我有2个CAS服务(CAS 6.0.3(注册(通过JSON(,带有不同的ServiceID和AuthenticationHandlers等。我可以分别对两个服务中的每一个进行认证(例如CAS/login?service = http ... service1(。但是,当我尝试访问第二个服务(CAS/login?service = http ... service2(时,我已经再次认证了另一个服务,我会收到此错误消息:
票...不匹配提供的服务。原始服务是...
是...信息:所有" ..."匹配/都是相同的服务ID弦。内部代码für错误消息是" Invalid_service"
cas认为"好吧,您已经登录了,我可以将您直接重定向到您的服务"。它甚至进行了验证,然后重定向。但是,当第二服务验证票证时,错误消息apears。
是否有允许service1和service2使用相同的" SSO上下文"/CAS-Sessions/允许在Service1登录后登录Service2?我可以在我的Service-JSON配置中使用该主题的注册ServiceProperty吗?
我已经在此页面上读取了所有内容:https://apereo.github.io/cas/6.0.x/index.html,甚至尝试搜索源code以搜索此类验证-Options ..
这些是我的日志中的最后一行,其中" trace"'级启用:
=============================================================
WHO: myuser
WHAT: ST-2-tNnqqJfwFeSSAqaQf-LBTF7AvsMLAPTOP-3DHMD58D
ACTION: SERVICE_TICKET_VALIDATE_SUCCESS
APPLICATION: CAS
WHEN: Wed May 15 11:02:14 CEST 2019
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
2019-05-15 11:02:14,965 TRACE [org.apereo.cas.validation.AbstractCasProtocolValidationSpecification] - <Is validation specification set to enforce [renew] protocol behavior? [no]. Is assertion issued from a new login? [no]>
2019-05-15 11:02:14,965 TRACE [org.apereo.cas.validation.Cas20WithoutProxyingValidationSpecification] - <Number of chained authentications in the assertion [1]>
2019-05-15 11:02:14,965 TRACE [org.apereo.cas.validation.AbstractCasProtocolValidationSpecification] - <Validation specification is satisfied by the produced assertion>
2019-05-15 11:02:14,965 TRACE [org.apereo.cas.services.AbstractServicesManager] - <No environments are assigned to service [myservice]>
2019-05-15 11:02:14,965 DEBUG [org.apereo.cas.validation.RegisteredServiceRequiredHandlersServiceTicketValidationAuthorizer] - <Evaluating service [AbstractWebApplicationService(id=https://blub.blub, originalUrl=https://blub.blub, artifactId=ST-2-tNnqqJfwFeSSAqaQf-LBTF7AvsMLAPTOP-3DHMD58D, principal=null, source=service, loggedOutAlready=false, format=XML, attributes={})] to ensure required authentication handlers can satisfy assertion>
2019-05-15 11:02:14,965 TRACE [org.apereo.cas.util.CollectionUtils] - <Converting multi-valued element [[MailboxAuthenticationHandler]]>
2019-05-15 11:02:14,966 TRACE [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:custom_messages_de] for the code [INVALID_SERVICE]>
2019-05-15 11:02:14,966 TRACE [org.apereo.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_de] for the code [INVALID_SERVICE]>
验证响应是:(错误消息在德语中,但它是相同/" invalid_service" -error(:
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationFailure code="INVALID_SERVICE">Ticket 'ST-2-tNnqqJfwFeSSAqaQf-LBTF7AvsMLAPTOP-3DHMD58D' passt nicht zum angegebenen Service. Der urspr&uuml;ngliche Service war 'https://blub.blub' und der &uuml;bermittelte Service war 'https://blub.blub'.</cas:authenticationFailure>
</cas:serviceResponse>
我找到了这种(MIS(行为的原因。它缝合说,即使这些自定义处理程序具有相同的代码/属性,也无法在不同的服务上使用不同的AuthenticationHandler。
在这种情况下," CAS"会显示更精确的错误消息(在日志中(,或者如果将其记录在某个地方时。