Hi Adam,
I still have the same problem "...The CAS server returned no
response...." after I change to
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
from
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/Recruiting/*</url-pattern>
</filter-mapping>
I think it should be <url-pattern>/*</url-pattern>. I think I am not
using the validation filter currently because of this
<url-pattern>/Recruiting/*</url-pattern>
I did integrate cas-client-core-3.1.1.jar into my web app. I thought I
did not. The log file I copied for you was from my workstation testing
machine and the cas and web application did work in my workstation
testing machine. However, when I deployed cas and web application to
server ( a linux machine), it becomes
"...The CAS server returned no response...." after cas login and
redirect to my web application.
In my workstation I use <url-pattern>/*</url-pattern>
How to fix it? cas server problem? client problem or filter problem or
others?
Please continue to help. It's still urgent.
Edward
Adam Rybicki wrote:
> Edward,
>
> As others have already confirmed, you must configure your CAS client
> application to use the JA-SIG CAS Client library, which facilitates
> communications with the CAS server. It is ultimately the CAS Client
> library that will allow request.getRemoteUser() to return the username
> of the authenticated user.
>
> The logs you sent make this fairly clear. The log of the CAS server
> clearly shows CAS issuing a service ticket for user "edwardc." It
> appears that the server is working fine.
>
> The log file from the client shows a clue to your problem. The client
> is unable to load the CAS Client filters. The JA-SIG CAS Client
> library (a jar file, which at least on my computer is called
> "cas-client-core-3.1.1.jar") needs to be in your Web application's
> classpath. As with any enterprise Java Web application, there is an
> appropriate place to install this jar file. Since I see you are using
> Tomcat, in your case this place should be something like
> <tomcat_dir>/webapps/Recruiting/WEB-INF/lib.
>
> Adam
>
> Edward Chen wrote:
>> I am kind of understanding...
>>
>> In order to display request.getRemoteUser() value in my test.jsp, I need
>> to integrate cas client 3.1.1 to my application, for Recruiting
>> application. The reason why my current test.jsp returns null value is
>> because I haven't integrate cas client 3.21 with my application, Is it
>> correct?
>>
>> I am done with the server side configuration, right?
>>
>> If so, how to integrate cas client 3.11 to my java/jsp application? do
>> you have an instruction?
>>
>> Edward
>>
>> Scott Battaglia wrote:
>>
>>> When CASifying an application, you integrate the CAS client with your
>>> application. You don't integrate the CAS client with the CAS server
>>> software. The CAS client library is what allows the application to
>>> communicate with the CAS server.
>>>
>>> You should be configuring the wrapper on YOUR application if you want
>>> access to request.getRemoteUser().
>>>
>>> -Scott
>>>
>>> On Tue, May 20, 2008 at 11:22 PM, Edward Chen <[EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>> wrote:
>>>
>>> Adam and Scott,
>>>
>>> It seems to me that I missing the client configuration. I tried to
>>> locate HttpServletRequestWrapperFilter file but I don't find them
>>> in my
>>> cas 3.21 folder. So, I download "cas-client-3.1.1-release" and I find
>>> HttpServletRequestWrapperFilter file in it. I wonder if I need to
>>> integrate client into server. If yes, how to integrate
>>> case-client-3.1.1? using maven? ??
>>>
>>> I am stuck in this problem.
>>>
>>> Edward
>>>
>>> Adam Rybicki wrote:
>>> > Edward,
>>> >
>>> > It's hard to tell what effect your cas.war file custom build may
>>> have
>>> > on CAS itself. Let's assume for the time being, that this is fine.
>>> >
>>> > Did you have a chance to look inside the Tomcat logs as the error
>>> > message was suggesting? Getting no response from CAS could be
>>> caused
>>> > by a certificate error. I looked at
>>> > AbstractCasProtocolUrlBasedTicketValidator, and it is possible that
>>> > this class would return null on a communication error with CAS
>>> > server. It logs the error and returns null. Can you locate the log
>>> > file? I think that the CAS Client may be actually using the log
>>> file
>>> > of your application.
>>> >
>>> > Adam
>>> >
>>> > Edward Chen wrote:
>>> >> Hi Scott and other experts,
>>> >>
>>> >> Hi,
>>> >>
>>> >> Just a thought about this problem. I don't know if it will make a
>>> >> difference.
>>> >>
>>> >> I think maybe the CAS in my tomcat is different. Why?
>>> >>
>>> >> I deployed my CAS to Tomcat by other method - our own build.xml.
>>> >>
>>> >> CAS 3.2.1 is built with Maven 2.0.9. <http://2.0.9.> I generate
>>> cas.war not by Maven,
>>> >> but by my build.xml
>>> >>
>>> >> The current problem seems to me that the CAS only talks itself
>>> and not
>>> >> react to any applications. That is why there is
>>> >>
>>> >> "...The CAS server returned no response...." when CAS linking to an
>>> >> application.
>>> >>
>>> >> What do you think?
>>> >>
>>> >> Edward
>>> >>
>>> >>
>>> >> Scott Battaglia wrote:
>>> >>
>>> >>> Edward,
>>> >>>
>>> >>> Can you try using the CAS 20 filter and see if that works?
>>> >>>
>>> >>> -Scott
>>> >>>
>>> >>> On Fri, May 16, 2008 at 11:52 PM, Edward Chen
>>> <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>>> >>> <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> wrote:
>>> >>>
>>> >>> Here it's what I modify below. But it still doesn't work.
>>> I have the
>>> >>> following exception. Can you tell what 's wrong with it?
>>> Anything
>>> >>> wrong
>>> >>> with my cas filter?? Please help--very urgent
>>> >>>
>>> >>>
>>> >>> HTTP Status 500 -
>>> >>>
>>> >>>
>>> ------------------------------------------------------------------------
>>> >>>
>>> >>> *type* Exception report
>>> >>>
>>> >>> *message*
>>> >>>
>>> >>> *description* _The server encountered an internal error ()
>>> that
>>> >>> prevented it from fulfilling this request._
>>> >>>
>>> >>> *exception*
>>> >>>
>>> >>> javax.servlet.ServletException: The CAS server returned no
>>> response.
>>> >>>
>>> >>>
>>>
>>> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:152)
>>> >>>
>>> >>>
>>>
>>> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103)
>>> >>>
>>> >>> *root cause*
>>> >>>
>>> >>> org.jasig.cas.client.validation.TicketValidationException:
>>> The CAS
>>> >>> server returned no response.
>>> >>>
>>> >>>
>>>
>>> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:162)
>>> >>>
>>> >>>
>>>
>>> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129)
>>> >>>
>>> >>>
>>>
>>> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103)
>>> >>>
>>> >>> *note* _The full stack trace of the root cause is
>>> available in the
>>> >>> Apache Tomcat/5.5.25 logs._
>>> >>>
>>> >>>
>>> ------------------------------------------------------------------------
>>> >>>
>>> >>>
>>> >>> Apache Tomcat/5.5.25
>>> >>>
>>> >>>
>>> >>>
>>> >>> ..........
>>> >>> <filter>
>>> >>> <filter-name>CAS Authentication Filter</filter-name>
>>> >>>
>>> >>>
>>>
>>> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
>>> >>> <init-param>
>>> >>> <param-name>casServerLoginUrl</param-name>
>>> >>>
>>> <param-value>https://casserver:8443/CAS/login</param-value>
>>> >>> </init-param>
>>> >>> <init-param>
>>> >>> <param-name>service</param-name>
>>> >>>
>>> >>>
>>> <param-value>http://casserver:8080/Recruiting/test.jsp</param-value>
>>> >>> </init-param>
>>> >>> <init-param>
>>> >>> <param-name>serverName</param-name>
>>> >>> <param-value>casserver:8080</param-value>
>>> >>> </init-param>
>>> >>> </filter>
>>> >>>
>>> >>> <filter>
>>> >>> <filter-name>CAS Validation Filter</filter-name>
>>> >>>
>>> >>>
>>>
>>> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
>>> >>> <init-param>
>>> >>> <param-name>casUrlServerPrefix</param-name>
>>> >>> <param-value>https://casserver:8443/CAS</param-value>
>>> >>> </init-param>
>>> >>> <init-param>
>>> >>> <param-name>serverName</param-name>
>>> >>> <param-value>casserver:8080</param-value>
>>> >>> </init-param>
>>> >>> </filter>
>>> >>>
>>> >>> <filter>
>>> >>> <filter-name>CAS HttpServletRequest Wrapper
>>> >>> Filter</filter-name>
>>> >>>
>>> >>>
>>>
>>> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
>>> >>> </filter>
>>> >>>
>>> >>> <filter-mapping>
>>> >>> <filter-name>CAS Authentication Filter</filter-name>
>>> >>> <url-pattern>/*</url-pattern>
>>> >>> </filter-mapping>
>>> >>>
>>> >>> <filter-mapping>
>>> >>> <filter-name>CAS Validation Filter</filter-name>
>>> >>> <url-pattern>/*</url-pattern>
>>> >>> </filter-mapping >
>>> >>>
>>> >>> <filter-mapping>
>>> >>> <filter-name>CAS HttpServletRequest Wrapper
>>> Filter</filter-name>
>>> >>> <url-pattern>/*</url-pattern>
>>> >>> </filter-mapping >
>>> >>> .............
>>> >>>
>>> >>>
>>> >>> Edward
>>> >>>
>>> >>> Adam Rybicki wrote:
>>> >>> > Scott's right, of course. The Thread Local filter is
>>> not needed for
>>> >>> > what you need. It becomes handy if you don't have
>>> access to the
>>> >>> > HttpServletRequest.
>>> >>> >
>>> >>> > Adam
>>> >>> >
>>> >>> > Scott Battaglia wrote:
>>> >>> >> On Fri, May 16, 2008 at 7:32 PM, Adam Rybicki
>>> >>> <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>>> <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
>>> >>> >> <mailto:[EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]> <mailto:[EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>>>> wrote:
>>> >>> >>
>>> >>> >> Edward,
>>> >>> >>
>>> >>> >> Cross-posting to the wrong list (cas-dev) will not
>>> speed up
>>> >>> a reply.
>>> >>> >>
>>> >>> >> One thing you'll need is an additional filter.
>>> Actually,
>>> >>> two of
>>> >>> >> them, I think. To make getRemoteUser() work,
>>> you'll need them
>>> >>> >> configured similar to this:
>>> >>> >>
>>> >>> >> <filter>
>>> >>> >> <filter-name>CAS HttpServletRequest Wrapper
>>> >>> Filter</filter-name>
>>> >>> >>
>>> >>> >>
>>> >>>
>>>
>>> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
>>> >>> >> </filter>
>>> >>> >>
>>> >>> >> <filter>
>>> >>> >> <filter-name>CAS Assertion Thread Local
>>> >>> Filter</filter-name>
>>> >>> >>
>>> >>> >>
>>> >>>
>>>
>>> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
>>> >>> >> </filter>
>>> >>> >>
>>> >>> >> <filter-mapping>
>>> >>> >> <filter-name>CAS HttpServletRequest Wrapper
>>> >>> Filter</filter-name>
>>> >>> >>
>>> >>> >> <url-pattern>/*</url-pattern>
>>> >>> >> </filter-mapping>
>>> >>> >>
>>> >>> >> <filter-mapping>
>>> >>> >> <filter-name>CAS Assertion Thread Local
>>> >>> Filter</filter-name>
>>> >>> >>
>>> >>> >> <url-pattern>/*</url-pattern>
>>> >>> >> </filter-mapping>
>>> >>> >>
>>> >>> >>
>>> >>> >> What concerns me is that, while you are using the
>>> JA-SIG CAS
>>> >>> >> Client, the exception message you included appears
>>> to have come
>>> >>> >> from the Yale CAS Filter. I don't think you need both.
>>> >>> >>
>>> >>> >>
>>> >>> >> Adam beat me to it. But you are including the
>>> configuration
>>> >>> for the
>>> >>> >> JASIG CAS Client but an error message from the Yale CAS
>>> client.
>>> >>> >> That's impossible unless you have both of them
>>> configured, which I
>>> >>> >> don't think has ever been tried. I'd recommend just
>>> sticking with
>>> >>> >> one of them. If you merely wish to read the
>>> request.getRemoteUser,
>>> >>> >> you also won't need the ThreadLocal filter either.
>>> >>> >>
>>> >>> >> -Scott
>>> >>> >>
>>> >>> >>
>>> >>> >>
>>> >>> >> Adam
>>> >>> >>
>>> >>> >> Edward Chen wrote:
>>> >>> >>> I installed CAS 3.2.1 and deployed successfully
>>> with LDAP
>>> >>> in my
>>> >>> >>> Windows XP and Tomcat5.25. Now I want to link the
>>> simple jsp
>>> >>> >>> application in Tomcat to CAS. I modified the CAS
>>> filter in
>>> >>> >>> web.xml as bellow. If I comment out "CAS
>>> Validation Filter", I
>>> >>> >>> got redirected to CAS and passed CAS login and
>>> went back
>>> >>> to the
>>> >>> >>> application. However, I got "null" value
>>> >>> >>> (<%=request.getRemoteUser()%>) in my test.jsp. It
>>> should be
>>> >>> >>> supposed to have the CAS login username. If I don't
>>> >>> comment out
>>> >>> >>> "CAS Validation Filter", I got redirected to CAS and
>>> >>> passed CAS
>>> >>> >>> login. But when CAS went back to the application, it
>>> >>> throws out
>>> >>> >>> exception, something like "*exception*
>>> >>> >>> javax.servlet.ServletException: Unable to validate
>>> >>> >>> ProxyTicketValidator
>>> >>> >>> [[edu.yale.its.tp.cas.client.ProxyTicketValidator
>>> >>> >>> proxyList=[null]
>>> >>> >>> [edu.yale.its.tp.cas.client.ServiceTicketValidator
>>> ..... " It
>>> >>> >>> seems to me that the validation doesn't work. What is
>>> >>> wrong with
>>> >>> >>> it? How to fix it? any recommendation?? any thing
>>> wrong
>>> >>> with the
>>> >>> >>> following CAS filter?? Very urgent help needed!!!
>>> ........
>>> >>> >>> <filter> <filter-name>CAS Authentication
>>> Filter</filter-name>
>>> >>> >>>
>>> >>>
>>>
>>> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
>>> >>> >>> <init-param>
>>> <param-name>casServerLoginUrl</param-name>
>>> >>> >>>
>>> <param-value>https://xxxxxxxxx:8443/CAS/login</param-value>
>>> >>> >>> </init-param> <init-param>
>>> <param-name>service</param-name>
>>> >>> >>>
>>> >>>
>>> <param-value>http://xxxxxxxxx:8080/Recruiting/test.jsp</param-value>
>>> >>> >>> </init-param> <init-param>
>>> <param-name>serverName</param-name>
>>> >>> >>> <param-value>xxxxxxx:8080/</param-value> </init-param>
>>> >>> </filter>
>>> >>> >>> <filter> <filter-name>CAS Validation
>>> Filter</filter-name>
>>> >>> >>>
>>> >>>
>>>
>>> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
>>> >>> >>> <init-param>
>>> <param-name>casUrlServerPrefix</param-name>
>>> >>> >>> <param-value>https://xxxxxxx:8443/CAS</param-value>
>>> >>> >>> </init-param> <init-param>
>>> <param-name>serverName</param-name>
>>> >>> >>> <param-value>xxxxxxxxxxx:8080/</param-value>
>>> </init-param>
>>> >>> >>> </filter> <filter-mapping> <filter-name>CAS
>>> Authentication
>>> >>> >>> Filter</filter-name> <url-pattern>/*</url-pattern>
>>> >>> >>> </filter-mapping> <!--filter-mapping> <filter-name>CAS
>>> >>> >>> Validation Filter</filter-name>
>>> <url-pattern>/*</url-pattern>
>>> >>> >>> </filter-mapping --> ...................
>>> >>> >>> ______________________________
>>> >>> >>> _________________
>>> >>> >>> Yale CAS mailing list
>>> >>> >>> [email protected] <mailto:[email protected]>
>>> <mailto:[email protected] <mailto:[email protected]>>
>>> >>> <mailto:[email protected] <mailto:[email protected]>
>>> <mailto:[email protected] <mailto:[email protected]>>>
>>> >>> >>> http://tp.its.yale.edu/mailman/listinfo/cas
>>> >>> >>
>>> >>> >> _______________________________________________
>>> >>> >> Yale CAS mailing list
>>> >>> >> [email protected] <mailto:[email protected]>
>>> <mailto:[email protected] <mailto:[email protected]>>
>>> >>> <mailto:[email protected] <mailto:[email protected]>
>>> <mailto:[email protected] <mailto:[email protected]>>>
>>> >>> >> http://tp.its.yale.edu/mailman/listinfo/cas
>>> >>> >>
>>> >>> >>
>>> >>> >>
>>> >>> >>
>>> >>> >> --
>>> >>> >> -Scott Battaglia
>>> >>> >> PGP Public Key Id: 0x383733AA
>>> >>> >> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>> >>> >>
>>> >>>
>>> ------------------------------------------------------------------------
>>> >>> >>
>>> >>> >> _______________________________________________
>>> >>> >> Yale CAS mailing list
>>> >>> >> [email protected] <mailto:[email protected]>
>>> <mailto:[email protected] <mailto:[email protected]>>
>>> >>> >> http://tp.its.yale.edu/mailman/listinfo/cas
>>> >>> >>
>>> >>> > _______________________________________________
>>> >>> > Yale CAS mailing list
>>> >>> > [email protected] <mailto:[email protected]>
>>> <mailto:[email protected] <mailto:[email protected]>>
>>> >>> > http://tp.its.yale.edu/mailman/listinfo/cas
>>> >>> >
>>> >>>
>>> >>> _______________________________________________
>>> >>> Yale CAS mailing list
>>> >>> [email protected] <mailto:[email protected]>
>>> <mailto:[email protected] <mailto:[email protected]>>
>>> >>> http://tp.its.yale.edu/mailman/listinfo/cas
>>> >>>
>>> >>>
>>> >>>
>>> >>>
>>> >>> --
>>> >>> -Scott Battaglia
>>> >>> PGP Public Key Id: 0x383733AA
>>> >>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>> >>>
>>> ------------------------------------------------------------------------
>>> >>>
>>> >>> _______________________________________________
>>> >>> Yale CAS mailing list
>>> >>> [email protected] <mailto:[email protected]>
>>> >>> http://tp.its.yale.edu/mailman/listinfo/cas
>>> >>>
>>> >>>
>>> >>
>>> >> _______________________________________________
>>> >> Yale CAS mailing list
>>> >> [email protected] <mailto:[email protected]>
>>> >> http://tp.its.yale.edu/mailman/listinfo/cas
>>> >>
>>> >>
>>> > _______________________________________________
>>> > Yale CAS mailing list
>>> > [email protected] <mailto:[email protected]>
>>> > http://tp.its.yale.edu/mailman/listinfo/cas
>>> >
>>>
>>> _______________________________________________
>>> Yale CAS mailing list
>>> [email protected] <mailto:[email protected]>
>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>
>>>
>>>
>>>
>>> --
>>> -Scott Battaglia
>>> PGP Public Key Id: 0x383733AA
>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Yale CAS mailing list
>>> [email protected]
>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>
>>>
>>
>> _______________________________________________
>> Yale CAS mailing list
>> [email protected]
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
