Hi, I'm looking for help to understand a problem of SAML talk between CAS server ( 3.3.1 with cas toolbox) and CAS client (3.3.1).
The CAS server is deployed on a tomcat 6.0.16 and java 1.5.0_10, and the app is on a tomcat 5.5.27 with java 1.5.0_14 and all is behind an appache with mod_jk. On cas log I have only this warning : 2009-01-19 15:59:54,258 WARN [org.opensaml.XML] - Unable to turn off data normalization in parser, supersignatures may fail with Xerces-J: javax.xml.parsers.ParserConfigurationException: jaxp_feature_not_supported: Feature "http://apache.org/xml/features/validation/schema/normalized-value"; is not supported. And when the app client try to validate a ticket with SAML protocol it succeed, but I get this error : 2009-01-19 15:39:21,048 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] - no ticket and no assertion found 2009-01-19 15:39:21,049 DEBUG [org.jasig.cas.client.util.CommonUtils] - serviceUrl generated: http://my.host.net:8080/PRONOTEsso/ 2009-01-19 15:39:21,049 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] - Constructed service url: http://my.host.net:8080/PRONOTEsso/ 2009-01-19 15:39:21,049 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] - redirecting to "https://dvorak.recia.fr/cas/login?service=http%3A%2F%2Fmy.host.net%3A8080%2FPRONOTEsso%2F"; 2009-01-19 15:39:34,785 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] - removing gateway attribute from session 2009-01-19 15:39:34,785 DEBUG [org.jasig.cas.client.validation.Saml11TicketValidationFilter] - Attempting to validate ticket: ST-1-EP4Is7yga1cbkdFY50Zv-cas 2009-01-19 15:39:34,786 DEBUG [org.jasig.cas.client.util.CommonUtils] - serviceUrl generated: http://my.host.net:8080/PRONOTEsso/ 2009-01-19 15:39:34,786 DEBUG [org.jasig.cas.client.validation.Saml11TicketValidator] - Placing URL parameters in map. 2009-01-19 15:39:34,786 DEBUG [org.jasig.cas.client.validation.Saml11TicketValidator] - Calling template URL attribute map. 2009-01-19 15:39:34,786 DEBUG [org.jasig.cas.client.validation.Saml11TicketValidator] - Loading custom parameters from configuration. 2009-01-19 15:39:34,786 DEBUG [org.jasig.cas.client.validation.Saml11TicketValidator] - Constructing validation url: https://dvorak.recia.fr/cas/samlValidate?TARGET=http%3A%2F%2Fmy.host.net%3A8080%2FPRONOTEsso%2F 2009-01-19 15:39:34,786 DEBUG [org.jasig.cas.client.validation.Saml11TicketValidator] - Retrieving response from server. 2009-01-19 15:39:35,141 DEBUG [org.jasig.cas.client.validation.Saml11TicketValidator] - Server response: <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/><SOAP-ENV:Body><Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; IssueInstant="2009-01-19T14:59:54.088Z" MajorVersion="1" MinorVersion="1" Recipient="http://my.host.net:8080/PRONOTEsso/"; ResponseID="_4f85a1187ad9080a4963e3bffe23728e"><Status><StatusCode Value="samlp:Success"></StatusCode></Status><Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_9ca35d5f982cba06665b4ee2ac5ade0e" IssueInstant="2009-01-19T14:59:54.088Z" Issuer="localhost" MajorVersion="1" MinorVersion="1"><Conditions NotBefore="2009-01-19T14:59:54.088Z" NotOnOrAfter="2009-01-19T15:00:24.088Z"><AudienceRestrictionCondition><Audience>http://my.host.net:8080/PRONOTEsso/</Audience></AudienceRestrictionCondition></Conditions><AttributeStatement><Subject><NameIdentifier>F08001pi</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation></Subject><Attribute AttributeName="dateNaissance" AttributeNamespace="http://www.ja-sig.org/products/cas/";><AttributeValue>04/05/1983</AttributeValue></Attribute><Attribute AttributeName="user" AttributeNamespace="http://www.ja-sig.org/products/cas/";><AttributeValue>F08001pi</AttributeValue></Attribute><Attribute AttributeName="login" AttributeNamespace="http://www.ja-sig.org/products/cas/";><AttributeValue>julien.gribonvald</AttributeValue></Attribute><Attribute AttributeName="prenom" AttributeNamespace="http://www.ja-sig.org/products/cas/";><AttributeValue>Julien</AttributeValue></Attribute><Attribute AttributeName="nom" AttributeNamespace="http://www.ja-sig.org/products/cas/";><AttributeValue>GRIBONVALD</AttributeValue></Attribute></AttributeStatement><AuthenticationStatement AuthenticationInstant="2009-01-19T14:59:54.001Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><NameIdentifier>F08001pi</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement></Assertion></Response></SOAP-ENV:Body></SOAP-ENV:Envelope> 2009-01-19 15:39:35,148 DEBUG [org.jasig.cas.client.validation.Saml11TicketValidator] - skipping assertion that's not yet valid... 2009-01-19 15:39:35,148 WARN [org.jasig.cas.client.validation.Saml11TicketValidationFilter] - org.jasig.cas.client.validation.TicketValidationException: No valid assertions from the SAML response found. org.jasig.cas.client.validation.TicketValidationException: No valid assertions from the SAML response found. at org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:96) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188) at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Thread.java:595) 2009-01-19 15:39:35,149 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/PRONOTEsso].[DoServlet]] - Servlet.service() for servlet DoServlet threw exception org.jasig.cas.client.validation.TicketValidationException: No valid assertions from the SAML response found. at org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:96) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188) at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Thread.java:595) Is there someone who have an idea of this problem ? thanks Julien G. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
