The fact that the authentication request succeeds and the ticket validation fails are independent of each other as the requests come from two different machines (whichever one the browser is on and the client one).
You need to determine at what point the validation request stops. Does it make it to the CAS server machine? Does it make it beyond the OS into Tomcat? Does it make it from Tomcat to CAS? -Scott On Nov 14, 2007 9:10 AM, Clifford Bryant <[EMAIL PROTECTED]> wrote: > This is the type of thing that we are seeing. It is timing out on the > client side. > > > > It looks like it is authenticating the user. It generates the service > ticket. It looks like it is timing out on the client side, when it is > trying to validate the service ticket. > > > > 2007-11-13 19:07:06,149 INFO [ > org.jasig.cas.authentication.AuthenticationManagerImpl] - > <AuthenticationHandler: > com.rs.cas.authentication.RSCasAuthenticationHandler successfully > authenticated the user which provided the following credentials: Admin100> > > 2007-11-13 19:07:06,151 INFO [ > org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket > [ST-3-VTH0nHZ7gAlwJuM7LYYov45gBdeYqiv2j3C-rs-dev1] for service [ > https://rsdevtime.resourcesolutions.com:8443/terms/CasLogin.jsp] for user > [Admin100]> > > 1277798 [http-8443-Processor25] ERROR [/terms].[jsp] - Servlet.service() > for servlet jsp threw exception > > java.net.ConnectException: Connection timed out > > at java.net.PlainSocketImpl.socketConnect(Native Method) > > at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333) > > at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java > :195) > > at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182) > > at java.net.Socket.connect(Socket.java:507) > > at java.net.Socket.connect(Socket.java:457) > > at sun.net.NetworkClient.doConnect(NetworkClient.java:157) > > at sun.net.www.http.HttpClient.openServer(HttpClient.java:365) > > at sun.net.www.http.HttpClient.openServer(HttpClient.java:477) > > at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java > :280) > > at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:337) > > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient > (AbstractDelegateHttpsURLConnection.java:176) > > at sun.net.www.protocol.http.HttpURLConnection.plainConnect( > HttpURLConnection.java:744) > > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect( > AbstractDelegateHttpsURLConnection.java:162) > > at sun.net.www.protocol.http.HttpURLConnection.getInputStream( > HttpURLConnection.java:913) > > at > com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream > (HttpsURLConnectionOldImpl.java:204) > > at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70) > > at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate( > ServiceTicketValidator.java:212) > > at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser > (CASFilter.java:219) > > at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter( > CASFilter.java:184) > > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter > (ApplicationFilterChain.java:215) > > at org.apache.catalina.core.ApplicationFilterChain.doFilter( > ApplicationFilterChain.java:188) > > at org.apache.catalina.core.StandardWrapperValve.invoke( > StandardWrapperValve.java:210) > > at org.apache.catalina.core.StandardContextValve.invoke( > StandardContextValve.java:174) > > at org.apache.catalina.core.StandardHostValve.invoke( > StandardHostValve.java:127) > > at org.apache.catalina.valves.ErrorReportValve.invoke( > ErrorReportValve.java:117) > > at org.apache.catalina.core.StandardEngineValve.invoke( > StandardEngineValve.java:108) > > at org.apache.catalina.connector.CoyoteAdapter.service( > CoyoteAdapter.java:151) > > at org.apache.coyote.http11.Http11Processor.process( > Http11Processor.java:870) > > at > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection > (Http11BaseProtocol.java:665) > > at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket( > PoolTcpEndpoint.java:528) > > at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt( > LeaderFollowerWorkerThread.java:81) > > at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > ThreadPool.java:685) > > at java.lang.Thread.run(Thread.java:595) > > > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On > Behalf Of *Scott Battaglia > *Sent:* Tuesday, November 13, 2007 11:41 PM > > *To:* Yale CAS mailing list > *Subject:* Re: CAS/Java/Tomcat Versioning Issues > > > > Where is it hanging? On the client side? On the server side? At the tomcat > level? Or at the CAS level? > > Can you see the call leave the client and make it to the server? Are > there any known issues with Tomcat on a 64-bit server? Any known issues > with the JVM on the 64 bit server? > > If you know that the client is successfully making the connection and > sending the request, try turning on DEBUG in Tomcat and see how far it gets. > > -Scott > > On Nov 13, 2007 2:33 PM, Clifford Bryant < [EMAIL PROTECTED]> wrote: > > Are there any know issue with running CAS 3.0.7 on a 64 bit Java machine? > The application was running last night using Java 1.5 and Tomcat 5.5 on a > 32 bit server. I tarred up the Apache Tomcat directory. We installed it on > the client's 64 bit server. It looks like the user is authenticated, and > the ticket is granted. But, the application hangs (connection times out) > when the app attempts to validate the ticket. > > > > The firewalls have been removed. > > > > Any help would be greatly appreciated. > > > > Thanks, > > Cliff Bryant > > > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On > Behalf Of *Scott Battaglia > *Sent:* Tuesday, November 13, 2007 9:33 AM > *To:* Yale CAS mailing list > *Subject:* Re: CAS/Java/Tomcat Versioning Issues > > > > Cliff, > > CAS 3.0.7 should work equally well on both Java 1.4 and Java 1.5. If it > was a Java versioning issue there would be some exceptions related to that. > > Is there any form of firewall, port blocking, etc. between one of the > client applications and the CAS server? > > -Scott > > On Nov 12, 2007 12:20 PM, Clifford Bryant <[EMAIL PROTECTED]> wrote: > > Hello, > > > > We have been using CAS 3.0.7. We thought that the target environment was > Java 1.4.2 and Tomcat 5.5 (with the Java 1.4.compatibility JAR). It turns > out that the client is running Java 1.5 and Tomcat 5.5 in their > development environment. When they deploy the CAS WAR file, that was > compiled with Java 1.4, CAS times out. > > > > Specifically, CAS does the authentication, and generates a ticket. But, > the ticket validation times out. > > > > Has anyone seen this type of timeout behavior with CAS? > > > > It may be worthwhile for us to just go ahead, and upgrade to CAS 3.1? > > > > Cliff Bryant > > > > > > This e-mail and any files transmitted with it are confidential and are > intended solely for the use of the individual or entity to whom they are > addressed. This communication may contain information that is protected from > disclosure by applicable law. If you are not the intended recipient, or the > employee or agent responsible for delivering this communication to the > intended recipient, be advised that you have received this e-mail in error > and any use, dissemination, forwarding, printing or copying of this e-mail is > strictly prohibited. If you believe that you have received this e-mail in > error, please immediately notify Edgewater Technology by telephone at (781) > 246-3343 and delete the communication from all e-mail files. > > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > -- > -Scott Battaglia > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > This e-mail and any files transmitted with it are confidential and are > intended solely for the use of the individual or entity to whom they are > addressed. This communication may contain information that is protected from > disclosure by applicable law. If you are not the intended recipient, or the > employee or agent responsible for delivering this communication to the > intended recipient, be advised that you have received this e-mail in error > and any use, dissemination, forwarding, printing or copying of this e-mail is > strictly prohibited. If you believe that you have received this e-mail in > error, please immediately notify Edgewater Technology by telephone at (781) > 246-3343 and delete the communication from all e-mail files. > > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > -- > -Scott Battaglia > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > This e-mail and any files transmitted with it are confidential and are > intended solely for the use of the individual or entity to whom they are > addressed. This communication may contain information that is protected from > disclosure by applicable law. If you are not the intended recipient, or the > employee or agent responsible for delivering this communication to the > intended recipient, be advised that you have received this e-mail in error > and any use, dissemination, forwarding, printing or copying of this e-mail is > strictly prohibited. If you believe that you have received this e-mail in > error, please immediately notify Edgewater Technology by telephone at (781) > 246-3343 and delete the communication from all e-mail files. > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
