Proxy Ticket Validation Error
100 views
Skip to first unread message
Ritesh Tripathi
Jul 11, 2022, 9:42:27 AM7/11/22
to CAS Community
Folks
We called a CAS protected REST Service using the Proxy Ticket. In the CAS client in tomcat - we changed the order of filters to first perform Validation and then perform Authentication.
On the CAS server side - we are getting the following error:
2022-07-10 17:58:44,858 DEBUG [org.apereo.cas.ticket.registry.AbstractMapBasedTicketRegistry] - <Added ticket [PT-6-eZteQYrBDZiJdmSuG6jY2LbPdO0-cas] to registry.>
2022-07-10 17:58:44,858 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: ritesh@xxxx
WHAT: PT-6-eZteQYrBDZiJdmSuG6jY2LbPdO0-cas for https://casclient.xxxx/basic-struts/
ACTION: SERVICE_TICKET_VALIDATE_SUCCESS
APPLICATION: CAS
WHEN: Sun Jul 10 17:58:44 CEST 2022
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.1.1
=============================================================
>
2022-07-10 17:58:44,859 WARN [org.apereo.cas.validation.AbstractCasProtocolValidationSpecification] - <[Cas20WithoutProxyingValidationSpecification] is not internally satisfied by the produced assertion>
2022-07-10 17:58:44,859 WARN [org.apereo.cas.web.AbstractServiceValidateController] - <Service ticket [PT-6-eZteQYrBDZiJdmSuG6jY2LbPdO0-cas] does not satisfy validation specification.>
2022-07-10 17:58:44,858 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: ritesh@xxxx
WHAT: PT-6-eZteQYrBDZiJdmSuG6jY2LbPdO0-cas for https://casclient.xxxx/basic-struts/
ACTION: SERVICE_TICKET_VALIDATE_SUCCESS
APPLICATION: CAS
WHEN: Sun Jul 10 17:58:44 CEST 2022
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.1.1
=============================================================
>
2022-07-10 17:58:44,859 WARN [org.apereo.cas.validation.AbstractCasProtocolValidationSpecification] - <[Cas20WithoutProxyingValidationSpecification] is not internally satisfied by the produced assertion>
2022-07-10 17:58:44,859 WARN [org.apereo.cas.web.AbstractServiceValidateController] - <Service ticket [PT-6-eZteQYrBDZiJdmSuG6jY2LbPdO0-cas] does not satisfy validation specification.>
We are getting the above error - after the PT has been validated as successful.
Question: what is to be done on server side to ensure that the CAS server uses the correct validation specification? Here on server side its passing the request to
Cas20WithoutProxyingValidationSpecification - even though we are posting a proxy ticket to the server and its validating it successfully in the error messages shown.
Am i missing some configuration etc to be provided? Please Help.
Best regards
Ritesh
Ray Bon
Jul 11, 2022, 10:51:31 AM7/11/22
to cas-...@apereo.org
Ritesh,
The service which is to be proxied must be added to Cas as a service and it must have the proxy flag enabled.
Ray
On Mon, 2022-07-11 at 06:42 -0700, Ritesh Tripathi wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day.
Reply all
Reply to author
Forward
0 new messages