Hi, I'm not sure what version of Luminis you are using but if I recall correctly certain versions may exhibit issues with URL encoding (I can't recall exactly).
You can also try upgrading to CAS Client for Java 3.1.3-rc3 (though the final will probably be out later today) which is located in the JASIG Maven2 Repository. I don't believe we've changed any of the logic for generating service urls though. In either CAS, when doing a redirect and a validation attempt, the CAS Client attempts to generate the service urls using the same method, so unless the URL is coming back slightly changed or its being stored in the CAS server differently, it should always match. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Fri, Jun 13, 2008 at 9:47 AM, nomit <[EMAIL PROTECTED]> wrote: > Hello Andrew > > Many thanks for you reply. > > I've turned on debugging and this produces the following > > > 2008-06-13 14:34:24,759 - DEBUG > org.jasig.cas.client.authentication.AuthenticationFilter - no ticket and > no assertion found > 2008-06-13 14:34:24,760 - DEBUG org.jasig.cas.client.util.CommonUtils - > serviceUrl generated: > > http://resolverdev.shef.ac.uk:800/?http://proquest.umi.com/pqdlink?Ver=1&Exp=02-19-2008&REQ=3&Cert=8RkgPFRptdR2FO9BI6WZzTyJQZzJBUi00ivY5SNt%20cgZLOA5G9YvJ2/7Ga9kCse4ZZL2e7vJqwjFoqZw%20P6VJ/YIAo0QQPHG&pub=37932 > 2008-06-13<http://resolverdev.shef.ac.uk:800/?http://proquest.umi.com/pqdlink?Ver=1&Exp=02-19-2008&REQ=3&Cert=8RkgPFRptdR2FO9BI6WZzTyJQZzJBUi00ivY5SNt%20cgZLOA5G9YvJ2/7Ga9kCse4ZZL2e7vJqwjFoqZw%20P6VJ/YIAo0QQPHG&pub=379322008-06-13>14:34:24,760 > - DEBUG > org.jasig.cas.client.authentication.AuthenticationFilter - redirecting > to > " > https://luminis.shef.ac.uk/cp/cas/login?service=http%3A%2F%2Fresolverdev.shef.ac.uk%3A800%2F%3Fhttp%3A%2F%2Fproquest.umi.com%2Fpqdlink%3FVer%3D1%26Exp%3D02-19-2008%26REQ%3D3%26Cert%3D8RkgPFRptdR2FO9BI6WZzTyJQZzJBUi00ivY5SNt%2520cgZLOA5G9YvJ2%2F7Ga9kCse4ZZL2e7vJqwjFoqZw%2520P6VJ%2FYIAo0QQPHG%26pub%3D37932 > " > > > 2008-06-13 14:34:50,618 - DEBUG > org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter > - Attempting to validate ticket: ST-12-LNRtCbHqQCrgJHYGnEB9 > 2008-06-13 14:34:50,618 - DEBUG org.jasig.cas.client.util.CommonUtils - > serviceUrl generated: > > http://resolverdev.shef.ac.uk:800/?http://proquest.umi.com/pqdlink?Ver=1&Exp=02-19-2008&REQ=3&Cert=8RkgPFRptdR2FO9BI6WZzTyJQZzJBUi00ivY5SNt%20cgZLOA5G9YvJ2/7Ga9kCse4ZZL2e7vJqwjFoqZw%20P6VJ/YIAo0QQPHG&pub=37932 > 2008-06-13<http://resolverdev.shef.ac.uk:800/?http://proquest.umi.com/pqdlink?Ver=1&Exp=02-19-2008&REQ=3&Cert=8RkgPFRptdR2FO9BI6WZzTyJQZzJBUi00ivY5SNt%20cgZLOA5G9YvJ2/7Ga9kCse4ZZL2e7vJqwjFoqZw%20P6VJ/YIAo0QQPHG&pub=379322008-06-13>14:34:50,645 > - WARN > org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter > - org.jasig.cas.client.validation.TicketValidationException: > ticket 'ST-12-LNRtCbHqQCrgJHYGnEB9' does not match supplied service > > org.jasig.cas.client.validation.TicketValidationException: > ticket 'ST-12-LNRtCbHqQCrgJHYGnEB9' does not match supplied service > > at org.jasig.cas..... > > > The cas server gets: > > > https://luminis.shef.ac.uk/cp/home/displaylogin?goto=https://luminis.shef.ac.uk/cp/cas/login?service=http://resolverdev.shef.ac.uk:800/?http://proquest.umi.com/pqdlink?Ver=1&Exp=02-19-2008&REQ=3&Cert=8RkgPFRptdR2FO9BI6WZzTyJQZzJBUi00ivY5SNt%20cgZLOA5G9YvJ2/7Ga9kCse4ZZL2e7vJqwjFoqZw%20P6VJ/YIAo0QQPHG&pub=37932 > > where > service= > > http://resolverdev.shef.ac.uk:800/?http://proquest.umi.com/pqdlink?Ver=1&Exp=02-19-2008&REQ=3&Cert=8RkgPFRptdR2FO9BI6WZzTyJQZzJBUi00ivY5SNt%20cgZLOA5G9YvJ2/7Ga9kCse4ZZL2e7vJqwjFoqZw%20P6VJ/YIAo0QQPHG&pub=37932 > > I've diff-ed these and they look to be the same > > Cheers > > Nomit > > > Andrew R Feller wrote: > > nomit, > > > > This means that a CAS client was attempting to validate a service ticket > > that was generated for another service. To determine the service the > > ticket was created for: > > > > 1. Make sure you are logged out of CAS > > 2. Access the CAS protected application, which will redirect you to the > > CAS login page > > 3. Examine the URL for the CAS login page for the service parameter > > > > This service parameter is what the CAS server uses in generating the > > service ticket. If you turn on debugging with the CAS client, it will > > output the information it is sending to the CAS server to validate the > > ticket. You can match the URLs and see if they are the same or not; > > according to CAS, they aren't. > > > > HTH, > > > > Andrew R Feller, Analyst > > University Information Systems > > 200 Fred Frey Building > > Louisiana State University > > Baton Rouge, LA, 70803 > > (225) 578-3737 (Office) > > (225) 578-6400 (Fax) > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > On Behalf Of nomit > > Sent: Friday, June 13, 2008 4:42 AM > > To: [email protected] > > Subject: JA-SIG CAS Java Client 3.1.1 problems > > > > Hello! > > Hope someone can give me clue to what to do next. > > > > I've searched the archives and googled but can't find anyone with the > > same issue. > > > > I'm using JA-SIG CAS Java Client 3.1.1 to protect the a webapp in > > Tomcat (tested in 5.5.12 and 5.5.23). > > Here are 3 sniffed example urls that are being returned to the CAS > > filters in the webapp after successful authentication at our CAS server. > > > > http://resolverdev.shef.ac.uk:800/?http://infotrac.galegroup.com/itweb/s > > u_uk?db=ecco&ticket=ST-5-Ypiy9c6ITVg1hKoEBTTJ > > > > http://resolverdev.shef.ac.uk:800/?http://www.shef.ac.uk&ticket=ST-6-3Tc > > 8tA8Od8oni1eCiUhS > > > > These work fine, with the CAS filter letting the request through. > > > > However this url > > > > http://resolverdev.shef.ac.uk:800/?http://proquest.umi.com/pqdlink?Ver=1 > > &Exp=02-19-2008&REQ=3&Cert=8RkgPFRptdR2FO9BI6WZzTyJQZzJBUi00ivY5SNt%20cg > > ZLOA5G9YvJ2/7Ga9kCse4ZZL2e7vJqwjFoqZw%20P6VJ/YIAo0QQPHG&pub=37932&ticket > > =ST-4-W73WEvS79X0eLp0ASxxo > > > > fails with > > > > 2008-06-13 10:08:25,858 - WARN > > org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilte > > r > > - org.jasig.cas.client.validation.TicketValidationException: > > ticket 'ST-4-W73WEvS79X0eLp0ASxxo' does not match supplied service > > > > org.jasig.cas.client.validation.TicketValidationException: > > ticket 'ST-4-W73WEvS79X0eLp0ASxxo' does not match supplied service > > > > at > > org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseRespons > > eFromServer(Cas20ServiceTicketValidator.java:65) > > at > > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate > > (AbstractUrlBasedTicketValidator.java:165) > > at > > org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter( > > AbstractTicketValidationFilter.java:129) > > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica > > tionFilterChain.java:202) > > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt > > erChain.java:173) > > at > > org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(Authen > > ticationFilter.java:103) > > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica > > tionFilterChain.java:202) > > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt > > erChain.java:173) > > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv > > e.java:213) > > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv > > e.java:178) > > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java > > :126) > > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java > > :105) > > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. > > java:107) > > at > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1 > > 48) > > at > > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:86 > > 8) > > at > > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.proc > > essConnection(Http11BaseProtocol.java:663) > > at > > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint > > .java:527) > > at > > org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollow > > erWorkerThread.java:80) > > at > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool > > .java:684) > > at java.lang.Thread.run(Thread.java:595) > > > > I'm flummoxed why. The tickets look fine. Hope someone can give me a > > clue to what this error means or how to debug further! > > Any help much appreciated. > > cheeeeeeeeeeeeeeeeeers > > > > > > I'm also adding the CAS part of my web.xml if that is useful: > > > > > > <!-- JA-SIG CAS filters --> > > <filter> > > <filter-name>CAS Authentication Filter</filter-name> > > > > <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</ > > filter-class> > > <init-param> > > <param-name>casServerLoginUrl</param-name> > > > > <param-value>https://luminis.shef.ac.uk/cp/cas/login</param-value> > > </init-param> > > </filter> > > <filter> > > <filter-name>CAS Validation Filter</filter-name> > > > > <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketV > > alidationFilter</filter-class> > > <init-param> > > <param-name>casServerUrlPrefix</param-name> > > > > <param-value>https://luminis.shef.ac.uk/cp/cas</param-value> > > </init-param> > > <init-param> > > <param-name>redirectAfterValidation</param-name> > > <param-value>true</param-value> > > </init-param> > > </filter> > > <filter> > > <filter-name>CAS HttpServletRequest Wrapper > > Filter</filter-name> > > > > <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter< > > /filter-class> > > </filter> > > > > > > -- > Nomit Babraa > Department of Corporate Information & Computing Services (CiCS) > University of Sheffield > 287 Glossop Rd > Sheffield > S10 2HB > Tel: 0114 222 1162 > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
