Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] CAS authentication for Grouper

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] CAS authentication for Grouper

Chronological Thread 
  • From: Baron Fujimoto <>
  • To:
  • Subject: Re: [grouper-users] CAS authentication for Grouper
  • Date: Wed, 19 Oct 2011 15:47:39 -1000

On Thu, Oct 13, 2011 at 09:17:28PM +0100, GW Brown, Information Systems and
Computing wrote:
: --On 12 October 2011 08:17 -1000 Baron Fujimoto
: >I'm trying to set up CAS authentication for Grouper 2.0 using Cal Poly's
: >contributed page as a reference:
: >
: ><
: >tion+for+Grouper>
: >
: That looks like an error at the CAS side
: >
: >I don't see anything that stands out in any of the Grouper logs.
: >
: >If I subsequently reload the same UI URL, The UI displays with the URL:
: >
: ><>
: >
: >If I click on the "Log in" link, then the CAS login page that was not
: >initially seen displays as expected. However, after entering username
: >and password credentials, I'm redirected back to a Grouper error page with
: >the URL:
: >
: ><[...]>
: >
: >and in the grouper_debug.log:
: >
: >2011-10-11 16:59:28,647: [http-] ERROR
: >ErrorFilter.doFilter(142) - < - 0D23BC2ADFFD138F05C2E5514F3019F7-0005 - -
: >- > - javax.servlet.ServletException: org.xml.sax.SAXParseException:
: >
: What version of the CAS server are you using and which 'validate'.
: Looks like you are passing several attributes back - which would not
: be supported by the 'old' casclient.jar supplied

The javax.servlet.ServletException: org.xml.sax.SAXParseException error
has been resolved. The problem there was that I was using the
"[...]/validate" URL for validation. I've since learned that this returns
a CAS 1.0 protocol response and that "[...]/serviceValidate" returns a
CAS 2.0 protocol response, which is what was required. The documented
examples use "serviceValidate", so mea culpa, but perhaps it might also
be helpful to others in the future to make the distinction more explicit?

I'm still left with the problem the first time I try to load our grouper
page though:


I can see that this then tries to load


and then goes to our CAS server


where it then throws the exception.

SEVERE: Servlet.service() for servlet Login threw exception
java.lang.IllegalStateException: Cannot forward after response has been
at Source)

Howver, if I then load the grouper page again


it loads with


and if I click on the "Log in" link, it takes me to the CAS login page,
I can authenticate, and everything works as expected. For lack of a better
descrition, it seems like some sort of bootstrapping problem.

Baron Fujimoto
:: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum

Archive powered by MHonArc 2.6.16.

Top of Page