jasig-cas IRC Logs-2011-04-11

Owned by Apereo Infrastructure
Last updated: Apr 11, 2011Version comment
2 min read

[08:09:07 CDT(-0500)] <mklein21005> hey i'm still having problems authenticating with AD. Everytime i try to log in, it displays a message that says CAS is unavailable.
[08:09:27 CDT(-0500)] <mklein21005> i've checked the logs and theres nothing
[08:11:07 CDT(-0500)] <mklein21005> it didn't give me this problem when i was using fastbind but the way my system is set up I have to use normal bind
[08:13:15 CDT(-0500)] <yann2> mklein21005, what do the logs say?
[08:16:40 CDT(-0500)] <mklein21005> http://dpaste.com/530891/
[08:18:20 CDT(-0500)] <yann2> Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow seems like an error?
[08:18:36 CDT(-0500)] <yann2> never hadt his one before but sounds like if you have something declared twice?
[08:20:18 CDT(-0500)] <serac> mklein: you have an error somewhere that you're not showing.
[08:20:34 CDT(-0500)] <serac> CAS Unavailable is caused by an untrapped exception in the webapp.
[08:20:44 CDT(-0500)] <serac> You need to dig up that exception wherever it's logged.
[08:27:17 CDT(-0500)] <mklein21005> im using CAS with uPortal. Could a portlet be causing this issue?
[08:31:25 CDT(-0500)] <serac> Doubtful
[08:31:33 CDT(-0500)] <serac> This is a CAS Server application error.
[08:34:17 CDT(-0500)] <mklein21005> ok i found some errors in the localhost log
[08:34:22 CDT(-0500)] <mklein21005> http://dpaste.com/530896/
[08:35:50 CDT(-0500)] <serac> And there you go.
[08:36:01 CDT(-0500)] <serac> LDAP error 49 is invalid credentials.
[08:36:14 CDT(-0500)] <serac> If you're still using a manager/admin password with FastBind, remove it.
[08:37:00 CDT(-0500)] <serac> Also...
[08:37:23 CDT(-0500)] <serac> Looks like the "CAS Unavailable" may in fact be related to uPortal:
[08:37:23 CDT(-0500)] <serac> SEVERE: Servlet.service() for servlet UserLocale threw exception java.lang.IllegalStateException: An existing HttpSession is required while retrieving a UserInstance for a HttpServletRequest at org.jasig.portal.user.UserInstanceManagerImpl.getUserInstance(UserInstanceManagerImpl.java:116)
[11:05:10 CDT(-0500)] <yann2> been asked why sso wasnt really working, checked the cookie CAS sends: Set-Cookie CASPRIVACY=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ < doesn't sound right
[11:05:17 CDT(-0500)] <yann2> where can I set the length of a session in CAS?
[11:07:50 CDT(-0500)] <serac> SSO session expiration is controlled via server-side expiration policy. AFAIK the cookie is session-scoped and the expiration doesn't correlate with exp policy.
[11:08:12 CDT(-0500)] <serac> https://wiki.jasig.org/display/CASUM/Ticket+Expiration+Policy
[11:47:15 CDT(-0500)] <battags> if all you've got is CASPRIVACY, then you don't have the SSO cookie
[11:48:43 CDT(-0500)] <yann2> found out about my issue in the end, turns out the user had 5 pages to open automatically when firefox starts... at least 3 of them then asks for authentication directly (smile)