This apparently happens because we don't believe we have access to the TARGET to validate: https://github.com/Jasig/cas/blob/master/cas-server-support-saml/src/main/java/org/jasig/cas/support/saml/authentication/principal/SamlService.java#L96
Not quite sure why we believe that since we're passing TARGET: https://github.com/Jasig/java-cas-client/blob/master/cas-client-core/src/main/java/org/jasig/cas/client/validation/Saml11TicketValidator.java#L93 I believe we should remove that method and allow for the default behavior. On Mon, Aug 11, 2014 at 4:10 PM, Marvin Addison <marvin.addi...@gmail.com> wrote: > > 2014-08-11 14:48:53,829 INFO > > [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket > > [ST-1-ZVJ45whjWQCXrJQVHVmd-abbott] for service > > [https://ckillingsworth2.missouristate.edu/testcasapp] for user [chk790] > > Can you post the corresponding log entry that reads something like the > following: > > Successfully validated ticket [ST-1-ZVJ45whjWQCXrJQVHVmd-abbott]. > > You may have bigger problems if you do not have such a line. Chad > noted that this is a load-balanced service, so the validation may have > happened on another node since the ticket request and validation have > distinct sources. > > M > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > scott.battag...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user