Open up the Browser's Network Monitor (under Dev tools). I bet it is hitting the default page with the ticket query string, but removes it after validating the user. You'll see three calls to your default page (if you start with a clean browser session (or remove cookies): 1. Default page Redirect the user to CAS Server. 2. After authenticating a request for your default page with the ?ticket=ST-xxx 3. A request of the default page without the ?ticket=ST-xx.
Your user should be authenticated at this point. Do you have some code on the default page that bubbles up the Page.Identity.Name (or something similar) and displays it? On 9/12/14 10:39 AM, Michelle Zhang wrote: > After I logged in to Cas, I'm redirected back to my page, and the url > showing in the address bar is: http://test-spots.fandm.edu/ > > No ticket query string is showing or anything else...I thought it > should be something like > http://test-spots.fandm.edu?ticket=.......but I do not see it. > > On Fri, Sep 12, 2014 at 1:21 PM, John Gasper <jgas...@unicon.net > <mailto:jgas...@unicon.net>> wrote: > > I'm not sure I follow. Are you authenticated to your app when you > get sent back? The .NET CAS Client will consume the "ticket" > querystring data, validate the service ticket, populates the > page.identity object, and redirects the page to itself removing > the "ticket" querystring. > > > On 9/12/14 9:40 AM, Michelle Zhang wrote: >> Oh great. I see. After I clear the cookies I can see the CAS >> too. Thank you John! >> >> Right now after I logged in to CAS, I'm redirected to my default >> page, but the url is not in the format which contains the ticket >> info...what might be the problem? >> >> >> Michelle >> >> On Fri, Sep 12, 2014 at 12:17 PM, John Gasper <jgas...@unicon.net >> <mailto:jgas...@unicon.net>> wrote: >> >> Hi Michelle, >> >> Nice sleuthing! So when I go to http://test-spots.fandm.edu/ >> I get sent to you test CAS Server. If you were already logged >> into the CAS server it would have looked like it was only >> taking you to your homepage. >> >> It's looking OK to me. >> >> >> On 9/12/14 9:06 AM, Michelle Zhang wrote: >>> Thank you John! I renamed Web.config file to web.xml and >>> opened it in IE, it compiled right. >>> So I started to check the items in Web.config file, and found: >>> 1. I need to comment this out, otherwise I get 500 Internal >>> Error: <modules runAllManagedModulesForAllRequests="true"/> >>> 2. I need to add this: <validation >>> validateIntegratedModeConfiguration="false"/>, otherwise I >>> get 500.22 Error >>> The problem is now when I type my website URL in the address >>> bar in the browser, it goes to my webpage default page >>> directly, it does not go to the CAS log in page. >>> >>> Any ideas why is that? I just pasted the web.config file in >>> the bottom of the email, in case you have time to take a >>> look for me. >>> >>> >>> Michelle >>> >>> >>> >>> Web.config >>> >>> <?xml version="1.0"?> >>> >>> <configuration> >>> <configSections> >>> <!--<section name="securitySwitch" >>> type="SecuritySwitch.Configuration.Settings, >>> SecuritySwitch" >>> requirePermission="false" />--> >>> <section name="casClientConfig" >>> type="DotNetCasClient.Configuration.CasClientConfiguration, >>> DotNetCasClient"/> >>> </configSections> >>> <casClientConfig >>> casServerLoginUrl="https://cas-test.fandm.edu/cas/login"; >>> >>> casServerUrlPrefix="https://cas-test.fandm.edu/cas"; >>> serverName="test-spots.fandm.edu >>> <http://test-spots.fandm.edu>" >>> notAuthorizedUrl="~/Failed.aspx" >>> cookiesRequiredUrl="" >>> redirectAfterValidation="true" >>> renew="false" singleSignOut="true" >>> ticketValidatorName="Cas20" >>> >>> serviceTicketManager="CacheServiceTicketManager"/> >>> >>> <!--<securitySwitch mode="RemoteOnly"> >>> <paths> >>> <add path="~/Login.aspx" /> >>> </paths> >>> </securitySwitch>--> >>> >>> >>> <connectionStrings> >>> <add name="ApplicationServices" connectionString="data >>> source=.\SQLEXPRESS;Integrated >>> Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User >>> Instance=true" >>> providerName="System.Data.SqlClient" /> >>> </connectionStrings> >>> <system.web> >>> >>> <!--<customErrors mode="Off" >>> defaultRedirect="Error.aspx"/>--> >>> <customErrors mode="Off"/> >>> <compilation debug="true" targetFramework="4.0"/> >>> >>> <authentication mode="Forms"> >>> <forms loginUrl="https://cas-test.fandm.edu/cas/login"; >>> timeout="30" >>> defaultUrl="Default.aspx" >>> cookieless="UseCookies" >>> slidingExpiration="true" >>> path="/" /> >>> </authentication> >>> <authorization> >>> <deny users="?"/> >>> </authorization> >>> <httpModules> >>> <add name="DotNetCasClient" >>> >>> type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient"/> >>> </httpModules> >>> >>> <sessionState timeout="2880"> >>> </sessionState> >>> <membership> >>> <providers> >>> <clear/> >>> <add name="AspNetSqlMembershipProvider" >>> type="System.Web.Security.SqlMembershipProvider" >>> connectionStringName="ApplicationServices" >>> enablePasswordRetrieval="false" enablePasswordReset="true" >>> requiresQuestionAndAnswer="false" >>> requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" >>> minRequiredPasswordLength="6" >>> minRequiredNonalphanumericCharacters="0" >>> passwordAttemptWindow="10" applicationName="/"/> >>> </providers> >>> </membership> >>> <profile> >>> <providers> >>> <clear/> >>> <add name="AspNetSqlProfileProvider" >>> type="System.Web.Profile.SqlProfileProvider" >>> connectionStringName="ApplicationServices" applicationName="/"/> >>> </providers> >>> </profile> >>> <roleManager enabled="false"> >>> <providers> >>> <clear/> >>> <add name="AspNetSqlRoleProvider" >>> type="System.Web.Security.SqlRoleProvider" >>> connectionStringName="ApplicationServices" applicationName="/"/> >>> <add name="AspNetWindowsTokenRoleProvider" >>> type="System.Web.Security.WindowsTokenRoleProvider" >>> applicationName="/"/> >>> </providers> >>> </roleManager> >>> >>> </system.web> >>> <system.webServer> >>> <!--just added this on 9/12/14 11:46. >>> without it or set to true: >>> HTTP Error 500.22 - Internal Server Error >>> An ASP.NET <http://ASP.NET> setting has been detected that >>> does not apply in Integrated managed pipeline mode. >>> with it: >>> do not go to cas log in, but only go to the default page.--> >>> <validation validateIntegratedModeConfiguration="false"/> >>> <modules> >>> <remove name="DotNetCasClient"/> >>> <add name="DotNetCasClient" >>> >>> type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient"/> >>> </modules> >>> <!--<httpErrors errorMode="Custom"> >>> <error statusCode="500" subStatusCode="5" >>> path="https://spots.fandm.edu"; responseMode="Redirect"/> >>> <error statusCode="403" subStatusCode="4" >>> path="https://spots.fandm.edu"; responseMode="Redirect"/> >>> </httpErrors>--> >>> <httpErrors errorMode="Detailed" /> >>> >>> <asp scriptErrorSentToBrowser="true"/> >>> >>> <!--need to comment it, otherwise 500 Error--> >>> <!--<modules runAllManagedModulesForAllRequests="true"/>--> >>> >>> <defaultDocument> >>> <files> >>> <clear/> >>> <add value="Default.aspx"/> >>> </files> >>> >>> </defaultDocument> >>> </system.webServer> >>> >>> >>> </configuration> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> On Thu, Sep 11, 2014 at 5:13 PM, John Gasper >>> <jgas...@unicon.net <mailto:jgas...@unicon.net>> wrote: >>> >>> Hi Michelle, >>> >>> When I get these kind of errors with IIS, the first >>> thing I check is that the web.config file is valid xml. >>> I usually rename the file to end in .xml and open it in >>> IE to make sure it parses correctly. If that checks out >>> make sure the new elements were added to the appropriate >>> areas. I'd guess something wrong in the web.config is >>> probably the problem. >>> >>> Next, I usually enable Failed Request Tracing. You'll >>> need to work with your sys admin to configure and enable >>> it, but this usually uncovers everything. An xml file >>> will be created that will merge to the xsl file in the >>> output directory. Open the xml in IE and that will make >>> it a lot easier to review. >>> >>> Give those a try and see what you find. >>> >>> Good luck! >>> >>> John >>> >>> >>> On 9/11/14 11:40 AM, Michelle Zhang wrote: >>>> Carl, >>>> >>>> I do not have access to the event viewer in the windows >>>> server. I'll check with the personnel who has access to it. >>>> >>>> Yes the website works very good before adding the CAS >>>> client code. >>>> >>>> I tried to test with a "Hello World" test page but got >>>> the same error. >>>> >>>> Not sure how to set the error log...I found as soon as >>>> I logged in the Cas Log In page, I got this error >>>> message. How to find out if the error is happening >>>> before or after the request is routed? I do not have >>>> much access to the server so I cannot debug the web >>>> pages using break point on the web server.... >>>> >>>> >>>> Michelle >>>> >>>> >>>> >>>> On Thu, Sep 11, 2014 at 2:10 PM, Waldbieser, Carl >>>> <waldb...@lafayette.edu >>>> <mailto:waldb...@lafayette.edu>> wrote: >>>> >>>> Michelle, >>>> >>>> Did you check the Windows event log to see if the >>>> error was logged elsewhere (e.g. under "Applications")? >>>> Did the web site work *prior* to adding the CAS >>>> client code? >>>> Can you serve *any* resource? E.g. a basic "Hello >>>> World" test page? >>>> Can you emit messages to an error log from your ASP >>>> page to see if the request is reaching the page or >>>> if the error is happening before the request is routed? >>>> >>>> Without knowing much about your setup, I am afraid >>>> I am someone limited in the advice I can offer. >>>> >>>> Thanks, >>>> Carl >>>> >>>> ----- Original Message ----- >>>> From: "Michelle Zhang" <michelle.zh...@fandm.edu >>>> <mailto:michelle.zh...@fandm.edu>> >>>> To: cas-user@lists.jasig.org >>>> <mailto:cas-user@lists.jasig.org> >>>> Sent: Thursday, September 11, 2014 2:03:36 PM >>>> Subject: Re: [cas-user] Possible cause of 500 - >>>> Internal server error >>>> >>>> Hi Carl, >>>> >>>> Thank you again for helping! I did check the Log >>>> files under >>>> inetpub/logs/LogFiles and I did not see any error >>>> messages at all. >>>> >>>> Michelle >>>> >>>> On Thu, Sep 11, 2014 at 1:58 PM, Waldbieser, Carl >>>> <waldb...@lafayette.edu >>>> <mailto:waldb...@lafayette.edu>> >>>> wrote: >>>> >>>> > Michelle, >>>> > >>>> > A 500 error doesn't tell you much. >>>> > Is it possible for you to get access the the web >>>> server logs (e.g. Windows >>>> > Event logs) to see if there is any more specific >>>> information available? >>>> > >>>> > Thanks, >>>> > Carl Waldbieser >>>> > >>>> > ----- Original Message ----- >>>> > From: "Michelle Zhang" <michelle.zh...@fandm.edu >>>> <mailto:michelle.zh...@fandm.edu>> >>>> > To: cas-user@lists.jasig.org >>>> <mailto:cas-user@lists.jasig.org> >>>> > Sent: Thursday, September 11, 2014 1:52:08 PM >>>> > Subject: Re: [cas-user] Possible cause of 500 - >>>> Internal server error >>>> > >>>> > Thank you Linda! >>>> > >>>> > on the webserver, the web page is not even go to >>>> CAS log in page, it turns >>>> > the 500 - Internal server error without doing >>>> anything. And there's no way >>>> > I can debug to find out what's the problem >>>> because it does go to the CAS >>>> > log in page when I run it on my local machine. >>>> > >>>> > On Thu, Sep 11, 2014 at 1:11 PM, Linda Toth >>>> <ltt...@alaska.edu <mailto:ltt...@alaska.edu>> wrote: >>>> > >>>> > > We normally receive that error when the user is >>>> authenticated, but not >>>> > > authorized to use the target application. In >>>> the case of Banner, e.g., >>>> > > that application seeks an attribute called the >>>> UDC Identifier which is >>>> > used >>>> > > to establish role permissions for the various >>>> Banner applications. Once >>>> > > authenticated, our LDAP returns that >>>> attribute. A similar failure would >>>> > > occur any attribute the target application is >>>> seeking has not been >>>> > gathered >>>> > > from the authentication source. >>>> > > >>>> > > Linda >>>> > > >>>> > > Linda Toth >>>> > > University of Alaska - Office of Information >>>> Technology (OIT) - Identity >>>> > > and Access Management >>>> > > 910 Yukon Drive, Suite 103 >>>> > > Fairbanks, Alaska 99775 >>>> > > Tel: 907-450-8320 <tel:907-450-8320> >>>> > > Fax: 907-450-8381 <tel:907-450-8381> >>>> > > linda.t...@alaska.edu >>>> <mailto:linda.t...@alaska.edu> | >>>> www.alaska.edu/oit/ <http://www.alaska.edu/oit/> >>>> > > >>>> > > >>>> > > On Thu, Sep 11, 2014 at 7:13 AM, Michelle Zhang < >>>> > michelle.zh...@fandm.edu >>>> <mailto:michelle.zh...@fandm.edu>> >>>> > > wrote: >>>> > > >>>> > >> I'm using ASP.Net and just started to use CAS. >>>> > >> >>>> > >> On my local machine, after authenticated by >>>> the CAS log in page, I'm not >>>> > >> re-directed back to my default url but get >>>> this 500 - Internal server >>>> > error >>>> > >> message. >>>> > >> >>>> > >> On the webserver, if I type the website url on >>>> browser, I'm not >>>> > >> re-directed to the CAS log in page but just >>>> get 500 - Internal server >>>> > error >>>> > >> directly. >>>> > >> >>>> > >> Anyone knows why's that? >>>> > >> >>>> > >> >>>> > >> >>>> > >> Michelle <michelle.zh...@fandm.edu >>>> <mailto:michelle.zh...@fandm.edu>> >>>> > >> >>>> > >> -- >>>> > >> You are currently subscribed to >>>> cas-user@lists.jasig.org >>>> <mailto:cas-user@lists.jasig.org> as: >>>> > ltt...@alaska.edu <mailto:ltt...@alaska.edu> >>>> > >> To unsubscribe, change settings or access >>>> archives, see >>>> > http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> > >> >>>> > >> >>>> > > -- >>>> > > You are currently subscribed to >>>> cas-user@lists.jasig.org >>>> <mailto:cas-user@lists.jasig.org> as: >>>> > michelle.zh...@fandm.edu >>>> <mailto:michelle.zh...@fandm.edu> >>>> > > To unsubscribe, change settings or access >>>> archives, see >>>> > http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> > > >>>> > > >>>> > >>>> > >>>> > -- >>>> > Michelle Zhang >>>> > Floyd Institute Center for Opinion Research >>>> > Franklin & Marshall College >>>> > P.O. Box 3003 >>>> > Lancaster PA 17604-3003 >>>> > Phone: (717) 358-4764 <tel:%28717%29%20358-4764> >>>> > michelle.zh...@fandm.edu >>>> <mailto:michelle.zh...@fandm.edu> >>>> > >>>> > -- >>>> > You are currently subscribed to >>>> cas-user@lists.jasig.org >>>> <mailto:cas-user@lists.jasig.org> as: >>>> > waldb...@lafayette.edu >>>> <mailto:waldb...@lafayette.edu> >>>> > To unsubscribe, change settings or access >>>> archives, see >>>> > http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> > >>>> > -- >>>> > You are currently subscribed to >>>> cas-user@lists.jasig.org >>>> <mailto:cas-user@lists.jasig.org> as: >>>> > michelle.zh...@fandm.edu >>>> <mailto:michelle.zh...@fandm.edu> >>>> > To unsubscribe, change settings or access >>>> archives, see >>>> > http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> > >>>> >>>> >>>> >>>> -- >>>> Michelle Zhang >>>> Floyd Institute Center for Opinion Research >>>> Franklin & Marshall College >>>> P.O. Box 3003 >>>> Lancaster PA 17604-3003 >>>> Phone: (717) 358-4764 <tel:%28717%29%20358-4764> >>>> michelle.zh...@fandm.edu >>>> <mailto:michelle.zh...@fandm.edu> >>>> >>>> -- >>>> You are currently subscribed to >>>> cas-user@lists.jasig.org >>>> <mailto:cas-user@lists.jasig.org> as: >>>> waldb...@lafayette.edu <mailto:waldb...@lafayette.edu> >>>> To unsubscribe, change settings or access archives, >>>> see http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> -- >>>> You are currently subscribed to >>>> cas-user@lists.jasig.org >>>> <mailto:cas-user@lists.jasig.org> as: >>>> michelle.zh...@fandm.edu >>>> <mailto:michelle.zh...@fandm.edu> >>>> To unsubscribe, change settings or access archives, >>>> see http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> >>>> >>>> >>>> -- >>>> Michelle Zhang >>>> Floyd Institute Center for Opinion Research >>>> Franklin & Marshall College >>>> P.O. Box 3003 >>>> Lancaster PA 17604-3003 >>>> Phone: (717) 358-4764 >>>> michelle.zh...@fandm.edu <mailto:michelle.zh...@fandm.edu> >>>> -- >>>> You are currently subscribed to cas-user@lists.jasig.org >>>> <mailto:cas-user@lists.jasig.org> as: jgas...@unicon.net >>>> <mailto:jgas...@unicon.net> >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> -- >>> You are currently subscribed to cas-user@lists.jasig.org >>> <mailto:cas-user@lists.jasig.org> as: michelle.zh...@fandm.edu >>> <mailto:michelle.zh...@fandm.edu> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >>> >>> >>> -- >>> Michelle Zhang >>> Floyd Institute Center for Opinion Research >>> Franklin & Marshall College >>> P.O. Box 3003 >>> Lancaster PA 17604-3003 >>> Phone: (717) 358-4764 >>> michelle.zh...@fandm.edu <mailto:michelle.zh...@fandm.edu> >>> -- >>> You are currently subscribed to cas-user@lists.jasig.org >>> <mailto:cas-user@lists.jasig.org> as: jgas...@unicon.net >>> <mailto:jgas...@unicon.net> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org >> <mailto:cas-user@lists.jasig.org> as: michelle.zh...@fandm.edu >> <mailto:michelle.zh...@fandm.edu> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> >> -- >> Michelle Zhang >> Floyd Institute Center for Opinion Research >> Franklin & Marshall College >> P.O. Box 3003 >> Lancaster PA 17604-3003 >> Phone: (717) 358-4764 >> michelle.zh...@fandm.edu <mailto:michelle.zh...@fandm.edu> >> -- >> You are currently subscribed to cas-user@lists.jasig.org >> <mailto:cas-user@lists.jasig.org> as: jgas...@unicon.net >> <mailto:jgas...@unicon.net> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org > <mailto:cas-user@lists.jasig.org> as: michelle.zh...@fandm.edu > <mailto:michelle.zh...@fandm.edu> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > -- > Michelle Zhang > Floyd Institute Center for Opinion Research > Franklin & Marshall College > P.O. Box 3003 > Lancaster PA 17604-3003 > Phone: (717) 358-4764 > michelle.zh...@fandm.edu <mailto:michelle.zh...@fandm.edu> > -- > You are currently subscribed to cas-user@lists.jasig.org as: > jgas...@unicon.net > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
