon.edu/cas/error/' > service: 'https%3A%2F%2Fdrupal.uoregon.edu%2F', referer: > > https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2F > > > This is a snippet from my CAS server's log: > > 2007-10-17 12:23:41,954 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > <AuthenticationHandler: > > org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler > successfully authenticated the user which provided the following > credentials: rrotsted> > 2007-10-17 12:23:41,955 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service > ticket [ST-12-6eQREff7chhEcaMM6bGdLw07UWkmtfc1Mjb-20] for service > [https://drupal.uoregon.edu/] for user [rrotsted]> > 2007-10-17 12:23:42,021 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > <AuthenticationHandler: > > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler > failed to authenticate the user which provided the following > credentials: https://drupal.uoregon.edu/> > 2007-10-17 12:23:42,021 ERROR > [org.jasig.cas.web.ServiceValidateController] - <TicketException > generating ticket for: https://drupal.uoregon.edu/> > org.jasig.cas.ticket.TicketCreationException: > error.authentication.credentials.bad > > > Thanks! > -Bob > > > > Scott Battaglia wrote: > > Bob, > > > > Any chance you can capture the XML response that the CAS server returns > on > > ticket validation? > > > > -Scott > > > > On 10/9/07, Bob Rotsted <[EMAIL PROTECTED]> wrote: > >> Scott Battaglia wrote: > >>> Bob, > >>> > >>> It looks like it tried to make a proxy granting ticket for > >>> https://drupal.uoregon.edu/ but was unable to (adding logging for the > >>> HttpBasedAuthenticationHandler might narrow down the reason. > >>> > >>> -Scott > >>> > >>> On 10/4/07, Bob Rotsted <[EMAIL PROTECTED]> wrote: > >>>> Hi all, > >>>> I am using Tomcat behind Apache with Apache2::AuthCAS for my > services. > >>>> As I understand it, in order to get CAS to authenticate correctly I > >> must > >>>> first import my CAS server's SSL certificate into the java keystore. > As > >>>> of now, I have imported my public ssl key into the java keystore with > >>>> alias 'tomcat' yet I am still getting a "Invalid Service Response" > >>>> error. This is what shows up in my cas.log when I try to > authenticate: > >>>> > >>>> 2007-10-04 11:45:03,676 INFO > >>>> [org.jasig.cas.authentication.AuthenticationManagerImpl] - > >>>> AuthenticationHandler: > >>>> > >>>> > >> > org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler > >>>> successfully authenticated the user which provided the following > >>>> credentials: rrotsted > >>>> 2007-10-04 11:45:03,677 INFO > >>>> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service > >>>> ticket [ST-5-GItdoxQZzuUR0PTfhhO3wy6FZzGXuesRA61-20] for service > >>>> [https://drupal.uoregon.edu] for user [rrotsted] > >>>> 2007-10-04 11:45:03,731 INFO > >>>> [org.jasig.cas.authentication.AuthenticationManagerImpl] - > >>>> AuthenticationHandler: > >>>> > >>>> > >> > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler > >>>> failed to authenticate the user which provided the following > >>>> credentials: https://drupal.uoregon.edu/ > >>>> 2007-10-04 11:45:03,732 ERROR > >>>> [org.jasig.cas.web.ServiceValidateController] - TicketException > >>>> generating ticket for: https://drupal.uoregon.edu/ > >>>> org.jasig.cas.ticket.TicketCreationException: > >>>> error.authentication.credentials.bad > >>>> at > >>>> > >>>> > >> > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket > >>>> (CentralAuthenticationServiceImpl.java:271) > >>>> at > >>>> org.jasig.cas.web.ServiceValidateController.handleRequestInternal( > >>>> ServiceValidateController.java:124) > >>>> at > >>>> org.springframework.web.servlet.mvc.AbstractController.handleRequest( > >>>> AbstractController.java:153) > >>>> at > >>>> > >> > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle( > >>>> SimpleControllerHandlerAdapter.java:48) > >>>> at > >>>> org.springframework.web.servlet.DispatcherServlet.doDispatch( > >>>> DispatcherServlet.java:857) > >>>> at > >>>> org.springframework.web.servlet.DispatcherServlet.doService( > >>>> DispatcherServlet.java:792) > >>>> at > >>>> org.springframework.web.servlet.FrameworkServlet.processRequest( > >>>> FrameworkServlet.java:475) > >>>> at > >>>> org.springframework.web.servlet.FrameworkServlet.doGet( > >>>> FrameworkServlet.java:430) > >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java > :690) > >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java > :803) > >>>> at > >>>> org.jasig.cas.web.init.SafeDispatcherServlet.service( > >>>> SafeDispatcherServlet.java:115) > >>>> at > >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( > >>>> ApplicationFilterChain.java:269) > >>>> at > >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter( > >>>> ApplicationFilterChain.java:188) > >>>> at > >>>> org.apache.catalina.core.StandardWrapperValve.invoke( > >>>> StandardWrapperValve.java:213) > >>>> at > >>>> org.apache.catalina.core.StandardContextValve.invoke( > >>>> StandardContextValve.java:174) > >>>> at > >>>> org.apache.catalina.core.StandardHostValve.invoke( > >> StandardHostValve.java > >>>> :127) > >>>> at > >>>> org.apache.catalina.valves.ErrorReportValve.invoke( > >> ErrorReportValve.java > >>>> :117) > >>>> at > >>>> org.apache.catalina.core.StandardEngineValve.invoke( > >>>> StandardEngineValve.java:108) > >>>> at > >>>> org.apache.catalina.connector.CoyoteAdapter.service( > CoyoteAdapter.java > >>>> :151) > >>>> at > >>>> org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200) > >>>> at > >>>> org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) > >>>> at org.apache.jk.common.ChannelSocket.invoke( > ChannelSocket.java > >>>> :773) > >>>> at > >>>> org.apache.jk.common.ChannelSocket.processConnection( > ChannelSocket.java > >>>> :703) > >>>> at > >>>> org.apache.jk.common.ChannelSocket$SocketConnection.runIt( > >>>> ChannelSocket.java:895) > >>>> at > >>>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > >>>> ThreadPool.java:689) > >>>> at java.lang.Thread.run(Thread.java:619) > >>>> Caused by: error.authentication.credentials.bad > >>>> at > >>>> > >> > org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException > >>>> .<clinit>(BadCredentialsAuthenticationException.java:25) > >>>> at > >>>> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate( > >>>> AuthenticationManagerImpl.java:108) > >>>> at > >>>> > >> > org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket( > >>>> CentralAuthenticationServiceImpl.java:383) > >>>> at > >>>> org.jasig.cas.web.flow.AuthenticationViaFormAction.submit( > >>>> AuthenticationViaFormAction.java:107) > >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > >>>> at > >>>> sun.reflect.NativeMethodAccessorImpl.invoke( > >> NativeMethodAccessorImpl.java > >>>> :39) > >>>> at > >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke( > >>>> DelegatingMethodAccessorImpl.java:25) > >>>> at java.lang.reflect.Method.invoke(Method.java:597) > >>>> at > >>>> org.springframework.webflow.util.DispatchMethodInvoker.invoke( > >>>> DispatchMethodInvoker.java:103) > >>>> at > >>>> org.springframework.webflow.action.MultiAction.doExecute( > >> MultiAction.java > >>>> :136) > >>>> at > >>>> org.springframework.webflow.action.AbstractAction.execute( > >>>> AbstractAction.java:203) > >>>> at > >>>> org.springframework.webflow.engine.AnnotatedAction.execute( > >>>> AnnotatedAction.java:142) > >>>> at > >>>> org.springframework.webflow.engine.ActionExecutor.execute( > >>>> ActionExecutor.java:61) > >>>> at > >>>> org.springframework.webflow.engine.ActionState.doEnter( > ActionState.java > >>>> :180) > >>>> at org.springframework.webflow.engine.State.enter(State.java > >> :200) > >>>> at > >>>> org.springframework.webflow.engine.Transition.execute(Transition.java > >> :229) > >>>> at > >>>> org.springframework.webflow.engine.TransitionableState.onEvent( > >>>> TransitionableState.java:112) > >>>> at org.springframework.webflow.engine.Flow.onEvent(Flow.java > >> :572) > >>>> at > >>>> > >>>> > >> > org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent > >>>> (RequestControlContextImpl.java:208) > >>>> at > >>>> org.springframework.webflow.engine.ActionState.doEnter( > ActionState.java > >>>> :185) > >>>> at org.springframework.webflow.engine.State.enter(State.java > >> :200) > >>>> at > >>>> org.springframework.webflow.engine.Transition.execute(Transition.java > >> :229) > >>>> at > >>>> org.springframework.webflow.engine.TransitionableState.onEvent( > >>>> TransitionableState.java:112) > >>>> at org.springframework.webflow.engine.Flow.onEvent(Flow.java > >> :572) > >>>> at > >>>> > >>>> > >> > org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent > >>>> (RequestControlContextImpl.java:208) > >>>> at > >>>> org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent > ( > >>>> FlowExecutionImpl.java:214) > >>>> at > >>>> org.springframework.webflow.executor.FlowExecutorImpl.resume( > >>>> FlowExecutorImpl.java:245) > >>>> at > >>>> > >>>> > >> > org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest > >>>> (FlowRequestHandler.java:115) > >>>> at > >>>> > >>>> > >> > org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal > >>>> (FlowController.java:172) > >>>> at > >>>> org.springframework.web.servlet.mvc.AbstractController.handleRequest( > >>>> AbstractController.java:153) > >>>> at > >>>> > >> > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle( > >>>> SimpleControllerHandlerAdapter.java:48) > >>>> at > >>>> org.springframework.web.servlet.DispatcherServlet.doDispatch( > >>>> DispatcherServlet.java:857) > >>>> at > >>>> org.springframework.web.servlet.DispatcherServlet.doService( > >>>> DispatcherServlet.java:792) > >>>> at > >>>> org.springframework.web.servlet.FrameworkServlet.processRequest( > >>>> FrameworkServlet.java:475) > >>>> at > >>>> org.springframework.web.servlet.FrameworkServlet.doPost( > >>>> FrameworkServlet.java:440) > >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java > :710) > >>>> ... 17 more > >>>> > >>>> Any suggestions would be greatly appreciated! > >>>> > >>>> Thanks, > >>>> Bob Rotsted > >>>> _______________________________________________ > >>>> Yale CAS mailing list > >>>> [email protected] > >>>> http://tp.its.yale.edu/mailman/listinfo/cas > >>>> > >>> > >>> > >>> > >>> > ------------------------------------------------------------------------ > >>> > >>> _______________________________________________ > >>> Yale CAS mailing list > >>> [email protected] > >>> http://tp.its.yale.edu/mailman/listinfo/cas > >> > >> Scott- > >> > >> After turning up logging for the > >> HttpBasedServiceCredentialsAuthenticationHandler on my CAS server, I > was > >> unable to further diagnose the problem. I did however notice an error > >> from my AuthCAS service's log file. It appears that the service is > >> unable to validate service tickets. Any suggestions? > >> > >> [Mon Oct 08 09:57:57 2007] [alert] [client 128.223.61.74] CAS(7104): > >> setHeader: Setting header: Location = > >> https://slam.uoregon.edu/cas/error/?login_url=https://slam.uoregon.edu: > >> > >> > 443/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2Fuser&errcode=Invalid > >> Service Response, referer: > >> > https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.e > >> du%2Fuser > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: Apache Config: > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: DbDataSource => sid=cas;host=localhost;port=3306 > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: DbDriver => mysql > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: DbPass => ****** > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: DbSessionTable => cas_sessions > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: DbUser => cas > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: ErrorUrl => https://slam.uoregon.edu/cas/error/ > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: Host => slam.uoregon.edu > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: LogLevel => 4 > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: LoginUri => /cas/login > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: LogoutUri => /cas/logout > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: NumProxyTickets => 1 > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: Port => 443 > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: PretendBasicAuth => undef > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: ProxyService => false > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: ProxyUri => /cas/proxy > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: ProxyValidateUri => /cas/proxyValidate > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: RemoveTicket => 546548 > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: Service => https://drupal.uoregon.edu/user > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: ServiceValidateUri => /cas/serviceValidate > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: SessionCookieDomain => undef > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: SessionCookieName => APACHECAS > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> getApacheConfig: SessionTimeout => 1800 > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> cleanup: counter=1 > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> delete_expired_sessions: deleting sessions older than '1191835704' > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> delete_expired_sessions: error deleting expired sessions > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> authenticate: authenticated='' > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> parse_query_parameters: PARAM: 'ticket' => > >> 'ST-3-spLH0qDZlrwr2FTgO9nbY5FHJVwrB12i7IR-20' > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> authenticate: cookie found: > >> '__utma=32862522.1333826686.1189012244.1189012244.1189012244.1; > >> __utmz=32862522.1 > >> 189012244.1.1.utmccn= > >> (organic)|utmcsr=google|utmctr=microcomputer+services|utmcmd=organic; > >> PHPSESSID=625f1c99702ad93d9488a5c5a14c6b8b' > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> authenticate: no session id found > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> validate_service_ticket: Validating service ticket > >> 'ST-3-spLH0qDZlrwr2FTgO9nbY5FHJVwrB12i7IR-20' for service > >> 'https%3A%2F%2Fdrupal.uoregon.edu%2Fuser' > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> validate_service_ticket: request URL: > >> '/cas/proxyValidate?pgtUrl=https://drupal.uoregon.edu/user&service=http > >> > >> > s%3A%2F%2Fdrupal.uoregon.edu%2Fuser&ticket=ST-3-spLH0qDZlrwr2FTgO9nbY5FHJVwrB12i7IR-20' > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> validate_service_ticket: response page: > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> validate_service_ticket: invalid service response > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> redirect: redirecting to url: 'https://slam.uoregon.edu/cas/error/' > >> service: 'https%3A%2F%2Fdrupal.uoregon.ed > >> u%2Fuser' > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> setHeader: Setting header: CAS_FILTER_CAS_HOST = slam.uoregon.edu > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> setHeader: Setting header: CAS_FILTER_CAS_PORT = 443 > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> setHeader: Setting header: CAS_FILTER_CAS_LOGIN_URI = /cas/login > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> setHeader: Setting header: CAS_FILTER_SERVICE = > >> https%3A%2F%2Fdrupal.uoregon.edu%2Fuser > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> redirect: redirecting to error page > >> [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > >> setHeader: Setting header: Location = > >> https://slam.uoregon.edu/cas/error/?login_url=https://slam.uoregon.edu: > >> > >> > 443/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2Fuser&errcode=Invalid > >> Service Response > >> > >> > >> _______________________________________________ > >> Yale CAS mailing list > >> [email protected] > >> http://tp.its.yale.edu/mailman/listinfo/cas > >> > > > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
