Scott, How can I add default RegisteredServicesImpl to the registry in configuration that basically says "please ignore attributes and just pass the principal along", Do you want for me to have org.jasig.cas.services.RegisteredServicesImpl in the configuration instead of org.jasig.cas.services.InMemoryServiceRegistryDaoImpl
or How can I configure the InMemoryServiceRegistryDaoImpl to have one RegisteredServiceImpl added to it (via the XML configuration) that sets the ignoreAttributes property to true Without any of those if I change the source of the CentralAuthenticationServiceImpl and method validateServiceTicket to use the authentication.getPrincipal() and their attributes without instantiating SimplePrincipal this would solve the issue as I dont have any registered service isn't it? Will there be any side effects? This said I would like to see the above configuration done but no success so far. Thanks scott_battaglia wrote: > > On Wed, Aug 6, 2008 at 12:40 AM, Tracy12 <[EMAIL PROTECTED]> wrote: > >> >> Thanks scot, >> >> In CAS 3.0.3 it was enough to do those configurations to pass addtional >> information to the client, but it looks to me it is not the case with CAS >> 3.2.1.1, there wasn't any confilict with my custom principal conflicting >> with CAS services earlier 3.0.x. >> >> But it looks to me now it is different, I can't understand why we >> preserve >> the above feature in CAS 3.2.1.1. Any how one of the things which I >> observed >> is SimplePrincipal is hard wired in top level classes like >> CentralAuthenticationServiceImpl. Which was not the case in CAS 3.0.x, >> Any >> how all are observations, these changes are for some reason. > > I believe I've already explained in my previous email that the principal > is > used in conjunction with the Services Management tool to limit the > attributes returned to services. In order for it to be used it has to > have > a concrete implementation it can construct. > > >> >> >> We thougth there are two paths for us to proceed with CAS 3.2..1.1 with >> regards to this >> >> 1) modify the SimplePrinical to have more properties similar to my Custom >> Principal and with no other additional configuration. > > > That's not going to work. They won't be copied over. > > >> >> >> 2) change the deployerConfigContext.xml to have our own >> RegisteredServiceImpl >> >> As above no 2 is not clear as a easy approach we did add addtional setter >> and getters for the SimplePrincipal, the result was there wasn't any >> errors >> but did not pass additional attributes to the client apart from id, Do we >> have to add the addtional attributes some where. > > I'm pretty sure adding a default RegisteredServicesImpl to the registry in > configuration that basically says "please ignore attributes and just pass > the principal along" is the easier of the two options. > >> >> >> The best we like to have is above no 2, which is not clear for us, can >> you >> pls elaborate it with a example. are you refereing to the following, can >> you provide us a sample. What exactly the service you are refering here. >> >> <bean >> id="serviceRegistryDao" >> >> class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl" /> >> >> What exactly do we have to do? > > > What you really should be doing is not using custom principals now that we > have support for attributes as a map on the Principal and populating that > map. And then configuring in the Services Management tool the default > list > of attributes to send back to every application. But if you're not going > to > do that then you should configure the InMemoryServiceRegistryDaoImpl to > have > one RegisteredServiceImpl added to it (via the XML configuration) that > sets > the ignoreAttributes property to true and is set to cover all of your > services. > > > >> As I described in my previous mails the success service validae protocoal >> jsp looks as follows with additional information > > > What it looks like doesn't matter if you're not going to configure the CAS > server to ignore the Services Management tool. > > -Scott > >> >> >> <%@ page session="false" %><%@ taglib prefix="c" >> uri="http://java.sun.com/jsp/jstl/core"; %><%@ taglib >> uri="http://java.sun.com/jsp/jstl/functions"; prefix="fn" >> %><cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> >> <cas:authenticationSuccess> >> >> >> <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1]. >> principal.id)}</cas:user> >> >> >> <cas:firstName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.firstName)}</cas:firstName> >> >> >> <cas:middleName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.middleName)}</cas:middleName> >> >> >> <cas:lastName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.lastName)}</cas:lastName> >> >> >> <cas:displayName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.displayName)}</cas:displayName> >> >> >> <cas:userType>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.userType)}</cas:userType> >> >> <c:if test="${not empty pgtIou}"> >> >> <cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket> >> </c:if> >> <c:if test="${fn:length(assertion.chainedAuthentications) > 1}"> >> <cas:proxies> >> <c:forEach var="proxy" items="${assertion.chainedAuthentications}" >> varStatus="loopStatus" begin="0" >> end="${fn:length(assertion.chainedAuthentications)-2}" step="1"> >> <cas:proxy>${fn:escapeXml(proxy.principal.id >> )}</cas:proxy> >> </c:forEach> >> </cas:proxies> >> </c:if> >> </cas:authenticationSuccess> >> </cas:serviceResponse> >> >> >> >> >> >> >> >> >> >> >> scott_battaglia wrote: >> > >> > It looks like your custom principal is conflicting with the Services >> > Management tool. You can basically tell CAS to ignore the Services >> > Management tool by essentially reconfiguring the >> InMemoryServiceManagerDao >> > (in the deployerConfigContext.xml). >> > >> > You'll need to add one RegisteredServiceImpl with a path pattern that >> > matches all of your services (i.e. **/**) and then set the >> > ignoreAttributes >> > property to true. >> > >> > The Services Management tool exists to allow you to configure which >> > services >> > can see which attributes. Unfortunately its designed to work with the >> > principals that exist with CAS. >> > >> > -Scott >> > >> > -Scott Battaglia >> > PGP Public Key Id: 0x383733AA >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia >> > >> > >> > On Tue, Aug 5, 2008 at 4:20 AM, Tracy12 <[EMAIL PROTECTED]> wrote: >> > >> >> >> >> Yes I did the manual way and could produce what the error is, >> >> I have my own JAASAuthHanlder and credential to principal resolvers >> also >> >> my >> >> own Principal extends from the pricipal, >> >> >> >> But it gives the follwoing exception, it tries to find attribtues in >> the >> >> org.jasig.cas.authentication.principal.SimplePrincipal >> >> instead of mine, >> >> >> >> I have defined Authhandlers and Resolvers in deployerConfigContext.xml >> >> properly. >> >> >> >> Note: >> >> ...... >> >> >> >> My principal got more attributes than normal one and protocol jsps are >> >> modified accordingly, this was working fine in CAS 3.0.x, is there any >> >> change in the new version >> >> >> >> >> >> >> >> org.apache.jasper.JasperException: Exception in JSP: >> >> /WEB-INF/view/jsp/protocol/2.0/casServiceValidationSuccess.jsp:4 >> >> >> >> 1: <%@ page session="false" %><%@ taglib prefix="c" >> >> uri="http://java.sun.com/jsp/jstl/core"; %><%@ taglib >> >> uri="http://java.sun.com/jsp/jstl/functions"; prefix="fn" >> >> %><cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> >> >> 2: <cas:authenticationSuccess> >> >> 3: >> >> >> >> >> <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1]. >> >> principal.id)}</cas:user> >> >> 4: >> >> >> >> >> <cas:firstName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.firstName)}</cas:firstName> >> >> 5: >> >> >> >> >> <cas:middleName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.middleName)}</cas:middleName> >> >> 6: >> >> >> >> >> <cas:lastName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.lastName)}</cas:lastName> >> >> 7: >> >> >> >> >> <cas:displayName>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.displayName)}</cas:displayName> >> >> >> >> >> >> Stacktrace: >> >> >> >> >> >> >> org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:451) >> >> >> >> >> >> >> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:355) >> >> >> >> >> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329) >> >> >> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265) >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >> >> >> >> >> >> >> org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:171) >> >> >> >> >> >> >> org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:251) >> >> >> >> >> >> >> org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1160) >> >> >> >> >> >> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:901) >> >> >> >> >> >> >> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809) >> >> >> >> >> >> >> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476) >> >> >> >> >> >> >> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431) >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >> >> >> >> >> >> >> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115) >> >> >> >> >> >> >> org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48) >> >> >> >> >> >> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) >> >> >> >> root cause >> >> >> >> javax.servlet.ServletException: Unable to find a value for "firstName" >> in >> >> object of class >> "org.jasig.cas.authentication.principal.SimplePrincipal" >> >> using operator "." >> >> >> >> >> >> >> org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:841) >> >> >> >> >> >> >> org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:774) >> >> >> >> >> >> >> org.apache.jsp.WEB_002dINF.view.jsp.protocol._2_0.casServiceValidationSuccess_jsp._jspService(casServiceValidationSuccess_jsp.java:97) >> >> >> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98) >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >> >> >> >> >> >> >> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331) >> >> >> >> >> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329) >> >> >> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265) >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >> >> >> >> >> >> >> org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:171) >> >> >> >> >> >> >> org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:251) >> >> >> >> >> >> >> org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1160) >> >> >> >> >> >> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:901) >> >> >> >> >> >> >> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809) >> >> >> >> >> >> >> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476) >> >> >> >> >> >> >> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431) >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >> >> >> >> >> >> >> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115) >> >> >> >> >> >> >> org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48) >> >> >> >> >> >> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) >> >> >> >> root cause >> >> >> >> javax.servlet.jsp.el.ELException: Unable to find a value for >> "firstName" >> >> in >> >> object of class >> "org.jasig.cas.authentication.principal.SimplePrincipal" >> >> using operator "." >> >> org.apache.commons.el.Logger.logError(Logger.java:481) >> >> org.apache.commons.el.Logger.logError(Logger.java:498) >> >> org.apache.commons.el.Logger.logError(Logger.java:611) >> >> >> org.apache.commons.el.ArraySuffix.evaluate(ArraySuffix.java:340) >> >> >> org.apache.commons.el.ComplexValue.evaluate(ComplexValue.java:145) >> >> >> >> >> >> >> org.apache.commons.el.FunctionInvocation.evaluate(FunctionInvocation.java:163) >> >> >> >> >> >> >> org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:263) >> >> >> >> >> >> >> org.apache.commons.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:190) >> >> >> >> >> >> >> org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:924) >> >> >> >> >> >> >> org.apache.jsp.WEB_002dINF.view.jsp.protocol._2_0.casServiceValidationSuccess_jsp._jspService(casServiceValidationSuccess_jsp.java:67) >> >> >> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98) >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >> >> >> >> >> >> >> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331) >> >> >> >> >> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329) >> >> >> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265) >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >> >> >> >> >> >> >> org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:171) >> >> >> >> >> >> >> org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:251) >> >> >> >> >> >> >> org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1160) >> >> >> >> >> >> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:901) >> >> >> >> >> >> >> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809) >> >> >> >> >> >> >> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476) >> >> >> >> >> >> >> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431) >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >> >> >> >> >> >> >> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115) >> >> >> >> >> >> >> org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48) >> >> >> >> >> >> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) >> >> >> >> note The full stack trace of the root cause is available in the Apache >> >> Tomcat/5.5.25 logs. >> >> Apache Tomcat/5.5.25 >> >> >> >> >> >> scott_battaglia wrote: >> >> > >> >> > If there really is an error then those log4j settings should have >> >> worked. >> >> > You can also try manually getting a ticket and then manually >> validating >> >> it >> >> > in the browser to see what the error is. >> >> > >> >> > 3.2.1.1 and 3.2.1 only differ in a couple JSP pages not used in the >> >> > validation part. >> >> > >> >> > -Scott >> >> > >> >> > >> >> > >> >> > On Mon, Aug 4, 2008 at 10:09 PM, Tracy12 <[EMAIL PROTECTED]> wrote: >> >> > >> >> >> >> >> >> Thanks Scott, >> >> >> >> >> >> Client side it throws the following exception, and to debug server >> >> side >> >> >> CAS >> >> >> I changed the log4j.properties of >> >> >> >> /cas-server-3.2.1.1/cas-server-webapp/src/main/webapp/WEB-INF/classes >> >> >> as follows (last couple of entries), but still I can't see any log >> >> error >> >> >> in cas.log as well as catalina.out >> >> >> >> >> >> Am I doing something wrong., Can you let me know a specific >> location >> >> to >> >> >> track the error.? >> >> >> >> >> >> log4j.logger.org.springframework=DEBUG >> >> >> log4j.logger.org.jasig=DEBUG >> >> >> >> >> >> log4j.logger.org.jasig.cas.web.flow=DEBUG >> >> >> log4j.logger.org.jasig.cas.authentication=DEBUG >> >> >> log4j.logger.org.jasig.cas.services=DEBUG >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> Client Error >> >> >> >> >> >> java.io.IOException: Server returned HTTP response code: 500 for >> URL: >> >> >> >> >> >> >> >> >> https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-sKehsbEf5Spajj7bKh5i-cas >> >> >> at >> >> >> >> >> >> >> >> >> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1170) >> >> >> at >> >> >> >> >> >> >> >> >> com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204) >> >> >> at >> >> edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) >> >> >> at >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:228) >> >> >> at >> >> >> >> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:64) >> >> >> at >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:344) >> >> >> at >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289) >> >> >> at >> >> >> >> >> >> >> >> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) >> >> >> at >> >> >> >> >> >> >> >> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) >> >> >> at >> >> >> >> >> >> >> >> >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) >> >> >> at >> >> >> >> >> >> >> >> >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174) >> >> >> at >> >> >> >> >> >> >> >> >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) >> >> >> at >> >> >> >> >> >> >> >> >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) >> >> >> at >> >> >> >> >> >> >> >> >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) >> >> >> at >> >> >> >> >> >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) >> >> >> >> >> >> >> >> >> scott_battaglia wrote: >> >> >> > >> >> >> > You'll have to look in the CAS logs as to why there's a 500 error >> in >> >> >> the >> >> >> > server. >> >> >> > >> >> >> > -Scott >> >> >> > >> >> >> > -Scott Battaglia >> >> >> > PGP Public Key Id: 0x383733AA >> >> >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia >> >> >> > >> >> >> > >> >> >> > On Mon, Aug 4, 2008 at 8:45 PM, Tracy12 <[EMAIL PROTECTED]> >> wrote: >> >> >> > >> >> >> >> >> >> >> >> I realized the reason for the invalid ticket is because I got >> the >> >> >> >> firstURL >> >> >> >> and did another hit basically I am trying to validate a ticket >> >> twice, >> >> >> >> >> >> >> >> But the first exception I got was nothing related to invalid >> ticket >> >> >> but >> >> >> >> something else a I stated in previous email. >> >> >> >> >> >> >> >> The thing which I can't understand is I got uPortal 2.5.3 with >> Yale >> >> >> CAS >> >> >> >> Client workiing fine with CAS 3.0.x, >> >> >> >> >> >> >> >> but with the similar setup when I replace CAS 3.2.1.1 it throws >> the >> >> >> above >> >> >> >> exception for the serviceValidate. >> >> >> >> >> >> >> >> If CAS 3.2.1.1 is compatible with Yale CAS client 2.1, I dont >> need >> >> to >> >> >> do >> >> >> >> any >> >> >> >> configuration change in uPortal or Yale CAS client, isnt it? >> >> >> >> >> >> >> >> How Can I trouble shoot this more in the CAS 3.2.1.1 >> >> >> >> >> >> >> >> Thanks >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> scott_battaglia wrote: >> >> >> >> > >> >> >> >> > It usually just means the ticket can't be found ;-) That >> usually >> >> >> >> occurs >> >> >> >> > if >> >> >> >> > for some reason the ticket id being passed in is wrong or >> you've >> >> >> tried >> >> >> >> to >> >> >> >> > validate a ticket twice. >> >> >> >> > >> >> >> >> > -Scott >> >> >> >> > >> >> >> >> > >> >> >> >> > On Mon, Aug 4, 2008 at 1:08 AM, Tracy12 <[EMAIL PROTECTED]> >> >> wrote: >> >> >> >> > >> >> >> >> >> >> >> >> >> >> Hi Scott, >> >> >> >> >> >> >> >> >> >> I started debugging from the yale cas client. It fails the >> >> >> >> >> SecureURL.retrieve(url); statement of the validate method >> inside >> >> >> the >> >> >> >> >> ServiceTicketValidator. >> >> >> >> >> >> >> >> >> >> When I take a new browser instance and hit the above url >> which >> >> is >> >> >> used >> >> >> >> in >> >> >> >> >> SecureURL.retrieve(url). In the browser it comes with the >> >> following >> >> >> >> >> exception. >> >> >> >> >> >> >> >> >> >> url is something similar to this >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-s2DXcqysNuwwc6C6xwUC-cas >> >> >> >> >> >> >> >> >> >> Is there any server configuration required in this new CAS >> >> >> >> >> 3.2.1.1compared >> >> >> >> >> to CAS 3.0.x >> >> >> >> >> >> >> >> >> >> I can't think this as a certificate issue as when new CAS >> >> 3.2.1.1 >> >> >> is >> >> >> >> >> replaced with CAS 3.0.x it works with yale cas client 2.x >> >> >> >> >> >> >> >> >> >> What exactly the reason for the following error >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> >> >> >> >> >> <cas:authenticationFailure code='INVALID_TICKET'> >> >> >> >> >> ticket 'ST-1-s2DXcqysNuwwc6C6xwUC-cas' not >> >> >> recognized >> >> >> >> >> </cas:authenticationFailure> >> >> >> >> >> </cas:serviceResponse> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> scott_battaglia wrote: >> >> >> >> >> > >> >> >> >> >> > The Yale CAS Client works perfectly fine with the CAS >> >> >> 3.2.1.1server >> >> >> >> >> > release >> >> >> >> >> > (unless there is some bug we don't know about ). >> >> >> >> >> > >> >> >> >> >> > -Scott >> >> >> >> >> > >> >> >> >> >> > -Scott Battaglia >> >> >> >> >> > PGP Public Key Id: 0x383733AA >> >> >> >> >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > On Fri, Aug 1, 2008 at 1:59 AM, Tracy12 >> <[EMAIL PROTECTED]> >> >> >> wrote: >> >> >> >> >> > >> >> >> >> >> >> >> >> >> >> >> >> Even though, it doesnt support single log out, it should >> >> support >> >> >> >> >> things >> >> >> >> >> >> like >> >> >> >> >> >> serviceValidate isn't it? >> >> >> >> >> >> >> >> >> >> >> >> But I am getting the following exception, When I replace >> the >> >> old >> >> >> >> CAS >> >> >> >> >> >> which >> >> >> >> >> >> is 3.0.x it is working fine, which means it is nothing to >> do >> >> >> with >> >> >> >> the >> >> >> >> >> >> certificates, >> >> >> >> >> >> >> >> >> >> >> >> We are using yale cas client 2.1 in the uPortal. >> >> >> >> >> >> >> >> >> >> >> >> Thanks >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> type Exception report >> >> >> >> >> >> >> >> >> >> >> >> message >> >> >> >> >> >> >> >> >> >> >> >> description The server encountered an internal error () >> that >> >> >> >> prevented >> >> >> >> >> it >> >> >> >> >> >> from fulfilling this request. >> >> >> >> >> >> >> >> >> >> >> >> exception >> >> >> >> >> >> >> >> >> >> >> >> javax.servlet.ServletException: Unable to validate >> >> >> >> >> ProxyTicketValidator >> >> >> >> >> >> [[edu.yale.its.tp.cas.client.ProxyTicketValidator >> >> >> proxyList=[null] >> >> >> >> >> >> [edu.yale.its.tp.cas.client.ServiceTicketValidator >> >> >> >> >> >> >> casValidateUrl=[https://mymachine:8443/cas/serviceValidate] >> >> >> >> >> >> ticket=[ST-1-TWyPmOAR95g0fNryfZ1c-cas] >> >> >> >> >> >> service=[http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin] >> >> >> >> >> renew=false]]] >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:292) >> >> >> >> >> >> >> >> >> >> >> >> root cause >> >> >> >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.CASAuthenticationException: >> Unable >> >> to >> >> >> >> >> validate >> >> >> >> >> >> ProxyTicketValidator >> >> >> >> [[edu.yale.its.tp.cas.client.ProxyTicketValidator >> >> >> >> >> >> proxyList=[null] >> >> >> [edu.yale.its.tp.cas.client.ServiceTicketValidator >> >> >> >> >> >> >> casValidateUrl=[https://mymachine:8443/cas/serviceValidate] >> >> >> >> >> >> ticket=[ST-1-TWyPmOAR95g0fNryfZ1c-cas] >> >> >> >> >> >> service=[http%3A%2F%2Flalitha%3A8080%2FuPortal%2FLogin] >> >> >> >> renew=false]]] >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:57) >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:339) >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289) >> >> >> >> >> >> >> >> >> >> >> >> root cause >> >> >> >> >> >> >> >> >> >> >> >> java.io.IOException: Server returned HTTP response code: >> 500 >> >> for >> >> >> >> URL: >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> https://mymachine:8443/cas/serviceValidate?service=http%3A%2F%2Fmymachine%3A8080%2FuPortal%2FLogin&ticket=ST-1-TWyPmOAR95g0fNryfZ1c-cas >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1170) >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204) >> >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:216) >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:55) >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:339) >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289) >> >> >> >> >> >> >> >> >> >> >> >> note The full stack trace of the root cause is available >> in >> >> the >> >> >> >> Apache >> >> >> >> >> >> Tomcat/5.5.25 logs. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> John Sood wrote: >> >> >> >> >> >> > >> >> >> >> >> >> > No. Yale client does not support single signout. >> >> >> >> >> >> > >> >> >> >> >> >> > Tracy12 wrote: >> >> >> >> >> >> >> With CAS 3.2.1.1 can't we use cas client 2.1 from >> yale.? >> >> >> >> >> >> >> >> >> >> >> >> >> >> Reason is within uPortal we have CAS client 2.1 with >> some >> >> >> code >> >> >> >> >> >> >> modifications, >> >> >> >> >> >> >> >> >> >> >> >> >> >> Is it a must that we need to use CAS Client 3.1.1 with >> CAS >> >> >> >> 3.2.1.1 >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> John Sood wrote: >> >> >> >> >> >> >> >> >> >> >> >> >> >>> I am using the following at it works for me: >> >> >> >> >> >> >>> >> >> >> >> >> >> >>> CAS Server 3.2.1 >> >> >> >> >> >> >>> CAS Client 3.1.1 >> >> >> >> >> >> >>> >> >> >> >> >> >> >>> Tracy12 wrote: >> >> >> >> >> >> >>> >> >> >> >> >> >> >>>> Hi, >> >> >> >> >> >> >>>> >> >> >> >> >> >> >>>> Does CAS 3.2.1.1 fully supports Single log out? >> >> >> >> >> >> >>>> >> >> >> >> >> >> >>>> Do I have to download some prior version? >> >> >> >> >> >> >>>> >> >> >> >> >> >> >>>> Reason for this question is I can remember some >> >> discussions >> >> >> >> going >> >> >> >> >> on >> >> >> >> >> >> >>>> with >> >> >> >> >> >> >>>> regards to this, whether to download CAS 3.2.X >> >> >> >> >> >> >>>> >> >> >> >> >> >> >>>> or 3.1.X >> >> >> >> >> >> >>>> >> >> >> >> >> >> >>>> Pls confirm for us to download the proper version. >> >> >> >> >> >> >>>> >> >> >> >> >> >> >>>> Also let us know which casclient version should we >> >> download >> >> >> >> >> >> >>>> correspondent >> >> >> >> >> >> >>>> to >> >> >> >> >> >> >>>> the main CAS download. >> >> >> >> >> >> >>>> >> >> >> >> >> >> >>>> Thanks >> >> >> >> >> >> >>>> >> >> >> >> >> >> >>>> >> >> >> >> >> >> >>>> >> >> >> >> >> >> >>> _______________________________________________ >> >> >> >> >> >> >>> Yale CAS mailing list >> >> >> >> >> >> >>> [email protected] >> >> >> >> >> >> >>> http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> >> >> >> >>> >> >> >> >> >> >> >>> >> >> >> >> >> >> >>> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > >> >> >> >> >> >> > >> >> >> >> >> >> > _______________________________________________ >> >> >> >> >> >> > Yale CAS mailing list >> >> >> >> >> >> > [email protected] >> >> >> >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> >> >> >> > >> >> >> >> >> >> > >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> >> >> >> View this message in context: >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18768662.html >> >> >> >> >> >> Sent from the CAS Users mailing list archive at >> Nabble.com. >> >> >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> >> >> >> >> >> Yale CAS mailing list >> >> >> >> >> >> [email protected] >> >> >> >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> >> >> >> >> >> >> >> >> > >> >> >> >> >> > _______________________________________________ >> >> >> >> >> > Yale CAS mailing list >> >> >> >> >> > [email protected] >> >> >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> >> >> >> >> >> -- >> >> >> >> >> View this message in context: >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18805727.html >> >> >> >> >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> >> >> >> >> Yale CAS mailing list >> >> >> >> >> [email protected] >> >> >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> >> >> >> >> >> >> > >> >> >> >> > _______________________________________________ >> >> >> >> > Yale CAS mailing list >> >> >> >> > [email protected] >> >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> >> > >> >> >> >> > >> >> >> >> >> >> >> >> -- >> >> >> >> View this message in context: >> >> >> >> >> >> >> >> >> >> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18822609.html >> >> >> >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> >> >> >> >> >> >> _______________________________________________ >> >> >> >> Yale CAS mailing list >> >> >> >> [email protected] >> >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> >> >> >> >> > >> >> >> > _______________________________________________ >> >> >> > Yale CAS mailing list >> >> >> > [email protected] >> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> > >> >> >> > >> >> >> >> >> >> -- >> >> >> View this message in context: >> >> >> >> >> >> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18823313.html >> >> >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> >> >> >> >> _______________________________________________ >> >> >> Yale CAS mailing list >> >> >> [email protected] >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> >> >> > >> >> > _______________________________________________ >> >> > Yale CAS mailing list >> >> > [email protected] >> >> > http://tp.its.yale.edu/mailman/listinfo/cas >> >> > >> >> > >> >> >> >> -- >> >> View this message in context: >> >> >> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18826587.html >> >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> >> >> _______________________________________________ >> >> Yale CAS mailing list >> >> [email protected] >> >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> >> > >> > _______________________________________________ >> > Yale CAS mailing list >> > [email protected] >> > http://tp.its.yale.edu/mailman/listinfo/cas >> > >> > >> >> -- >> View this message in context: >> http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18844212.html >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- View this message in context: http://www.nabble.com/Single-Log-Out---which-version-tp18746114p18863617.html Sent from the CAS Users mailing list archive at Nabble.com. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
