So two things: 2008-06-17 23:18:53,984 ERROR [org.opensaml.SAMLResponse] - <caught a SAML excep tion while serializing XML: org.opensaml.MalformedException: AttributeStatement is invalid, requires at least one attribute>
and <Server response: <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelo pe xmlns:SOAP-ENV=" http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/<http://schemas.xmlsoap.org/soap/envelope/%22%3E%3CSOAP-ENV:Header/> > <SOAP-ENV:Body></SOAP-ENV:Body></SOAP-ENV:Envelope>> For whatever reason there's actually no SAML response in the message! That's kind of strange. I haven't seen the SAML response not return anything yet. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Wed, Jun 18, 2008 at 2:37 AM, tedzo <[EMAIL PROTECTED]> wrote: > I did turn on the logs, however I didn't see anything more than what I have > mentioned in the original post. I think that may be because I haven't turned > the logs on correctly perhaps. Anyway, I have copied some suspicious looking > output from the console. It appears to be complaining about an invalid > AttributeStatement? > ........... > 2008-06-17 23:18:50,984 INFO > [org.jasig.cas.authentication.AuthenticationManager > Impl] - <AuthenticationHandler: > org.jasig.cas.authentication.handler.support.Sim > pleTestUsernamePasswordAuthenticationHandler successfully authenticated the > user > which provided the following credentials: TEST> > 2008-06-17 23:18:50,984 DEBUG > [org.jasig.cas.authentication.principal.UsernamePa > sswordCredentialsToPrincipalResolver] - <Attempting to resolve a > principal...> > 2008-06-17 23:18:50,984 DEBUG > [org.jasig.cas.authentication.principal.UsernamePa > sswordCredentialsToPrincipalResolver] - <Creating SimplePrincipal for > [TEST]> > [Loaded org.apache.commons.lang.Validate from > file:/C:/tomcat-6/webapps/cas-serv > er-webapp-3.2.1/WEB-INF/lib/commons-lang-2.2.jar] > [Loaded org.jasig.cas.authentication.principal.SimplePrincipal from > file:/C:/tom > > cat-6/webapps/cas-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar] > [Loaded org.jasig.cas.authentication.ImmutableAuthentication from > file:/C:/tomca > t-6/webapps/cas-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar] > [Loaded org.jasig.cas.ticket.AbstractTicket from > file:/C:/tomcat-6/webapps/cas-s > erver-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar] > [Loaded org.jasig.cas.ticket.TicketGrantingTicketImpl from > file:/C:/tomcat-6/web > apps/cas-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar] > [Loaded org.jasig.cas.ticket.ServiceTicket from > file:/C:/tomcat-6/webapps/cas-se > rver-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar] > [Loaded org.jasig.cas.ticket.ServiceTicketImpl from > file:/C:/tomcat-6/webapps/ca > s-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar] > 2008-06-17 23:18:51,000 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - > <Granted service ticket [ST-1-p4bR3ftbfRfxvpnZHSmH-cas] for service [ > http://tedzo-wxp01.mezo.com:8080/manager/html] for user [TEST]> > [Loaded org.jasig.cas.web.flow.DynamicRedirectViewSelector$1 from > file:/C:/tomca > t-6/webapps/cas-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar] > [Loaded java.lang.NoSuchFieldError from C:\Program > Files\Java\jdk1.6.0\jre\lib\r > t.jar] > [Loaded org.springframework.web.servlet.view.RedirectView from > file:/C:/tomcat-6 > /webapps/cas-server-webapp-3.2.1/WEB-INF/lib/spring-webmvc-2.5.1.jar] > 2008-06-17 23:18:53,656 DEBUG > [org.jasig.cas.client.validation.Saml11TicketValid > ationFilter] - <Attempting to validate ticket: > ST-1-p4bR3ftbfRfxvpnZHSmH-cas> > 2008-06-17 23:18:53,656 DEBUG [org.jasig.cas.client.util.CommonUtils] - > <service > Url generated: http://tedzo-wxp01.mezo.com:8080/manager/html> > 2008-06-17 23:18:53,656 DEBUG > [org.jasig.cas.client.validation.Saml11TicketValid > ator] - <Placing URL parameters in map.> > 2008-06-17 23:18:53,656 DEBUG > [org.jasig.cas.client.validation.Saml11TicketValid > ator] - <Calling template URL attribute map.> > 2008-06-17 23:18:53,656 DEBUG > [org.jasig.cas.client.validation.Saml11TicketValid > ator] - <Loading custom parameters from configuration.> > 2008-06-17 23:18:53,656 DEBUG > [org.jasig.cas.client.validation.Saml11TicketValid > ator] - <Constructing validation url: > https://tedzo-wxp01.mezo.com:8443/cas- > server-webapp-3.2.1/samlValidate?TARGET=http%3A%2F%2Ftedzo-wxp01.mezo.com > %3A > 8080%2Fmanager%2Fhtml> > 2008-06-17 23:18:53,656 DEBUG > [org.jasig.cas.client.validation.Saml11TicketValid > ator] - <Retrieving response from server.> > [Loaded sun.net.www.protocol.https.Handler from C:\Program > Files\Java\jdk1.6.0\j > re\lib\jsse.jar] > [Loaded javax.net.ssl.HttpsURLConnection from C:\Program > Files\Java\jdk1.6.0\jre > \lib\jsse.jar] > [Loaded sun.net.www.protocol.https.HttpsURLConnectionImpl from C:\Program > Files\ > Java\jdk1.6.0\jre\lib\jsse.jar] > [Loaded javax.net.ssl.HostnameVerifier from C:\Program > Files\Java\jdk1.6.0\jre\l > ...... > [Loaded org.apache.log4j.NDC from > file:/C:/tomcat-6/webapps/cas-server-webapp-3. > 2.1/WEB-INF/lib/log4j-1.2.15.jar] > [Loaded org.apache.log4j.NDC$DiagnosticContext from > file:/C:/tomcat-6/webapps/ca > s-server-webapp-3.2.1/WEB-INF/lib/log4j-1.2.15.jar] > 2008-06-17 23:18:53,984 ERROR [org.opensaml.SAMLResponse] - <caught a SAML > excep > tion while serializing XML: org.opensaml.MalformedException: > AttributeStatement > is invalid, requires at least one attribute> > [Loaded sun.net.www.http.Hurryable from C:\Program > Files\Java\jdk1.6.0\jre\lib\r > t.jar] > [Loaded sun.net.www.http.ChunkedInputStream from C:\Program > Files\Java\jdk1.6.0\ > jre\lib\rt.jar] > [Loaded sun.net.www.protocol.http.HttpURLConnection$HttpInputStream from > C:\Prog > ram Files\Java\jdk1.6.0\jre\lib\rt.jar] > [Loaded sun.net.www.http.KeepAliveCache$1 from C:\Program > Files\Java\jdk1.6.0\jr > e\lib\rt.jar] > [Loaded sun.net.www.http.ClientVector from C:\Program > Files\Java\jdk1.6.0\jre\li > b\rt.jar] > [Loaded sun.net.www.http.KeepAliveEntry from C:\Program > Files\Java\jdk1.6.0\jre\ > lib\rt.jar] > 2008-06-17 23:18:53,984 DEBUG > [org.jasig.cas.client.validation.Saml11TicketValid > ator] - <Server response: <?xml version="1.0" > encoding="UTF-8"?><SOAP-ENV:Envelo > pe xmlns:SOAP-ENV=" > http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/<http://schemas.xmlsoap.org/soap/envelope/%22%3E%3CSOAP-ENV:Header/> > > > <SOAP-ENV:Body></SOAP-ENV:Body></SOAP-ENV:Envelope>> > [Loaded org.opensaml.SAMLObject from > file:/C:/tomcat-6/webapps/manager/WEB-INF/l > ib/opensaml-1.1.jar] > [Loaded org.opensaml.SAMLSignedObject from > file:/C:/tomcat-6/webapps/manager/WEB > -INF/lib/opensaml-1.1.jar] > [Loaded org.opensaml.SAMLResponse from > file:/C:/tomcat-6/webapps/manager/WEB-INF > /lib/opensaml-1.1.jar] > [Loaded org.opensaml.MalformedException from > file:/C:/tomcat-6/webapps/manager/W > EB-INF/lib/opensaml-1.1.jar] > Thanks. > ----- Original Message ---- > From: Scott Battaglia <[EMAIL PROTECTED]> > To: Yale CAS mailing list <[email protected]> > Sent: Tuesday, June 17, 2008 8:17:55 PM > Subject: Re: Premature end of file exception > > Can you turn on debugging to see what the actual message being sent is? > > -Scott > > On Tue, Jun 17, 2008 at 4:10 PM, tedzo <[EMAIL PROTECTED]> wrote: > >> Scott, >> >> Thanks for your response. >> >> I am using java client 3.1.3 and I am now seeing a different exception due >> to premature end-of-file.... >> >> >> >> Any ideas? >> >> javax.servlet.ServletException: >> org.jasig.cas.client.validation.TicketValidationException: >> org.xml.sax.SAXParseException: Premature end of file. >> >> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:155) >> >> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) >> >> *root cause* >> >> org.jasig.cas.client.validation.TicketValidationException: >> org.xml.sax.SAXParseException: Premature end of file. >> >> org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:93) >> >> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188) >> >> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) >> >> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) >> >> *root cause* >> >> org.xml.sax.SAXParseException: Premature end of file. >> org.opensaml.SAMLObject.fromStream(Unknown Source) >> org.opensaml.SAMLResponse.<init>(Unknown Source) >> >> org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:48) >> >> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188) >> >> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) >> >> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) >> >> *root cause* >> >> org.xml.sax.SAXParseException: Premature end of file. >> >> org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown >> Source) >> org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source) >> org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) >> org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) >> org.apache.xerces.impl.XMLVersionDetector.determineDocVersion(Unknown >> Source) >> org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) >> org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) >> org.apache.xerces.parsers.XMLParser.parse(Unknown Source) >> org.apache.xerces.parsers.DOMParser.parse(Unknown Source) >> org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source) >> org.opensaml.XML$ParserPool.parse(Unknown Source) >> org.opensaml.XML$ParserPool.parse(Unknown Source) >> org.opensaml.SAMLObject.fromStream(Unknown Source) >> org.opensaml.SAMLResponse.<init>(Unknown Source) >> >> org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:48) >> >> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188) >> >> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) >> >> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) >> >> >> >> ----- Original Message ---- >> From: Scott Battaglia <[EMAIL PROTECTED]> >> To: Yale CAS mailing list <[email protected]> >> Sent: Tuesday, June 17, 2008 12:19:55 PM >> Subject: Re: NumberFormatException in Saml11TicketValidationFilter >> >> All of our GA releases are available from the public Maven2 repo: >> >> http://repo1.maven.org/maven2/org/jasig/cas/cas-client-core/3.1.3/ >> >> -Scott >> >> -Scott Battaglia >> PGP Public Key Id: 0x383733AA >> LinkedIn <http://www.linkedin.com/>: >> http://www.linkedin.com/in/scottbattaglia >> >> On Tue, Jun 17, 2008 at 3:07 PM, tedzo <[EMAIL PROTECTED]> wrote: >> >>> I am trying to use the Saml11TicketValidationFilter to try and get a >>> demo of some sort work. I am using Cas client 3.1.1. I get the following >>> exception after authentication- >>> >>> java.lang.NumberFormatException: For input string: "" >>> >>> java.lang.NumberFormatException.forInputString(NumberFormatException.java:48) >>> java.lang.Integer.parseInt(Integer.java:468) >>> java.lang.Integer.parseInt(Integer.java:497) >>> org.opensaml.SAMLResponse.fromDOM(Unknown Source) >>> org.opensaml.SAMLResponse.<init>(Unknown Source) >>> >>> org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:46) >>> >>> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:165) >>> >>> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129) >>> >>> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103) >>> >>> >>> Another thread suggests that Cas10TicketValidationFilter si broken and >>> Cas20TicketValidationFilter should be used. However, I need to use the >>> Saml11TicketValidationFilter and I guess thats broken too. >>> >>> http://www.ja-sig.org/issues/browse/CASC-41 suggests that the problem is >>> fixed in 3.1.2. >>> >>> However, I am not able to find Java client 3.1.2. >>> >>> Any tips? >>> >>> Thanks. >>> >>> ----- Original Message ---- >>> From: tedzo <[EMAIL PROTECTED]> >>> >>> >>> To: Yale CAS mailing list <[email protected]> >>> Sent: Monday, June 16, 2008 10:32:12 AM >>> Subject: Re: Asml >>> >>> Any ideas? >>> >>> ----- Original Message ---- >>> From: tedzo <[EMAIL PROTECTED]> >>> To: Yale CAS mailing list <[email protected]> >>> Sent: Thursday, June 12, 2008 3:30:21 PM >>> Subject: Re: Asml >>> >>> Hmm. So who is actually making the AuthnRequest and parsing the >>> response? Or, are you saying that an attempt to access webappB will always >>> be redirected to CAS (because of the cas client) and the AuthRequest is sent >>> to and the response parsed by the CAS server? >>> >>> >>> >>> Thanks. >>> >>> >>> ----- Original Message ---- >>> From: Scott Battaglia <[EMAIL PROTECTED]> >>> To: Yale CAS mailing list <[email protected]> >>> Sent: Thursday, June 12, 2008 2:22:51 PM >>> Subject: Re: Asml >>> >>> I'm not sure I follow. If you've protected webapp B with the CAS client >>> (a SAML client) and configured it to speak with CAS then it should always >>> redirect to CAS. >>> >>> We're just using SAML to send back additional attributes if they are >>> available. >>> >>> -Scott >>> >>> -Scott Battaglia >>> PGP Public Key Id: 0x383733AA >>> LinkedIn <http://www.linkedin.com/>: >>> http://www.linkedin.com/in/scottbattaglia >>> >>> On Thu, Jun 12, 2008 at 2:10 PM, tedzo <[EMAIL PROTECTED]> wrote: >>> >>>> Scott, thanks for your response. >>>> >>>> I think I am stuck trying to demo Saml capability, mainly due to my lack >>>> of understanding of how things work... >>>> Let me first make sure what I understand is correct- >>>> 1. There is a webappA on ServerA that is protected by some entity (not >>>> CAS). >>>> 2. There is a webappB on ServerB that is protected by CAS (3.2.1) >>>> 3. The SamlTicketValidationFilter is setup on ServerB for webappB, >>>> meaning, the filter is triggered when a user attempts to access webappB. >>>> 4. The user accesses webappA, is asked to login by whatever is >>>> protecting webappA. User logsin successfully. >>>> 5. User clicks on a link to webappB from webappA. >>>> 6. At this point, normally, CAS would ask the user to login. However, I >>>> think I want CAS to make an authRequest to the entity that authenticated >>>> the >>>> user on webappA, parse the response it gets (essentially that the user is >>>> already authenticated and whatever details that go with it), and log the >>>> user in and provide access to webappB. >>>> >>>> That would make the entity on serverA that authenticated the user to >>>> webappA the IdProvider and CAS the ServiceProvider. >>>> >>>> Does this sound right or am I way of base? In order for me to demo CAS >>>> saml capability, I would at most require an entity that responds to an >>>> authRequest from CAS, is that correct? >>>> >>>> Thanks. I appreciate your time and interest. >>>> >>>> >>>> >>>> ----- Original Message ---- >>>> From: Scott Battaglia <[EMAIL PROTECTED]> >>>> To: Yale CAS mailing list <[email protected]> >>>> Sent: Thursday, May 22, 2008 10:04:50 AM >>>> Subject: Re: >>>> >>>> Hi, >>>> >>>> If you are using the latest CAS client, you should actually only need to >>>> configure the Saml Ticket Validation Filter on the client-side (the server >>>> should already handle it). >>>> >>>> -Scott >>>> >>>> On Tue, May 20, 2008 at 7:16 PM, tedzo <[EMAIL PROTECTED]> wrote: >>>> >>>>> I have downloaded the new cas-server and client versions and I want >>>>> to check out saml support. How do I go about it? Specifically, I was >>>>> thinking I would >>>>> 1. get a hold of a saml client >>>>> 2. figure out what kind of message needs to be sent to cas in order to >>>>> login/set up a session >>>>> 3. read the response from cas >>>>> 4. figure out the username from the response. >>>>> >>>>> I am not familiar with saml, so excuse my naivety. What I am looking >>>>> for- >>>>> 1. suggestions for a client, if any. >>>>> 2. What message I need to send to CAS in order to elicit a response. >>>>> 3. What kind of response can I expect. >>>>> 4. Any documents about cas/saml integration. I have been searching the >>>>> archives and haven't found anything particularly useful... >>>>> >>>>> Appreciate you time. >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Yale CAS mailing list >>>>> [email protected] >>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>> >>>>> >>>> >>>> >>>> -- >>>> -Scott Battaglia >>>> PGP Public Key Id: 0x383733AA >>>> LinkedIn <http://www.linkedin.com/>: >>>> http://www.linkedin.com/in/scottbattaglia >>>> >>>> >>>> _______________________________________________ >>>> Yale CAS mailing list >>>> [email protected] >>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>> >>>> >>> >>> >>> >>> >>> _______________________________________________ >>> Yale CAS mailing list >>> [email protected] >>> http://tp.its.yale.edu/mailman/listinfo/cas >>> >>> >> >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
