Re: [cas-user] Authentication Failure

Mon, 25 Feb 2013 09:00:24 -0800 

E.,

Your portal is asking that CAS call it back with a PGT, yes, but otherwise
the PGT shouldn't be relevant.  If the CAS server proxy callback fails,
then CAS will issue the ST anyway and omit the PGTIOU from the ST
validation response.  Maybe the PGT callback is inserting enough delay to
run afoul of that 10 second timeout.

Incidentally, your portal's login URL and proxy callback URL aren't using
https.  The former is poor practice, and the latter just shouldn't work.

But anyway, as a next thing to try: how about nudging up the service ticket
timeout to 30 seconds rather than 10 seconds and see if anything changes?

Andrew





On Mon, Feb 25, 2013 at 11:08 AM, E.LT <helpdesk.lst...@gmail.com> wrote:

> Hello,
>
> I just removed the file you asked and i got different results. Here's the
> web http 500 error :
>
> "exception
>
> javax.servlet.ServletException:
> org.jasig.cas.client.validation.TicketValidationException:
>                 the ticket 'ST-14-o6h5Xx1BDhb1CPUQsT7Y-cas' is unknown
>
>
> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:155)
>
>
> cause mère
>
> org.jasig.cas.client.validation.TicketValidationException:
>                 the ticket 'ST-14-o6h5Xx1BDhb1CPUQsT7Y-cas' is unknown
>
>
> org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:73)
>
> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)
>
> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
>
> "
>
>
>
> And in the cas.log :
>
> "2013-02-25 17:01:07,861 INFO
> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket
> [ST-14-o6h5Xx1BDhb1CPUQsT7Y-cas] for service [http://ent2.xxxx.fr/Login]
> for user [xxxxx]
> 2013-02-25 17:01:07,974 INFO
> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> AuthenticationHandler:
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed to
> authenticate the user which provided the following credentials: [username:
> id3367]
> 2013-02-25 17:01:17,883 INFO
> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> AuthenticationHandler:
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
> successfully authenticated the user which provided the following
> credentials: [callbackUrl: http://ent2.xxx.fr/CasProxyServlet]
> 2013-02-25 17:01:17,884 ERROR
> [org.jasig.cas.web.ServiceValidateController] - TicketException generating
> ticket for: [callbackUrl: http://ent2.xxx.fr/CasProxyServlet]
> org.jasig.cas.ticket.InvalidTicketException
>         at
> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket_aroundBody6(CentralAuthenticationServiceImpl.java:278)
>         at
> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket_aroundBody7$advice(CentralAuthenticationServiceImpl.java:44)
>         at
> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:1)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:597)
>         at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)
>         at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
>         at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
>         at
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
>         at
> org.perf4j.aop.AbstractTimingAspect$1.proceed(AbstractTimingAspect.java:47)
>         at
> org.perf4j.aop.AgnosticTimingAspect.runProfiledMethod(AgnosticTimingAspect.java:44)
>         at
> org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspect.java:45)
>         at sun.reflect.GeneratedMethodAccessor56.invoke(Unknown Source)
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:597)
>         at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
>         at
> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
>         at
> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
>         at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
>         at
> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
>         at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
>         at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
>         at $Proxy40.delegateTicketGrantingTicket(Unknown Source)
>         at
> org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:127)
>         at
> org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
>         at
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
>         at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
>         at
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
>         at
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
>         at
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>         at
> org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:115)
>         at
> org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:44)
>         at
> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>         at
> com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>         at
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
>         at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
>         at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
>         at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>         at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>         at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>         at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>         at
> com.googlecode.psiprobe.Tomcat60AgentValve.invoke(Tomcat60AgentValve.java:30)
>         at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>         at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>         at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
>         at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
>         at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
>         at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
>         at java.lang.Thread.run(Thread.java:662)
> 2013-02-25 17:01:17,888 INFO
> [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket
> [ST-14-o6h5Xx1BDhb1CPUQsT7Y-cas] has expired.
> "
>
> It's weird, in the previous message i'm being asked for a PGT. And here it
> seems that it creates the ST bug 10 seconds after it has expired.
>
> Best regards
>
> E.
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> ape...@unicon.net
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to