not recognized cas ticket

single-sign-on cas
10,926

The way that cas validates tickets is:

  1. Your client (or the other web app) requests a ticket from the relay server for a particular service, for example case http%3A%2F%2Fwww.mywebapp.com
  2. The cas server generates a row that stores the user's ssoguid, the service and the ticket. It returns the ticket to the client (or other web app)
  3. The client (or other webapp) sends the ticket to your server
  4. Your server then sends a request to the serviceValidate endpoint of the cas server with the ticket and the service, http%3A%2F%2Fmywebapp.com
  5. The cas server uses the ticket and service pair to find the row it generated. If it finds the row it: a) checks to see if the service is real by sending a request to that url b) deletes the row to invalidate the ticket after this validation check c) it returns the user attached to the ticket to your server. Now the ticket can not be validated again.

The problem you are experiencing could arise for several reasons:

  1. The ticket has already been validated (I don't think that is the case for you)
  2. The service you send when generating the ticket is different to the service you send to the serviceValidate endpoint (they have to be identical). (I would guess that this is the problem you are experiencing, especially if another webapp generated the ticket. The cas server would have http%3A%2F%2Fotherwebapp.com on file but would be trying to find a row with http%3A%2F%2Fmywebapp.com, which doesn't exist because you didn't create it)
  3. The service sent can not be contacted by the relay server (I'm not exactly sure of the details about how this works or exactly when the check it done but it is recommended that you use a service that can be contacted)
Share:
10,926
Admin
Author by

Admin

Updated on June 14, 2022

Comments

  • Admin
    Admin about 2 years

    I have a REST api in my web application where I get cas ticket generated by another webapp.

    That webapp intern use cas20proxyticketvalidator to validate the ticket. Therefore, I also use Cas20ProxyTicketValidator in my custom filter to validate the ticket.

    But it always give me following error:

    ticket = ST-148008-jWXKeEdHkxmuktvYqXF6-cas
org.jasig.cas.client.validation.TicketValidationException:
                ticket 'ST-148008-jWXKeEdHkxmuktvYqXF6-cas' not recognized

        at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidat
or.java:86)
        at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java
:217)

    Why my ticket is not recognized?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

JASIG CAS: single sign out not working
CAS service ticket validate failed
CAS vs. SAML vs. OAuth2
SSO with CAS or OAuth?
What is the relation between CAS vs SAML?
Sample cypress script to bypass SSO
How to integrate Azure AD SSO in flutter app
Application Not Authorized to Use CAS The application you attempted to authenticate to is not authorized to use CAS
What's the difference between AWS SSO and AWS Cognito?
How to get Service Token from Kerberos using SSPI