Hi
I tried to configure a second-level of CAS. So my first CAS is CASify by another CAS. This is for strong authentication.
It works very well if i don't use the "CAS Validation Filter" (org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter).
When the "CAS Validation Filter" is enabled, i have a Error 500
So i have webapp ==> CAS1 ==> CAS2
First CASEThe "CAS Validation Filter" is enabled for the webapp
the "CAS Validation Filter" is disabled for CAS1
The log :
=============================================================
WHO: [username: rt]
WHAT: supplied credentials: [username: rt]
ACTION: AUTHENTICATION_SUCCESS
=============================================================
WHO: [username: rt]
WHAT: TGT-1-bP31KdcLwSN3tybaSLGf3dgjVNRWNszFhtdAfCe6pl0DVG7ib3-example.fr
ACTION: TICKET_GRANTING_TICKET_CREATED
=============================================================
WHO: rt
WHAT: ST-1-nSyO2SducwJBoQHl14tQexample.fr for https://localhost:8443/cas/login?service=https%3A%2F%2Flocalhost%3A8443%2FmywebappOrig%2Fprotected%2F
ACTION: SERVICE_TICKET_CREATED
=============================================================
WHO: [username: rt]
WHAT: supplied credentials: [username: rt]
ACTION: AUTHENTICATION_SUCCESS
=============================================================
WHO: [username: rt]
WHAT: TGT-1-ihDS0nX1Y3dgqihn3qyuY1Tc6T2XUV3CWBw7QULFd55cwNBPyC-example.fr
ACTION: TICKET_GRANTING_TICKET_CREATED
=============================================================
WHO: rt
WHAT: ST-1-k0QeS41KDkV9hJHHlCI2-example.fr for https://localhost:8443/mywebappOrig/protected/
ACTION: SERVICE_TICKET_CREATED
=============================================================
WHO: audit:unknown
WHAT: ST-1-k0QeS41KDkV9hJHHlCI2-example.fr
ACTION: SERVICE_TICKET_VALIDATED
=============================================================
Second CASEThe "CAS Validation Filter" is enabled for the webapp
the "CAS Validation Filter" is enabled for CAS1
The log :
=============================================================
WHO: [username: rt]
WHAT: supplied credentials: [username: rt]
ACTION: AUTHENTICATION_SUCCESS
=============================================================
WHO: [username: rt]
WHAT: TGT-1-YIIj4fkSudeeFkVs6uB1GE5R3UkfpDsSuOg7INYUxhGxcb1F4Q-example.fr
ACTION: TICKET_GRANTING_TICKET_CREATED
=============================================================
WHO: rt
WHAT: ST-1-hCMdBCtHiYUNIev3FLaN-example.fr for https://localhost:8443/cas/login?service=https%3A%2F%2Flocalhost%3A8443%2FmywebappOrig%2Fprotected%2F
ACTION: SERVICE_TICKET_CREATED
=============================================================
WHO: audit:unknown
WHAT: ST-1-hCMdBCtHiYUNIev3FLaN-example.fr
ACTION: SERVICE_TICKET_VALIDATED
=============================================================
WHO: [username: rt]
WHAT: supplied credentials: [username: rt]
ACTION: AUTHENTICATION_SUCCESS
=============================================================
WHO: [username: rt]
WHAT: TGT-1-1ksVJKbRPdZwbHkSeQNTfK2f5hYSEYElGlEJnuFECk0JLagDYA-example.fr
ACTION: TICKET_GRANTING_TICKET_CREATED
=============================================================
WHO: rt
WHAT: ST-1-YZaBWIkNHt5qu5hBI03V-example.fr for https://localhost:8443/mywebappOrig/protected/
ACTION: SERVICE_TICKET_CREATED
=============================================================
WHO: audit:unknown
WHAT: ST-1-YZaBWIkNHt5qu5hBI03V-example.fr
ACTION: SERVICE_TICKET_VALIDATE_FAILED
=============================================================>
2014-04-04 16:58:40,144 WARN [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter] - <org.jasig.cas.client.validation.TicketValidationException:
le ticket 'ST-1-YZaBWIkNHt5qu5hBI03V-example.fr' est inconnu
>
org.jasig.cas.client.validation.TicketValidationException:
le ticket 'ST-1-YZaBWIkNHt5qu5hBI03V-example.fr' est inconnu
at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:86)
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
4 avr. 2014 16:58:40 org.apache.catalina.core.StandardWrapperValve invoke
GRAVE: Servlet.service() for servlet [cas] in context with path [/cas] threw exception [org.jasig.cas.client.validation.TicketValidationException:
le ticket 'ST-1-YZaBWIkNHt5qu5hBI03V-example.fr' est inconnu
] with root cause
org.jasig.cas.client.validation.TicketValidationException:
le ticket 'ST-1-YZaBWIkNHt5qu5hBI03V-example.fr' est inconnu
at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:86)
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:217)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
4 avr. 2014 16:58:40 org.jasig.cas.client.util.CommonUtils getResponseFromServer
GRAVE: Server returned HTTP response code: 500 for URL: https://localhost:8443/cas/serviceValidate?ticket=ST-1-YZaBWIkNHt5qu5hBI03V-example.fr&service=https%3A%2F%2Flocalhost%3A8443%2FmywebappOrig%2Fprotected%2F
java.io.IOException: Server returned HTTP response code: 500 for URL: https://localhost:8443/cas/serviceValidate?ticket=ST-1-YZaBWIkNHt5qu5hBI03V-example.fr&service=https%3A%2F%2Flocalhost%3A8443%2FmywebappOrig%2Fprotected%2F
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1436)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326)
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305)
at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50)
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
4 avr. 2014 16:58:40 org.apache.catalina.core.StandardWrapperValve invoke
GRAVE: "Servlet.service()" pour la servlet jsp a généré une exception
java.lang.RuntimeException: java.io.IOException: Server returned HTTP response code: 500 for URL: https://localhost:8443/cas/serviceValidate?ticket=ST-1-YZaBWIkNHt5qu5hBI03V-example.fr&service=https%3A%2F%2Flocalhost%3A8443%2FmywebappOrig%2Fprotected%2F
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:341)
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305)
at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50)
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:169)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:116)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.io.IOException: Server returned HTTP response code: 500 for URL: https://localhost:8443/cas/serviceValidate?ticket=ST-1-YZaBWIkNHt5qu5hBI03V-example.fr&service=https%3A%2F%2Flocalhost%3A8443%2FmywebappOrig%2Fprotected%2F
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1436)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326)
... 23 moreSo the the second ST is invalid.
But i don't understand why the ST-1-YZaBWIkNHt5qu5hBI03V-example.fr is invalid.
I go to CentralAuthenticationServiceImpl three time. The first time (for CAS2) it's OK. The second (for CAS1) it's OK and the last time this line :
final ServiceTicket serviceTicket = (ServiceTicket) this.serviceTicketRegistry.getTicket(serviceTicketId, ServiceTicket.class);
service ticket is null so i go to the code
if (serviceTicket == null) {
log.info("ServiceTicket [" + serviceTicketId + "] does not exist.");
throw new InvalidTicketException();
}
So in brief, when the validation filter is enabled on CAS1, i try to validate twice and i have an error 500.
The CAS2 has no particular configuration.
Is anybody have an idea ?
Thanks for your help
PS: I don't use
The berkeley second-level CAS because it' based on old version of CAS.