遇到過兩次這種情況,在此記錄一下
情況一 由於Client不認SSL證書導致PKIX錯誤,導致驗證票據失敗 404
這種情況可以通過看Client項目的日誌,查找報錯原因,如果是PKIX SSL握手錯誤的話,就要手動導入SSL證書,最終保證 Client 與Server 之間能夠使用HTTPS 協議通信即可。可以通過 curl 測試https 是否可用。
情況二 由於Client項目的tomcat-redis未配置導致 CAS Client無法操作session 404
這種情況很難排查,日誌裏什麼都沒有打印,最後通過打開Client 日誌級別爲TRACE ,發現
[TRACE]-[org.jasig.cas.client.session.SingleSignOutHandler.process(SingleSignOutHandler.java:185)] Received a token request
在這之後就沒有繼續了,對比正常接入的Client 打印的日誌
[TRACE]-[org.jasig.cas.client.session.SingleSignOutHandler.process(SingleSignOutHandler.java:185)] Received a token request
[DEBUG]-[org.jasig.cas.client.session.SingleSignOutHandler.recordSession(SingleSignOutHandler.java:214)] Recording session for token ST-1-zQJcVHBeNOdzcEcJTuGTUx0Dsxc-gv192
[DEBUG]-[org.jasig.cas.client.session.HashMapBackedSessionMappingStorage.removeBySessionById(HashMapBackedSessionMappingStorage.java:56)] Attempting to remove Session=[455AF03E7AAB48272B9CF9737655E313]
[DEBUG]-[org.jasig.cas.client.session.HashMapBackedSessionMappingStorage.removeBySessionById(HashMapBackedSessionMappingStorage.java:64)] No mapping for session found. Ignoring.
發現是卡在了
/**
* Associates a token request with the current HTTP session by recording the mapping
* in the the configured {@link SessionMappingStorage} container.
*
* @param request HTTP request containing an authentication token.
*/
private void recordSession(final HttpServletRequest request) {
final HttpSession session = request.getSession(this.eagerlyCreateSessions);
if (session == null) {
logger.debug("No session currently exists (and none created). Cannot record session information for single sign out.");
return;
}
final String token = CommonUtils.safeGetParameter(request, this.artifactParameterName, this.safeParameters);
logger.debug("Recording session for token {}", token);
try {
this.sessionMappingStorage.removeBySessionById(session.getId());
} catch (final Exception e) {
// ignore if the session is already marked as invalid. Nothing we can do!
}
sessionMappingStorage.addSessionById(token, session);
}
中的
final HttpSession session = request.getSession(this.eagerlyCreateSessions);
處理session這裏
最後通過 JAVA Remote Debug 發現 拋出異常時 redis 未配置導致的異常。