81,122
社区成员
发帖
与我相关
我的任务
分享cas报错,请帮忙
在登录页面填入正确的用户名和密码就报异常,转不到成功的页面去,如果用户名密码错误的话能转到错误提示页面,这问题怎么解决呀?
异常如下:
javax.servlet.ServletException: Unable to validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://localhost:8443/cas/proxyValidate]
ticket=[ST-6-cDriGKlSaCFOeNf3DWqLyILhIDaWlpW2JG7-20]
service=[https%3A%2F%2Flocalhost%3A8443%2Fapp1%2F] renew=false]]]
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
我查了下,说是证书的问题,但我生成证书已经成功了呀,在jdk目录/jre/lib/security/cacerts文件,我用keytool列出证书时,有我生成的证书呀?
请教了!
异常如下:
javax.servlet.ServletException: Unable to validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://localhost:8443/cas/proxyValidate]
ticket=[ST-6-cDriGKlSaCFOeNf3DWqLyILhIDaWlpW2JG7-20]
service=[https%3A%2F%2Flocalhost%3A8443%2Fapp1%2F] renew=false]]]
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
我查了下,说是证书的问题,但我生成证书已经成功了呀,在jdk目录/jre/lib/security/cacerts文件,我用keytool列出证书时,有我生成的证书呀?
请教了!
...全文
请发表友善的回复…
发表回复
大漠孤烟丝 2012-01-13
- 打赏
- 举报
我也遇到了这个问题,说是serverName什么访问错误,不能用IP访问,得用域名访问啥的,你解决了吗?怎么弄的
lumengcuixiaqwer 2011-07-22
- 打赏
- 举报
在登录页面填入正确的用户名和密码就报异常,转不到成功的页面去,如果用户名密码错误的话能转到错误提示页面,这问题怎么解决呀?
异常如下:
javax.servlet.ServletException: Unable to validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://localhost:8443/cas/proxyValidate]
ticket=[ST-6-cDriGKlSaCFOeNf3DWqLyILhIDaWlpW2JG7-20]
service=[https%3A%2F%2Flocalhost%3A8443%2Fapp1%2F] renew=false]]]
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
我查了下,说是证书的问题,但我生成证书已经成功了呀,在jdk目录/jre/lib/security/cacerts文件,我用keytool列出证书时,有我生成的证书呀?
请教了!
问题解决了吗?我遇到了同样的问题,请教如何解决
异常如下:
javax.servlet.ServletException: Unable to validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://localhost:8443/cas/proxyValidate]
ticket=[ST-6-cDriGKlSaCFOeNf3DWqLyILhIDaWlpW2JG7-20]
service=[https%3A%2F%2Flocalhost%3A8443%2Fapp1%2F] renew=false]]]
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
我查了下,说是证书的问题,但我生成证书已经成功了呀,在jdk目录/jre/lib/security/cacerts文件,我用keytool列出证书时,有我生成的证书呀?
请教了!
问题解决了吗?我遇到了同样的问题,请教如何解决
zhaoyongqiangri 2010-06-02
- 打赏
- 举报
补充下,在.net 应用登录后,同一浏览器访问java应用也需要登录,而且在.net 登录后不管我之前访问的是哪个页面,总是返回default.aspx页面,而且地址栏不像jsp那样后面跟有ticket参数,但我在default.aspx中获取ticket和service的值还是有的
这是我的login.aspx.cs代码(参考官网的)
public partial class login : System.Web.UI.Page
{
// Local specific CAS host
private const string CASHOST = "https://xiaozhao:8443/cas/";
protected void Page_Load(object sender, EventArgs e)
{
System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();
// Look for the "ticket=" after the "?" in the URL
string tkt = Request.QueryString["ticket"];
// This page is the CAS service=, but discard any query string residue
string service = Request.Url.GetLeftPart(UriPartial.Path);
// First time through there is no ticket=, so redirect to CAS login
if (tkt == null || tkt.Length == 0)
{
string redir = CASHOST + "login?" +
"service=" + service;
Response.Redirect(redir);
return;
}
// Second time (back from CAS) there is a ticket= to validate
string validateurl = CASHOST + "serviceValidate?" +
"ticket=" + tkt + "&" +
"service=" + service;
Session["ticket"] = tkt;
Session["service"] = service;
StreamReader Reader = new StreamReader(new WebClient().OpenRead(validateurl));
string resp = Reader.ReadToEnd();
// I like to have the text in memory for debugging rather than parsing the stream
// Some boilerplate to set up the parse.
NameTable nt = new NameTable();
XmlNamespaceManager nsmgr = new XmlNamespaceManager(nt);
XmlParserContext context = new XmlParserContext(null, nsmgr, null, XmlSpace.None);
XmlTextReader reader = new XmlTextReader(resp, XmlNodeType.Element, context);
string netid = null;
// A very dumb use of XML. Just scan for the "user". If it isn't there, its an error.
while (reader.Read())
{
if (reader.IsStartElement())
{
string tag = reader.LocalName;
if (tag == "user")
netid = reader.ReadString();
}
}
// if you want to parse the proxy chain, just add the logic above
reader.Close();
// If there was a problem, leave the message on the screen. Otherwise, return to original page.
if (netid == null)
{
Label1.Text = "CAS returned to this application, but then refused to validate your identity.";
}
else
{
Session["UserName"] = netid;
Label1.Text = "Welcome " + netid;
FormsAuthentication.RedirectFromLoginPage(netid, false); // set netid in ASP.NET blocks
}
}
}
public class MyPolicy : ICertificatePolicy
{
public bool CheckValidationResult(
ServicePoint srvPoint
, X509Certificate certificate
, WebRequest request
, int certificateProblem)
{
//Return True to force the certificate to be accepted.
return true;
} // end CheckValidationResult
} // class MyPolicy
请问这是什么原因?
这是我的login.aspx.cs代码(参考官网的)
public partial class login : System.Web.UI.Page
{
// Local specific CAS host
private const string CASHOST = "https://xiaozhao:8443/cas/";
protected void Page_Load(object sender, EventArgs e)
{
System.Net.ServicePointManager.CertificatePolicy = new MyPolicy();
// Look for the "ticket=" after the "?" in the URL
string tkt = Request.QueryString["ticket"];
// This page is the CAS service=, but discard any query string residue
string service = Request.Url.GetLeftPart(UriPartial.Path);
// First time through there is no ticket=, so redirect to CAS login
if (tkt == null || tkt.Length == 0)
{
string redir = CASHOST + "login?" +
"service=" + service;
Response.Redirect(redir);
return;
}
// Second time (back from CAS) there is a ticket= to validate
string validateurl = CASHOST + "serviceValidate?" +
"ticket=" + tkt + "&" +
"service=" + service;
Session["ticket"] = tkt;
Session["service"] = service;
StreamReader Reader = new StreamReader(new WebClient().OpenRead(validateurl));
string resp = Reader.ReadToEnd();
// I like to have the text in memory for debugging rather than parsing the stream
// Some boilerplate to set up the parse.
NameTable nt = new NameTable();
XmlNamespaceManager nsmgr = new XmlNamespaceManager(nt);
XmlParserContext context = new XmlParserContext(null, nsmgr, null, XmlSpace.None);
XmlTextReader reader = new XmlTextReader(resp, XmlNodeType.Element, context);
string netid = null;
// A very dumb use of XML. Just scan for the "user". If it isn't there, its an error.
while (reader.Read())
{
if (reader.IsStartElement())
{
string tag = reader.LocalName;
if (tag == "user")
netid = reader.ReadString();
}
}
// if you want to parse the proxy chain, just add the logic above
reader.Close();
// If there was a problem, leave the message on the screen. Otherwise, return to original page.
if (netid == null)
{
Label1.Text = "CAS returned to this application, but then refused to validate your identity.";
}
else
{
Session["UserName"] = netid;
Label1.Text = "Welcome " + netid;
FormsAuthentication.RedirectFromLoginPage(netid, false); // set netid in ASP.NET blocks
}
}
}
public class MyPolicy : ICertificatePolicy
{
public bool CheckValidationResult(
ServicePoint srvPoint
, X509Certificate certificate
, WebRequest request
, int certificateProblem)
{
//Return True to force the certificate to be accepted.
return true;
} // end CheckValidationResult
} // class MyPolicy
请问这是什么原因?
zhaoyongqiangri 2010-06-02
- 打赏
- 举报
感谢crazylaa赐教
报告下我的进度:
java与.net都能与cas服务器端都能交互了,但发现个奇怪的问题:在java应用登录后,同一浏览器访问.net还是需要登录(我理解为它们还没能集成在一起)暂时没查到相关资料
今天cas官网貌似要迁服务器(The following Jasig services are currently unavailable as they are being migrated to a new server. The migration is scheduled to be complete by noon Wednesday June 2nd CDT. 这是官网的显示)所以也查不到资料,想请各位高人指导下思路
谢谢!
报告下我的进度:
java与.net都能与cas服务器端都能交互了,但发现个奇怪的问题:在java应用登录后,同一浏览器访问.net还是需要登录(我理解为它们还没能集成在一起)暂时没查到相关资料
今天cas官网貌似要迁服务器(The following Jasig services are currently unavailable as they are being migrated to a new server. The migration is scheduled to be complete by noon Wednesday June 2nd CDT. 这是官网的显示)所以也查不到资料,想请各位高人指导下思路
谢谢!
zhaoyongqiangri 2010-06-01
- 打赏
- 举报
佳佳好眼力哦!
hoojo 2010-05-31
- 打赏
- 举报
原来是小强的帖子啊,小强最近很忙吧!有新事做了,好好干哦!加油!!!
幻想多巴胺 2010-05-31
- 打赏
- 举报
厉害。。。。
crazylaa 2010-05-31
- 打赏
- 举报
[Quote=引用 9 楼 zhaoyongqiangri 的回复:]
上次发贴,CSDN居然在升级维护!!
谢谢kaynezhang的关注与帮助,如果客户端已经能通过CAS服务端的验证了,后面该怎么进行呢,现在没了思路,请大虾们赐教!
对了,报告下现在的项目进展:
java客户端已经能通过CAS服务端的验证,CAS服务端通过查询数据库验证用户
问题是有一个.net的项目也要通过该CAS服务端的验证,我该怎么扩展呢??
[/Quote]
cas验证就是调用服务器的一个服务而已你把它看成一个servlet就好了,要你自己去实现。
当然.net可以直接调用这个servlet的url额。。
上次发贴,CSDN居然在升级维护!!
谢谢kaynezhang的关注与帮助,如果客户端已经能通过CAS服务端的验证了,后面该怎么进行呢,现在没了思路,请大虾们赐教!
对了,报告下现在的项目进展:
java客户端已经能通过CAS服务端的验证,CAS服务端通过查询数据库验证用户
问题是有一个.net的项目也要通过该CAS服务端的验证,我该怎么扩展呢??
[/Quote]
cas验证就是调用服务器的一个服务而已你把它看成一个servlet就好了,要你自己去实现。
当然.net可以直接调用这个servlet的url额。。
zhaoyongqiangri 2010-05-31
- 打赏
- 举报
上次发贴,CSDN居然在升级维护!!
谢谢kaynezhang的关注与帮助,如果客户端已经能通过CAS服务端的验证了,后面该怎么进行呢,现在没了思路,请大虾们赐教!
对了,报告下现在的项目进展:
java客户端已经能通过CAS服务端的验证,CAS服务端通过查询数据库验证用户
问题是有一个.net的项目也要通过该CAS服务端的验证,我该怎么扩展呢??
谢谢kaynezhang的关注与帮助,如果客户端已经能通过CAS服务端的验证了,后面该怎么进行呢,现在没了思路,请大虾们赐教!
对了,报告下现在的项目进展:
java客户端已经能通过CAS服务端的验证,CAS服务端通过查询数据库验证用户
问题是有一个.net的项目也要通过该CAS服务端的验证,我该怎么扩展呢??
kaynezhang 2010-05-28
- 打赏
- 举报
你只改了view应该不影响,如果你能确定是证书的错,你可以重新创建证书再试试看,你首先要保证你的https是对的。
zhaoyongqiangri 2010-05-28
- 打赏
- 举报
[Quote=引用 4 楼 kaynezhang 的回复:]
这是验证阶段的错误,你用的是Cas1.0 Cas2.0?的规范?把cas-servlet.xml贴出来看看。
[/Quote]
没错,确实是在返回客户端访问路径时出了错
我服务端用的是cas-server-3.1.1客户端用的是cas-client-java-2.1.1
cas-servlet.xml就把default_views改成了myview_views:
<bean id="viewResolver" class="org.springframework.web.servlet.view.ResourceBundleViewResolver"
p:order="0">
<property name="basenames">
<list>
<value>${cas.viewResolver.basename}</value>
<value>myview_views</value>
</list>
</property>
</bean>
WEB-INF\view\jsp 下我建了个myview的文件夹,其它的cas.properties,myview_views.properties
我都有进行处理,这里我能保证没错,应该就是证书的问题
这是验证阶段的错误,你用的是Cas1.0 Cas2.0?的规范?把cas-servlet.xml贴出来看看。
[/Quote]
没错,确实是在返回客户端访问路径时出了错
我服务端用的是cas-server-3.1.1客户端用的是cas-client-java-2.1.1
cas-servlet.xml就把default_views改成了myview_views:
<bean id="viewResolver" class="org.springframework.web.servlet.view.ResourceBundleViewResolver"
p:order="0">
<property name="basenames">
<list>
<value>${cas.viewResolver.basename}</value>
<value>myview_views</value>
</list>
</property>
</bean>
WEB-INF\view\jsp 下我建了个myview的文件夹,其它的cas.properties,myview_views.properties
我都有进行处理,这里我能保证没错,应该就是证书的问题
bolink5 2010-05-27
- 打赏
- 举报
LZ 的头像很漂亮啊
赞个
cas没玩过,帮你顶下
赞个
cas没玩过,帮你顶下
crazylaa 2010-05-27
- 打赏
- 举报
感觉是证书配置问题,赞助顶
kaynezhang 2010-05-27
- 打赏
- 举报
这是验证阶段的错误,你用的是Cas1.0 Cas2.0?的规范?把cas-servlet.xml贴出来看看。
zhaoyongqiangri 2010-05-27
- 打赏
- 举报
只在服务端输入用户名密码是可以转到成功页面的
在客户端请示转到CAS登录页面时,输入错误的用户名密码则跳转到错误提示页面(这步没错)
当输入正确的用户名密码时就报上面的异常了
谢谢楼上两位捧场,请其他高手来指教下,先谢过了!
在客户端请示转到CAS登录页面时,输入错误的用户名密码则跳转到错误提示页面(这步没错)
当输入正确的用户名密码时就报上面的异常了
谢谢楼上两位捧场,请其他高手来指教下,先谢过了!
生活 2010-05-27
- 打赏
- 举报
我来帮忙顶一下
izard999 2010-05-27
- 打赏
- 举报
cas忘得差不多了.! 帮你顶下
