-
1. Re: CAS integration does not return to portal - Logging and Debug?
artmunro Feb 24, 2010 10:25 AM (in response to artmunro)Anyone know how to turn on more logging to see whats going on here? We are so close to finalizing the integration but the last step is missing. If we can turn on more logging we might be able to debug whats going on here but for now Im at a loss.
All steps for Gatein server are complete and integration works well to CAS with success ticket being given out.
Our CAS server is NOT co-located with the Gateing server... might be a problem in the code to process the URL
http://10.10.1.1:8888/cas/login?service=http://10.10.1.1:8080/portal/private/classic to send back to the portal.
Is this a CAS thing or a Gatein to send Browser back to the Portal?
We are running on both Ubuntu 8 and have tried CAS 3.3.4 and 3.3.5
thoughts?
-
2. Re: CAS integration does not return to portal
artmunro Feb 24, 2010 2:39 PM (in response to artmunro)ok.. Im not sure if this is linux issue or will affect Windows also but here is what i found...
in order to have CAS return to login screen you need to add a "/" in the login.jsp and the window script... see below..
<script>
<%=uicomponent.event("Close");%>
window.location = 'http://localhost:8888/cas/login?service=http://localhost:8080/portal/private/classic/';
</script>
And
<html>
<head>
<script type="text/javascript">
window.location = 'http://localhost:8888/cas/login?service=http://localhost:8080/portal/private/classic/';
</script>
</head>
<body>
</body>
</html>
now this fixes the issue to return from CAS back to the portal...
but now throwing a new error....
Feb 24, 2010 2:26:04 PM org.apache.catalina.authenticator.FormAuthenticator forwardToLoginPage
WARNING: Unexpected error forwarding to login page
javax.servlet.ServletException: org.jasig.cas.client.validation.TicketValidationException:
ticket 'ST-2-jdzloKh5pNNO7WaAiwr3-cas' does not match supplied service. The original service was 'http://10.10.10.10:8080/portal/private/classic/' and the supplied service was 'http://10.10.10.10:8080/portal/private/classic'.
at org.gatein.sso.agent.GenericSSOAgent.doGet(GenericSSOAgent.java:72)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at org.exoplatform.container.web.AbstractHttpServlet.onService(AbstractHttpServlet.java:167)
at org.exoplatform.container.web.AbstractHttpServlet.service(AbstractHttpServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
at org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage(FormAuthenticator.java:316)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:244)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
at java.lang.Thread.run(Thread.java:619)
Caused by: org.jasig.cas.client.validation.TicketValidationException:
ticket 'ST-2-jdzloKh5pNNO7WaAiwr3-cas' does not match supplied service. The original service was 'http://10.10.10.10:8080/portal/private/classic/' and the supplied service was 'http://10.10.10.10:8080/portal/private/classic'.
at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:73)
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)
at org.gatein.sso.agent.cas.CASAgent.validateTicket(CASAgent.java:72)
at org.gatein.sso.agent.GenericSSOAgent.processSSOToken(GenericSSOAgent.java:90)
at org.gatein.sso.agent.GenericSSOAgent.doGet(GenericSSOAgent.java:66)
... 21 more