遇到过两次这种情况,在此记录一下
情况一 由于Client不认SSL证书导致PKIX错误,导致验证票据失败 404
这种情况可以通过看Client项目的日志,查找报错原因,如果是PKIX SSL握手错误的话,就要手动导入SSL证书,最终保证 Client 与Server 之间能够使用HTTPS 协议通信即可。可以通过 curl 测试https 是否可用。
情况二 由于Client项目的tomcat-redis未配置导致 CAS Client无法操作session 404
这种情况很难排查,日志里什么都没有打印,最后通过打开Client 日志级别为TRACE ,发现
[TRACE]-[org.jasig.cas.client.session.SingleSignOutHandler.process(SingleSignOutHandler.java:185)] Received a token request
在这之后就没有继续了,对比正常接入的Client 打印的日志
[TRACE]-[org.jasig.cas.client.session.SingleSignOutHandler.process(SingleSignOutHandler.java:185)] Received a token request
[DEBUG]-[org.jasig.cas.client.session.SingleSignOutHandler.recordSession(SingleSignOutHandler.java:214)] Recording session for token ST-1-zQJcVHBeNOdzcEcJTuGTUx0Dsxc-gv192
[DEBUG]-[org.jasig.cas.client.session.HashMapBackedSessionMappingStorage.removeBySessionById(HashMapBackedSessionMappingStorage.java:56)] Attempting to remove Session=[455AF03E7AAB48272B9CF9737655E313]
[DEBUG]-[org.jasig.cas.client.session.HashMapBackedSessionMappingStorage.removeBySessionById(HashMapBackedSessionMappingStorage.java:64)] No mapping for session found. Ignoring.
发现是卡在了
/**
* Associates a token request with the current HTTP session by recording the mapping
* in the the configured {@link SessionMappingStorage} container.
*
* @param request HTTP request containing an authentication token.
*/
private void recordSession(final HttpServletRequest request) {
final HttpSession session = request.getSession(this.eagerlyCreateSessions);
if (session == null) {
logger.debug("No session currently exists (and none created). Cannot record session information for single sign out.");
return;
}
final String token = CommonUtils.safeGetParameter(request, this.artifactParameterName, this.safeParameters);
logger.debug("Recording session for token {}", token);
try {
this.sessionMappingStorage.removeBySessionById(session.getId());
} catch (final Exception e) {
// ignore if the session is already marked as invalid. Nothing we can do!
}
sessionMappingStorage.addSessionById(token, session);
}
中的
final HttpSession session = request.getSession(this.eagerlyCreateSessions);
处理session这里
最后通过 JAVA Remote Debug 发现 抛出异常时 redis 未配置导致的异常。