I found the error in localhost.log and it seems to be stemming from this: org.opensaml.artifact.InvalidArgumentException: Unexpected length: 22 (expected 20)
I upgraded 3.4.4 on our dev environment and it seems to have solved the problem. Thanks, Bill From: Scott Battaglia <scott.battag...@gmail.com<mailto:scott.battag...@gmail.com>> Reply-To: "cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>" <cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>> Date: Tue, 27 Sep 2011 17:16:19 -0400 To: "cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>" <cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>> Subject: Re: [cas-user] CAS 3.4.2 with SAML 1.1 Which log file are you looking in? On Tue, Sep 27, 2011 at 2:19 PM, William Holloway <william.hollo...@nyumc.org<mailto:william.hollo...@nyumc.org>> wrote: Greetings all, We've been using CAS 3.4.2 happily for some time for many apps using CAS2.0 protocol and for GoogleApps. We've recently had a request from a vendor to use the SAML 1.1 protocol for a service they provide. It appears that the ticket is getting created but we're having an issue on the ticket validation. In the logs, I see the following: DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] - Generated query builder '(sAMAccountName=validuser01)' from query Map {username=[validuser01]}. DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket [TGT-1-9qqLpz5DzzCc4Tre3fzSApXhHMzT3zizuTojcdV5HXaW4RXDlA-cas] to registry. DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed cookie with name [CASPRIVACY] DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Added cookie with name [CASTGC] and value [TGT-1-9qqLpz5DzzCc4Tre3fzSApXhHMzT3zizuTojcdV5HXaW4RXDlA-cas] DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve ticket [TGT-1-9qqLpz5DzzCc4Tre3fzSApXhHMzT3zizuTojcdV5HXaW4RXDlA-cas] DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket [TGT-1-9qqLpz5DzzCc4Tre3fzSApXhHMzT3zizuTojcdV5HXaW4RXDlA-cas] found in registry. DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not generate service. DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - Extractor generated service for: http://localhost:8080/sandbox/blarg DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not generate service. DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - Extractor did not generate service. DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not generate service. DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - Extractor did not generate service. The end result is a "CAS unavailable" error screen on the front end and no ERROR level log entries in log file. I have the logging level cranked to DEBUG for just about everything. Any suggestions on how to get more information about what's falling apart here? Best regards, Bill -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: scott.battag...@gmail.com<mailto:scott.battag...@gmail.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: william.hollo...@nyumc.org<mailto:william.hollo...@nyumc.org> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user ------------------------------------------------------------ This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain information that is proprietary, confidential, and exempt from disclosure under applicable law. Any unauthorized review, use, disclosure, or distribution is prohibited. If you have received this email in error please notify the sender by return email and delete the original message. Please note, the recipient should check this email and any attachments for the presence of viruses. The organization accepts no liability for any damage caused by any virus transmitted by this email. ================================= -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user