Jen, What kind of control do you have over the client application?
It is odd that GLMSSESSIONID is sent as a parameter rather than being stored in a cookie, but stranger things have happened. What does your service entry look like? We have some entries that end in a fixed pattern and some that end with .* It has been a while since I encountered this error and I am not sure if changes to the service entry will affect the result. Ray On Tue, 2019-01-08 at 08:33 -0800, Jennifer LaVoie wrote: here is the complete error I get org.jasig.cas.client.validation.TicketValidationException: org.opensaml.SAMLException: Ticket 'ST-68-Ym0B6A15gcil-QfPnLUps5D8Zt8-cas3-test' does not match supplied service. The original service was 'https://travel-test.host.edu:4443/tvlexp/index.htm;GLMSSESSIONID=NUwuSWilRK-4UvO5dzEvnCinKPmZgMxDmvRnbuoSFXSp7uuseQk-!304726366' and the supplied service was 'https://travel-test.host.edu:4443/tvlexp/index.htm'. at org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:93) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188) at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60) at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60) at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:99) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3748) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3714) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2283) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2182) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1499) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263) at weblogic.work.ExecuteThread.run(ExecuteThread.java:221) Caused by: org.opensaml.SAMLException: Ticket 'ST-68-Ym0B6A15gcil-QfPnLUps5D8Zt8-cas3-test' does not match supplied service. The original service was 'https://travel-test.host.edu:4443/tvlexp/index.htm;GLMSSESSIONID=NUwuSWilRK-4UvO5dzEvnCinKPmZgMxDmvRnbuoSFXSp7uuseQk-!304726366' and the supplied service was 'https://travel-test.host.edu:4443/tvlexp/index.htm'. at org.opensaml.SAMLException.getInstance(Unknown Source) at org.opensaml.SAMLResponse.fromDOM(Unknown Source) at org.opensaml.SAMLResponse.(Unknown Source) at org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:48) On Tuesday, January 8, 2019 at 2:35:58 AM UTC-5, alberto wrote: On Tue, 8 Jan 2019 00:50:10 +0000 Ray Bon <[email protected]<javascript:>> wrote: > Jen, > > The ST is being validated against a URL with GLMSSESSIONID... but > this was not present with the log in request (the 2 need to match). > Change the CAS client to not send GLMS... or send it with the log > in request. > > Or maybe change the service registry id to something like > https://travel.host.com:4447/tvlexp/tvlexp-flex/.* (memory may be > rusty here). Hi, I don't think this will work: when service registry URL doesn't match the supplied URL, the error message is different (something like "you are not authorized to use CAS"). Greetings, -- Alberto Cabello Sánchez Servicio de Informática Universidad de Extremadura -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1546968451.5350.29.camel%40uvic.ca.
