Hi, In general its one of two problems (and we should probably make the error message clearer ;-)): either there is a certificate error, or the validation url was specified incorrectly (the CAS client only requires the point up to CAS, i.e. https://my.server.com/cas).
If both those are okay, we'll need to see if we can get any more info. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Mon, Jan 19, 2009 at 10:51 AM, Julien Gribonvald < [email protected]> wrote: > Hi, > > I'm looking for help to understand a problem of SAML talk between CAS > server ( 3.3.1 with cas toolbox) and CAS client (3.3.1). > > The CAS server is deployed on a tomcat 6.0.16 and java 1.5.0_10, and the > app is on a tomcat 5.5.27 with java 1.5.0_14 and all is behind an > appache with mod_jk. > > On cas log I have only this warning : > 2009-01-19 15:59:54,258 WARN [org.opensaml.XML] - Unable to turn off > data normalization in parser, supersignatures may fail with Xerces-J: > javax.xml.parsers.ParserConfigurationException: > jaxp_feature_not_supported: Feature > "http://apache.org/xml/features/validation/schema/normalized-value"; is > not supported. > > > And when the app client try to validate a ticket with SAML protocol it > succeed, but I get this error : > > 2009-01-19 15:39:21,048 DEBUG > [org.jasig.cas.client.authentication.AuthenticationFilter] - no ticket > and no assertion found > 2009-01-19 15:39:21,049 DEBUG [org.jasig.cas.client.util.CommonUtils] - > serviceUrl generated: http://my.host.net:8080/PRONOTEsso/ > 2009-01-19 <http://my.host.net:8080/PRONOTEsso/2009-01-19> 15:39:21,049 > DEBUG > [org.jasig.cas.client.authentication.AuthenticationFilter] - Constructed > service url: http://my.host.net:8080/PRONOTEsso/ > 2009-01-19 <http://my.host.net:8080/PRONOTEsso/2009-01-19> 15:39:21,049 > DEBUG > [org.jasig.cas.client.authentication.AuthenticationFilter] - redirecting > to > " > https://dvorak.recia.fr/cas/login?service=http%3A%2F%2Fmy.host.net%3A8080%2FPRONOTEsso%2F > " > 2009-01-19 15:39:34,785 DEBUG > [org.jasig.cas.client.authentication.AuthenticationFilter] - removing > gateway attribute from session > 2009-01-19 15:39:34,785 DEBUG > [org.jasig.cas.client.validation.Saml11TicketValidationFilter] - > Attempting to validate ticket: ST-1-EP4Is7yga1cbkdFY50Zv-cas > 2009-01-19 15:39:34,786 DEBUG [org.jasig.cas.client.util.CommonUtils] - > serviceUrl generated: http://my.host.net:8080/PRONOTEsso/ > 2009-01-19 <http://my.host.net:8080/PRONOTEsso/2009-01-19> 15:39:34,786 > DEBUG > [org.jasig.cas.client.validation.Saml11TicketValidator] - Placing URL > parameters in map. > 2009-01-19 15:39:34,786 DEBUG > [org.jasig.cas.client.validation.Saml11TicketValidator] - Calling > template URL attribute map. > 2009-01-19 15:39:34,786 DEBUG > [org.jasig.cas.client.validation.Saml11TicketValidator] - Loading custom > parameters from configuration. > 2009-01-19 15:39:34,786 DEBUG > [org.jasig.cas.client.validation.Saml11TicketValidator] - Constructing > validation url: > > https://dvorak.recia.fr/cas/samlValidate?TARGET=http%3A%2F%2Fmy.host.net%3A8080%2FPRONOTEsso%2F > 2009-01-19<https://dvorak.recia.fr/cas/samlValidate?TARGET=http%3A%2F%2Fmy.host.net%3A8080%2FPRONOTEsso%2F2009-01-19>15:39:34,786 > DEBUG > [org.jasig.cas.client.validation.Saml11TicketValidator] - Retrieving > response from server. > 2009-01-19 15:39:35,141 DEBUG > [org.jasig.cas.client.validation.Saml11TicketValidator] - Server > response: <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/ > "><SOAP-ENV:Header/><SOAP-ENV:Body><Response > xmlns="urn:oasis:names:tc:SAML:1.0:protocol" > xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" > xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > IssueInstant="2009-01-19T14:59:54.088Z" MajorVersion="1" > MinorVersion="1" Recipient="http://my.host.net:8080/PRONOTEsso/"; > ResponseID="_4f85a1187ad9080a4963e3bffe23728e"><Status><StatusCode > Value="samlp:Success"></StatusCode></Status><Assertion > xmlns="urn:oasis:names:tc:SAML:1.0:assertion" > AssertionID="_9ca35d5f982cba06665b4ee2ac5ade0e" > IssueInstant="2009-01-19T14:59:54.088Z" Issuer="localhost" > MajorVersion="1" MinorVersion="1"><Conditions > NotBefore="2009-01-19T14:59:54.088Z" > > NotOnOrAfter="2009-01-19T15:00:24.088Z"><AudienceRestrictionCondition><Audience> > http://my.host.net:8080/PRONOTEsso/ > </Audience></AudienceRestrictionCondition></Conditions><AttributeStatement><Subject><NameIdentifier>F08001pi</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation></Subject><Attribute > AttributeName="dateNaissance" > AttributeNamespace="http://www.ja-sig.org/products/cas/ > "><AttributeValue>04/05/1983</AttributeValue></Attribute><Attribute > AttributeName="user" > AttributeNamespace="http://www.ja-sig.org/products/cas/ > "><AttributeValue>F08001pi</AttributeValue></Attribute><Attribute > AttributeName="login" > AttributeNamespace="http://www.ja-sig.org/products/cas/ > "><AttributeValue>julien.gribonvald</AttributeValue></Attribute><Attribute > AttributeName="prenom" > AttributeNamespace="http://www.ja-sig.org/products/cas/ > "><AttributeValue>Julien</AttributeValue></Attribute><Attribute > AttributeName="nom" > AttributeNamespace="http://www.ja-sig.org/products/cas/ > "><AttributeValue>GRIBONVALD</AttributeValue></Attribute></AttributeStatement><AuthenticationStatement > AuthenticationInstant="2009-01-19T14:59:54.001Z" > > AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><NameIdentifier>F08001pi</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement></Assertion></Response></SOAP-ENV:Body></SOAP-ENV:Envelope> > 2009-01-19 15:39:35,148 DEBUG > [org.jasig.cas.client.validation.Saml11TicketValidator] - skipping > assertion that's not yet valid... > 2009-01-19 15:39:35,148 WARN > [org.jasig.cas.client.validation.Saml11TicketValidationFilter] - > org.jasig.cas.client.validation.TicketValidationException: No valid > assertions from the SAML response found. > org.jasig.cas.client.validation.TicketValidationException: No valid > assertions from the SAML response found. > at > > org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:96) > at > > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188) > at > > org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) > at > > org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875) > at > > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) > at > > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) > at > > org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) > at > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) > at java.lang.Thread.run(Thread.java:595) > 2009-01-19 15:39:35,149 ERROR > > [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/PRONOTEsso].[DoServlet]] > - Servlet.service() for servlet DoServlet threw exception > org.jasig.cas.client.validation.TicketValidationException: No valid > assertions from the SAML response found. > at > > org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:96) > at > > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188) > at > > org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) > at > > org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875) > at > > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) > at > > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) > at > > org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) > at > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) > at java.lang.Thread.run(Thread.java:595) > > > > Is there someone who have an idea of this problem ? > > thanks > > Julien G. > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
