For some reason your ticket is removed from the registry. You should track that ST in your logs to see what happens to it.
From: Zac Harvey [mailto:zhar...@commercehub.com] Sent: Monday, July 28, 2014 6:30 AM To: cas-user@lists.jasig.org Subject: RE:[cas-user] CAS 4.0: HTTP 401 Authentication Failed: No principal was found in the response from the CAS server Any takers? This is a live production issue for us and I'm completely blindsided by this. From: Zac Harvey Sent: Friday, July 25, 2014 4:19 PM To: cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> Subject: CAS 4.0: HTTP 401 Authentication Failed: No principal was found in the response from the CAS server We have some clients that use the Shiro-CAS client for communicating with CAS, and just launched a new app that uses SpringSec-CAS. The Shiro-CAS integration has been running flawlessly for quite some time. SpringSec-CAS users, however, get a HTTP 401 error *after* they try logging in from the CAS login page: "HTTP Status 401 - Authentication Failed: No principal was found in the response from the CAS server." Also, the serviceValidate URL (https://mycas:8443/mycas/serviceValidate?service=app01/app/j_spring_cas_s ecurity_check <https://mycas:8443/mycas/serviceValidate?service=app01/app/j_spring_cas_s ecurity_check&ticket=ST-1-psUajs8fj5klcp05gJMV-localsso.ourorg.example.com > &ticket=ST-1-psUajs8fj5klcp05gJMV-localsso.ourorg.example.com) returns: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationFailure code='INVALID_TICKET'> Ticket 'ST-1-psUajs8fj5klcp05gJMV-localsso.ourorg.example.com' not recognized </cas:authenticationFailure> </cas:serviceResponse> Any ideas as to what is going on here? Again this is CAS 4.0. What could cause these errors. Is it a server-side config issue that (somehow) Shiro-CAS clients would be oblivious to? Is it a client-side issue with SpringSec? Best, Zac -- You are currently subscribed to cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> as: mmoay...@unicon.net <mailto:mmoay...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user