Thanks Scott, Client side it throws the following exception, and to debug server side CAS I changed the log4j.properties of /cas-server-3.2.1.1/cas-server-webapp/src/main/webapp/WEB-INF/classes as follows (last couple of entries), but still I can't see any log error in cas.log as well as catalina.out
Am I doing something wrong., Can you let me know a specific location to track the error.? log4j.logger.org.springframework=DEBUG log4j.logger.org.jasig=DEBUG log4j.logger.org.jasig.cas.web.flow=DEBUG log4j.logger.org.jasig.cas.authentication=DEBUG log4j.logger.org.jasig.cas.services=DEBUG Client Error java.io.IOException: Server returned HTTP response code: 500 for URL: https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-sKehsbEf5Spajj7bKh5i-cas at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1170) at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204) at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:228) at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:64) at edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:344) at edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) scott_battaglia wrote: > > You'll have to look in the CAS logs as to why there's a 500 error in the > server. > > -Scott > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > On Mon, Aug 4, 2008 at 8:45 PM, Tracy12 <[EMAIL PROTECTED]> wrote: > >> >> I realized the reason for the invalid ticket is because I got the >> firstURL >> and did another hit basically I am trying to validate a ticket twice, >> >> But the first exception I got was nothing related to invalid ticket but >> something else a I stated in previous email. >> >> The thing which I can't understand is I got uPortal 2.5.3 with Yale CAS >> Client workiing fine with CAS 3.0.x, >> >> but with the similar setup when I replace CAS 3.2.1.1 it throws the above >> exception for the serviceValidate. >> >> If CAS 3.2.1.1 is compatible with Yale CAS client 2.1, I dont need to do >> any >> configuration change in uPortal or Yale CAS client, isnt it? >> >> How Can I trouble shoot this more in the CAS 3.2.1.1 >> >> Thanks >> >> >> >> scott_battaglia wrote: >> > >> > It usually just means the ticket can't be found ;-) That usually >> occurs >> > if >> > for some reason the ticket id being passed in is wrong or you've tried >> to >> > validate a ticket twice. >> > >> > -Scott >> > >> > >> > On Mon, Aug 4, 2008 at 1:08 AM, Tracy12 <[EMAIL PROTECTED]> wrote: >> > >> >> >> >> Hi Scott, >> >> >> >> I started debugging from the yale cas client. It fails the >> >> SecureURL.retrieve(url); statement of the validate method inside the >> >> ServiceTicketValidator. >> >> >> >> When I take a new browser instance and hit the above url which is used >> in >> >> SecureURL.retrieve(url). In the browser it comes with the following >> >> exception. >> >> >> >> url is something similar to this >> >> >> >> >> https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-s2DXcqysNuwwc6C6xwUC-cas >> >> >> >> Is there any server configuration required in this new CAS >> >> 3.2.1.1compared >> >> to CAS 3.0.x >> >> >> >> I can't think this as a certificate issue as when new CAS 3.2.1.1 is >> >> replaced with CAS 3.0.x it works with yale cas client 2.x >> >> >> >> What exactly the reason for the following error >> >> >> >> >> >> >> >> >> >> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> >> >> <cas:authenticationFailure code='INVALID_TICKET'> >> >> ticket 'ST-1-s2DXcqysNuwwc6C6xwUC-cas' not recognized >> >> </cas:authenticationFailure> >> >> </cas:serviceResponse> >> >> >> >> >> >> scott_battaglia wrote: >> >> > >> >> > The Yale CAS Client works perfectly fine with the CAS 3.2.1.1 server >> >> > release >> >> > (unless there is some bug we don't know about ). >> >> > >> >> > -Scott >> >> > >> >> > -Scott Battaglia >> >> > PGP Public Key Id: 0x383733AA >> >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia >> >> > >> >> > >> >> > On Fri, Aug 1, 2008 at 1:59 AM, Tracy12 <[EMAIL PROTECTED]> wrote: >> >> > >> >> >> >> >> >> Even though, it doesnt support single log out, it should support >> >> things >> >> >> like >> >> >> serviceValidate isn't it? >> >> >> >> >> >> But I am getting the following exception, When I replace the old >> CAS >> >> >> which >> >> >> is 3.0.x it is working fine, which means it is nothing to do with >> the >> >> >> certificates, >> >> >> >> >> >> We are using yale cas client 2.1 in the uPortal. >> >> >> >> >> >> Thanks >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> type Exception report >> >> >> >> >> >> message >> >> >> >> >> >> description The server encountered an internal error () that >> prevented >> >> it >> >> >> from fulfilling this request. >> >> >> >> >> >> exception >> >> >> >> >> >> javax.servlet.ServletException: Unable to validate >> >> ProxyTicketValidator >> >> >> [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] >> >> >> [edu.yale.its.tp.cas.client.ServiceTicketValidator >> >> >> casValidateUrl=[https://mymachine:8443/cas/serviceValidate] >> >> >> ticket=[ST-1-TWyPmOAR95g0fNryfZ1c-cas] >> >> >> service=[http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin] >> >> renew=false]]] >> >> >> >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:292) >> >> >> >> >> >> root cause >> >> >> >> >> >> edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to >> >> validate >> >> >> ProxyTicketValidator >> [[edu.yale.its.tp.cas.client.ProxyTicketValidator >> >> >> proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator >> >> >> casValidateUrl=[https://mymachine:8443/cas/serviceValidate] >> >> >> ticket=[ST-1-TWyPmOAR95g0fNryfZ1c-cas] >> >> >> service=[http%3A%2F%2Flalitha%3A8080%2FuPortal%2FLogin] >> renew=false]]] >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:57) >> >> >> >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:339) >> >> >> >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289) >> >> >> >> >> >> root cause >> >> >> >> >> >> java.io.IOException: Server returned HTTP response code: 500 for >> URL: >> >> >> >> >> >> >> >> >> https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-TWyPmOAR95g0fNryfZ1c-cas >> >> >> >> >> >> >> >> >> >> >> >> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1170) >> >> >> >> >> >> >> >> >> >> >> >> com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204) >> >> >> >> edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) >> >> >> >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:216) >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:55) >> >> >> >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:339) >> >> >> >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289) >> >> >> >> >> >> note The full stack trace of the root cause is available in the >> Apache >> >> >> Tomcat/5.5.25 logs. >> >> >> >> >> >> >> >> >> John Sood wrote: >> >> >> > >> >> >> > No. Yale client does not support single signout. >> >> >> > >> >> >> > Tracy12 wrote: >> >> >> >> With CAS 3.2.1.1 can't we use cas client 2.1 from yale.? >> >> >> >> >> >> >> >> Reason is within uPortal we have CAS client 2.1 with some code >> >> >> >> modifications, >> >> >> >> >> >> >> >> Is it a must that we need to use CAS Client 3.1.1 with CAS >> 3.2.1.1 >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> John Sood wrote: >> >> >> >> >> >> >> >>> I am using the following at it works for me: >> >> >> >>> >> >> >> >>> CAS Server 3.2.1 >> >> >> >>> CAS Client 3.1.1 >> >> >> >>> >> >> >> >>> Tracy12 wrote: >> >> >> >>> >> >> >> >>>> Hi, >> >> >> >>>> >> >> >> >>>> Does CAS 3.2.1.1 fully supports Single log out? >> >> >> >>>> >> >> >> >>>> Do I have to download some prior version? >> >> >> >>>> >> >> >> >>>> Reason for this question is I can remember some discussions >> going >> >> on >> >> >> >>>> with >> >> >> >>>> regards to this, whether to download CAS 3.2.X >> >> >> >>>> >> >> >> >>>> or 3.1.X >> >> >> >>>> >> >> >> >>>> Pls confirm for us to download the proper version. >> >> >> >>>> >> >> >> >>>> Also let us know which casclient version should we download >> >> >> >>>> correspondent >> >> >> >>>> to >> >> >> >>>> the main CAS download. >> >> >> >>>> >> >> >> >>>> Thanks >> >> >> >>>> >> >> >> >>>> >> >> >> >>>> >> >> >> >>> _______________________________________________ >> >> >> >>> Yale CAS mailing list >> >> >> >>> [email protected] >> >> >> >>> http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> >>> >> >> >> >>> >> >> >> >>> >> >> >> >> >> >> >> >> >> >> >> > >> >> >> > >> >> >> > _______________________________________________ >> >> >> > Yale CAS mailing list >> >> >> > [email protected] >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> > >> >> >> > >> >> >> >> >> >> -- >> >> >> View this message in context: >> >> >> >> >> >> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18768662.html >> >> >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> >> >> >> >> _______________________________________________ >> >> >> Yale CAS mailing list >> >> >> [email protected] >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> >> >> > >> >> > _______________________________________________ >> >> > Yale CAS mailing list >> >> > [email protected] >> >> > http://tp.its.yale.edu/mailman/listinfo/cas >> >> > >> >> > >> >> >> >> -- >> >> View this message in context: >> >> >> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18805727.html >> >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> >> >> _______________________________________________ >> >> Yale CAS mailing list >> >> [email protected] >> >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> > >> > _______________________________________________ >> > Yale CAS mailing list >> > [email protected] >> > http://tp.its.yale.edu/mailman/listinfo/cas >> > >> > >> >> -- >> View this message in context: >> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18822609.html >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- View this message in context: http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18823313.html Sent from the CAS Users mailing list archive at Nabble.com. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
