Hi Scott, I got some debug logs here, see if they mean anything to you ------------------------------------------------------------------ 2008-06-05 17:00:02,832 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Attempting to create TicketGrantingTicket for [EMAIL PROTECTED]> 2008-06-05 17:00:05,402 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: nz.co.trimble.cas.adaptors.generic.TrimbleAuthenticationHandler successfully authenticated the user which provided the following credentials: [EMAIL PROTECTED]> 2008-06-05 17:00:05,403 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket [TGT-2-KtmzHGm2yIIC3bNzbbNbundLfIbYksEjotEc6RMcTTFfj09Knx-cas] to registry.> 2008-06-05 17:00:05,403 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Removed cookie with name [CASPRIVACY]> 2008-06-05 17:00:05,403 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'> 2008-06-05 17:00:05,403 DEBUG [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action 'SendTicketGrantingTicketAction' beginning execution> 2008-06-05 17:00:05,404 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added cookie with name [CASTGC] and value [TGT-2-KtmzHGm2yIIC3bNzbbNbundLfIbYksEjotEc6RMcTTFfj09Knx-cas]> 2008-06-05 17:00:05,404 DEBUG [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action 'SendTicketGrantingTicketAction' completed execution; result is 'success'> 2008-06-05 17:00:05,404 DEBUG [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action 'GenerateServiceTicketAction' beginning execution> 2008-06-05 17:00:05,404 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [TGT-2-KtmzHGm2yIIC3bNzbbNbundLfIbYksEjotEc6RMcTTFfj09Knx-cas]> 2008-06-05 17:00:05,404 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [TGT-2-KtmzHGm2yIIC3bNzbbNbundLfIbYksEjotEc6RMcTTFfj09Knx-cas] found in registry.> 2008-06-05 17:00:05,405 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket [ST-2-mkLsF7kDcVG9eZPmzOeQ-cas] to registry.> 2008-06-05 17:00:05,405 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-2-mkLsF7kDcVG9eZPmzOeQ-cas] for service [http://localhost:8084/WebApplication1/] for user [EMAIL PROTECTED]> 2008-06-05 17:00:05,405 DEBUG [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action 'GenerateServiceTicketAction' completed execution; result is 'success'> 2008-06-05 17:00:06,500 DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor generated service for: http://localhost:8084/WebApplication1/> 2008-06-05 17:00:06,500 DEBUG [org.jasig.cas.web.view.Saml10FailureResponseView] - <Rendering view with name 'casSamlServiceFailureView' with model {code=INVALID_REQUEST, description='service' and 'ticket' parameters are both required} and static attributes {}> 2008-06-05 17:00:06,500 DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor generated service for: http://localhost:8084/WebApplication1/> -------------------------------------------------------------------
Also let you know that we are using CAS server 3.2 (it's not on CAS 3.2.1 yet). Does this matter in this case? I did not find the CAS client for java 3.1.3 rc2, can you provide me a link for this updated? many thanks, Kevin --------------------------------- scott_battaglia wrote: > > On Tue, Jun 3, 2008 at 5:14 PM, ktian <[EMAIL PROTECTED]> wrote: > >> >> Hi Scott, >> >> Before I open a JIRA issue, I would like check the other couple of >> things. >> >> 1. Do I need to set up openSAML in CAS server, is there any configration >> of >> SAML on server side? > > > It should be configured out of the box for SAML. > >> >> 2. I did not see any failing validate a ticket in CAS server logs, may be >> this because I did not set up logging properly in both server and client. >> Can you please tell me how to config/setup log4j in both server and >> client >> to log any exceptions ? > > > I would recommend turning the logging the log4j.properties to DEBUG for > org.jasig.cas > > Also, if you haven't try using CAS Client for Java 3.1.3-rc2 (its in the > Maven2 repo on the JASIG servers). > > -Scott > >> >> >> Thanks, >> >> Kevin >> >> >> >> scott_battaglia wrote: >> > >> > If you look at the major and minor version it is 1.1. The OpenSAML >> > library >> > is also separate from the protocol so the numbers may not coincide. >> > >> > Can you open a JIRA issue for this? Because even though the response >> is >> > technically correct its not getting parsed correctly on the client >> side. >> > We >> > also need to look at why you're getting this response. Anything in the >> > CAS >> > server logs about failing to validate a ticket or anything? >> > >> > -Scott >> > >> > On Tue, Jun 3, 2008 at 12:56 AM, ktian <[EMAIL PROTECTED]> >> wrote: >> > >> >> >> >> I got the xml response as below, >> >> >> >> <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/ >> >> "><SOAP-ENV:Header/><SOAP-ENV:Body><Response >> >> xmlns="urn:oasis:names:tc:SAML:1.0:protocol" >> >> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" >> >> xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" >> >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> >> IssueInstant="2008-06-03T04:44:57.143Z" MajorVersion="1" >> MinorVersion="1" >> >> Recipient="http://localhost:8084/WebApplication1/"; >> >> ResponseID="_3b62bece2e8da1c10279db04882012ac"><Status><StatusCode >> >> >> >> >> Value="samlp:Responder"></StatusCode><StatusMessage>Success</StatusMessage></Status></Response></SOAP-ENV:Body></SOAP-ENV:Envelope> >> >> >> >> But there is no attributes such as username, etc. Also it uses SAML >> 1.0 >> >> instead of SAML 1.1. >> >> It confuses me that I included the openSAML 1.1b.jar in my app, but >> got >> >> SAML >> >> 1.0 response. >> >> Please help me out. >> >> >> >> Thanks, >> >> >> >> Kevin >> >> >> >> ------------------------------------------------------ >> >> >> >> scott_battaglia wrote: >> >> > >> >> > Kevin, >> >> > >> >> > If you can put the app through something like the Eclipse Debugger >> you >> >> can >> >> > set a breakpoint to grab the value. One of our open items is to add >> >> more >> >> > logging into the client, we unfortunately haven't gotten there yet. >> >> > >> >> > -Scott >> >> > >> >> > On Thu, May 29, 2008 at 11:35 PM, ktian <[EMAIL PROTECTED]> >> >> wrote: >> >> > >> >> >> >> >> >> Hi Scott, >> >> >> >> >> >> I tried CAS Client for Java 3.1.2, but it still fails. The >> exception >> >> as >> >> >> follow: >> >> >> >> >> >> >> >> >> >> >> >> ---------------------------------------------------------------------------------- >> >> >> exception >> >> >> >> >> >> javax.servlet.ServletException: org.opensaml.SAMLException: Success >> >> >> >> >> >> >> >> >> >> >> >> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:152) >> >> >> >> >> >> >> >> >> >> >> >> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103) >> >> >> >> >> >> >> >> >> root cause >> >> >> >> >> >> org.jasig.cas.client.validation.TicketValidationException: >> >> >> org.opensaml.SAMLException: Success >> >> >> >> >> >> >> >> >> >> >> >> org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:93) >> >> >> >> >> >> >> >> >> >> >> >> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:165) >> >> >> >> >> >> >> >> >> >> >> >> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129) >> >> >> >> >> >> >> >> >> >> >> >> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103) >> >> >> >> >> >> >> >> >> root cause >> >> >> >> >> >> org.opensaml.SAMLException: Success >> >> >> org.opensaml.SAMLException.getInstance(Unknown Source) >> >> >> org.opensaml.SAMLResponse.fromDOM(Unknown Source) >> >> >> org.opensaml.SAMLResponse.<init>(Unknown Source) >> >> >> >> >> >> >> >> >> >> >> >> org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:48) >> >> >> >> >> >> >> >> >> >> >> >> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:165) >> >> >> >> >> >> >> >> >> >> >> >> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129) >> >> >> >> >> >> >> >> >> >> >> >> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103) >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> --------------------------------------------------------------------------------------------- >> >> >> Also do you know how to capture the XML response, which is the main >> >> thing >> >> >> I'm tring to retrieve using SAML filter? I want to retrieve the CAS >> >> >> server >> >> >> response. >> >> >> >> >> >> Many thanks, >> >> >> >> >> >> Kevin >> >> >> >> >> >> >> >> >> >> >> >> scott_battaglia wrote: >> >> >> > >> >> >> > Have you tried CAS Client for Java 3.1.2? If not, you can grab >> it >> >> from >> >> >> > the >> >> >> > public Maven2 repo. If that still fails, can you open a ticket >> >> (we're >> >> >> > cutting RCs of CAS Client for Java 3.1.3 soon) pasting in the >> >> exception >> >> >> > and >> >> >> > if you can capture the XML response too. >> >> >> > Thanks >> >> >> > -Scott >> >> >> > >> >> >> > On Thu, May 29, 2008 at 9:48 PM, ktian <[EMAIL PROTECTED]> >> >> >> wrote: >> >> >> > >> >> >> >> >> >> >> >> Hi, >> >> >> >> >> >> >> >> I have : >> >> >> >> CAS Client version 3.1 >> >> >> >> CAS Server version 3.2 >> >> >> >> Server tomcat : 5.5.26 >> >> >> >> >> >> >> >> I've tried to get Saml11TicketValidationFilter working to >> retrieve >> >> >> server >> >> >> >> response, but I got Exception when CAS server returned a ticket: >> >> >> >> >> >> >> >> java.lang.NumberFormatException: For input string: "" >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> java.lang.NumberFormatException.forInputString(NumberFormatException.java:48) >> >> >> >> java.lang.Integer.parseInt(Integer.java:468) >> >> >> >> java.lang.Integer.parseInt(Integer.java:497) >> >> >> >> org.opensaml.SAMLResponse.fromDOM(Unknown Source) >> >> >> >> org.opensaml.SAMLResponse.<init>(Unknown Source) >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:46) >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:165) >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129) >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103) >> >> >> >> >> >> >> >> does anyone know how to solve this issue? >> >> >> >> >> >> >> >> Many Thanks, >> >> >> >> >> >> >> >> Kevin >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> >> View this message in context: >> >> >> >> >> >> >> >> >> >> http://www.nabble.com/retrieve-server-response-issue-tp17548571p17548571.html >> >> >> >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> >> >> >> >> >> >> _______________________________________________ >> >> >> >> Yale CAS mailing list >> >> >> >> [email protected] >> >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> >> >> >> >> > >> >> >> > >> >> >> > >> >> >> > -- >> >> >> > -Scott Battaglia >> >> >> > PGP Public Key Id: 0x383733AA >> >> >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia >> >> >> > >> >> >> > _______________________________________________ >> >> >> > Yale CAS mailing list >> >> >> > [email protected] >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> > >> >> >> > >> >> >> >> >> >> -- >> >> >> View this message in context: >> >> >> >> >> >> http://www.nabble.com/retrieve-server-response-issue-tp17548571p17550984.html >> >> >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> >> >> >> >> _______________________________________________ >> >> >> Yale CAS mailing list >> >> >> [email protected] >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> >> >> > >> >> > >> >> > >> >> > -- >> >> > -Scott Battaglia >> >> > PGP Public Key Id: 0x383733AA >> >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia >> >> > >> >> > _______________________________________________ >> >> > Yale CAS mailing list >> >> > [email protected] >> >> > http://tp.its.yale.edu/mailman/listinfo/cas >> >> > >> >> > >> >> >> >> -- >> >> View this message in context: >> >> >> http://www.nabble.com/retrieve-server-response-issue-tp17548571p17616042.html >> >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> >> >> _______________________________________________ >> >> Yale CAS mailing list >> >> [email protected] >> >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> > >> > >> > >> > -- >> > -Scott Battaglia >> > PGP Public Key Id: 0x383733AA >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia >> > >> > _______________________________________________ >> > Yale CAS mailing list >> > [email protected] >> > http://tp.its.yale.edu/mailman/listinfo/cas >> > >> > >> >> -- >> View this message in context: >> http://www.nabble.com/retrieve-server-response-issue-tp17548571p17633857.html >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> > > > > -- > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- View this message in context: http://www.nabble.com/retrieve-server-response-issue-tp17548571p17662311.html Sent from the CAS Users mailing list archive at Nabble.com. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
