You may want to consider upgrading the client itself, rather than a dependency it requires.
--Misagh From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Manfredo Hopp Sent: Tuesday, November 22, 2016 5:26 PM To: Cas <cas-user@apereo.org> Subject: [cas-user] IO error sending HTTP request to /samlValidate Hi, we have cas client applications using SAML 1.1 which we recently upgraded to SAML 1.1 V2.6.6. With one of these applications (= front end) we are experiencing problems when access through cas. These intermitent problems make this application unavailabe and we end changing the SAML version to its prior jar version. (1.1) We have Cas 4.0.1 installed and the client application is under spring/spring security (with srping security cas) version. Following is pom artifacts versions: <org.springframework.version>4.2.2.RELEASE</org.springframework.version> <org.springframework.security.version>4.0.3.RELEASE</org.springframework.security.version> <org.jasig.cas.client.cas-client-core.version>3.2.1</org.jasig.cas.client.cas-client-core.version> <org.opensaml.opensaml.version>2.6.6</org.opensaml.opensaml.version> <commons-codec.commons-codec.version>1.5</commons-codec.commons-codec.version> <org.apache.santuario.xmlsec.version>1.4.3</org.apache.santuario.xmlsec.version> Cas 4.0.1 version has opensaml-2.5.1-1.jar version. Could this difference in version generate some problem with clients or is there any other known issue on this configuration. Cas is running on tomcat .8.5.5 and application is under tomcat 6.0.45. Any comments on this would be greatly appreciated! Manfredo Stacktrace of problem ======================================================= mensaje IO error sending HTTP request to /samlValidatedescripción El servidor encontró un error interno que hizo que no pudiera rellenar este requerimiento.excepciónjava.lang.RuntimeException: IO error sending HTTP request to /samlValidate org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer(Saml11TicketValidator.java:215) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:158) org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:143) org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:270) org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) causa raízjava.io.IOException: Server returned HTTP response code: 403 for URL: https://my.domain/cas/samlValidate?TARGET=http%3A%2F%2Fmy.domain%2Fauth%2Flogin%2Fcas <https://si.conicet.gov.ar/cas/samlValidate?TARGET=http%3A%2F%2Fsi.conicet.gov.ar%2Fauth%2Flogin%2Fcas> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1627) sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer(Saml11TicketValidator.java:213) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:158) org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:143) org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:270) org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) nota La traza completa de la causa de este error se encuentra en los archivos de diario de Apache Tomcat/6.0.45. <http://6.0.45.> -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAB623R85%2BosaYkhqtL6f7r8_-jYVU7zLRN%3D_gF8bpOZFWN8-yg%40mail.gmail.com <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAB623R85%2BosaYkhqtL6f7r8_-jYVU7zLRN%3D_gF8bpOZFWN8-yg%40mail.gmail.com?utm_medium=email&utm_source=footer> . -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00c401d245a5%24bb6933c0%24323b9b40%24%40unicon.net.
