我成功安装了CAS4.1,并将其配置为使用Active Directory作为后端身份验证。现在的问题是,每次我尝试验证票证时CAS服务器都会抱怨票证过期。我获取和验证票证的步骤如下:
我得到了以下回应:
<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
<script/>
<cas:authenticationFailure code="INVALID_TICKET">
Ticket 'ST-3-zrjAFf1UU95NdzGmCibv-sso.domain.net' not recognized
</cas:authenticationFailure>
</cas:serviceResponse>
工单授予日志显示
2015-12-18 15:28:53,505 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted ticket [ST-3-zrjAFf1UU95NdzGmCibv-sso.domain.net] for service [https://e.domain.net/] for user [castest]>
2015-12-18 15:28:53,506 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: =============================================================
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: WHO: castest
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: WHAT: ST-3-zrjAFf1UU95NdzGmCibv-sso.domain.net for https://e.domain.net/
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: ACTION: SERVICE_TICKET_CREATED
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: APPLICATION: CAS
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: WHEN: Fri Dec 18 15:28:53 AST 2015
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: CLIENT IP ADDRESS: 10.100.25.89
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: SERVER IP ADDRESS: 10.10.12.120
Dec 18 15:28:53 mk-jas-cas-01 server[24501]: =============================================================
验证日志显示
2015-12-18 15:29:05,633 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ST-3-zrjAFf1UU95NdzGmCibv-sso.domain.net] has expired.>
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: 2015-12-18 15:29:05,635 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: =============================================================
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: WHO: audit:unknown
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: WHAT: ST-3-zrjAFf1UU95NdzGmCibv-sso.domain.net
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: ACTION: SERVICE_TICKET_VALIDATE_FAILED
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: APPLICATION: CAS
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: WHEN: Fri Dec 18 15:29:05 AST 2015
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: CLIENT IP ADDRESS: 10.100.25.89
Dec 18 15:29:05 mk-jas-cas-01 server[24501]: SERVER IP ADDRESS: 10.10.12.120
Dec 18 15:29:05 mk-jas-cas-01 server[24501]:=============================================================
我从这个StackOverflow条目中使用了相同的ticketOutirationPolicy. xml,我得到了相同的结果,我也尝试更改为根本没有过期,但得到了相同的结果我当前的ticketExirationPolicy.xml文件:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c" xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd">
<bean id="serviceTicketExpirationPolicy" class="org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy">
<!-- This argument is the number of times that a ticket can be used before its considered expired. -->
<constructor-arg
index="0"
value="1" />
<!-- This argument is the time a ticket can exist before its considered expired. -->
<constructor-arg
index="1"
value="10000" />
</bean>
<bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.NeverExpiresExpirationPolicy" />
</beans>
一个附带问题:我在哪里以及如何定义服务以充当代理?!
好吧,我通过将第二个构造函数参数从10000增加到100000来修复它
<!-- This argument is the time a ticket can exist before its considered expired. -->
<constructor-arg
index="1"
value="100000" />
