Hi Adam and Scott, I still haven't figured out what it's wrong. The test.jsp still returns null value from request.remoteuser after CAS login. I copy and paste the relevant log for you to take a look. Can you tell me what it's wrong?
from cas.log 2008-05-20 17:17:54,787 INFO [org.jasig.cas.web.flow.AuthenticationViaFormAction] - FormObjectClass not set. Using default class of org.jasig.cas.authentication.principal.UsernamePasswordCredentials with formObjectName credentials and validator org.jasig.cas.validation.UsernamePasswordCredentialsValidator. 2008-05-20 17:18:13,146 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - Starting cleaning of expired tickets from ticket registry at [Tue May 20 17:18:13 CDT 2008] 2008-05-20 17:18:13,146 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - 0 found to be removed. Removing now. 2008-05-20 17:18:13,146 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - Finished cleaning of expired tickets from ticket registry at [Tue May 20 17:18:13 CDT 2008] 2008-05-20 17:49:25,252 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting path for cookies to: /cas 2008-05-20 17:49:36,674 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully authenticated the user which provided the following credentials: edwardc 2008-05-20 17:49:36,690 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-1-QSdxlfMwcFEhtscFqGPt-cas] for service [http://casserver:8080/Recruiting/test.jsp] for user [edwardc] from localhost.2008-05-20.log May 20, 2008 5:17:45 PM org.apache.catalina.core.StandardContext filterStart SEVERE: Exception starting filter CAS Validation Filter java.lang.ClassNotFoundException: org.jasig.cas.client.validation.Cas10TicketValidationFilter at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1362) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1208) at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:207) at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302) at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78) at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022) at org.apache.catalina.core.StandardHost.start(StandardHost.java:736) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:448) at org.apache.catalina.core.StandardServer.start(StandardServer.java:700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) May 20, 2008 5:17:45 PM org.apache.catalina.core.StandardContext filterStart SEVERE: Exception starting filter CAS Authentication Filter java.lang.ClassNotFoundException: org.jasig.cas.client.authentication.AuthenticationFilter at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1362) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1208) at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:207) at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302) at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78) at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022) at org.apache.catalina.core.StandardHost.start(StandardHost.java:736) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:448) at org.apache.catalina.core.StandardServer.start(StandardServer.java:700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) May 20, 2008 5:17:56 PM org.apache.catalina.core.ApplicationContext log INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain: [org.apache.webapp.balancer.RuleChain: [org.apache.webapp.balancer.rules.URLStringMatchRule: Target string: News / Redirect URL: http://www.cnn.com], [org.apache.webapp.balancer.rules.RequestParameterRule: Target param name: paramName / Target param value: paramValue / Redirect URL: http://www.yahoo.com], [org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect URL: http://jakarta.apache.org]] May 20, 2008 5:17:56 PM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: contextInitialized() May 20, 2008 5:17:56 PM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: contextInitialized() May 20, 2008 5:17:57 PM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: contextInitialized() May 20, 2008 5:17:57 PM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: contextInitialized() from stdout_20080520.log log4j:WARN No appenders could be found for logger (org.apache.commons.digester.Digester.sax). log4j:WARN Please initialize the log4j system properly. 2008-05-20 17:17:54,787 INFO [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <FormObjectClass not set. Using default class of org.jasig.cas.authentication.principal.UsernamePasswordCredentials with formObjectName credentials and validator org.jasig.cas.validation.UsernamePasswordCredentialsValidator.> log4j:WARN No appenders could be found for logger (org.apache.commons.digester.Digester.sax). log4j:WARN Please initialize the log4j system properly. log4j:WARN No appenders could be found for logger (org.apache.commons.digester.Digester.sax). log4j:WARN Please initialize the log4j system properly. 2008-05-20 17:18:13,146 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Starting cleaning of expired tickets from ticket registry at [Tue May 20 17:18:13 CDT 2008]> 2008-05-20 17:18:13,146 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <0 found to be removed. Removing now.> 2008-05-20 17:18:13,146 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Finished cleaning of expired tickets from ticket registry at [Tue May 20 17:18:13 CDT 2008]> 2008-05-20 17:49:25,252 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies to: /cas> 2008-05-20 17:49:36,674 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully authenticated the user which provided the following credentials: edwardc> 2008-05-20 17:49:36,690 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-1-QSdxlfMwcFEhtscFqGPt-cas] for service [http://casserver:8080/Recruiting/test.jsp] for user [edwardc]> Adam Rybicki wrote: > Edward, > > It's hard to tell what effect your cas.war file custom build may have > on CAS itself. Let's assume for the time being, that this is fine. > > Did you have a chance to look inside the Tomcat logs as the error > message was suggesting? Getting no response from CAS could be caused > by a certificate error. I looked at > AbstractCasProtocolUrlBasedTicketValidator, and it is possible that > this class would return null on a communication error with CAS > server. It logs the error and returns null. Can you locate the log > file? I think that the CAS Client may be actually using the log file > of your application. > > Adam > > Edward Chen wrote: >> Hi Scott and other experts, >> >> Hi, >> >> Just a thought about this problem. I don't know if it will make a >> difference. >> >> I think maybe the CAS in my tomcat is different. Why? >> >> I deployed my CAS to Tomcat by other method - our own build.xml. >> >> CAS 3.2.1 is built with Maven 2.0.9. I generate cas.war not by Maven, >> but by my build.xml >> >> The current problem seems to me that the CAS only talks itself and not >> react to any applications. That is why there is >> >> "...The CAS server returned no response...." when CAS linking to an >> application. >> >> What do you think? >> >> Edward >> >> >> Scott Battaglia wrote: >> >>> Edward, >>> >>> Can you try using the CAS 20 filter and see if that works? >>> >>> -Scott >>> >>> On Fri, May 16, 2008 at 11:52 PM, Edward Chen <[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]>> wrote: >>> >>> Here it's what I modify below. But it still doesn't work. I have the >>> following exception. Can you tell what 's wrong with it? Anything >>> wrong >>> with my cas filter?? Please help--very urgent >>> >>> >>> HTTP Status 500 - >>> >>> ------------------------------------------------------------------------ >>> >>> *type* Exception report >>> >>> *message* >>> >>> *description* _The server encountered an internal error () that >>> prevented it from fulfilling this request._ >>> >>> *exception* >>> >>> javax.servlet.ServletException: The CAS server returned no response. >>> >>> >>> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:152) >>> >>> >>> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103) >>> >>> *root cause* >>> >>> org.jasig.cas.client.validation.TicketValidationException: The CAS >>> server returned no response. >>> >>> >>> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:162) >>> >>> >>> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129) >>> >>> >>> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103) >>> >>> *note* _The full stack trace of the root cause is available in the >>> Apache Tomcat/5.5.25 logs._ >>> >>> ------------------------------------------------------------------------ >>> >>> >>> Apache Tomcat/5.5.25 >>> >>> >>> >>> .......... >>> <filter> >>> <filter-name>CAS Authentication Filter</filter-name> >>> >>> >>> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> >>> <init-param> >>> <param-name>casServerLoginUrl</param-name> >>> <param-value>https://casserver:8443/CAS/login</param-value> >>> </init-param> >>> <init-param> >>> <param-name>service</param-name> >>> >>> <param-value>http://casserver:8080/Recruiting/test.jsp</param-value> >>> </init-param> >>> <init-param> >>> <param-name>serverName</param-name> >>> <param-value>casserver:8080</param-value> >>> </init-param> >>> </filter> >>> >>> <filter> >>> <filter-name>CAS Validation Filter</filter-name> >>> >>> >>> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class> >>> <init-param> >>> <param-name>casUrlServerPrefix</param-name> >>> <param-value>https://casserver:8443/CAS</param-value> >>> </init-param> >>> <init-param> >>> <param-name>serverName</param-name> >>> <param-value>casserver:8080</param-value> >>> </init-param> >>> </filter> >>> >>> <filter> >>> <filter-name>CAS HttpServletRequest Wrapper >>> Filter</filter-name> >>> >>> >>> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> >>> </filter> >>> >>> <filter-mapping> >>> <filter-name>CAS Authentication Filter</filter-name> >>> <url-pattern>/*</url-pattern> >>> </filter-mapping> >>> >>> <filter-mapping> >>> <filter-name>CAS Validation Filter</filter-name> >>> <url-pattern>/*</url-pattern> >>> </filter-mapping > >>> >>> <filter-mapping> >>> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> >>> <url-pattern>/*</url-pattern> >>> </filter-mapping > >>> ............. >>> >>> >>> Edward >>> >>> Adam Rybicki wrote: >>> > Scott's right, of course. The Thread Local filter is not needed for >>> > what you need. It becomes handy if you don't have access to the >>> > HttpServletRequest. >>> > >>> > Adam >>> > >>> > Scott Battaglia wrote: >>> >> On Fri, May 16, 2008 at 7:32 PM, Adam Rybicki >>> <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >>> >> <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> wrote: >>> >> >>> >> Edward, >>> >> >>> >> Cross-posting to the wrong list (cas-dev) will not speed up >>> a reply. >>> >> >>> >> One thing you'll need is an additional filter. Actually, >>> two of >>> >> them, I think. To make getRemoteUser() work, you'll need them >>> >> configured similar to this: >>> >> >>> >> <filter> >>> >> <filter-name>CAS HttpServletRequest Wrapper >>> Filter</filter-name> >>> >> >>> >> >>> >>> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> >>> >> </filter> >>> >> >>> >> <filter> >>> >> <filter-name>CAS Assertion Thread Local >>> Filter</filter-name> >>> >> >>> >> >>> >>> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> >>> >> </filter> >>> >> >>> >> <filter-mapping> >>> >> <filter-name>CAS HttpServletRequest Wrapper >>> Filter</filter-name> >>> >> >>> >> <url-pattern>/*</url-pattern> >>> >> </filter-mapping> >>> >> >>> >> <filter-mapping> >>> >> <filter-name>CAS Assertion Thread Local >>> Filter</filter-name> >>> >> >>> >> <url-pattern>/*</url-pattern> >>> >> </filter-mapping> >>> >> >>> >> >>> >> What concerns me is that, while you are using the JA-SIG CAS >>> >> Client, the exception message you included appears to have come >>> >> from the Yale CAS Filter. I don't think you need both. >>> >> >>> >> >>> >> Adam beat me to it. But you are including the configuration >>> for the >>> >> JASIG CAS Client but an error message from the Yale CAS client. >>> >> That's impossible unless you have both of them configured, which I >>> >> don't think has ever been tried. I'd recommend just sticking with >>> >> one of them. If you merely wish to read the request.getRemoteUser, >>> >> you also won't need the ThreadLocal filter either. >>> >> >>> >> -Scott >>> >> >>> >> >>> >> >>> >> Adam >>> >> >>> >> Edward Chen wrote: >>> >>> I installed CAS 3.2.1 and deployed successfully with LDAP >>> in my >>> >>> Windows XP and Tomcat5.25. Now I want to link the simple jsp >>> >>> application in Tomcat to CAS. I modified the CAS filter in >>> >>> web.xml as bellow. If I comment out "CAS Validation Filter", I >>> >>> got redirected to CAS and passed CAS login and went back >>> to the >>> >>> application. However, I got "null" value >>> >>> (<%=request.getRemoteUser()%>) in my test.jsp. It should be >>> >>> supposed to have the CAS login username. If I don't >>> comment out >>> >>> "CAS Validation Filter", I got redirected to CAS and >>> passed CAS >>> >>> login. But when CAS went back to the application, it >>> throws out >>> >>> exception, something like "*exception* >>> >>> javax.servlet.ServletException: Unable to validate >>> >>> ProxyTicketValidator >>> >>> [[edu.yale.its.tp.cas.client.ProxyTicketValidator >>> >>> proxyList=[null] >>> >>> [edu.yale.its.tp.cas.client.ServiceTicketValidator ..... " It >>> >>> seems to me that the validation doesn't work. What is >>> wrong with >>> >>> it? How to fix it? any recommendation?? any thing wrong >>> with the >>> >>> following CAS filter?? Very urgent help needed!!! ........ >>> >>> <filter> <filter-name>CAS Authentication Filter</filter-name> >>> >>> >>> >>> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> >>> >>> <init-param> <param-name>casServerLoginUrl</param-name> >>> >>> <param-value>https://xxxxxxxxx:8443/CAS/login</param-value> >>> >>> </init-param> <init-param> <param-name>service</param-name> >>> >>> >>> <param-value>http://xxxxxxxxx:8080/Recruiting/test.jsp</param-value> >>> >>> </init-param> <init-param> <param-name>serverName</param-name> >>> >>> <param-value>xxxxxxx:8080/</param-value> </init-param> >>> </filter> >>> >>> <filter> <filter-name>CAS Validation Filter</filter-name> >>> >>> >>> >>> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class> >>> >>> <init-param> <param-name>casUrlServerPrefix</param-name> >>> >>> <param-value>https://xxxxxxx:8443/CAS</param-value> >>> >>> </init-param> <init-param> <param-name>serverName</param-name> >>> >>> <param-value>xxxxxxxxxxx:8080/</param-value> </init-param> >>> >>> </filter> <filter-mapping> <filter-name>CAS Authentication >>> >>> Filter</filter-name> <url-pattern>/*</url-pattern> >>> >>> </filter-mapping> <!--filter-mapping> <filter-name>CAS >>> >>> Validation Filter</filter-name> <url-pattern>/*</url-pattern> >>> >>> </filter-mapping --> ................... >>> >>> ______________________________ >>> >>> _________________ >>> >>> Yale CAS mailing list >>> >>> [email protected] <mailto:[email protected]> >>> <mailto:[email protected] <mailto:[email protected]>> >>> >>> http://tp.its.yale.edu/mailman/listinfo/cas >>> >> >>> >> _______________________________________________ >>> >> Yale CAS mailing list >>> >> [email protected] <mailto:[email protected]> >>> <mailto:[email protected] <mailto:[email protected]>> >>> >> http://tp.its.yale.edu/mailman/listinfo/cas >>> >> >>> >> >>> >> >>> >> >>> >> -- >>> >> -Scott Battaglia >>> >> PGP Public Key Id: 0x383733AA >>> >> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>> >> >>> ------------------------------------------------------------------------ >>> >> >>> >> _______________________________________________ >>> >> Yale CAS mailing list >>> >> [email protected] <mailto:[email protected]> >>> >> http://tp.its.yale.edu/mailman/listinfo/cas >>> >> >>> > _______________________________________________ >>> > Yale CAS mailing list >>> > [email protected] <mailto:[email protected]> >>> > http://tp.its.yale.edu/mailman/listinfo/cas >>> > >>> >>> _______________________________________________ >>> Yale CAS mailing list >>> [email protected] <mailto:[email protected]> >>> http://tp.its.yale.edu/mailman/listinfo/cas >>> >>> >>> >>> >>> -- >>> -Scott Battaglia >>> PGP Public Key Id: 0x383733AA >>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Yale CAS mailing list >>> [email protected] >>> http://tp.its.yale.edu/mailman/listinfo/cas >>> >>> >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
