Tom, The service associated with the ST is specific. The error in your logs is there because your client is trying to validate without parameters. Either the redirect from CAS to your service after login has no parameters or your service is stripping the parameters when trying to post validation. My money is on the client.
Ray On 2016-10-26 23:21, Tom Andersson wrote: > Hello, I'd like to have some clarification on this, if possible. The > issue still persists and I'm having trouble understanding if this is > the way it's supposed to work? Any opinions? > > Thank you! > Tom > > On Friday, 26 August 2016 12:00:14 UTC+3, Tom Andersson wrote: > > Hi, > > Probably it's just me, but in our CAS (4.1.4) logs we have random > errors like > > 2016-08-25 11:03:05,399 ERROR > [org.jasig.cas.CentralAuthenticationServiceImpl] - Service ticket > [ST-113-icLdxoWXyaRPKXg4ZvJC-myhost] with service > [https://something.net/whatever?param1=value1¶m2=value2 > <https://something.net/whatever?param1=value1¶m2=value2>] does > not match supplied service [https://something.net/whatever > <https://something.net/whatever>] > > I tried to investigate the cause for this and wondered why does > the service id on the ticket have the params included or is that > on purpose. > > I then found this in SimpleWebApplicationServiceImpl.java: > > public static SimpleWebApplicationServiceImpl createServiceFrom( > final HttpServletRequest request) { > ... > final String serviceToUse; > ... > } else if (StringUtils.hasText(service)) { > serviceToUse = service; > > final String id = cleanupUrl(serviceToUse); > ... > > return new SimpleWebApplicationServiceImpl(id, serviceToUse, > artifactId, "POST".equals(method) ? > Response.ResponseType.POST > : Response.ResponseType.REDIRECT); > } > > The cleanupUrl method: > > /** > * Cleanup the url. Removes jsession ids and query strings. > * > * @param url the url > * @return sanitized url. > */ > protected static String cleanupUrl(final String url) { > if (url == null) { > return null; > } > final int jsessionPosition = url.indexOf(";jsession"); > if (jsessionPosition == -1) { > return url; > } > final int questionMarkPosition = url.indexOf('?'); > if (questionMarkPosition < jsessionPosition) { > return url.substring(0, url.indexOf(";jsession")); > } > return url.substring(0, jsessionPosition) > + url.substring(questionMarkPosition); > } > > So it seems that the query parameters are never removed from the > URL if there no jsession in it. Is this on purpose? Is it so that > if a ticket is requested for service=http://xxx?yyy=zzz then the > validation can not be made against http://xxx ? > > Thanks! > Tom > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google > Groups "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/c71cd09c-cbba-4717-841a-1bff18ad7432%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c71cd09c-cbba-4717-841a-1bff18ad7432%40apereo.org?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE C023 | [email protected] -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/44ec3c2a-9529-e265-64f0-dfb5e0c71f5a%40uvic.ca.
