我成功安装了CAS 4.1并将其配置为使用Active Directory作为后端身份验证。现在的问题是,每次我尝试验证票证时,CAS服务器都会抱怨票证已过期。我为获取和验证票证而采取的步骤如下:
我收到以下回复:
<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
<script/>
<cas:authenticationFailure code="INVALID_TICKET">
Ticket 'ST-3-zrjAFf1UU95NdzGmCibv-sso.domain.net' not recognized
</cas:authenticationFailure>
</cas:serviceResponse>
票证授予日志显示
2015-12-18 15:28:53,505 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted ticket [ST-3-zrjAFf1UU95NdzGmCibv-sso.domain.net] for service [https://e.domain.net/] for user [castest]>
2015-12-18 15:28:53,506 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: =============================================================
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: WHO: castest
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: WHAT: ST-3-zrjAFf1UU95NdzGmCibv-sso.domain.net for https://e.domain.net/
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: ACTION: SERVICE_TICKET_CREATED
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: APPLICATION: CAS
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: WHEN: Fri Dec 18 15:28:53 AST 2015
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: CLIENT IP ADDRESS: 10.100.25.89
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: SERVER IP ADDRESS: 10.10.12.120
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: =============================================================
验证日志显示
2015-12-18 15:29:05,633 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ST-3-zrjAFf1UU95NdzGmCibv-sso.domain.net] has expired.>
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: 2015-12-18 15:29:05,635 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: =============================================================
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: WHO: audit:unknown
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: WHAT: ST-3-zrjAFf1UU95NdzGmCibv-sso.domain.net
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: ACTION: SERVICE_TICKET_VALIDATE_FAILED
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: APPLICATION: CAS
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: WHEN: Fri Dec 18 15:29:05 AST 2015
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: CLIENT IP ADDRESS: 10.100.25.89
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: SERVER IP ADDRESS: 10.10.12.120
Dec 18 15:29:05 mk-jas-cas-01 server[24501]:=============================================================
我使用了来自此StackOverflow entry的相同ticketExpirationPolicy.xml 我得到了相同的结果,我尝试也改为没有过期但得到相同的结果 我当前的ticketExpirationPolicy.xml文件:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c" xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd">
<bean id="serviceTicketExpirationPolicy" class="org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy">
<!-- This argument is the number of times that a ticket can be used before its considered expired. -->
<constructor-arg
index="0"
value="1" />
<!-- This argument is the time a ticket can exist before its considered expired. -->
<constructor-arg
index="1"
value="10000" />
</bean>
<bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.NeverExpiresExpirationPolicy" />
</beans>
一个附带问题:我在哪里以及如何定义服务以充当代理?!
答案 0 :(得分:0)
好吧,我通过将第二个构造函数参数从10000增加到100000来修复它
<!-- This argument is the time a ticket can exist before its considered expired. -->
<constructor-arg
index="1"
value="100000" />