Hi,

I'm looking for help to understand a problem of SAML talk between CAS 
server ( 3.3.1 with cas toolbox) and CAS client (3.3.1).

The CAS server is deployed on a tomcat 6.0.16 and java 1.5.0_10, and the 
app is on a tomcat 5.5.27 with java 1.5.0_14 and all is behind an 
appache with mod_jk.

On cas log I have only this warning :
2009-01-19 15:59:54,258 WARN [org.opensaml.XML] - Unable to turn off 
data normalization in parser, supersignatures may fail with Xerces-J: 
javax.xml.parsers.ParserConfigurationException: 
jaxp_feature_not_supported: Feature 
"http://apache.org/xml/features/validation/schema/normalized-value"; is 
not supported.


And when the app client try to validate a ticket with SAML protocol it 
succeed, but I get this error :

2009-01-19 15:39:21,048 DEBUG 
[org.jasig.cas.client.authentication.AuthenticationFilter] - no ticket 
and no assertion found
2009-01-19 15:39:21,049 DEBUG [org.jasig.cas.client.util.CommonUtils] - 
serviceUrl generated: http://my.host.net:8080/PRONOTEsso/
2009-01-19 15:39:21,049 DEBUG 
[org.jasig.cas.client.authentication.AuthenticationFilter] - Constructed 
service url: http://my.host.net:8080/PRONOTEsso/
2009-01-19 15:39:21,049 DEBUG 
[org.jasig.cas.client.authentication.AuthenticationFilter] - redirecting 
to 
"https://dvorak.recia.fr/cas/login?service=http%3A%2F%2Fmy.host.net%3A8080%2FPRONOTEsso%2F";
2009-01-19 15:39:34,785 DEBUG 
[org.jasig.cas.client.authentication.AuthenticationFilter] - removing 
gateway attribute from session
2009-01-19 15:39:34,785 DEBUG 
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - 
Attempting to validate ticket: ST-1-EP4Is7yga1cbkdFY50Zv-cas
2009-01-19 15:39:34,786 DEBUG [org.jasig.cas.client.util.CommonUtils] - 
serviceUrl generated: http://my.host.net:8080/PRONOTEsso/
2009-01-19 15:39:34,786 DEBUG 
[org.jasig.cas.client.validation.Saml11TicketValidator] - Placing URL 
parameters in map.
2009-01-19 15:39:34,786 DEBUG 
[org.jasig.cas.client.validation.Saml11TicketValidator] - Calling 
template URL attribute map.
2009-01-19 15:39:34,786 DEBUG 
[org.jasig.cas.client.validation.Saml11TicketValidator] - Loading custom 
parameters from configuration.
2009-01-19 15:39:34,786 DEBUG 
[org.jasig.cas.client.validation.Saml11TicketValidator] - Constructing 
validation url: 
https://dvorak.recia.fr/cas/samlValidate?TARGET=http%3A%2F%2Fmy.host.net%3A8080%2FPRONOTEsso%2F
2009-01-19 15:39:34,786 DEBUG 
[org.jasig.cas.client.validation.Saml11TicketValidator] - Retrieving 
response from server.
2009-01-19 15:39:35,141 DEBUG 
[org.jasig.cas.client.validation.Saml11TicketValidator] - Server 
response: <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope 
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/><SOAP-ENV:Body><Response
 
xmlns="urn:oasis:names:tc:SAML:1.0:protocol" 
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" 
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" 
xmlns:xsd="http://www.w3.org/2001/XMLSchema"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
IssueInstant="2009-01-19T14:59:54.088Z" MajorVersion="1" 
MinorVersion="1" Recipient="http://my.host.net:8080/PRONOTEsso/"; 
ResponseID="_4f85a1187ad9080a4963e3bffe23728e"><Status><StatusCode 
Value="samlp:Success"></StatusCode></Status><Assertion 
xmlns="urn:oasis:names:tc:SAML:1.0:assertion" 
AssertionID="_9ca35d5f982cba06665b4ee2ac5ade0e" 
IssueInstant="2009-01-19T14:59:54.088Z" Issuer="localhost" 
MajorVersion="1" MinorVersion="1"><Conditions 
NotBefore="2009-01-19T14:59:54.088Z" 
NotOnOrAfter="2009-01-19T15:00:24.088Z"><AudienceRestrictionCondition><Audience>http://my.host.net:8080/PRONOTEsso/</Audience></AudienceRestrictionCondition></Conditions><AttributeStatement><Subject><NameIdentifier>F08001pi</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation></Subject><Attribute
 
AttributeName="dateNaissance" 
AttributeNamespace="http://www.ja-sig.org/products/cas/";><AttributeValue>04/05/1983</AttributeValue></Attribute><Attribute
 
AttributeName="user" 
AttributeNamespace="http://www.ja-sig.org/products/cas/";><AttributeValue>F08001pi</AttributeValue></Attribute><Attribute
 
AttributeName="login" 
AttributeNamespace="http://www.ja-sig.org/products/cas/";><AttributeValue>julien.gribonvald</AttributeValue></Attribute><Attribute
 
AttributeName="prenom" 
AttributeNamespace="http://www.ja-sig.org/products/cas/";><AttributeValue>Julien</AttributeValue></Attribute><Attribute
 
AttributeName="nom" 
AttributeNamespace="http://www.ja-sig.org/products/cas/";><AttributeValue>GRIBONVALD</AttributeValue></Attribute></AttributeStatement><AuthenticationStatement
 
AuthenticationInstant="2009-01-19T14:59:54.001Z" 
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><NameIdentifier>F08001pi</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement></Assertion></Response></SOAP-ENV:Body></SOAP-ENV:Envelope>
2009-01-19 15:39:35,148 DEBUG 
[org.jasig.cas.client.validation.Saml11TicketValidator] - skipping 
assertion that's not yet valid...
2009-01-19 15:39:35,148 WARN 
[org.jasig.cas.client.validation.Saml11TicketValidationFilter] - 
org.jasig.cas.client.validation.TicketValidationException: No valid 
assertions from the SAML response found.
org.jasig.cas.client.validation.TicketValidationException: No valid 
assertions from the SAML response found.
        at 
org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:96)
        at 
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)
        at 
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at 
org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
        at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
        at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
        at 
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at 
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at 
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
        at java.lang.Thread.run(Thread.java:595)
2009-01-19 15:39:35,149 ERROR 
[org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/PRONOTEsso].[DoServlet]]
 
- Servlet.service() for servlet DoServlet threw exception
org.jasig.cas.client.validation.TicketValidationException: No valid 
assertions from the SAML response found.
        at 
org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:96)
        at 
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)
        at 
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at 
org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
        at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
        at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
        at 
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at 
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at 
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
        at java.lang.Thread.run(Thread.java:595)



Is there someone who have an idea of this problem ?

thanks

Julien G.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to