Serge,
Are you building the Yale Java CAS Client from source?
The code that's resulting in a less-than-helpful error message here is
apparently this right here:
In CASReceipt.java's implementation of getReceipt(ProxyTicketValidator ptv):
[
if (!ptv.isAuthenticationSuccesful()) {
log.error("validation of [" + ptv + "] was not successful.");
throw new CASAuthenticationException(
"Unable to validate ProxyTicketValidator [" + ptv + "]");
}
]
Replacing that with something more like this:
[
if (!ptv.isAuthenticationSuccesful()) {
String errorMessage = ptv.getErrorMessage();
log.error("validation of [" + ptv + "] was not successful because
of [" + errorMessage + "]);
throw new CASAuthenticationException(
"Unable to validate ProxyTicketValidator [" + ptv + "]
because of [" errorMessage + "]");
}
]
Should immediately result in a much more helpful error experience.
Andrew
Serge Bianda wrote:
> We had a power outage in our building, so we decided to move our servers
> offsite (Kerberos server (AD)and CAS Server as well). We changed IP
> addresses and updated all DNS entries, however when we try to log into
> the site that used to be authenticated by CAS, we get the following
> error:
>
> ------------------------------------------------------------------------
> -
> HTTP Status 500 -
>
> type Exception report
>
> message
>
> description The server encountered an internal error () that prevented
> it from fulfilling this request.
>
> exception
>
> javax.servlet.ServletException: Unable to validate ProxyTicketValidator
> [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> [edu.yale.its.tp.cas.client.ServiceTicketValidator
> casValidateUrl=[https://login.domainname.com/cas/serviceValidate]
> ticket=[ST-48-sKW5zzvf0SMiXRGNnqdu]
> service=[https%3A%2F%2Fintranet.domainname.com%2Fsuite%2Fportal%2Fssodet
> ect.do] renew=false]]]
>
> edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
>
> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilte
> r.java:81)
>
> root cause
>
> edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
> validate ProxyTicketValidator
> [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> [edu.yale.its.tp.cas.client.ServiceTicketValidator
> casValidateUrl=[https://login.domainname.com/cas/serviceValidate]
> ticket=[ST-48-sKW5zzvf0SMiXRGNnqdu]
> service=[https%3A%2F%2Fintranet.domainname.com%2Fsuite%2Fportal%2Fssodet
> ect.do] renew=false]]]
>
> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
>
> edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilt
> er.java:455)
>
> edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
>
> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilte
> r.java:81)
>
> note The full stack trace of the root cause is available in the Apache
> Tomcat/5.5.9 logs.
> ------------------------------------------
> We're still on 2.0.12 with CAS and it's been working fine until the
> move, we had planned on upgrading, but now is not the time to focus on
> upgrade, we need the site up first.
>
> Thanks
>
>
> Serge
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas