No principal was found in the response from the CAS server

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

No principal was found in the response from the CAS server

Red Light
hi,

i'm trying to execute this demo  :

http://www.ja-sig.org/wiki/display/CASC/JA-SIG+Java+Client+Simple+WebApp+Sample

but i'm having the following error :


org.jasig.cas.client.validation.TicketValidationException: No principal was found in the response from the CAS server.
org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:82)
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
org..jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)




the complete error output http://pastebin.com/f36f68bda

i have attached mywebapp.xml : which the conf of my tomcat server under eclipse
                       serverJasig.xml: the server.conf file of the tomcat where jasig is
                                               deployed  with a jdbc configuration
                       deployerContext.xml: my deployerCOntext.xml file


and thanks a lot for your help

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

mywebapp.xml (7K) Download Attachment
serverJasig.xml (8K) Download Attachment
deployerCOntext.xml (12K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: No principal was found in the response from the CAS server

Marvin Addison
Could you provide the relevant CAS server logs as well?  Simply
posting the relevant parts inline should be fine.

M

--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: No principal was found in the response from the CAS server

Red Light
hi Marvin,

the output from catalina.log

http://pastebin.com/f722057f8

and thanks

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: No principal was found in the response from the CAS server

Marvin Addison
The server logs clearly show that authentication succeeded, and there
are no obvious signs in the client logs of client-server
communications problems.  (SSL problems are the most common cause of
problems.)  That leaves the following:

SEVERE: java.io.IOException: Server returned HTTP response code: 503
for URL: http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd
java.io.IOException: Server returned HTTP response code: 503 for URL:
http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd

That appears to be an error thrown by the Xerces XML parser when it
attempts to load a DTD for validating the XML response.  I can
manually GET that resource from a browser (i.e. no 503 error), but
that doesn't really address _why_ the parser is trying to load an
_HTML_ DTD for the CAS service validation response which is XML.  I
suspect a servlet configuration problem where the /serviceValidate URI
is returning HTML instead of CAS XML.

M

--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: No principal was found in the response from the CAS server

Red Light
hi,

yu mean problem with CAS Validation Filter config ?

http://pastebin.com/f5d82eabe

and thanks

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Fwd: No principal was found in the response from the CAS server

Marvin Addison
> yu mean problem with CAS Validation Filter config ?

No.  There's evidence you are getting HTML from the CAS server when
you should be getting XML.  That sounds like a servlet-mapping problem
in your web.xml.

M

--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: No principal was found in the response from the CAS server

Red Light
Hi  Mavin,

sorry i start to abuse while those stupid question:

in my web.xml i commented all what necessary:

http://pastebin.com/m688f714

i mean i put the exact conf as the web sample application , didn't add any additionnal servlet , but still got the same issue.

and sorry again for disturbing.

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: No principal was found in the response from the CAS server

Marvin Addison
> in my web.xml i commented all what necessary:

I believe serverName in the filter definitions should be just
host:port, e.g. localhost:8443.

M

--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: No principal was found in the response from the CAS server

Red Light
Hi Marvin,

still no luck

i change  the serverName parameter like you jusggested earlier :
(i changed both serverName declation in CAS Authentication Filter and CAS Validation Filter , even when i change it only in  CAS Authentication Filter , didn't resolve the issue)

http://pastebin.com/m587a1a76

no effect  :(

and thanks


-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: No principal was found in the response from the CAS server

Marvin Addison
What happens if you attempt to validate a ticket manually?  For
example, if you choose dummy values for service and ticket and open a
browser to the service ticket validation URL, e.g.
https://localhost:8443/cas-server-webapp-3.3.5/serviceValidate?service=https://example.com&ticket=ST-127-a456DF6efsqQ85SD8QDfs4-localhost,
do you get the expected validation failure XML response?  If so, the
problem is clearly CAS client misconfiguration in which case you
should examine the requests the client is making using a Web proxy
such as WebScarab and confirm it is sending requests to the correct
URLs on the CAS server.  I'm fairly certain you're getting an HTML 404
(or similar) error page when you attempt to validate your ticket,
which would explain the parser DTD fetch errors -- you're getting 404
HTML instead of the expected XML response.

M

--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: No principal was found in the response from the CAS server

Red Light

Hi Marvin,

well when i tried this, i got 2 result:

xml reponse failure : but that's i th
ink i was testing with a previous ticket Id which was wring,

but the second i test with the current ticket Id,

http://localhost:8080/cas-server-webapp-3.3.5/serviceValidate?service=https%3A%2F%2Flocalhost%3A8443%2Fmywebapp%2Fprotected%2F&ticket=ST-26-QDyWz2MmQjCbZlibtRoS-cas

i received a positive msg with the id of the user that i entered before !

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>redlight</cas:user>
</cas:authenticationSuccess>
</cas:serviceResponse>
(where redlight was printed in the web page).


and nop didn't receive any http404 error

and thanks a lot for your time.

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: No principal was found in the response from the CAS server

Scott Battaglia-2
This is wrong:
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>http://localhost:8080/cas-server-webapp-3.3.5/login/</param-value>
        </init-param>

Its the server url prefix, not the login page.  So remove "login/"



On Mon, Jan 11, 2010 at 2:00 PM, Red Light <[hidden email]> wrote:

Hi Marvin,

well when i tried this, i got 2 result:

xml reponse failure : but that's i th
ink i was testing with a previous ticket Id which was wring,

but the second i test with the current ticket Id,

http://localhost:8080/cas-server-webapp-3.3.5/serviceValidate?service=https%3A%2F%2Flocalhost%3A8443%2Fmywebapp%2Fprotected%2F&ticket=ST-26-QDyWz2MmQjCbZlibtRoS-cas

i received a positive msg with the id of the user that i entered before !

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>redlight</cas:user>
</cas:authenticationSuccess>
</cas:serviceResponse>
(where redlight was printed in the web page).


and nop didn't receive any http404 error

and thanks a lot for your time.

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: No principal was found in the response from the CAS server

Red Light

hi

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user