1. ホーム

エラーです。CAS サーバーからの応答でプリンシパルが見つからなかった

2022-02-23 08:45:13

casシングルサインオンを行う際、データベースの接続設定も問題なく、ユーザー情報も問題なく、クライアントの設定も問題なく、シングルサインオンもうまくいくが、クライアントにジャンプバックすると、Cas20ServiceTicketValidatorクラスの以下のメソッドでエラーが報告される。
 protected final Assertion parseResponseFromServer(final String response) throws TicketValidationException {...
        final String error = XmlUtils.getTextForElement(response, "authenticationFailure");

        if (CommonUtils.isNotBlank(error)){。
            throw new TicketValidationException(error);
        }

        final String principal = XmlUtils.getTextForElement(response, "user");
        final String proxyGrantingTicketIou = XmlUtils.getTextForElement(response, "proxyGrantingTicket")です。

        final String proxyGrantingTicket;
        if (CommonUtils.isBlank(proxyGrantingTicketIou) || this.proxyGrantingTicketStorage == null) {.
            proxyGrantingTicket = null。
        } else {
            proxyGrantingTicket = this.proxyGrantingTicketStorage.retrieve(proxyGrantingTicketIou).ProxyGrantingTicket = this.proxyGrantingTicketStorage.retrieve(proxyGrantingTicketIou);
        }

        if (CommonUtils.isEmpty(principal)){。
            throw new TicketValidationException("No principal was found in response from CAS server.")。
        }

After parsing, I found that the problem was with the response return value.
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <title>CAS &#8211; Central Authentication Service</title>
    <meta name="_csrf" content=""/>
    <meta name="_csrf_header" content=""/>    
    <link rel="stylesheet" href="/css/cas.css" />
    <link rel="icon" href="/favicon.ico" type="image/x-icon" />
</head>
<body id="cas">
<div id="container">
  <header>
    <a id="logo" href="http://www.apereo.org" title="go to Apereo home page">Apereo</a>
    <h1>Central Authentication Service (CAS)</h1>
  </header>
  <div id="content">
<div id="cookiesDisabled" class="errors" style="display:none;">
    <h2>Browser cookies disabled</h2>
    <p>Your browser does not accept cookies. Single Sign On WILL NOT WORK.</p>
</div>    
    <div id="serviceui" class="serviceinfo">
        <table>
            <tr>
                <td><img src="images/webapp.png"></td>
                <td id="servicedesc">
                    <h1>HTTPS and IMAPS</h1>
                    <p>This service definition authorizes all application urls that support HTTPS and IMAPS protocols.</p>
                </td>
            </tr>
        </table>
    </div>
    <p/>
<div class="box" id="login">
    <form id="fm1" action="/login?ticket=ST-16-EGEyRb3BlMZqEWUUxJcL-cas01.example.org&amp;service=http%3A%2F%2F 2Fserver.liu.com%3A8081%2Ftest1%3Bjsessionid%3DB3C42F1109CDA8D004CE79858E53CBA1%3Bjsessionid%3DE55B13F1D64FF29DD96ED05CD7CDB73B& quot; method="post">
        <h2>Enter your Username and Password</h2>
        <section class="row">
            <label for="username"><span class="accesskey">U</span>username:</label>                                    
                                        <input id="username" name="username" class="required" tabindex="1" accesskey="u" type="text" value="" size="25" autocomplete="off"/>
                
            
        </section>
        <section class="row">
            <label for="password"><span class="accesskey">P</span>assword:</label>             
                        <input id="password" name="password" class="required" tabindex="2" accesskey="p" type="password" value="" size="25" autocomplete="off"/>
            <span id="capslock-on" style="display:none;"><p><img src="images/warning.png" valign=& quot;top"> CAPSLOCK key is turned on!</p></span>
        </section>
        <! --
        <section class="row check">
            <p>
                <input id="warn" name="warn" value="true" tabindex="3" accesskey="w" type=" checkbox" />
                <label for="warn"><span class="accesskey">W</span>warn me before logging me into other sites.</ label>
                <br/>
                <input id="publicWorkstation" name="publicWorkstation" value="false" tabindex="4" type=" ;checkbox" />
                <label for="publicWorkstation">I am at a public workstation.</label>
                </label> <br/>
                <input type="checkbox" name="rememberMe" id="rememberMe" value="true" tabindex="5"  />
                <label for="rememberMe">Remember Me</label>
            </p>
        </section>
        <section class="row btn-row">
           
            <input type="hidden&quo
There is no user return at all within the responses, which could be a problem with your server-side query user information, but the bigger problem could be that your client-side server address for cas is misconfigured.
If your server-side publishing access paths don't need to add /cas - that's this path https://server.liu.com:8443/login - then your clients can't add /cas either

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <title>CAS &#8211; Central Authentication Service</title>
    <meta name="_csrf" content=""/>
    <meta name="_csrf_header" content=""/>    
    <link rel="stylesheet" href="/css/cas.css" />
    <link rel="icon" href="/favicon.ico" type="image/x-icon" />
</head>
<body id="cas">
<div id="container">
  <header>
    <a id="logo" href="http://www.apereo.org" title="go to Apereo home page">Apereo</a>
    <h1>Central Authentication Service (CAS)</h1>
  </header>
  <div id="content">
<div id="cookiesDisabled" class="errors" style="display:none;">
    <h2>Browser cookies disabled</h2>
    <p>Your browser does not accept cookies. Single Sign On WILL NOT WORK.</p>
</div>    
    <div id="serviceui" class="serviceinfo">
        <table>
            <tr>
                <td><img src="images/webapp.png"></td>
                <td id="servicedesc">
                    <h1>HTTPS and IMAPS</h1>
                    <p>This service definition authorizes all application urls that support HTTPS and IMAPS protocols.</p>
                </td>
            </tr>
        </table>
    </div>
    <p/>
<div class="box" id="login">
    <form id="fm1" action="/login?ticket=ST-16-EGEyRb3BlMZqEWUUxJcL-cas01.example.org&amp;service=http%3A%2F%2F 2Fserver.liu.com%3A8081%2Ftest1%3Bjsessionid%3DB3C42F1109CDA8D004CE79858E53CBA1%3Bjsessionid%3DE55B13F1D64FF29DD96ED05CD7CDB73B& quot; method="post">
        <h2>Enter your Username and Password</h2>
        <section class="row">
            <label for="username"><span class="accesskey">U</span>username:</label>                                    
                                        <input id="username" name="username" class="required" tabindex="1" accesskey="u" type="text" value="" size="25" autocomplete="off"/>
                
            
        </section>
        <section class="row">
            <label for="password"><span class="accesskey">P</span>assword:</label>             
                        <input id="password" name="password" class="required" tabindex="2" accesskey="p" type="password" value="" size="25" autocomplete="off"/>
            <span id="capslock-on" style="display:none;"><p><img src="images/warning.png" valign=& quot;top"> CAPSLOCK key is turned on!</p></span>
        </section>
        <! --
        <section class="row check">
            <p>
                <input id="warn" name="warn" value="true" tabindex="3" accesskey="w" type=" checkbox" />
                <label for="warn"><span class="accesskey">W</span>warn me before logging me into other sites.</ label>
                <br/>
                <input id="publicWorkstation" name="publicWorkstation" value="false" tabindex="4" type=" ;checkbox" />
                <label for="publicWorkstation">I am at a public workstation.</label>
                </label> <br/>
                <input type="checkbox" name="rememberMe" id="rememberMe" value="true" tabindex="5"  />
                <label for="rememberMe">Remember Me</label>
            </p>
        </section>
        <section class="row btn-row">
           
            <input type="hidden&quo


There is no user return at all within the responses, which could be a problem with your server-side query user information, but the bigger problem could be that your client-side server address for cas is misconfigured.

If your server-side publishing access paths don't need to add /cas - that's this path https://server.liu.com:8443/login - then your clients can't add /cas either