Because you are validating the same ticket id twice.
Your java webapp receives ST-4 and validates it. When a ST is validated, it is expired and thus removed. Then, you attempt to execute the same operation in your browser, which causes validation to fail. STs can be only be used once, unless you change the expiration policy for STs. From: Gianluca Diodato [mailto:gianluca.diod...@gmail.com] Sent: Friday, May 15, 2015 5:44 AM To: cas-user@lists.jasig.org Cc: mmoay...@unicon.net; cas-user@lists.jasig.org Subject: Re: [cas-user] Empty Attribute Map Hi Misagh, why you said I have 2 requests to validate the same ticket?? I don't understand... In the log that I posted there are a SERVICE_TICKET_VALIDATED (after login from my java webapp client side) and a SERVICE_TICKET_VALIDATE_FAILED (from my browser client side when I tried to access this url https://cas_server/cas/p3/serviceValidate?ticket=ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org <http://st-4-yagp66sconktxo1v5zct-cassso.smartcampus.org/> &service=http://localhost:8080/Campus/mainpage.jsp <http://www.google.com/url?q=http%3A%2F%2Flocalhost%3A8080%2FCampus%2Fmainpage.jsp&sa=D&sntz=1&usg=AFQjCNGR0ce21s5VKuT8uLduzW-gGTU7kg> ). What Wrong? Gianluca Il giorno venerdì 15 maggio 2015 14:03:41 UTC+2, Misagh Moayyed ha scritto: Your CAS client is attempting to resuse a service ticket, or it’s submitting the same request twice. It validates ST-4 and about a minute later it attempts to validate it again. That won’t work. Monitor traffic and see why you have two requests to validate the same ticket. From: Gianluca Diodato [mailto:gianluca...@gmail.com <javascript:> ] Sent: Friday, May 15, 2015 4:44 AM To: cas-...@lists.jasig.org <javascript:> Cc: mmoa...@unicon.net <javascript:> ; cas-...@lists.jasig.org <javascript:> Subject: Re: [cas-user] Empty Attribute Map Hi Misagh, This is my last test with deployerConfigContext.xml file. Anyway I don't access to any serviceValidate page (Cas2,Cas3,Saml). When I'm trying to acces I have always this answer: 2015-05-15 13:18:23,465 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> 2015-05-15 13:18:23,465 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered service http://localhost:8080/Campus/mainpage.jsp> 2015-05-15 13:18:23,465 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered service http://localhost:8080/SmartMobility/.*> 2015-05-15 13:18:23,466 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.> 2015-05-15 13:19:31,657 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://localhost:8080/Campus/mainpage.jsp> 2015-05-15 13:19:31,658 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org <http://ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org> ]> 2015-05-15 13:19:31,658 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org <http://ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org> ] found in registry.> 2015-05-15 13:19:31,658 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - <Found attribute [first_name] in the list of allowed attributes for service [Test CAS]> 2015-05-15 13:19:31,658 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Principal id to return for service [Test CAS] is [gianluca...@iit.cnr.it <javascript:> ]. The default principal id is [gianluca...@iit.cnr.it <javascript:> ].> 2015-05-15 13:19:31,658 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org <http://ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org> ] from registry> 2015-05-15 13:19:31,658 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org <http://ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org> ]> 2015-05-15 13:19:31,658 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org <http://ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org> ACTION: SERVICE_TICKET_VALIDATED APPLICATION: CAS WHEN: Fri May 15 13:19:31 CEST 2015 CLIENT IP ADDRESS: 146.48.89.203 SERVER IP ADDRESS: 146.48.89.135 ============================================================= > 2015-05-15 13:19:31,659 DEBUG [org.jasig.cas.web.ServiceValidateController] - <Successfully validated service ticket ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org <http://ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org> for service [http://localhost:8080/Campus/mainpage.jsp]> 2015-05-15 13:20:23,466 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> 2015-05-15 13:20:23,466 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered service http://localhost:8080/Campus/mainpage.jsp> 2015-05-15 13:20:23,466 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered service http://localhost:8080/SmartMobility/.*> 2015-05-15 13:20:23,466 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.> 2015-05-15 13:22:23,465 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> 2015-05-15 13:22:23,466 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered service http://localhost:8080/Campus/mainpage.jsp> 2015-05-15 13:22:23,466 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered service http://localhost:8080/SmartMobility/.*> 2015-05-15 13:22:23,466 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.> 2015-05-15 13:24:23,466 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> 2015-05-15 13:24:23,466 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered service http://localhost:8080/Campus/mainpage.jsp> 2015-05-15 13:24:23,466 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered service http://localhost:8080/SmartMobility/.*> 2015-05-15 13:24:23,466 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.> 2015-05-15 13:25:08,452 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://localhost:8080/Campus/mainpage.jsp> 2015-05-15 13:25:08,452 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org <http://ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org> ]> 2015-05-15 13:25:08,453 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org <http://ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org> ] does not exist.> 2015-05-15 13:25:08,453 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org <http://ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org> ]> 2015-05-15 13:25:08,453 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org <http://ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org> ACTION: SERVICE_TICKET_VALIDATE_FAILED APPLICATION: CAS WHEN: Fri May 15 13:25:08 CEST 2015 CLIENT IP ADDRESS: 146.48.89.203 SERVER IP ADDRESS: 146.48.89.135 ============================================================= > 2015-05-15 13:25:08,453 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages_en] - neither plain properties nor XML> 2015-05-15 13:25:08,454 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages] - neither plain properties nor XML> 2015-05-15 13:25:08,454 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:messages_en] - neither plain properties nor XML> 2015-05-15 13:25:08,454 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <Re-caching properties for filename [classpath:messages] - file hasn't been modified> I modified expiredtimeout of ticket from 10 seconds to 600 seconds in ticketExpirationPolicies.xml, but doesn't work. Best Gianluca Il giorno venerdì 15 maggio 2015 11:12:56 UTC+2, Misagh Moayyed ha scritto: Are you allowing attributes for release? Is your client talking to /p3/serviceValidate? From: Gianluca Diodato [mailto:gianluca...@gmail.com] Sent: Friday, May 15, 2015 1:41 AM To: cas-...@lists.jasig.org <mailto:cas-...@lists.jasig.org> Subject: Re:[cas-user] Empty Attribute Map Same problem with Java Cas Client but no answers yet from community.. I'm almost depressed. Gianluca Il giorno giovedì 14 maggio 2015 12:33:26 UTC+2, Luís Lobo ha scritto: Hi! I am using CAS Server version 4.0.1 and I am having trouble with the attributes. The problem is that in the client side (phpCAS) the attribute map is empty. The relevant parts in my deployerConfigContext.xml are: <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> <constructor-arg> <map> <entry key-ref="userAuthHandler" value-ref="principalResolver" /> </map> </constructor-arg> <property name="authenticationPolicy"> <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" /> </property> </bean> The principal resolver is declared as: <bean id="personAttributeDao" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao"> <constructor-arg index="0" ref="dataSource" /> <constructor-arg index="1" value="${auth.resolverSql}" /> <property name="queryAttributeMapping"> <map> <entry key="username" value="username" /> </map> </property> <property name="resultAttributeMapping"> <map> <entry key="login" value="login" /> <entry key="client_id" value="client_id" /> </map> </property> </bean> <bean id="principalResolver" class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" p:principalAttributeName="username" p:attributeRepository-ref="personAttributeDao" p:returnNullIfNoAttributes="true" /> The relevant log line in the console is: 2015-05-14 11:33:41,370 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Authenticated lfl...@gmail.com <mailto:lfl...@gmail.com> with credentials [<username>+password].> 2015-05-14 11:33:41,370 DEBUG [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Attribute map for lfl...@gmail.com <mailto:lfl...@gmail.com> : {login=<username>, client_id=123}> (<username> is the user's login) Am I missing something? Regards, LL -- You are currently subscribed to cas-...@lists.jasig.org <mailto:cas-...@lists.jasig.org> as: mmoa...@unicon.net <mailto:mmoa...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org <mailto:cas-...@lists.jasig.org> as: jasig-cas-user...@googlegroups.com <mailto:jasig-cas-user...@googlegroups.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org <javascript:> as: mmoa...@unicon.net <javascript:> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org <javascript:> as: jasig-cas-user...@googlegroups.com <javascript:> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> as: mmoay...@unicon.net <mailto:mmoay...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user