Hello Andrew Many thanks for you reply.
I've turned on debugging and this produces the following 2008-06-13 14:34:24,759 - DEBUG org.jasig.cas.client.authentication.AuthenticationFilter - no ticket and no assertion found 2008-06-13 14:34:24,760 - DEBUG org.jasig.cas.client.util.CommonUtils - serviceUrl generated: http://resolverdev.shef.ac.uk:800/?http://proquest.umi.com/pqdlink?Ver=1&Exp=02-19-2008&REQ=3&Cert=8RkgPFRptdR2FO9BI6WZzTyJQZzJBUi00ivY5SNt%20cgZLOA5G9YvJ2/7Ga9kCse4ZZL2e7vJqwjFoqZw%20P6VJ/YIAo0QQPHG&pub=37932 2008-06-13 14:34:24,760 - DEBUG org.jasig.cas.client.authentication.AuthenticationFilter - redirecting to "https://luminis.shef.ac.uk/cp/cas/login?service=http%3A%2F%2Fresolverdev.shef.ac.uk%3A800%2F%3Fhttp%3A%2F%2Fproquest.umi.com%2Fpqdlink%3FVer%3D1%26Exp%3D02-19-2008%26REQ%3D3%26Cert%3D8RkgPFRptdR2FO9BI6WZzTyJQZzJBUi00ivY5SNt%2520cgZLOA5G9YvJ2%2F7Ga9kCse4ZZL2e7vJqwjFoqZw%2520P6VJ%2FYIAo0QQPHG%26pub%3D37932"; 2008-06-13 14:34:50,618 - DEBUG org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter - Attempting to validate ticket: ST-12-LNRtCbHqQCrgJHYGnEB9 2008-06-13 14:34:50,618 - DEBUG org.jasig.cas.client.util.CommonUtils - serviceUrl generated: http://resolverdev.shef.ac.uk:800/?http://proquest.umi.com/pqdlink?Ver=1&Exp=02-19-2008&REQ=3&Cert=8RkgPFRptdR2FO9BI6WZzTyJQZzJBUi00ivY5SNt%20cgZLOA5G9YvJ2/7Ga9kCse4ZZL2e7vJqwjFoqZw%20P6VJ/YIAo0QQPHG&pub=37932 2008-06-13 14:34:50,645 - WARN org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter - org.jasig.cas.client.validation.TicketValidationException: ticket 'ST-12-LNRtCbHqQCrgJHYGnEB9' does not match supplied service org.jasig.cas.client.validation.TicketValidationException: ticket 'ST-12-LNRtCbHqQCrgJHYGnEB9' does not match supplied service at org.jasig.cas..... The cas server gets: https://luminis.shef.ac.uk/cp/home/displaylogin?goto=https://luminis.shef.ac.uk/cp/cas/login?service=http://resolverdev.shef.ac.uk:800/?http://proquest.umi.com/pqdlink?Ver=1&Exp=02-19-2008&REQ=3&Cert=8RkgPFRptdR2FO9BI6WZzTyJQZzJBUi00ivY5SNt%20cgZLOA5G9YvJ2/7Ga9kCse4ZZL2e7vJqwjFoqZw%20P6VJ/YIAo0QQPHG&pub=37932 where service= http://resolverdev.shef.ac.uk:800/?http://proquest.umi.com/pqdlink?Ver=1&Exp=02-19-2008&REQ=3&Cert=8RkgPFRptdR2FO9BI6WZzTyJQZzJBUi00ivY5SNt%20cgZLOA5G9YvJ2/7Ga9kCse4ZZL2e7vJqwjFoqZw%20P6VJ/YIAo0QQPHG&pub=37932 I've diff-ed these and they look to be the same Cheers Nomit Andrew R Feller wrote: > nomit, > > This means that a CAS client was attempting to validate a service ticket > that was generated for another service. To determine the service the > ticket was created for: > > 1. Make sure you are logged out of CAS > 2. Access the CAS protected application, which will redirect you to the > CAS login page > 3. Examine the URL for the CAS login page for the service parameter > > This service parameter is what the CAS server uses in generating the > service ticket. If you turn on debugging with the CAS client, it will > output the information it is sending to the CAS server to validate the > ticket. You can match the URLs and see if they are the same or not; > according to CAS, they aren't. > > HTH, > > Andrew R Feller, Analyst > University Information Systems > 200 Fred Frey Building > Louisiana State University > Baton Rouge, LA, 70803 > (225) 578-3737 (Office) > (225) 578-6400 (Fax) > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of nomit > Sent: Friday, June 13, 2008 4:42 AM > To: [email protected] > Subject: JA-SIG CAS Java Client 3.1.1 problems > > Hello! > Hope someone can give me clue to what to do next. > > I've searched the archives and googled but can't find anyone with the > same issue. > > I'm using JA-SIG CAS Java Client 3.1.1 to protect the a webapp in > Tomcat (tested in 5.5.12 and 5.5.23). > Here are 3 sniffed example urls that are being returned to the CAS > filters in the webapp after successful authentication at our CAS server. > > http://resolverdev.shef.ac.uk:800/?http://infotrac.galegroup.com/itweb/s > u_uk?db=ecco&ticket=ST-5-Ypiy9c6ITVg1hKoEBTTJ > > http://resolverdev.shef.ac.uk:800/?http://www.shef.ac.uk&ticket=ST-6-3Tc > 8tA8Od8oni1eCiUhS > > These work fine, with the CAS filter letting the request through. > > However this url > > http://resolverdev.shef.ac.uk:800/?http://proquest.umi.com/pqdlink?Ver=1 > &Exp=02-19-2008&REQ=3&Cert=8RkgPFRptdR2FO9BI6WZzTyJQZzJBUi00ivY5SNt%20cg > ZLOA5G9YvJ2/7Ga9kCse4ZZL2e7vJqwjFoqZw%20P6VJ/YIAo0QQPHG&pub=37932&ticket > =ST-4-W73WEvS79X0eLp0ASxxo > > fails with > > 2008-06-13 10:08:25,858 - WARN > org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilte > r > - org.jasig.cas.client.validation.TicketValidationException: > ticket 'ST-4-W73WEvS79X0eLp0ASxxo' does not match supplied service > > org.jasig.cas.client.validation.TicketValidationException: > ticket 'ST-4-W73WEvS79X0eLp0ASxxo' does not match supplied service > > at > org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseRespons > eFromServer(Cas20ServiceTicketValidator.java:65) > at > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate > (AbstractUrlBasedTicketValidator.java:165) > at > org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter( > AbstractTicketValidationFilter.java:129) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica > tionFilterChain.java:202) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt > erChain.java:173) > at > org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(Authen > ticationFilter.java:103) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica > tionFilterChain.java:202) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt > erChain.java:173) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv > e.java:213) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv > e.java:178) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java > :126) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java > :105) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. > java:107) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1 > 48) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:86 > 8) > at > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.proc > essConnection(Http11BaseProtocol.java:663) > at > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint > .java:527) > at > org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollow > erWorkerThread.java:80) > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool > .java:684) > at java.lang.Thread.run(Thread.java:595) > > I'm flummoxed why. The tickets look fine. Hope someone can give me a > clue to what this error means or how to debug further! > Any help much appreciated. > cheeeeeeeeeeeeeeeeeers > > > I'm also adding the CAS part of my web.xml if that is useful: > > > <!-- JA-SIG CAS filters --> > <filter> > <filter-name>CAS Authentication Filter</filter-name> > > <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</ > filter-class> > <init-param> > <param-name>casServerLoginUrl</param-name> > > <param-value>https://luminis.shef.ac.uk/cp/cas/login</param-value> > </init-param> > </filter> > <filter> > <filter-name>CAS Validation Filter</filter-name> > > <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketV > alidationFilter</filter-class> > <init-param> > <param-name>casServerUrlPrefix</param-name> > > <param-value>https://luminis.shef.ac.uk/cp/cas</param-value> > </init-param> > <init-param> > <param-name>redirectAfterValidation</param-name> > <param-value>true</param-value> > </init-param> > </filter> > <filter> > <filter-name>CAS HttpServletRequest Wrapper > Filter</filter-name> > > <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter< > /filter-class> > </filter> > > -- Nomit Babraa Department of Corporate Information & Computing Services (CiCS) University of Sheffield 287 Glossop Rd Sheffield S10 2HB Tel: 0114 222 1162 _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
