堆栈内存溢出
  简体   繁体   English

CAS验证SAML错误

[英]CAS authentication SAML error

 原文  2012-07-27 06:17:27       java/ cas

问题描述

I am using CAS authentication in one of my applications. 我在其中一个应用程序中使用CAS身份验证。 CAS version jar is - cas-client-core-3.1.10.jar. CAS版本jar为-cas-client-core-3.1.10.jar。 While using my correct credentials it gives me the following exception - 在使用正确的凭据时,它会给我以下异常- 

org.jasig.cas.client.validation.TicketValidationException: No valid assertions from the SAML response found.
org.jasig.cas.client.validation.TicketValidationException: No valid assertions from the SAML response found.
at org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:97)
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)

Wondering what is the reason for this exception? 想知道此异常的原因是什么? While checking for the source of the Saml11TicketValidator.java I did not see the exact scenario in which this error message comes. 在检查Saml11TicketValidator.java的源时,我没有看到此错误消息出现的确切情况。 Any idea what this message indicates? 知道此消息表示什么吗?

3 个解决方案

解决方案1
 2 已采纳  2012-08-02 08:33:36

I got the solution to this problem. 我已经解决了这个问题。 The actual problem was with the clock speed on my system. 实际的问题是系统的时钟速度。 My system's current timestamp didn't fall between the BEFORE & AFTER timestamps from CAS. 我系统的当前时间戳不在CAS之前和之后的时间戳之间。 And the value of configurable parameter - 'tolerance' (provided by CAS) did not help either. 可配置参数的值-“公差”(由CAS提供)也没有帮助。 So I configured tolerance parameter to a HUGE long value (ie 75000). 因此,我将公差参数配置为一个巨大的长值(即75000)。 By this I was able to bypass the TicketValidationException thrown by CAS. 这样我就可以绕过CAS抛出的TicketValidationException。

解决方案2
 1  2017-01-18 20:05:43

To clarify munna's response, I had the same issue and resolved it by adding the tolerance parameter to the web.xml in the application that uses the CAS Client: 为了阐明munna的响应,我遇到了相同的问题,并通过在使用CAS Client的应用程序中的web.xml中添加公差参数来解决了该问题: 

<init-param>
    <!--
        Adjust to accommodate clock drift between client/server.
        Increasing tolerance has security consequences, so it is
        preferable to correct the source of clock drift instead.
    -->
    <param-name>tolerance</param-name>
    <param-value>5000</param-value>
</init-param>

For a complete example of the Saml11TicketValidationFilter see, https://wiki.jasig.org/display/CASC/Saml11TicketValidationFilter+Example . 有关Saml11TicketValidationFilter的完整示例,请参见https://wiki.jasig.org/display/CASC/Saml11TicketValidationFilter+Example

解决方案3
 0  2014-02-04 10:38:13

yes actually i have also same error...it was problem because of cas server time was diffent. 是的,实际上我也有同样的错误...这是有问题的,因为cas服务器的时间不同。

now issue resolved by setting timestamp 通过设置时间戳解决了现在的问题

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 CAS SSO 4.2.0数据库身份验证设置错误 - CAS SSO 4.2.0 Database authentication setup error 以CAS和SAML2 SSO为例 - CAS and SAML2 SSO by example Android上的Web CAS身份验证 - Web CAS authentication on Android 什么是CAS身份验证? - What is CAS authentication? CAS无需强制认证 - CAS without forcing authentication 绕过jasig CAS认证 - Bypass jasig CAS authentication 使用ADFS进行CAS委托身份验证 - CAS Delegated Authentication with ADFS Java / Scala中的CAS和SAML 2.0实现 - CAS and SAML 2.0 Implementation in Java/Scala 排除目录以使用CAS Server进行身份验证 - Exclude directory for authentication with CAS Server CAS要求对每个应用程序进行身份验证 - CAS asking authentication for each application
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM