nomit, This means that a CAS client was attempting to validate a service ticket that was generated for another service. To determine the service the ticket was created for:
1. Make sure you are logged out of CAS 2. Access the CAS protected application, which will redirect you to the CAS login page 3. Examine the URL for the CAS login page for the service parameter This service parameter is what the CAS server uses in generating the service ticket. If you turn on debugging with the CAS client, it will output the information it is sending to the CAS server to validate the ticket. You can match the URLs and see if they are the same or not; according to CAS, they aren't. HTH, Andrew R Feller, Analyst University Information Systems 200 Fred Frey Building Louisiana State University Baton Rouge, LA, 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of nomit Sent: Friday, June 13, 2008 4:42 AM To: [email protected] Subject: JA-SIG CAS Java Client 3.1.1 problems Hello! Hope someone can give me clue to what to do next. I've searched the archives and googled but can't find anyone with the same issue. I'm using JA-SIG CAS Java Client 3.1.1 to protect the a webapp in Tomcat (tested in 5.5.12 and 5.5.23). Here are 3 sniffed example urls that are being returned to the CAS filters in the webapp after successful authentication at our CAS server. http://resolverdev.shef.ac.uk:800/?http://infotrac.galegroup.com/itweb/s u_uk?db=ecco&ticket=ST-5-Ypiy9c6ITVg1hKoEBTTJ http://resolverdev.shef.ac.uk:800/?http://www.shef.ac.uk&ticket=ST-6-3Tc 8tA8Od8oni1eCiUhS These work fine, with the CAS filter letting the request through. However this url http://resolverdev.shef.ac.uk:800/?http://proquest.umi.com/pqdlink?Ver=1 &Exp=02-19-2008&REQ=3&Cert=8RkgPFRptdR2FO9BI6WZzTyJQZzJBUi00ivY5SNt%20cg ZLOA5G9YvJ2/7Ga9kCse4ZZL2e7vJqwjFoqZw%20P6VJ/YIAo0QQPHG&pub=37932&ticket =ST-4-W73WEvS79X0eLp0ASxxo fails with 2008-06-13 10:08:25,858 - WARN org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilte r - org.jasig.cas.client.validation.TicketValidationException: ticket 'ST-4-W73WEvS79X0eLp0ASxxo' does not match supplied service org.jasig.cas.client.validation.TicketValidationException: ticket 'ST-4-W73WEvS79X0eLp0ASxxo' does not match supplied service at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseRespons eFromServer(Cas20ServiceTicketValidator.java:65) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate (AbstractUrlBasedTicketValidator.java:165) at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter( AbstractTicketValidationFilter.java:129) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:173) at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(Authen ticationFilter.java:103) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:178) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1 48) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:86 8) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.proc essConnection(Http11BaseProtocol.java:663) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint .java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollow erWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:684) at java.lang.Thread.run(Thread.java:595) I'm flummoxed why. The tickets look fine. Hope someone can give me a clue to what this error means or how to debug further! Any help much appreciated. cheeeeeeeeeeeeeeeeeers I'm also adding the CAS part of my web.xml if that is useful: <!-- JA-SIG CAS filters --> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</ filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://luminis.shef.ac.uk/cp/cas/login</param-value> </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketV alidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://luminis.shef.ac.uk/cp/cas</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> </filter> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter< /filter-class> </filter> -- Nomit Babraa Department of Corporate Information & Computing Services (CiCS) University of Sheffield 287 Glossop Rd Sheffield S10 2HB Tel: 0114 222 1162 _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
