Grouper Users - Open Discussion List

[Baron Fujimoto <>]

On Thu, Oct 13, 2011 at 09:17:28PM +0100, GW Brown, Information Systems and 
Computing wrote:
: --On 12 October 2011 08:17 -1000 Baron Fujimoto 
<>
 wrote:
: 
: >I'm trying to set up CAS authentication for Grouper 2.0 using Cal Poly's
: >contributed page as a reference:
: >
: ><https://spaces.internet2.edu/display/Grouper/Implementing+CAS+Authentica
: >tion+for+Grouper>
: >
: That looks like an error at the CAS side
: >
: >I don't see anything that stands out in any of the Grouper logs.
: >
: >If I subsequently reload the same UI URL, The UI displays with the URL:
: >
: ><https://our.grouper.host:8443/grouper/populateIndex.do>
: >
: >If I click on the "Log in" link, then the CAS login page that was not
: >initially seen displays as expected.  However, after entering username
: >and password credentials, I'm redirected back to a Grouper error page with
: >the URL:
: >
: ><https://our.grouper.host:8443/grouper/callLogin.do?ticket=[...]>
: >
: >and in the grouper_debug.log:
: >
: >2011-10-11 16:59:28,647: [http-0.0.0.0-8443-1] ERROR
: >ErrorFilter.doFilter(142) - < - 0D23BC2ADFFD138F05C2E5514F3019F7-0005 - -
: >- > - javax.servlet.ServletException: org.xml.sax.SAXParseException:
: >
: What version of the CAS server are you using and which 'validate'.
: Looks like you are passing several attributes back - which would not
: be supported by the 'old' casclient.jar supplied

The javax.servlet.ServletException: org.xml.sax.SAXParseException error
has been resolved.  The problem there was that I was using the
"[...]/validate" URL for validation.  I've since learned that this returns
a CAS 1.0 protocol response and that "[...]/serviceValidate" returns a
CAS 2.0 protocol response, which is what was required.  The documented
examples use "serviceValidate", so mea culpa, but perhaps it might also
be helpful to others in the future to make the distinction more explicit?

I'm still left with the problem the first time I try to load our grouper
page though:

<https://our.grouper.host:8443/grouper/>

I can see that this then tries to load

<https://our.grouper.host:8443/grouper/index.jsp>

and then goes to our CAS server

<https://our.cas.host/cas/login?service=https%3A%2F%2Four.grouper.host%3A8443%2Fgrouper%2FpopulateIndex.do&gateway=true>

where it then throws the exception.

SEVERE: Servlet.service() for servlet Login threw exception
java.lang.IllegalStateException: Cannot forward after response has been 
committed
        at 
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:312)
        at 
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
        at edu.yale.its.tp.cas.servlet.Login.doGet(Unknown Source)

Howver, if I then load the grouper page again

<https://our.grouper.host:8443/grouper/>

it loads with

<https://our.grouper.host:8443/grouper/populateIndex.do>

and if I click on the "Log in" link, it takes me to the CAS login page,
I can authenticate, and everything works as expected.  For lack of a better
descrition, it seems like some sort of bootstrapping problem.

-baron
-- 
Baron Fujimoto 
<>
 :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum