I should also mention that the logs I attached are a bit different than the ones I saw before. Earlier on, I saw log messages that indicated that another ticket had been granted at the very end. For some reason I don't see that message now when I tried to duplicate the problem with logging set to DEBUG. Anyway, just some additional info...
Scott Battaglia <[EMAIL PROTECTED]> wrote: If you turn on DEBUG level logging on the CAS server it should give you a better indication of why the server is rejecting the ticket. -Scott On 1/13/07, tedzo <[EMAIL PROTECTED]> wrote: Hello, With the CAS filters set, I am redirected to CAS's login page and after successful login (username=password), I am redirected to my app's page with a ticket. However, If you notice the log entries below, the first line mentions that a ticket was granted (ST-2....). The next line complains that the just granted ticket is invalid and is not recognized. Further down, at the bottom, another ticket appears to be granted (ST-3....). I am not sure why a second one was granted. My tomcat's logs- 2007-01-13 17:38:37,758 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20] for service [ http://localhost:8080/DMM/login.jsp] for user [ml]> 2007-01-13 17:38:38,211 ERROR [http-8080-Processor25] client.CASReceipt:61 - validation of [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [ edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/proxyValidate] ticket=[ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20] service=[http%3A%2F%2Flocalhost%3A8080%2FDMM%2Flogin.jsp] errorCode=[INVALID_TICKET] errorMessage=[ticket 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not recognized] renew=false entireResponse=[<cas:serviceResponse xmlns:cas=' http://www.yale.edu/tp/cas'> <cas:authenticationFailure code='INVALID_TICKET'> ticket 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not recognized </cas:authenticationFailure> </cas:serviceResponse> ]]]] was not successful. 2007-01-13 17:38:38,242 ERROR [http-8080-Processor25] filter.CASFilter :380 - edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/proxyValidate ] ticket=[ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20] service=[http%3A%2F%2Flocalhost%3A8080%2FDMM%2Flogin.jsp] errorCode=[INVALID_TICKET] errorMessage=[ticket 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not recognized] renew=false entireResponse=[<cas:serviceResponse xmlns:cas=' http://www.yale.edu/tp/cas'> <cas:authenticationFailure code='INVALID_TICKET'> ticket 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not recognized </cas:authenticationFailure> </cas:serviceResponse> ]]]] 2007-01-13 17:38:38,258 ERROR [http-8080-Processor25] [/DMM].[jsp] :253 - Servlet.service() for servlet jsp threw exception edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[ https://localhost:8443/cas/proxyValidate] ticket=[ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20] service=[http%3A%2F%2Flocalhost%3A8080%2FDMM%2Flogin.jsp] errorCode=[INVALID_TICKET] errorMessage=[ticket 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not recognized] renew=false entireResponse=[<cas:serviceResponse xmlns:cas=' http://www.yale.edu/tp/cas'> <cas:authenticationFailure code='INVALID_TICKET'> ticket 'ST-2-PgC9skgfRcVA9cqRbmwPcJAYQip0E0zmgES-20' not recognized </cas:authenticationFailure> </cas:serviceResponse> ]]]] at edu.yale.its.tp.cas.client.CASReceipt.getReceipt (CASReceipt.java:62) at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455) ...... 2007-01-13 17:38:38,774 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-3-CJAKM2GaTN17LOYzwGxc12YCryRPVKe37KB-20] for service [ http://localhost:8080/DMM/login.jsp] for user [ml]> I believe everything else is correctly setup. I can access https://localhost and go to Tomcat's initial page. I have exported and imported certificates using keytool. The jvm that tomcat uses knows about the certificates as does Tomcat itself. web.xml <filter> <filter-name>CAS Filter</filter-name> <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class> <init-param> <param-name> edu.yale.its.tp.cas.client.filter.loginUrl</param-name> <param-value>https://localhost:8443/cas/login</param-value> </init-param> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name> <param-value> https://localhost:8443/cas/proxyValidate</param-value> </init-param> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.serviceUrl</param-name> <param-value> http://localhost:8080/DMM/login.jsp</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Filter</filter-name> <url-pattern>*.jsp</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>REQUEST</dispatcher> </filter-mapping> server.xml- <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" keystoreFile="C:\Documents and Settings\av\.keystore" keystorePass="changeit" sslProtocol="TLS"/> Any help is appreciated. Av. --------------------------------- TV dinner still cooling? Check out "Tonight's Picks" on Yahoo! TV. _______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas --------------------------------- Looking for earth-friendly autos? Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
_______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas