Re: [cas-user] CAS 5.2.0 No Service ticket

[Ray Bon]

With the login URL, is there a 'service' parameter ('target' for saml 1.1 protocol)?

A service ticket is only issued if there is a service to log in. 

With https://foo.com/cas/login, no ST, https://foo.com/cas/login?service=https://bar.com, there is ST.

Ray

On Thu, 2017-12-21 at 20:38 -0800, casuser wrote:

How can I issue service tickets in CAS 5.2.0. I am using memcached for storing the tickets. in the logs CAS is issuing the TGT but there is no ST.

this is how it looks like in the log:


2017-12-22 09:40:47,618 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Collected authentication attributes for this result are [{org.apereo.cas.authentication.principal.REMEMBER_ME=true, credentialType=RememberMeUsernamePasswordCredential, authenticationMethod=LdapAuthenticationHandler, successfulAuthenticationHandlers=[LdapAuthenticationHandler]}]>
2017-12-22 09:40:47,618 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Authentication result commenced at [2017-12-22T09:40:47.618+08:00[Asia/Kuala_Lumpur]]>
2017-12-22 09:40:47,619 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationResultBuilder] - <Building an authentication result for authentication [org.apereo.cas.authentication.DefaultAuthentication@d0d20ec7] and service [null]>
2017-12-22 09:40:47,620 DEBUG [org.apereo.cas.ticket.factory.DefaultTicketGrantingTicketFactory] - <Attempting to encode ticket-granting ticket [TGT-***************************************************************FvYJ1mu3VU-rabby]>
2017-12-22 09:40:47,620 DEBUG [org.apereo.cas.util.EncodingUtils] - <Encrypting via [A128CBC-HS256]>
2017-12-22 09:40:47,621 DEBUG [org.apereo.cas.ticket.factory.DefaultTicketGrantingTicketFactory] - <Encoded ticket-granting ticket id [***************************************************************]>
2017-12-22 09:40:47,622 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoding ticket [***************************************************************]>
2017-12-22 09:40:47,632 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Encoded original ticket id [***************************************************************] to [***************************************************************]>
2017-12-22 09:40:47,632 DEBUG [org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Created encoded ticket [[***************************************************************]]>
2017-12-22 09:40:47,633 DEBUG [org.apereo.cas.ticket.registry.MemcachedTicketRegistry] - <Adding ticket [[***************************************************************]]>
2017-12-22 09:40:47,633 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [int] with Kryo using serializer [com.esotericsoftware.kryo.serializers.DefaultSerializers$IntSerializer]>
2017-12-22 09:40:47,634 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [java.lang.String] with Kryo using serializer [com.esotericsoftware.kryo.serializers.DefaultSerializers$StringSerializer]>
2017-12-22 09:40:47,634 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [float] with Kryo using serializer [com.esotericsoftware.kryo.serializers.DefaultSerializers$FloatSerializer]>
2017-12-22 09:40:47,634 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [boolean] with Kryo using serializer [com.esotericsoftware.kryo.serializers.DefaultSerializers$BooleanSerializer]>
2017-12-22 09:40:47,635 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [byte] with Kryo using serializer [com.esotericsoftware.kryo.serializers.DefaultSerializers$ByteSerializer]>
2017-12-22 09:40:47,635 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [char] with Kryo using serializer [com.esotericsoftware.kryo.serializers.DefaultSerializers$CharSerializer]>
2017-12-22 09:40:47,635 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [short] with Kryo using serializer [com.esotericsoftware.kryo.serializers.DefaultSerializers$ShortSerializer]>
2017-12-22 09:40:47,636 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [long] with Kryo using serializer [com.esotericsoftware.kryo.serializers.DefaultSerializers$LongSerializer]>
2017-12-22 09:40:47,636 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [double] with Kryo using serializer [com.esotericsoftware.kryo.serializers.DefaultSerializers$DoubleSerializer]>
2017-12-22 09:40:47,636 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [void] with Kryo using serializer [com.esotericsoftware.kryo.serializers.DefaultSerializers$VoidSerializer]>
2017-12-22 09:40:47,637 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryoFactory] - <Constructing a kryo instance with the following settings:>
2017-12-22 09:40:47,637 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryoFactory] - <warnUnregisteredClasses: [true]>
2017-12-22 09:40:47,637 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryoFactory] - <autoReset: [false]>
2017-12-22 09:40:47,637 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryoFactory] - <replaceObjectsByReferences: [false]>
2017-12-22 09:40:47,638 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryoFactory] - <registrationRequired: [false]>
2017-12-22 09:40:47,638 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl] with Kryo using serializer [org.apereo.cas.memcached.kryo.serial.SimpleWebApplicationServiceSerializer]>
2017-12-22 09:40:47,639 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [org.apereo.cas.authentication.BasicCredentialMetaData] with Kryo using serializer [com.esotericsoftware.kryo.serializers.FieldSerializer]>
2017-12-22 09:40:47,639 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [org.apereo.cas.authentication.BasicIdentifiableCredential] with Kryo using serializer [com.esotericsoftware.kryo.serializers.FieldSerializer]>
2017-12-22 09:40:47,639 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [org.apereo.cas.authentication.DefaultHandlerResult] with Kryo using serializer [com.esotericsoftware.kryo.serializers.FieldSerializer]>
2017-12-22 09:40:47,640 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [org.apereo.cas.authentication.DefaultAuthentication] with Kryo using serializer [com.esotericsoftware.kryo.serializers.FieldSerializer]>
2017-12-22 09:40:47,640 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [org.apereo.cas.authentication.UsernamePasswordCredential] with Kryo using serializer [com.esotericsoftware.kryo.serializers.FieldSerializer]>
2017-12-22 09:40:47,641 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [org.apereo.cas.authentication.principal.SimplePrincipal] with Kryo using serializer [com.esotericsoftware.kryo.serializers.FieldSerializer]>
2017-12-22 09:40:47,641 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [org.apereo.cas.util.crypto.PublicKeyFactoryBean] with Kryo using serializer [com.esotericsoftware.kryo.serializers.FieldSerializer]>
2017-12-22 09:40:47,642 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy] with Kryo using serializer [com.esotericsoftware.kryo.serializers.FieldSerializer]>
2017-12-22 09:40:47,642 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryo] - <Registering class [org.apereo.cas.services.ReturnAllAttributeReleasePolicy] with Kryo using serializer [com.esotericsoftware.kryo.serializers.FieldSerializer]>





2017-12-22 09:40:47,678 DEBUG [org.apereo.cas.memcached.kryo.CloseableKryoFactory] - <Registering serializable class [org.apereo.cas.ticket.support.RememberMeDelegatingExpirationPolicy] with Kryo>
2017-12-22 09:40:47,678 DEBUG [org.apereo.cas.AbstractCentralAuthenticationService] - <Publishing [org.apereo.cas.support.events.ticket.CasTicketGrantingTicketCreatedEvent@329053ab[ticketGrantingTicket=e***************************************************************]]>
2017-12-22 09:40:47,679 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: user
WHAT:
***************************************************************
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Fri Dec 22 09:40:47 MYT 2017
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
2017-12-22 09:40:47,680 DEBUG [org.apereo.cas.web.support.DefaultCasCookieValueManager] - <Encoding cookie value [***************************************************************@127.0.0.1@Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0]>
2017-12-22 09:40:47,681 DEBUG [org.apereo.cas.util.EncodingUtils] - <Encrypting via [A128CBC-HS256]>








But there is no action for service ticket creation.

This is what my cas. properties looks like....




##
# tgc
##

# cas.tgc.path=
cas.tgc.maxAge=-1
# cas.tgc.domain=
cas.tgc.signingKey=***************************************************************
cas.tgc.name=TGC
cas.tgc.encryptionKey=***************************************************************
cas.tgc.secure=false
cas.tgc.rememberMeMaxAge=1350000

cas.tgc.cipherEnabled=true

cas.webflow.signing.key=***************************************************************
cas.webflow.signing.keySize=512


cas.webflow.encryption.keySize=16
cas.webflow.encryption.key=***************************************************************
cas.webflow.crypto.signing.key=***************************************************************
cas.webflow.crypto.encryption.key=***************************************************************

cas.tgc.crypto.signing.key= ***************************************************************
cas.tgc.crypto.encryption.key=***************************************************************
# Service Registry
cas.serviceRegistry.watcherEnabled=true
cas.serviceRegistry.repeatInterval=120000
cas.serviceRegistry.startDelay=15000
cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.config.location=file:/etc/cas/config/services

cas.ticket.tgt.onlyTrackMostRecentSession=true
cas.ticket.tgt.maxLength=50
cas.monitor.tgt.warn.threshold=10
cas.monitor.tgt.warn.evictionThreshold=0
#
# #remember me 31 days in seconds
# # Set to a negative value to never expire tickets
cas.ticket.tgt.maxTimeToLiveInSeconds=1350000
cas.ticket.tgt.timeToKillInSeconds=7200
cas.ticket.tgt.rememberMe.enabled=true
cas.ticket.tgt.rememberMe.timeToKillInSeconds=1350000
cas.web.flow.GenericSuccessViewAction=***************************************************************
cas.ticket.tgt.timeout.maxTimeToLiveInSeconds=1350000

##
#Throttled Timeout
##
cas.ticket.tgt.throttledTimeout.timeToKillInSeconds=28800
cas.ticket.tgt.throttledTimeout.timeInBetweenUsesInSeconds=5
cas.ticket.tgt.hardTimeout.timeToKillInSeconds=28800

#Monitoring the service ticket


cas.monitor.st.warn.threshold=10
cas.monitor.st.warn.evictionThreshold=0

cas.ticket.st.maxLength=20

cas.ticket.st.numberOfUses=1
cas.ticket.st.timeToKillInSeconds=15

cas.ticket.crypto.enabled=true
cas.ticket.crypto.signing.key= ***************************************************************
cas.ticket.crypto.encryption.key=***************************************************************



#memcached
cas.ticket.registry.memcached.servers=localhost:11211
cas.ticket.registry.memcached.locatorType=ARRAY_MOD
cas.ticket.registry.memcached.failureMode=Redistribute
cas.ticket.registry.memcached.hashAlgorithm=FNV1_64_HASH
cas.ticket.registry.memcached.shouldOptimize=false
cas.ticket.registry.memcached.daemon=true
cas.ticket.registry.memcached.maxReconnectDelay=-1
cas.ticket.registry.memcached.useNagleAlgorithm=false
cas.ticket.registry.memcached.shutdownTimeoutSeconds=-1
cas.ticket.registry.memcached.opTimeout=-1
cas.ticket.registry.memcached.timeoutExceptionThreshold=2
cas.ticket.registry.memcached.maxTotal=20
cas.ticket.registry.memcached.maxIdle=8
cas.ticket.registry.memcached.minIdle=0
cas.ticket.registry.memcached.transcoder=KRYO
cas.ticket.registry.memcached.transcoderCompressionThreshold=16384
cas.ticket.registry.memcached.kryoAutoReset=false
cas.ticket.registry.memcached.kryoObjectsByReference=false
cas.ticket.registry.memcached.kryoRegistrationRequired=false

cas.ticket.registry.memcached.crypto.signing.key=***************************************************************
cas.ticket.registry.memcached.crypto.signing.keySize=512
cas.ticket.registry.memcached.crypto.encryption.key=*****************************
cas.ticket.registry.memcached.crypto.encryption.keySize=16
cas.ticket.registry.memcached.crypto.alg=AES
cas.ticket.registry.memcached.crypto.enabled=true

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

[casuser]

Hi Ray, thanks for the reply, but there is no "service" parameter in the log in URL.

Regards,

FAZLA

[casuser]

Thanks for the reply and I got it