We have some clients that use the Shiro-CAS client for communicating with CAS,
and just launched a new app that uses SpringSec-CAS. The Shiro-CAS integration
has been running flawlessly for quite some time. SpringSec-CAS users, however,
get a HTTP 401 error *after* they try logging in from the CAS login page:
HTTP Status 401 - Authentication Failed: No principal was found in the
response from the CAS server.
Also, the serviceValidate URL
(https://mycas:8443/mycas/serviceValidate?service=app01/app/j_spring_cas_security_checkticket=ST-1-psUajs8fj5klcp05gJMV-localsso.ourorg.example.com)
returns:
cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'
cas:authenticationFailure code='INVALID_TICKET'
Ticket
#039;ST-1-psUajs8fj5klcp05gJMV-localsso.ourorg.example.com#039; not recognized
/cas:authenticationFailure
/cas:serviceResponse
Any ideas as to what is going on here? Again this is CAS 4.0. What could cause
these errors. Is it a server-side config issue that (somehow) Shiro-CAS
clients would be oblivious to? Is it a client-side issue with SpringSec?
Best,
Zac
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user