Type Status Report
Message No principal was found in the response from the CAS server.
Description The server understood the request but refuses to authorize it.
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationFailure code='INVALID_REQUEST'> 'service' and 'ticket' parameters are both required </cas:authenticationFailure> </cas:serviceResponse>
Greetings,
From what I see, the CAS Service Validate URL is not being put together correctly. There should be an ampersand before the “ticket” parameter, not the question mark. This is why your CAS server sends back the INVALID_REQUEST message.
I.e.:
What is the version of CAS client that you use? And what is the CAS Client class that you use as a ticketValidator?
Thanks,
Andrey P, Brooklyn College
From: uporta...@apereo.org [mailto:uporta...@apereo.org]
On Behalf Of Narasimha A
Sent: Tuesday, January 28, 2020 10:40 AM
To: uPortal Community
Subject: [uportal-user] No principal was found in the response from the CAS server.
CAUTION: This email is from outside BC, so examine it closely before opening attachments or clicking on links
--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
uportal-user...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/uportal-user/4bf107dd-d367-4a15-9a8d-8b1225e590ba%40apereo.org.
Based on the error messages, it looks like CAS is not returning a Ticket Granting Ticket (TGT) or Service Ticket (ST), likely because it’s not authorizing the user. The message “The server understood the request but refuses to authorize it” tells us this. So the request for authorization returns an empty token as the next message indicates: “No principal was found in the response from the CAS server.”
Check with your CAS administrator that your uPortal instance (https://my.uportal.server) is registered as an application that CAS will provide tickets to. If not, have it added.
See the CAS Protocol Web flow diagram to get an idea of the process flow.
Sincerely,
Lauren Anderson
Brigham Young University
--
Sorry, I didn’t read the part that the TGT is being created. How do you have access to the CAS log? Are you using the CAS that ships with uPortal or is this an enterprise version that your organization uses and you are a CAS administrator?
If you are using the CAS that comes with uPortal, we never tried to use it in the cloud. I wouldn’t know how to tell you to get that to work properly. We used our enterprise CAS, and installed a digital certificate with the organization (Brigham Young University) in the keychain that both CAS and uPortal belong to.
I hope that helps.
Sincerely,
Lauren
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/BYAPR08MB5590CA971B8505FB9F15A817DC040%40BYAPR08MB5590.namprd08.prod.outlook.com.
You may want to check that your serviceValidate request is correct, as Andrey pointed out. There are some examples on the CAS Protocol Specification page.
URL examples of /serviceValidate
-Lauren