No principal was found in the response from the CAS server.
1,848 views
Skip to first unread message
Chip Work
Oct 13, 2016, 1:08:53 PM10/13/16
to CAS Community
I am using Tomcat 8 on Centos 7 with Java 8.
I have loaded the war file built with maven using CAS 4.2.5 including the ldap handler.
I have loaded the "mywebapp" war file built with maven as suggested in: https://wiki.jasig.org/display/CASC/JA-SIG+Java+Client+Simple+WebApp+Sample
I start tomcat and do not any significant errors in the catalina.out file or the cas.log file.
However when I test my cas deployment with the test site I get the following error:
HTTP Status 500 - org.jasig.cas.client.validation.TicketValidationException: No principal was found in the response from the CAS server.
type Exception report
message org.jasig.cas.client.validation.TicketValidationException: No principal was found in the response from the CAS server.
description The server encountered an internal error that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: org.jasig.cas.client.validation.TicketValidationException: No principal was found in the response from the CAS server. org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:152)
root cause
org.jasig.cas.client.validation.TicketValidationException: No principal was found in the response from the CAS server. org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:74) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:165) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129)
note The full stack trace of the root cause is available in the Apache Tomcat/8.0.37 logs.
Pls advice me as to why I might get this message.
Thanx.
Patrick Gardella
Oct 13, 2016, 1:22:09 PM10/13/16
to Chip Work, CAS Community
Can you post your deployerConfigContext.xml file? Specifically, the ldapAuthenticationHandler bean section, if you don't want to post it all.
You are using old instructions. Take a look at the new instructions at:
--
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ddf60f75-96da-4d88-9e90-85c3ded3b955%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Patrick Gardella
Oct 13, 2016, 3:16:45 PM10/13/16
to Chip Work, CAS Community
The user you are validating has a sAMAccountName in LDAP/AD, correct?
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ddf60f75-96da-4d88-9e90-85c3ded3b955%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
--
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7d406a32-85e2-49b2-9dce-39b558c69a19%40apereo.org.
Chip Work
Oct 13, 2016, 3:56:05 PM10/13/16
to CAS Community, chip...@gmail.com
Yes Sir. the user is in my AD.
If I just browse to the cas server (e.g., https://shuauth01.sacredheart.edu:8443/cas/login), enter the same username and password. I get a proper authentication.
I get the error message when I try redirection.
For example, I browse to https://shuauth01.sacredheart.edu:8443/cas/login?service=https%3A%2F%2Fshuauth01.sacredheart.edu%3A8443%2Fmywebapp/
This gets me to the cas login page; but upon entering the username and password and clicking on login, I am redirected to:
https://shuauth01.sacredheart.edu:8443/mywebapp/?ticket=ST-4-cQ2Pw1U9c9rJgMDMTyR3-cas01.example.org and get the error 500 page.
-Chip
Patrick Gardella
Oct 14, 2016, 9:10:06 AM10/14/16
to Chip Work, CAS Community
Take a look at the URL you are getting the 500 error on:
So you don't have the cas server configured correctly. Search for cas01.example.org and replace it with shuauth01.sacredheart.edu
The sample webapp is connecting to CAS correctly, but then it tries to validate against the CAS server, but it has the wrong. It can't validate that ticket against example.org
Patrick
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8ec3973d-e55f-4f43-abc0-1696d5ee903e%40apereo.org.
Chip Work
Oct 14, 2016, 10:54:22 AM10/14/16
to CAS Community, chip...@gmail.com
Patrick,
As you suggested, I did a search for the string value cas01.example.org in my project. Unfortunately, the only place I find this string is in the /js/test_data.json files.
Am I missing something here.
Thanx again for your help.
-Chip
Patrick Gardella
Oct 14, 2016, 11:57:07 AM10/14/16
to Chip Work, CAS Community
What do you have configured for host.name on the CAS side of things > cas.properties? It looks like older versions of the code used cas01.example.org as the default value for that variable.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0e667dcd-3690-4cc9-9b3a-48bb5e66518a%40apereo.org.
Chip Work
Oct 14, 2016, 12:26:15 PM10/14/16
to CAS Community, chip...@gmail.com
Hey Patrick,
Progress. I had not put a value for the host.name in the cas.properties file. I put shuauth01.sacredheart.edu in for that, restarted Tomcat, and now see shuauth01.sacredheart.edu in the response URL:
Unfortunately, I get exactly the same error message as before.
Thanx again.
-Chip
Patrick Gardella
Oct 14, 2016, 1:52:37 PM10/14/16
to Chip Work, CAS Community
Can you check to make sure you have a similar hostname configured in the test client?
Also, what are you seeing in the log files from these attempts?
Patrick+
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0f76e06a-90a0-4203-8d1c-730fa6e36b1a%40apereo.org.
Reply all
Reply to author
Forward
0 new messages