No principal was found in the response from the CAS server.

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

No principal was found in the response from the CAS server.

Narasimha A
Hi All,

Currently, I'm facing uPortal login issue in the cloud environment.

I have imported https certificate in server JVM. 


Below are the logins steps from starting:

1) open the URL in browser http://mydoamin.com/uPortal/Login

Clicked on the sign-in button

2)Redirected to CAS login url
https://mydomain.com/cas/login?service=https://mydomain.com/uPortal/Login

entered below credential in the login page
user name: admin
password:admin

3)After clicking on login button, it has redirected to the following URL with ticket 
https://mydomain.com/uPortal/Login?ticket=ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com

HTTP Status 403 – Forbidden


Type Status Report

Message No principal was found in the response from the CAS server.

Description The server understood the request but refuses to authorize it.




I could see the authentication success in the CAS logs and it has created service ticket in CAS server (Below are CAS application logs)

After checking the CAS seriveValidate URL, I'm getting an authentication failure error in XML. Could you please help here where I am doing wrong?

https://mydomain.com/cas/serviceValidate?service=https://mydomain.com/uPortal/Login?ticket=ST-31-SyVB6bxS1yGiXKxYPaiK-tollseu.staging.msts.com

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
	<cas:authenticationFailure code='INVALID_REQUEST'>
		&#039;service&#039; and &#039;ticket&#039; parameters are both required
	</cas:authenticationFailure>
</cas:serviceResponse>


CAS.log:
-----------

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - org.apereo.portal.cas.authentication.handler.support.PersonDirAuthenticationHandler successfully authenticated [username: admin]
2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - org.apereo.portal.cas.authentication.handler.support.PersonDirAuthenticationHandler successfully authenticated [username: admin]
2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal admin
2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal admin
2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - org.apereo.portal.cas.authentication.handler.support.PersonDirAuthenticationHandler@35b60f90 authenticated admin with credential [username: admin].
2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - org.apereo.portal.cas.authentication.handler.support.PersonDirAuthenticationHandler@35b60f90 authenticated admin with credential [username: admin].
2020-01-28 15:04:57,951 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: [username: admin]
WHAT: supplied credentials: [username: admin]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Tue Jan 28 15:04:57 GMT 2020
CLIENT IP ADDRESS: 192.168.31.2
SERVER IP ADDRESS: 192.168.24.165
=============================================================


2020-01-28 15:04:57,951 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: [username: admin]
WHAT: supplied credentials: [username: admin]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Tue Jan 28 15:04:57 GMT 2020
CLIENT IP ADDRESS: 192.168.31.2
SERVER IP ADDRESS: 192.168.24.165
=============================================================


2020-01-28 15:04:57,951 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: [username: admin]
WHAT: TGT-14-oyOEBffhhQDKl9eZuLgtj73OidPtiY2liUdKF11soO7G1bRvh6-mydomain.com
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Jan 28 15:04:57 GMT 2020
CLIENT IP ADDRESS: 192.168.31.2
SERVER IP ADDRESS: 192.168.24.165
=============================================================


2020-01-28 15:04:57,951 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: [username: admin]
WHAT: TGT-14-oyOEBffhhQDKl9eZuLgtj73OidPtiY2liUdKF11soO7G1bRvh6-mydomain.com
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Jan 28 15:04:57 GMT 2020
CLIENT IP ADDRESS: 192.168.31.2
SERVER IP ADDRESS: 192.168.24.165
=============================================================


2020-01-28 15:04:57,952 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com] for service [https://mydomain.com/uPortal/Login] for user [admin]
2020-01-28 15:04:57,952 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com] for service [https://mydomain.com/uPortal/Login] for user [admin]
2020-01-28 15:04:57,952 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: admin
WHAT: ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com for https://mydomain.com/uPortal/Login
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Jan 28 15:04:57 GMT 2020
CLIENT IP ADDRESS: 192.168.31.2
SERVER IP ADDRESS: 192.168.24.165
=============================================================


2020-01-28 15:04:57,952 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: admin
WHAT: ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com for https://mydomain.com/uPortal/Login
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Jan 28 15:04:57 GMT 2020
CLIENT IP ADDRESS: 192.168.31.2
SERVER IP ADDRESS: 192.168.24.165
=============================================================


2020-01-28 15:05:06,696 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading registered services.
2020-01-28 15:05:06,696 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading registered services.
2020-01

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/cacc2464-2f69-4152-80b9-1794ac7996e9%40apereo.org.
Reply | Threaded
Open this post in threaded view
|

RE: No principal was found in the response from the CAS server.

Andrey Postoyanets

Greetings,

 

From what I see, the CAS Service Validate URL is not being put together correctly. There should be an ampersand before the “ticket” parameter, not the question mark. This is why your CAS server sends back the INVALID_REQUEST message.

 

I.e.:

Wrong: https://mydomain.com/cas/serviceValidate?service=https://mydomain.com/uPortal/Login?ticket=ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com

Correct:  https://mydomain.com/cas/serviceValidate?service=https://mydomain.com/uPortal/Login&ticket=ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com

 

What is the version of CAS client that you use? And what is the CAS Client class that you use as a ticketValidator?

 

Thanks,

 

Andrey P, Brooklyn College

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Narasimha A
Sent: Tuesday, January 28, 2020 10:40 AM
To: uPortal Community
Subject: [uportal-user] No principal was found in the response from the CAS server.

 

CAUTION: This email is from outside BC, so examine it closely before opening attachments or clicking on links

 

Hi All,

 

Currently, I'm facing uPortal login issue in the cloud environment.

 

I have imported https certificate in server JVM. 

 

 

Below are the logins steps from starting:

 

1) open the URL in browser http://mydoamin.com/uPortal/Login

 

Clicked on the sign-in button

 

2)Redirected to CAS login url

 

entered below credential in the login page

user name: admin

password:admin

 

3)After clicking on login button, it has redirected to the following URL with ticket 

https://mydomain.com/uPortal/Login?ticket=ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com

 

HTTP Status 403 – Forbidden


Type Status Report

Message No principal was found in the response from the CAS server.

Description The server understood the request but refuses to authorize it.

 

 

 

I could see the authentication success in the CAS logs and it has created service ticket in CAS server (Below are CAS application logs)

 

After checking the CAS seriveValidate URL, I'm getting an authentication failure error in XML. Could you please help here where I am doing wrong?

 

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
        <cas:authenticationFailure code='INVALID_REQUEST'>
               &#039;service&#039; and &#039;ticket&#039; parameters are both required
        </cas:authenticationFailure>
</cas:serviceResponse>

 

 

CAS.log:

-----------

 

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - org.apereo.portal.cas.authentication.handler.support.PersonDirAuthenticationHandler successfully authenticated [username: admin]

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - org.apereo.portal.cas.authentication.handler.support.PersonDirAuthenticationHandler successfully authenticated [username: admin]

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal admin

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal admin

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - org.apereo.portal.cas.authentication.handler.support.PersonDirAuthenticationHandler@35b60f90 authenticated admin with credential [username: admin].

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - org.apereo.portal.cas.authentication.handler.support.PersonDirAuthenticationHandler@35b60f90 authenticated admin with credential [username: admin].

2020-01-28 15:04:57,951 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: [username: admin]

WHAT: supplied credentials: [username: admin]

ACTION: AUTHENTICATION_SUCCESS

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:04:57,951 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: [username: admin]

WHAT: supplied credentials: [username: admin]

ACTION: AUTHENTICATION_SUCCESS

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:04:57,951 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: [username: admin]

WHAT: TGT-14-oyOEBffhhQDKl9eZuLgtj73OidPtiY2liUdKF11soO7G1bRvh6-mydomain.com

ACTION: TICKET_GRANTING_TICKET_CREATED

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:04:57,951 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: [username: admin]

WHAT: TGT-14-oyOEBffhhQDKl9eZuLgtj73OidPtiY2liUdKF11soO7G1bRvh6-mydomain.com

ACTION: TICKET_GRANTING_TICKET_CREATED

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:04:57,952 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com] for service [https://mydomain.com/uPortal/Login] for user [admin]

2020-01-28 15:04:57,952 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com] for service [https://mydomain.com/uPortal/Login] for user [admin]

2020-01-28 15:04:57,952 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: admin

WHAT: ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com for https://mydomain.com/uPortal/Login

ACTION: SERVICE_TICKET_CREATED

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:04:57,952 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: admin

WHAT: ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com for https://mydomain.com/uPortal/Login

ACTION: SERVICE_TICKET_CREATED

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:05:06,696 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading registered services.

2020-01-28 15:05:06,696 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading registered services.

2020-01

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/4bf107dd-d367-4a15-9a8d-8b1225e590ba%40apereo.org.

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/DBCC2266F6A26A46B17855670DE3FB9602EE9C24A9%40explorer.BrooklynCollege.local.
Reply | Threaded
Open this post in threaded view
|

RE: No principal was found in the response from the CAS server.

Lauren Anderson
In reply to this post by Narasimha A

Based on the error messages, it looks like CAS is not returning a Ticket Granting Ticket (TGT) or Service Ticket (ST), likely because it’s not authorizing the user. The message “The server understood the request but refuses to authorize it” tells us this. So the request for authorization returns an empty token as the next message indicates: “No principal was found in the response from the CAS server.”

 

Check with your CAS administrator that your uPortal instance (https://my.uportal.server) is registered as an application that CAS will provide tickets to. If not, have it added.

 

See the CAS Protocol Web flow diagram to get an idea of the process flow.

 

 

Sincerely,

Lauren Anderson

Brigham Young University

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Narasimha A
Sent: Tuesday, January 28, 2020 8:40 AM
To: uPortal Community <[hidden email]>
Subject: [uportal-user] No principal was found in the response from the CAS server.

 

Hi All,

 

Currently, I'm facing uPortal login issue in the cloud environment.

 

I have imported https certificate in server JVM. 

 

 

Below are the logins steps from starting:

 

1) open the URL in browser http://mydoamin.com/uPortal/Login

 

Clicked on the sign-in button

 

2)Redirected to CAS login url

 

entered below credential in the login page

user name: admin

password:admin

 

3)After clicking on login button, it has redirected to the following URL with ticket 

https://mydomain.com/uPortal/Login?ticket=ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com

 

HTTP Status 403 – Forbidden


Type Status Report

Message No principal was found in the response from the CAS server.

Description The server understood the request but refuses to authorize it.

 

 

 

I could see the authentication success in the CAS logs and it has created service ticket in CAS server (Below are CAS application logs)

 

After checking the CAS seriveValidate URL, I'm getting an authentication failure error in XML. Could you please help here where I am doing wrong?

 

 

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
        <cas:authenticationFailure code='INVALID_REQUEST'>
               &#039;service&#039; and &#039;ticket&#039; parameters are both required
        </cas:authenticationFailure>
</cas:serviceResponse>

 

 

CAS.log:

-----------

 

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - org.apereo.portal.cas.authentication.handler.support.PersonDirAuthenticationHandler successfully authenticated [username: admin]

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - org.apereo.portal.cas.authentication.handler.support.PersonDirAuthenticationHandler successfully authenticated [username: admin]

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal admin

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal admin

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - [hidden email] authenticated admin with credential [username: admin].

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - [hidden email] authenticated admin with credential [username: admin].

2020-01-28 15:04:57,951 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: [username: admin]

WHAT: supplied credentials: [username: admin]

ACTION: AUTHENTICATION_SUCCESS

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:04:57,951 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: [username: admin]

WHAT: supplied credentials: [username: admin]

ACTION: AUTHENTICATION_SUCCESS

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:04:57,951 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: [username: admin]

WHAT: TGT-14-oyOEBffhhQDKl9eZuLgtj73OidPtiY2liUdKF11soO7G1bRvh6-mydomain.com

ACTION: TICKET_GRANTING_TICKET_CREATED

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:04:57,951 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: [username: admin]

WHAT: TGT-14-oyOEBffhhQDKl9eZuLgtj73OidPtiY2liUdKF11soO7G1bRvh6-mydomain.com

ACTION: TICKET_GRANTING_TICKET_CREATED

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:04:57,952 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com] for service [https://mydomain.com/uPortal/Login] for user [admin]

2020-01-28 15:04:57,952 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com] for service [https://mydomain.com/uPortal/Login] for user [admin]

2020-01-28 15:04:57,952 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: admin

WHAT: ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com for https://mydomain.com/uPortal/Login

ACTION: SERVICE_TICKET_CREATED

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:04:57,952 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: admin

WHAT: ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com for https://mydomain.com/uPortal/Login

ACTION: SERVICE_TICKET_CREATED

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:05:06,696 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading registered services.

2020-01-28 15:05:06,696 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading registered services.

2020-01

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/4bf107dd-d367-4a15-9a8d-8b1225e590ba%40apereo.org.

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/BYAPR08MB5590CA971B8505FB9F15A817DC040%40BYAPR08MB5590.namprd08.prod.outlook.com.
Reply | Threaded
Open this post in threaded view
|

RE: No principal was found in the response from the CAS server.

Lauren Anderson

Sorry, I didn’t read the part that the TGT is being created. How do you have access to the CAS log? Are you using the CAS that ships with uPortal or is this an enterprise version that your organization uses and you are a CAS administrator?

 

If you are using the CAS that comes with uPortal, we never tried to use it in the cloud. I wouldn’t know how to tell you to get that to work properly. We used our enterprise CAS, and installed a digital certificate with the organization (Brigham Young University) in the keychain that both CAS and uPortal belong to.

 

I hope that helps.

 

Sincerely,

Lauren

From: [hidden email] [mailto:[hidden email]] On Behalf Of Lauren Anderson
Sent: Thursday, January 30, 2020 12:30 PM
To: Narasimha A <[hidden email]>; uPortal Community <[hidden email]>
Subject: RE: [uportal-user] No principal was found in the response from the CAS server.

 

Based on the error messages, it looks like CAS is not returning a Ticket Granting Ticket (TGT) or Service Ticket (ST), likely because it’s not authorizing the user. The message “The server understood the request but refuses to authorize it” tells us this. So the request for authorization returns an empty token as the next message indicates: “No principal was found in the response from the CAS server.”

 

Check with your CAS administrator that your uPortal instance (https://my.uportal.server) is registered as an application that CAS will provide tickets to. If not, have it added.

 

See the CAS Protocol Web flow diagram to get an idea of the process flow.

 

 

Sincerely,

Lauren Anderson

Brigham Young University

 

From: [hidden email] [[hidden email]] On Behalf Of Narasimha A
Sent: Tuesday, January 28, 2020 8:40 AM
To: uPortal Community <[hidden email]>
Subject: [uportal-user] No principal was found in the response from the CAS server.

 

Hi All,

 

Currently, I'm facing uPortal login issue in the cloud environment.

 

I have imported https certificate in server JVM. 

 

 

Below are the logins steps from starting:

 

1) open the URL in browser http://mydoamin.com/uPortal/Login

 

Clicked on the sign-in button

 

2)Redirected to CAS login url

 

entered below credential in the login page

user name: admin

password:admin

 

3)After clicking on login button, it has redirected to the following URL with ticket 

https://mydomain.com/uPortal/Login?ticket=ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com

 

HTTP Status 403 – Forbidden


Type Status Report

Message No principal was found in the response from the CAS server.

Description The server understood the request but refuses to authorize it.

 

 

 

I could see the authentication success in the CAS logs and it has created service ticket in CAS server (Below are CAS application logs)

 

After checking the CAS seriveValidate URL, I'm getting an authentication failure error in XML. Could you please help here where I am doing wrong?

 

 

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
        <cas:authenticationFailure code='INVALID_REQUEST'>
               &#039;service&#039; and &#039;ticket&#039; parameters are both required
        </cas:authenticationFailure>
</cas:serviceResponse>

 

 

CAS.log:

-----------

 

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - org.apereo.portal.cas.authentication.handler.support.PersonDirAuthenticationHandler successfully authenticated [username: admin]

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - org.apereo.portal.cas.authentication.handler.support.PersonDirAuthenticationHandler successfully authenticated [username: admin]

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal admin

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - Resolved principal admin

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - [hidden email] authenticated admin with credential [username: admin].

2020-01-28 15:04:57,951 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - [hidden email] authenticated admin with credential [username: admin].

2020-01-28 15:04:57,951 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: [username: admin]

WHAT: supplied credentials: [username: admin]

ACTION: AUTHENTICATION_SUCCESS

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:04:57,951 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: [username: admin]

WHAT: supplied credentials: [username: admin]

ACTION: AUTHENTICATION_SUCCESS

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:04:57,951 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: [username: admin]

WHAT: TGT-14-oyOEBffhhQDKl9eZuLgtj73OidPtiY2liUdKF11soO7G1bRvh6-mydomain.com

ACTION: TICKET_GRANTING_TICKET_CREATED

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:04:57,951 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: [username: admin]

WHAT: TGT-14-oyOEBffhhQDKl9eZuLgtj73OidPtiY2liUdKF11soO7G1bRvh6-mydomain.com

ACTION: TICKET_GRANTING_TICKET_CREATED

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:04:57,952 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com] for service [https://mydomain.com/uPortal/Login] for user [admin]

2020-01-28 15:04:57,952 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com] for service [https://mydomain.com/uPortal/Login] for user [admin]

2020-01-28 15:04:57,952 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: admin

WHAT: ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com for https://mydomain.com/uPortal/Login

ACTION: SERVICE_TICKET_CREATED

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:04:57,952 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: admin

WHAT: ST-31-SyVB6bxS1yGiXKxYPaiK-mydomain.com for https://mydomain.com/uPortal/Login

ACTION: SERVICE_TICKET_CREATED

APPLICATION: CAS

WHEN: Tue Jan 28 15:04:57 GMT 2020

CLIENT IP ADDRESS: 192.168.31.2

SERVER IP ADDRESS: 192.168.24.165

=============================================================

 

 

2020-01-28 15:05:06,696 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading registered services.

2020-01-28 15:05:06,696 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading registered services.

2020-01

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/4bf107dd-d367-4a15-9a8d-8b1225e590ba%40apereo.org.

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/BYAPR08MB5590CA971B8505FB9F15A817DC040%40BYAPR08MB5590.namprd08.prod.outlook.com.

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/BYAPR08MB55900C91D5B254E1B04B75F2DC040%40BYAPR08MB5590.namprd08.prod.outlook.com.