Yeah, exactly my thoughts. Let me try and add some debug statements etc and try to find whats up.
----- Original Message ---- From: Scott Battaglia <[EMAIL PROTECTED]> To: Yale CAS mailing list <[email protected]> Sent: Wednesday, June 18, 2008 6:39:27 AM Subject: Re: Premature end of file exception So two things: 2008-06-17 23:18:53,984 ERROR [org.opensaml.SAMLResponse] - <caught a SAML excep tion while serializing XML: org.opensaml.MalformedException: AttributeStatement is invalid, requires at least one attribute> and <Server response: <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelo pe xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/> <SOAP-ENV:Body></SOAP-ENV:Body></SOAP-ENV:Envelope>> For whatever reason there's actually no SAML response in the message! That's kind of strange. I haven't seen the SAML response not return anything yet. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Wed, Jun 18, 2008 at 2:37 AM, tedzo <[EMAIL PROTECTED]> wrote: I did turn on the logs, however I didn't see anything more than what I have mentioned in the original post. I think that may be because I haven't turned the logs on correctly perhaps. Anyway, I have copied some suspicious looking output from the console. It appears to be complaining about an invalid AttributeStatement? ........... 2008-06-17 23:18:50,984 INFO [org.jasig.cas.authentication.AuthenticationManager Impl] - <AuthenticationHandler: org.jasig.cas.authentication.handler.support.Sim pleTestUsernamePasswordAuthenticationHandler successfully authenticated the user which provided the following credentials: TEST> 2008-06-17 23:18:50,984 DEBUG [org.jasig.cas.authentication.principal.UsernamePa sswordCredentialsToPrincipalResolver] - <Attempting to resolve a principal...> 2008-06-17 23:18:50,984 DEBUG [org.jasig.cas.authentication.principal.UsernamePa sswordCredentialsToPrincipalResolver] - <Creating SimplePrincipal for [TEST]> [Loaded org.apache.commons.lang.Validate from file:/C:/tomcat-6/webapps/cas-serv er-webapp-3.2.1/WEB-INF/lib/commons-lang-2.2.jar] [Loaded org.jasig.cas.authentication.principal.SimplePrincipal from file:/C:/tom cat-6/webapps/cas-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar] [Loaded org.jasig.cas.authentication.ImmutableAuthentication from file:/C:/tomca t-6/webapps/cas-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar] [Loaded org.jasig.cas.ticket.AbstractTicket from file:/C:/tomcat-6/webapps/cas-s erver-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar] [Loaded org.jasig.cas.ticket.TicketGrantingTicketImpl from file:/C:/tomcat-6/web apps/cas-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar] [Loaded org.jasig.cas.ticket.ServiceTicket from file:/C:/tomcat-6/webapps/cas-se rver-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar] [Loaded org.jasig.cas.ticket.ServiceTicketImpl from file:/C:/tomcat-6/webapps/ca s-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar] 2008-06-17 23:18:51,000 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-1-p4bR3ftbfRfxvpnZHSmH-cas] for service [http://tedzo-wxp01.mezo.com:8080/manager/html] for user [TEST]> [Loaded org.jasig.cas.web.flow.DynamicRedirectViewSelector$1 from file:/C:/tomca t-6/webapps/cas-server-webapp-3.2.1/WEB-INF/lib/cas-server-core-3.2.1.jar] [Loaded java.lang.NoSuchFieldError from C:\Program Files\Java\jdk1.6.0\jre\lib\r t.jar] [Loaded org.springframework.web.servlet.view.RedirectView from file:/C:/tomcat-6 /webapps/cas-server-webapp-3.2.1/WEB-INF/lib/spring-webmvc-2.5.1.jar] 2008-06-17 23:18:53,656 DEBUG [org.jasig.cas.client.validation.Saml11TicketValid ationFilter] - <Attempting to validate ticket: ST-1-p4bR3ftbfRfxvpnZHSmH-cas> 2008-06-17 23:18:53,656 DEBUG [org.jasig.cas.client.util.CommonUtils] - <service Url generated: http://tedzo-wxp01.mezo.com:8080/manager/html> 2008-06-17 23:18:53,656 DEBUG [org.jasig.cas.client.validation.Saml11TicketValid ator] - <Placing URL parameters in map.> 2008-06-17 23:18:53,656 DEBUG [org.jasig.cas.client.validation.Saml11TicketValid ator] - <Calling template URL attribute map.> 2008-06-17 23:18:53,656 DEBUG [org.jasig.cas.client.validation.Saml11TicketValid ator] - <Loading custom parameters from configuration.> 2008-06-17 23:18:53,656 DEBUG [org.jasig.cas.client.validation.Saml11TicketValid ator] - <Constructing validation url: https://tedzo-wxp01.mezo.com:8443/cas- server-webapp-3.2.1/samlValidate?TARGET=http%3A%2F%2Ftedzo-wxp01.mezo.com%3A 8080%2Fmanager%2Fhtml> 2008-06-17 23:18:53,656 DEBUG [org.jasig.cas.client.validation.Saml11TicketValid ator] - <Retrieving response from server.> [Loaded sun.net.www.protocol.https.Handler from C:\Program Files\Java\jdk1.6.0\j re\lib\jsse.jar] [Loaded javax.net.ssl.HttpsURLConnection from C:\Program Files\Java\jdk1.6.0\jre \lib\jsse.jar] [Loaded sun.net.www.protocol.https.HttpsURLConnectionImpl from C:\Program Files\ Java\jdk1.6.0\jre\lib\jsse.jar] [Loaded javax.net.ssl.HostnameVerifier from C:\Program Files\Java\jdk1.6.0\jre\l ...... [Loaded org.apache.log4j.NDC from file:/C:/tomcat-6/webapps/cas-server-webapp-3. 2.1/WEB-INF/lib/log4j-1.2.15.jar] [Loaded org.apache.log4j.NDC$DiagnosticContext from file:/C:/tomcat-6/webapps/ca s-server-webapp-3.2.1/WEB-INF/lib/log4j-1.2.15.jar] 2008-06-17 23:18:53,984 ERROR [org.opensaml.SAMLResponse] - <caught a SAML excep tion while serializing XML: org.opensaml.MalformedException: AttributeStatement is invalid, requires at least one attribute> [Loaded sun.net.www.http.Hurryable from C:\Program Files\Java\jdk1.6.0\jre\lib\r t.jar] [Loaded sun.net.www.http.ChunkedInputStream from C:\Program Files\Java\jdk1.6.0\ jre\lib\rt.jar] [Loaded sun.net.www.protocol.http.HttpURLConnection$HttpInputStream from C:\Prog ram Files\Java\jdk1.6.0\jre\lib\rt.jar] [Loaded sun.net.www.http.KeepAliveCache$1 from C:\Program Files\Java\jdk1.6.0\jr e\lib\rt.jar] [Loaded sun.net.www.http.ClientVector from C:\Program Files\Java\jdk1.6.0\jre\li b\rt.jar] [Loaded sun.net.www.http.KeepAliveEntry from C:\Program Files\Java\jdk1.6.0\jre\ lib\rt.jar] 2008-06-17 23:18:53,984 DEBUG [org.jasig.cas.client.validation.Saml11TicketValid ator] - <Server response: <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelo pe xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/> <SOAP-ENV:Body></SOAP-ENV:Body></SOAP-ENV:Envelope>> [Loaded org.opensaml.SAMLObject from file:/C:/tomcat-6/webapps/manager/WEB-INF/l ib/opensaml-1.1.jar] [Loaded org.opensaml.SAMLSignedObject from file:/C:/tomcat-6/webapps/manager/WEB -INF/lib/opensaml-1.1.jar] [Loaded org.opensaml.SAMLResponse from file:/C:/tomcat-6/webapps/manager/WEB-INF /lib/opensaml-1.1.jar] [Loaded org.opensaml.MalformedException from file:/C:/tomcat-6/webapps/manager/W EB-INF/lib/opensaml-1.1.jar] Thanks. ----- Original Message ---- From: Scott Battaglia <[EMAIL PROTECTED]> To: Yale CAS mailing list <[email protected]> Sent: Tuesday, June 17, 2008 8:17:55 PM Subject: Re: Premature end of file exception Can you turn on debugging to see what the actual message being sent is? -Scott On Tue, Jun 17, 2008 at 4:10 PM, tedzo <[EMAIL PROTECTED]> wrote: Scott, Thanks for your response. I am using java client 3.1.3 and I am now seeing a different exception due to premature end-of-file.... Any ideas? javax.servlet.ServletException: org.jasig.cas.client.validation.TicketValidationException: org.xml.sax.SAXParseException: Premature end of file. org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:155) org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) root cause org.jasig.cas.client.validation.TicketValidationException: org.xml.sax.SAXParseException: Premature end of file. org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:93) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) root cause org.xml.sax.SAXParseException: Premature end of file. org.opensaml.SAMLObject.fromStream(Unknown Source) org.opensaml.SAMLResponse.<init>(Unknown Source) org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:48) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) root cause org.xml.sax.SAXParseException: Premature end of file. org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source) org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source) org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) org.apache.xerces.impl.XMLVersionDetector.determineDocVersion(Unknown Source) org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) org.apache.xerces.parsers.XMLParser.parse(Unknown Source) org.apache.xerces.parsers.DOMParser.parse(Unknown Source) org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source) org.opensaml.XML$ParserPool.parse(Unknown Source) org.opensaml.XML$ParserPool.parse(Unknown Source) org.opensaml.SAMLObject.fromStream(Unknown Source) org.opensaml.SAMLResponse.<init>(Unknown Source) org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:48) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) ----- Original Message ---- From: Scott Battaglia <[EMAIL PROTECTED]> To: Yale CAS mailing list <[email protected]> Sent: Tuesday, June 17, 2008 12:19:55 PM Subject: Re: NumberFormatException in Saml11TicketValidationFilter All of our GA releases are available from the public Maven2 repo: http://repo1.maven.org/maven2/org/jasig/cas/cas-client-core/3.1.3/ -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Tue, Jun 17, 2008 at 3:07 PM, tedzo <[EMAIL PROTECTED]> wrote: I am trying to use the Saml11TicketValidationFilter to try and get a demo of some sort work. I am using Cas client 3.1.1. I get the following exception after authentication- java.lang.NumberFormatException: For input string: "" java.lang.NumberFormatException.forInputString(NumberFormatException.java:48) java.lang.Integer.parseInt(Integer.java:468) java.lang.Integer.parseInt(Integer.java:497) org.opensaml.SAMLResponse.fromDOM(Unknown Source) org.opensaml.SAMLResponse.<init>(Unknown Source) org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:46) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:165) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129) org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103) Another thread suggests that Cas10TicketValidationFilter si broken and Cas20TicketValidationFilter should be used. However, I need to use the Saml11TicketValidationFilter and I guess thats broken too. http://www.ja-sig.org/issues/browse/CASC-41 suggests that the problem is fixed in 3.1.2. However, I am not able to find Java client 3.1.2. Any tips? Thanks. ----- Original Message ---- From: tedzo <[EMAIL PROTECTED]> To: Yale CAS mailing list <[email protected]> Sent: Monday, June 16, 2008 10:32:12 AM Subject: Re: Asml Any ideas? ----- Original Message ---- From: tedzo <[EMAIL PROTECTED]> To: Yale CAS mailing list <[email protected]> Sent: Thursday, June 12, 2008 3:30:21 PM Subject: Re: Asml Hmm. So who is actually making the AuthnRequest and parsing the response? Or, are you saying that an attempt to access webappB will always be redirected to CAS (because of the cas client) and the AuthRequest is sent to and the response parsed by the CAS server? Thanks. ----- Original Message ---- From: Scott Battaglia <[EMAIL PROTECTED]> To: Yale CAS mailing list <[email protected]> Sent: Thursday, June 12, 2008 2:22:51 PM Subject: Re: Asml I'm not sure I follow. If you've protected webapp B with the CAS client (a SAML client) and configured it to speak with CAS then it should always redirect to CAS. We're just using SAML to send back additional attributes if they are available. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Thu, Jun 12, 2008 at 2:10 PM, tedzo <[EMAIL PROTECTED]> wrote: Scott, thanks for your response. I think I am stuck trying to demo Saml capability, mainly due to my lack of understanding of how things work... Let me first make sure what I understand is correct- 1. There is a webappA on ServerA that is protected by some entity (not CAS). 2. There is a webappB on ServerB that is protected by CAS (3.2.1) 3. The SamlTicketValidationFilter is setup on ServerB for webappB, meaning, the filter is triggered when a user attempts to access webappB. 4. The user accesses webappA, is asked to login by whatever is protecting webappA. User logsin successfully. 5. User clicks on a link to webappB from webappA. 6. At this point, normally, CAS would ask the user to login. However, I think I want CAS to make an authRequest to the entity that authenticated the user on webappA, parse the response it gets (essentially that the user is already authenticated and whatever details that go with it), and log the user in and provide access to webappB. That would make the entity on serverA that authenticated the user to webappA the IdProvider and CAS the ServiceProvider. Does this sound right or am I way of base? In order for me to demo CAS saml capability, I would at most require an entity that responds to an authRequest from CAS, is that correct? Thanks. I appreciate your time and interest. ----- Original Message ---- From: Scott Battaglia <[EMAIL PROTECTED]> To: Yale CAS mailing list <[email protected]> Sent: Thursday, May 22, 2008 10:04:50 AM Subject: Re: Hi, If you are using the latest CAS client, you should actually only need to configure the Saml Ticket Validation Filter on the client-side (the server should already handle it). -Scott On Tue, May 20, 2008 at 7:16 PM, tedzo <[EMAIL PROTECTED]> wrote: I have downloaded the new cas-server and client versions and I want to check out saml support. How do I go about it? Specifically, I was thinking I would 1. get a hold of a saml client 2. figure out what kind of message needs to be sent to cas in order to login/set up a session 3. read the response from cas 4. figure out the username from the response. I am not familiar with saml, so excuse my naivety. What I am looking for- 1. suggestions for a client, if any. 2. What message I need to send to CAS in order to elicit a response. 3. What kind of response can I expect. 4. Any documents about cas/saml integration. I have been searching the archives and haven't found anything particularly useful... Appreciate you time. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
