Problem with CAS renew re-authentication

p1995s p1995s at yahoo.com
Tue Mar 24 11:59:38 EDT 2020 

We have a CAS client that we try to setup using the renew parameter to force
a re-auth.  The IDP will prompt for re-auth but after entering login
credentials will fail.
If renew parameter is set to false the authentication is working.
In the idp logs we see the following:

2020-03-23 15:26:48,620 - 172.20.6.33 - DEBUG
[net.shibboleth.idp.cas.flow.impl.ValidateTicketAction:92] - Attempting to
validate
ST-AADXGZLDOJSXIMKVZMUYG2CTZZJWA2N7TSRVM2HXTJ6YNGONX5TSRMVNGOH55OE2XGSP4KV3BRJKY7TZGXKYAAMJOJLMUQVXK3Z7CF23S27CRLOSWUUFDAALZKZN7AWOBGM6AVYHDN4SLEM6KQUXLUH26MDX76JYFNQGMXXXW4VRCVZTJ5EU3AZYWPF3EV3CTN3S6ZXNYVZFRTDOH2MEZMTDIKFIDJHIABF25M77OU2EDBGXSWA3IVTSLVGVU6LV2YDNFGUUEW2FVEH4IGNX2ILREWIMPUGYTA6MMI53EYCXTALOTTRXODE3BAPYEPHPQHSAARLDPQ6LLPCDNMDXRWEFFLTJ7FMDT6LLNEJGP4DSFMN3QOP7OYECOZPRLHCCKHPHILTFN5HOQCER4EILG4MYMY------
2020-03-23 15:26:48,621 - 172.20.6.33 - DEBUG
[net.shibboleth.idp.cas.flow.impl.ValidateTicketAction:101] - Found and
removed
ST-AADXGZLDOJSXIMKVZMUYG2CTZZJWA2N7TSRVM2HXTJ6YNGONX5TSRMVNGOH55OE2XGSP4KV3BRJKY7TZGXKYAAMJOJLMUQVXK3Z7CF23S27CRLOSWUUFDAALZKZN7AWOBGM6AVYHDN4SLEM6KQUXLUH26MDX76JYFNQGMXXXW4VRCVZTJ5EU3AZYWPF3EV3CTN3S6ZXNYVZFRTDOH2MEZMTDIKFIDJHIABF25M77OU2EDBGXSWA3IVTSLVGVU6LV2YDNFGUUEW2FVEH4IGNX2ILREWIMPUGYTA6MMI53EYCXTALOTTRXODE3BAPYEPHPQHSAARLDPQ6LLPCDNMDXRWEFFLTJ7FMDT6LLNEJGP4DSFMN3QOP7OYECOZPRLHCCKHPHILTFN5HOQCER4EILG4MYMY------/8ce34ad2fb1b4ac15ef9bb031b83ddd99cc5041bde951964fb236b0b455da9ea
from ticket store
2020-03-23 15:26:48,621 - 172.20.6.33 - INFO
[net.shibboleth.idp.cas.flow.impl.ValidateTicketAction:117] - Successfully
validated
ST-AADXGZLDOJSXIMKVZMUYG2CTZZJWA2N7TSRVM2HXTJ6YNGONX5TSRMVNGOH55OE2XGSP4KV3BRJKY7TZGXKYAAMJOJLMUQVXK3Z7CF23S27CRLOSWUUFDAALZKZN7AWOBGM6AVYHDN4SLEM6KQUXLUH26MDX76JYFNQGMXXXW4VRCVZTJ5EU3AZYWPF3EV3CTN3S6ZXNYVZFRTDOH2MEZMTDIKFIDJHIABF25M77OU2EDBGXSWA3IVTSLVGVU6LV2YDNFGUUEW2FVEH4IGNX2ILREWIMPUGYTA6MMI53EYCXTALOTTRXODE3BAPYEPHPQHSAARLDPQ6LLPCDNMDXRWEFFLTJ7FMDT6LLNEJGP4DSFMN3QOP7OYECOZPRLHCCKHPHILTFN5HOQCER4EILG4MYMY------
for https://appnavu.wheaton.edu/applicationNavigator/login/cas
2020-03-23 15:26:48,622 - 172.20.6.33 - DEBUG
[net.shibboleth.idp.cas.flow.impl.ValidateRenewAction:60] - Renew=true
requested at validation time but ticket not issued with renew=true.
2020-03-23 15:26:48,631 - 172.20.6.33 - WARN
[org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event
occurred while processing the request: TicketNotFromRenew
2020-03-23 15:26:48,651 - 172.20.6.33 - INFO [Shibboleth-Audit.SSO:275] -
20200323T202648Z|||https://appnavu.wheaton.edu/applicationNavigator/login/cas|https://www.apereo.org/cas/protocol/serviceValidate||||||||ST-AADXGZLDOJSXIMKVZMUYG2CTZZJWA2N7TSRVM2HXTJ6YNGONX5TSRMVNGOH55OE2XGSP4KV3BRJKY7TZGXKYAAMJOJLMUQVXK3Z7CF23S27CRLOSWUUFDAALZKZN7AWOBGM6AVYHDN4SLEM6KQUXLUH26MDX76JYFNQGMXXXW4VRCVZTJ5EU3AZYWPF3EV3CTN3S6ZXNYVZFRTDOH2MEZMTDIKFIDJHIABF25M77OU2EDBGXSWA3IVTSLVGVU6LV2YDNFGUUEW2FVEH4IGNX2ILREWIMPUGYTA6MMI53EYCXTALOTTRXODE3BAPYEPHPQHSAARLDPQ6LLPCDNMDXRWEFFLTJ7FMDT6LLNEJGP4DSFMN3QOP7OYECOZPRLHCCKHPHILTFN5HOQCER4EILG4MYMY------|
2020-03-23 15:26:48,660 - 172.20.6.33 - DEBUG
[net.shibboleth.idp.saml.profile.impl.SpringAwareMessageEncoderFactory:100]
- Looking up message encoder based on binding URI:
urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding
2020-03-23 15:26:48,685 - 172.20.6.33 - DEBUG [PROTOCOL_MESSAGE:70] - 
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Body>
        <saml1p:Response IssueInstant="2020-03-23T20:26:48.653Z"
            MajorVersion="1" MinorVersion="1"
           
ResponseID="ST-AADXGZLDOJSXIMKVZMUYG2CTZZJWA2N7TSRVM2HXTJ6YNGONX5TSRMVNGOH55OE2XGSP4KV3BRJKY7TZGXKYAAMJOJLMUQVXK3Z7CF23S27CRLOSWUUFDAALZKZN7AWOBGM6AVYHDN4SLEM6KQUXLUH26MDX76JYFNQGMXXXW4VRCVZTJ5EU3AZYWPF3EV3CTN3S6ZXNYVZFRTDOH2MEZMTDIKFIDJHIABF25M77OU2EDBGXSWA3IVTSLVGVU6LV2YDNFGUUEW2FVEH4IGNX2ILREWIMPUGYTA6MMI53EYCXTALOTTRXODE3BAPYEPHPQHSAARLDPQ6LLPCDNMDXRWEFFLTJ7FMDT6LLNEJGP4DSFMN3QOP7OYECOZPRLHCCKHPHILTFN5HOQCER4EILG4MYMY------"
xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol">
            <saml1p:Status>
                <saml1p:StatusCode Value="INVALID_TICKET"
xmlns="http://www.ja-sig.org/products/cas/"/>
               
<saml1p:StatusMessage>E_TICKET_NOT_FROM_RENEW</saml1p:StatusMessage>
            </saml1p:Status>
        </saml1p:Response>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

2020-03-23 15:26:48,695 - 172.20.6.33 - DEBUG
[net.shibboleth.idp.profile.impl.RecordResponseComplete:89] - Profile Action
RecordResponseComplete: Record response complete

Any suggestions?
Please help.

Thanks,
Paul




--
Sent from: https://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html

More information about the users mailing list