解决办法
检查客户端服务器是否正确配置CAS服务域名解析
问题复现
内网IP 配置域名CAS服务地址后,客户端单点登录验证过程中 无法跳转 异常如下:
ERROR 31112 --- [apr-8081-exec-5] org.jasig.cas.client.util.CommonUtils : Error getting response from host: [login.jxcia.com] with path: [/lyuapServer/serviceValidate] and protocol: [https] Error M
essage: 拒绝连接 (Connection refused)
java.net.ConnectException: 拒绝连接 (Connection refused)
......
ERROR 31112 --- [apr-8081-exec-5] o.s.b.w.servlet.support.ErrorPageFilter : Forwarding to error page from request [/casportal] due to exception [java.net.ConnectException: 拒绝连接 (Connection refuse
d)]
java.lang.RuntimeException: java.net.ConnectException: 拒绝连接 (Connection refused)
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:447)
at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41)
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:190)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:204)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:177)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97)
错误分析
根据错误日志追踪源码,可知问题出现在客户端回调服务端ticket 验证阶段。
报错具体路径:
org.jasig.cas.client.util.CommonUtils#getResponseFromServer(java.net.URL, org.jasig.cas.client.ssl.HttpURLConnectionFactory, java.lang.String)
可以发现回调地址规则如下:
https://CAS服务端地址/serviceValidate?ticket=XXX&service=XXX
直接浏览器访问是可达的:
在客户端应用部署服务器尝试:
改用ip再次curl 发现可达,大概知道原因了。
解决:在客户端服务器hosts文件追加域名解析信息
vim /etc/hosts
配置后如下
再次访问服务可达
单点可正常跳转,服务恢复正常