Dear all, I am just getting started with CAS 3.5.2 and got stuck when I tried to employ SAML. Eventually I will need SAML to transport user group membership information from a LDAP-server to the client application.
I have set up mod_auth_cas 1.0.10 for apach2. The same apache2 serves the application. CAS is proxied in on the apache. Authentication as such works until I switch to SAML. The same ST is validated twice. The ST is removed from the registry after the first (successfull) validation attempt and is therefor not available for the second attempt. I found a previous post describing the exact same effect. The author was advised to check for configuration issues. Unfortunately there was no hint as to where to look? This is the debug log output of a single request to the service https://dev.fe2.local: 2013-08-16 14:38:19,685 DEBUG [org.jasig.cas.authentication.principal.SamlService] - <Attempted to extract Request from HttpServletRequest. Results:> 2013-08-16 14:38:19,685 DEBUG [org.jasig.cas.authentication.principal.SamlService] - <Request Body: <?xml version="1.0" encoding="utf-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1"><samlp:AssertionArtifact>ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint</samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope>> 2013-08-16 14:38:19,685 DEBUG [org.jasig.cas.authentication.principal.SamlService] - <Extracted ArtifactId: ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint> 2013-08-16 14:38:19,685 DEBUG [org.jasig.cas.authentication.principal.SamlService] - <Extracted Request Id: null> 2013-08-16 14:38:19,685 DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor generated service for: https://dev.local.fe2/fe2.html> 2013-08-16 14:38:19,685 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint]> 2013-08-16 14:38:19,685 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint] found in registry.> 2013-08-16 14:38:19,686 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Principal id to return for service [HTTP and IMAP] is [[email protected]]. The default principal id is [[email protected]].> 2013-08-16 14:38:19,686 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket [ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint] from registry> 2013-08-16 14:38:19,686 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint]> 2013-08-16 14:38:19,686 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint ACTION: SERVICE_TICKET_VALIDATED APPLICATION: CAS WHEN: Fri Aug 16 14:38:19 CEST 2013 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.1.1 ============================================================= > 2013-08-16 14:38:19,687 DEBUG [org.jasig.cas.web.ServiceValidateController] - <Successfully validated service ticket: ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint> 2013-08-16 14:38:19,687 DEBUG [org.jasig.cas.authentication.principal.SamlService] - <Attempted to extract Request from HttpServletRequest. Results:> 2013-08-16 14:38:19,687 DEBUG [org.jasig.cas.authentication.principal.SamlService] - <Request Body: > 2013-08-16 14:38:19,687 DEBUG [org.jasig.cas.authentication.principal.SamlService] - <Extracted ArtifactId: null> 2013-08-16 14:38:19,687 DEBUG [org.jasig.cas.authentication.principal.SamlService] - <Extracted Request Id: null> 2013-08-16 14:38:19,687 DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor generated service for: https://dev.local.fe2/fe2.html> 2013-08-16 14:38:19,880 DEBUG [org.jasig.cas.authentication.principal.SamlService] - <Attempted to extract Request from HttpServletRequest. Results:> 2013-08-16 14:38:19,881 DEBUG [org.jasig.cas.authentication.principal.SamlService] - <Request Body: <?xml version="1.0" encoding="utf-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1"><samlp:AssertionArtifact>ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint</samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope>> 2013-08-16 14:38:19,881 DEBUG [org.jasig.cas.authentication.principal.SamlService] - <Extracted ArtifactId: ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint> 2013-08-16 14:38:19,881 DEBUG [org.jasig.cas.authentication.principal.SamlService] - <Extracted Request Id: null> 2013-08-16 14:38:19,881 DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor generated service for: https://dev.local.fe2/fe2.html> 2013-08-16 14:38:19,881 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint]> 2013-08-16 14:38:19,881 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint] does not exist.> 2013-08-16 14:38:19,882 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint]> 2013-08-16 14:38:19,882 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint ACTION: SERVICE_TICKET_VALIDATE_FAILED APPLICATION: CAS WHEN: Fri Aug 16 14:38:19 CEST 2013 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.1.1 ============================================================= Please advise. Regards Ralf -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
