Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-614

INVALID_SERVICE error with Java CAS Client

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0, 3.1.0
    • Fix Version/s: 3.1.1
    • Component/s: CAS
    • Labels:
      None

      Description

      Some servlet containers attempt to do URL-based session management until a cookie is received back from the browser. This causes the CAS service URL to vary between login and validation.

      The result is the following error and an INVALID_SERVICE message being sent to the client.

      2015-02-14 16:55:05,835 - DEBUG [net.shibboleth.idp.cas.flow.ValidateTicketAction:101] - Service issued for https://beisdev.memphis.edu:443/ssomanager/c/SSB;jsessionid=T0CKTW7nYkR3jimTVMJt8Q5APfcKK_yhqO7nxQWeYkaMvJ5I1ebH!2125672019?pkg=bwpkebst.P_DispIDSelect does not match https://beisdev.memphis.edu:443/ssomanager/c/SSB?pkg=bwpkebst.P_DispIDSelect

      Subsequent requests will then work, as cookie-based session management has been fully established.

      Since CAS server 3.0.5 (2008?) the behavior has been to strip the JSESSIONID out of the URL before creating the service ticket. The relevant CAS JIRA report can be found here:

      https://issues.jasig.org/browse/CAS-360

      This problem was discussed on shin-dev with the subject "IdP v3.0.0 CAS Support".

      A patch is attached to this JIRA issue.

        Attachments

          Activity

            People

            Assignee:
            serac@vt.edu Marvin S Addison
            Reporter:
            wassa@memphis.edu Jr.
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 3 hours
                3h