I ended up having to download the source for the Jasig CAS client and implement a new ticket validator. The IP that we are using is ECAS, the European Commission's Authentication Service, and it did not support my client's permission level.
For anyone interested, or anyone who happens to be trying to connect to ECAS (.NET is not one of their supported platforms). From the .NET client in the /Validation/Schema/TicketValidator folder, you can implement something like:
namespace DotNetCasClient.Validation.TicketValidator
{
internal class ECasServiceTicketValidator : Cas20ServiceTicketValidator
{
In the CasAuthentication.cs file you need to add these snippets:
// Names for the supported ticket validators
public const string CAS10_TICKET_VALIDATOR_NAME = "Cas10";
public const string CAS20_TICKET_VALIDATOR_NAME = "Cas20";
public const string ECAS_TICKET_VALIDATOR_NAME = "ECas";
public const string SAML11_TICKET_VALIDATOR_NAME = "Saml11";
And
if (String.Compare(ticketValidatorName, CasClientConfiguration.CAS10_TICKET_VALIDATOR_NAME, true) == 0)
{
ticketValidator = new Cas10TicketValidator();
}
else if (String.Compare(ticketValidatorName, CasClientConfiguration.CAS20_TICKET_VALIDATOR_NAME, true) == 0)
{
ticketValidator = new Cas20ServiceTicketValidator();
}
else if (String.Compare(ticketValidatorName, CasClientConfiguration.ECAS_TICKET_VALIDATOR_NAME, true) == 0)
{
ticketValidator = new ECasServiceTicketValidator();
}
else if (String.Compare(ticketValidatorName, CasClientConfiguration.SAML11_TICKET_VALIDATOR_NAME, true) == 0)
{
ticketValidator = new Saml11TicketValidator();
}
Then, in the casConfigClient setting in the web.config of the website, add this:
ticketValidatorName="ECas"
Hope this helps someone out there..