If there really is an error then those log4j settings should have worked. You can also try manually getting a ticket and then manually validating it in the browser to see what the error is.
3.2.1.1 and 3.2.1 only differ in a couple JSP pages not used in the validation part. -Scott On Mon, Aug 4, 2008 at 10:09 PM, Tracy12 <[EMAIL PROTECTED]> wrote: > > Thanks Scott, > > Client side it throws the following exception, and to debug server side CAS > I changed the log4j.properties of > /cas-server-3.2.1.1/cas-server-webapp/src/main/webapp/WEB-INF/classes > as follows (last couple of entries), but still I can't see any log error > in cas.log as well as catalina.out > > Am I doing something wrong., Can you let me know a specific location to > track the error.? > > log4j.logger.org.springframework=DEBUG > log4j.logger.org.jasig=DEBUG > > log4j.logger.org.jasig.cas.web.flow=DEBUG > log4j.logger.org.jasig.cas.authentication=DEBUG > log4j.logger.org.jasig.cas.services=DEBUG > > > > > > Client Error > > java.io.IOException: Server returned HTTP response code: 500 for URL: > > https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-sKehsbEf5Spajj7bKh5i-cas > at > > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1170) > at > > com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204) > at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) > at > > edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:228) > at > edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:64) > at > > edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:344) > at > > edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) > > > scott_battaglia wrote: > > > > You'll have to look in the CAS logs as to why there's a 500 error in the > > server. > > > > -Scott > > > > -Scott Battaglia > > PGP Public Key Id: 0x383733AA > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > > > On Mon, Aug 4, 2008 at 8:45 PM, Tracy12 <[EMAIL PROTECTED]> wrote: > > > >> > >> I realized the reason for the invalid ticket is because I got the > >> firstURL > >> and did another hit basically I am trying to validate a ticket twice, > >> > >> But the first exception I got was nothing related to invalid ticket but > >> something else a I stated in previous email. > >> > >> The thing which I can't understand is I got uPortal 2.5.3 with Yale CAS > >> Client workiing fine with CAS 3.0.x, > >> > >> but with the similar setup when I replace CAS 3.2.1.1 it throws the > above > >> exception for the serviceValidate. > >> > >> If CAS 3.2.1.1 is compatible with Yale CAS client 2.1, I dont need to > do > >> any > >> configuration change in uPortal or Yale CAS client, isnt it? > >> > >> How Can I trouble shoot this more in the CAS 3.2.1.1 > >> > >> Thanks > >> > >> > >> > >> scott_battaglia wrote: > >> > > >> > It usually just means the ticket can't be found ;-) That usually > >> occurs > >> > if > >> > for some reason the ticket id being passed in is wrong or you've tried > >> to > >> > validate a ticket twice. > >> > > >> > -Scott > >> > > >> > > >> > On Mon, Aug 4, 2008 at 1:08 AM, Tracy12 <[EMAIL PROTECTED]> wrote: > >> > > >> >> > >> >> Hi Scott, > >> >> > >> >> I started debugging from the yale cas client. It fails the > >> >> SecureURL.retrieve(url); statement of the validate method inside the > >> >> ServiceTicketValidator. > >> >> > >> >> When I take a new browser instance and hit the above url which is > used > >> in > >> >> SecureURL.retrieve(url). In the browser it comes with the following > >> >> exception. > >> >> > >> >> url is something similar to this > >> >> > >> >> > >> > https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-s2DXcqysNuwwc6C6xwUC-cas > >> >> > >> >> Is there any server configuration required in this new CAS > >> >> 3.2.1.1compared > >> >> to CAS 3.0.x > >> >> > >> >> I can't think this as a certificate issue as when new CAS 3.2.1.1 is > >> >> replaced with CAS 3.0.x it works with yale cas client 2.x > >> >> > >> >> What exactly the reason for the following error > >> >> > >> >> > >> >> > >> >> > >> >> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> > >> >> <cas:authenticationFailure code='INVALID_TICKET'> > >> >> ticket 'ST-1-s2DXcqysNuwwc6C6xwUC-cas' not recognized > >> >> </cas:authenticationFailure> > >> >> </cas:serviceResponse> > >> >> > >> >> > >> >> scott_battaglia wrote: > >> >> > > >> >> > The Yale CAS Client works perfectly fine with the CAS 3.2.1.1server > >> >> > release > >> >> > (unless there is some bug we don't know about ). > >> >> > > >> >> > -Scott > >> >> > > >> >> > -Scott Battaglia > >> >> > PGP Public Key Id: 0x383733AA > >> >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia > >> >> > > >> >> > > >> >> > On Fri, Aug 1, 2008 at 1:59 AM, Tracy12 <[EMAIL PROTECTED]> > wrote: > >> >> > > >> >> >> > >> >> >> Even though, it doesnt support single log out, it should support > >> >> things > >> >> >> like > >> >> >> serviceValidate isn't it? > >> >> >> > >> >> >> But I am getting the following exception, When I replace the old > >> CAS > >> >> >> which > >> >> >> is 3.0.x it is working fine, which means it is nothing to do with > >> the > >> >> >> certificates, > >> >> >> > >> >> >> We are using yale cas client 2.1 in the uPortal. > >> >> >> > >> >> >> Thanks > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> type Exception report > >> >> >> > >> >> >> message > >> >> >> > >> >> >> description The server encountered an internal error () that > >> prevented > >> >> it > >> >> >> from fulfilling this request. > >> >> >> > >> >> >> exception > >> >> >> > >> >> >> javax.servlet.ServletException: Unable to validate > >> >> ProxyTicketValidator > >> >> >> [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] > >> >> >> [edu.yale.its.tp.cas.client.ServiceTicketValidator > >> >> >> casValidateUrl=[https://mymachine:8443/cas/serviceValidate] > >> >> >> ticket=[ST-1-TWyPmOAR95g0fNryfZ1c-cas] > >> >> >> service=[http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin] > >> >> renew=false]]] > >> >> >> > >> >> >> > >> >> >> > >> >> > >> > edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:292) > >> >> >> > >> >> >> root cause > >> >> >> > >> >> >> edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to > >> >> validate > >> >> >> ProxyTicketValidator > >> [[edu.yale.its.tp.cas.client.ProxyTicketValidator > >> >> >> proxyList=[null] > [edu.yale.its.tp.cas.client.ServiceTicketValidator > >> >> >> casValidateUrl=[https://mymachine:8443/cas/serviceValidate] > >> >> >> ticket=[ST-1-TWyPmOAR95g0fNryfZ1c-cas] > >> >> >> service=[http%3A%2F%2Flalitha%3A8080%2FuPortal%2FLogin] > >> renew=false]]] > >> >> >> > >> >> >> > >> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:57) > >> >> >> > >> >> >> > >> >> >> > >> >> > >> > edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:339) > >> >> >> > >> >> >> > >> >> >> > >> >> > >> > edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289) > >> >> >> > >> >> >> root cause > >> >> >> > >> >> >> java.io.IOException: Server returned HTTP response code: 500 for > >> URL: > >> >> >> > >> >> >> > >> >> > >> > https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-TWyPmOAR95g0fNryfZ1c-cas > >> >> >> > >> >> >> > >> >> >> > >> >> > >> > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1170) > >> >> >> > >> >> >> > >> >> >> > >> >> > >> > com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204) > >> >> >> > >> edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) > >> >> >> > >> >> >> > >> >> >> > >> >> > >> > edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:216) > >> >> >> > >> >> >> > >> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:55) > >> >> >> > >> >> >> > >> >> >> > >> >> > >> > edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:339) > >> >> >> > >> >> >> > >> >> >> > >> >> > >> > edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289) > >> >> >> > >> >> >> note The full stack trace of the root cause is available in the > >> Apache > >> >> >> Tomcat/5.5.25 logs. > >> >> >> > >> >> >> > >> >> >> John Sood wrote: > >> >> >> > > >> >> >> > No. Yale client does not support single signout. > >> >> >> > > >> >> >> > Tracy12 wrote: > >> >> >> >> With CAS 3.2.1.1 can't we use cas client 2.1 from yale.? > >> >> >> >> > >> >> >> >> Reason is within uPortal we have CAS client 2.1 with some code > >> >> >> >> modifications, > >> >> >> >> > >> >> >> >> Is it a must that we need to use CAS Client 3.1.1 with CAS > >> 3.2.1.1 > >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> John Sood wrote: > >> >> >> >> > >> >> >> >>> I am using the following at it works for me: > >> >> >> >>> > >> >> >> >>> CAS Server 3.2.1 > >> >> >> >>> CAS Client 3.1.1 > >> >> >> >>> > >> >> >> >>> Tracy12 wrote: > >> >> >> >>> > >> >> >> >>>> Hi, > >> >> >> >>>> > >> >> >> >>>> Does CAS 3.2.1.1 fully supports Single log out? > >> >> >> >>>> > >> >> >> >>>> Do I have to download some prior version? > >> >> >> >>>> > >> >> >> >>>> Reason for this question is I can remember some discussions > >> going > >> >> on > >> >> >> >>>> with > >> >> >> >>>> regards to this, whether to download CAS 3.2.X > >> >> >> >>>> > >> >> >> >>>> or 3.1.X > >> >> >> >>>> > >> >> >> >>>> Pls confirm for us to download the proper version. > >> >> >> >>>> > >> >> >> >>>> Also let us know which casclient version should we download > >> >> >> >>>> correspondent > >> >> >> >>>> to > >> >> >> >>>> the main CAS download. > >> >> >> >>>> > >> >> >> >>>> Thanks > >> >> >> >>>> > >> >> >> >>>> > >> >> >> >>>> > >> >> >> >>> _______________________________________________ > >> >> >> >>> Yale CAS mailing list > >> >> >> >>> [email protected] > >> >> >> >>> http://tp.its.yale.edu/mailman/listinfo/cas > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >> > >> >> >> >> > >> >> >> > > >> >> >> > > >> >> >> > _______________________________________________ > >> >> >> > Yale CAS mailing list > >> >> >> > [email protected] > >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas > >> >> >> > > >> >> >> > > >> >> >> > >> >> >> -- > >> >> >> View this message in context: > >> >> >> > >> >> > >> > http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18768662.html > >> >> >> Sent from the CAS Users mailing list archive at Nabble.com. > >> >> >> > >> >> >> _______________________________________________ > >> >> >> Yale CAS mailing list > >> >> >> [email protected] > >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas > >> >> >> > >> >> > > >> >> > _______________________________________________ > >> >> > Yale CAS mailing list > >> >> > [email protected] > >> >> > http://tp.its.yale.edu/mailman/listinfo/cas > >> >> > > >> >> > > >> >> > >> >> -- > >> >> View this message in context: > >> >> > >> > http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18805727.html > >> >> Sent from the CAS Users mailing list archive at Nabble.com. > >> >> > >> >> _______________________________________________ > >> >> Yale CAS mailing list > >> >> [email protected] > >> >> http://tp.its.yale.edu/mailman/listinfo/cas > >> >> > >> > > >> > _______________________________________________ > >> > Yale CAS mailing list > >> > [email protected] > >> > http://tp.its.yale.edu/mailman/listinfo/cas > >> > > >> > > >> > >> -- > >> View this message in context: > >> > http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18822609.html > >> Sent from the CAS Users mailing list archive at Nabble.com. > >> > >> _______________________________________________ > >> Yale CAS mailing list > >> [email protected] > >> http://tp.its.yale.edu/mailman/listinfo/cas > >> > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > -- > View this message in context: > http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18823313.html > Sent from the CAS Users mailing list archive at Nabble.com. > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
