I have followed a link http://lukesampson.com/post/315838839/cas-on-windows-localhost-setup-in-5-mins, then the cas server works correctly, the login url is http://10.1.1.26:8080/login, the validate url is http://10.1.1.26:8080/serviceValidate.
Then I tested it like below:
in order to fix it, I try cas 1.0 validate url, http://10.1.1.26:8080/validate?ticket=ST-9-pJ5UDxqKIHP2zuN3JGe4-cas&service=http://10.1.1.9:8081/default.aspx, but it return "no".
Then I generate a certificate file and put it into keystore, then I tried all the above steps by using https://10.1.1.26:8443, howevery, the validation was still failed.
I changed the cas log4j configuration, to print all debug information, and below is the log
2012-02-21 13:18:36,371 DEBUG [org.springframework.web.servlet.DispatcherServlet
] - <DispatcherServlet with name 'cas' processing GET request for [/cas-server-w
ebapp-3.4.11/serviceValidate]>
2012-02-21 13:18:36,381 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandl
erMapping] - <No flow mapping found for request with URI '/cas-server-webapp-3.4
.11/serviceValidate'>
2012-02-21 13:18:36,381 DEBUG [org.springframework.web.servlet.handler.SimpleUrl
HandlerMapping] - <Mapping [/serviceValidate] to HandlerExecutionChain with hand
ler [org.jasig.cas.web.ServiceValidateController@302a4b] and 1 interceptor>
2012-02-21 13:18:36,381 DEBUG [org.springframework.web.servlet.DispatcherServlet
] - <Last-Modified value for [/cas-server-webapp-3.4.11/serviceValidate] is: -1>
2012-02-21 13:18:36,391 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
<ServiceTicket [ST-1-pqIeCRqcafGBE6idoCcd-cas] has expired.>
2012-02-21 13:18:36,391 INFO [com.github.inspektr.audit.support.Slf4jLoggingAudi
tTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: ST-1-pqIeCRqcafGBE6idoCcd-cas
ACTION: SERVICE_TICKET_VALIDATE_FAILED
APPLICATION: CAS
WHEN: Tue Feb 21 13:18:36 EST 2012
CLIENT IP ADDRESS: 10.1.1.9
SERVER IP ADDRESS: 10.1.1.26
=============================================================
What I don't understand and don't know why is from other post I saw log has something like " write service ticket to ticket registry, and retrieve service ticket ", but there is nothing about that in my log
I'm not 100% sure because I can't see your configuration, but the log says this
<ServiceTicket [ST-1-pqIeCRqcafGBE6idoCcd-cas] has expired.>
Which means that the ticket has already expired. There exists a config-file in CAS called ticketExpirationPolicies.xml which contains the times a ticket is valid. In my CAS-version the expiration period for a service ticket is set to 10000ms. Maybe the time between you step 1 and 3 is longer than the expiration setting in your file (of course) which could differ from mine
<!-- Expiration policies -->
<bean id="serviceTicketExpirationPolicy" class="org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy">
<!-- This argument is the number of times that a ticket can be used before its considered expired. -->
<constructor-arg
index="0"
value="1" />
<!-- This argument is the time a ticket can exist before its considered expired. -->
<constructor-arg
index="1"
value="10000" />
</bean>
<bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy">
<!-- This argument is the time a ticket can exist before its considered expired. -->
<constructor-arg
index="0"
value="7200000" />
</bean>
The tutorial that you follow in my opinion is not complete in its configuration settings. Depending on what you try to achieve with this CAS-server you could need some of the customization described here