Hi, What's your mod_auth_cas configuration ? Thanks. Best regards, Jérôme
2013/8/16 Ralf Steppacher <[email protected]> > Dear all, > > I am just getting started with CAS 3.5.2 and got stuck when I tried to > employ SAML. Eventually I will need SAML to transport user group membership > information from a LDAP-server to the client application. > > I have set up mod_auth_cas 1.0.10 for apach2. The same apache2 serves the > application. CAS is proxied in on the apache. Authentication as such works > until I switch to SAML. The same ST is validated twice. The ST is removed > from the registry after the first (successfull) validation attempt and is > therefor not available for the second attempt. > I found a previous post describing the exact same effect. The author was > advised to check for configuration issues. Unfortunately there was no hint > as to where to look? > > This is the debug log output of a single request to the service > https://dev.fe2.local: > > 2013-08-16 14:38:19,685 DEBUG > [org.jasig.cas.authentication.principal.SamlService] - <Attempted to > extract Request from HttpServletRequest. Results:> > 2013-08-16 14:38:19,685 DEBUG > [org.jasig.cas.authentication.principal.SamlService] - <Request Body: <?xml > version="1.0" encoding="utf-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=" > http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request > xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" > MinorVersion="1"><samlp:AssertionArtifact>ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint</samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope>> > 2013-08-16 14:38:19,685 DEBUG > [org.jasig.cas.authentication.principal.SamlService] - <Extracted > ArtifactId: ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint> > 2013-08-16 14:38:19,685 DEBUG > [org.jasig.cas.authentication.principal.SamlService] - <Extracted Request > Id: null> > 2013-08-16 14:38:19,685 DEBUG > [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor generated > service for: https://dev.local.fe2/fe2.html> > 2013-08-16 14:38:19,685 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket [ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint]> > 2013-08-16 14:38:19,685 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket > [ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint] found in registry.> > 2013-08-16 14:38:19,686 DEBUG > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Principal id to return > for service [HTTP and IMAP] is [[email protected]]. > The default principal id is [[email protected]].> > 2013-08-16 14:38:19,686 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket > [ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint] from registry> > 2013-08-16 14:38:19,686 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket [ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint]> > 2013-08-16 14:38:19,686 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint > ACTION: SERVICE_TICKET_VALIDATED > APPLICATION: CAS > WHEN: Fri Aug 16 14:38:19 CEST 2013 > CLIENT IP ADDRESS: 127.0.0.1 > SERVER IP ADDRESS: 127.0.1.1 > ============================================================= > > > > 2013-08-16 14:38:19,687 DEBUG > [org.jasig.cas.web.ServiceValidateController] - <Successfully validated > service ticket: ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint> > 2013-08-16 14:38:19,687 DEBUG > [org.jasig.cas.authentication.principal.SamlService] - <Attempted to > extract Request from HttpServletRequest. Results:> > 2013-08-16 14:38:19,687 DEBUG > [org.jasig.cas.authentication.principal.SamlService] - <Request Body: > > 2013-08-16 14:38:19,687 DEBUG > [org.jasig.cas.authentication.principal.SamlService] - <Extracted > ArtifactId: null> > 2013-08-16 14:38:19,687 DEBUG > [org.jasig.cas.authentication.principal.SamlService] - <Extracted Request > Id: null> > 2013-08-16 14:38:19,687 DEBUG > [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor generated > service for: https://dev.local.fe2/fe2.html> > 2013-08-16 14:38:19,880 DEBUG > [org.jasig.cas.authentication.principal.SamlService] - <Attempted to > extract Request from HttpServletRequest. Results:> > 2013-08-16 14:38:19,881 DEBUG > [org.jasig.cas.authentication.principal.SamlService] - <Request Body: <?xml > version="1.0" encoding="utf-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=" > http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request > xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" > MinorVersion="1"><samlp:AssertionArtifact>ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint</samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope>> > 2013-08-16 14:38:19,881 DEBUG > [org.jasig.cas.authentication.principal.SamlService] - <Extracted > ArtifactId: ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint> > 2013-08-16 14:38:19,881 DEBUG > [org.jasig.cas.authentication.principal.SamlService] - <Extracted Request > Id: null> > 2013-08-16 14:38:19,881 DEBUG > [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor generated > service for: https://dev.local.fe2/fe2.html> > 2013-08-16 14:38:19,881 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket [ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint]> > 2013-08-16 14:38:19,881 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket > [ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint] does not exist.> > 2013-08-16 14:38:19,882 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket [ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint]> > 2013-08-16 14:38:19,882 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: ST-2-5S4qgEJ5LLEAP45Xecdp-steppra1-linux-mint > ACTION: SERVICE_TICKET_VALIDATE_FAILED > APPLICATION: CAS > WHEN: Fri Aug 16 14:38:19 CEST 2013 > CLIENT IP ADDRESS: 127.0.0.1 > SERVER IP ADDRESS: 127.0.1.1 > ============================================================= > > > Please advise. > > > Regards > Ralf > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
