x509 logins

Stephen A. Cochran stephen.a.cochran at Dartmouth.EDU
Tue Jun 20 10:55:29 EDT 2006 

On Jun 20, 2006, at 9:36 AM, Scott Battaglia wrote:

> I just attempted this using Apache Tomcat 5.5.17 and Firefox using a
> certificate signed by CACert.org (and trusted by my JVM).  I had no
> issues with CAS getting and validating a certificate.
>
> At the DEBUG level, CAS should tell you whether their was a  
> certificate
> found in the request or not.  If there was not, that means Tomcat did
> not properly receive the certificate.

Nothing was showing up in the logs, but think I might ahve just found  
the missing part. Logs of the failure are below, but if I read them  
correctly, the problem is the browser had a invalid TGT (in this case  
because I had restarted tomcat), and that caused the flow to not hit  
the x509 authhandler.

If my guess is correct, this would also explain why often first thing  
in the morning or after a long time away from the computer I would  
see the error, assuming I had an expired TGT still in my browser.

All supposition, thoughts?

Steve

2006-06-20 10:51:26,879 DEBUG  
[org.jasig.cas.web.flow.TicketGrantingTicketExistsAction] - Action  
'org.jasig.cas.web.flow.TicketGrantingTicketExistsAction' beginning  
execution
2006-06-20 10:51:26,879 DEBUG  
[org.jasig.cas.web.flow.TicketGrantingTicketExistsAction] - Action  
'org.jasig.cas.web.flow.TicketGrantingTicketExistsAction' completed  
execution; result event is [Event at 9be2b5 source =  
org.jasig.cas.web.flow.TicketGrantingTicketExistsAction at 14b6b02, id =  
'ticketGrantingTicketExists', stateId = [null], parameters = [null]]
2006-06-20 10:51:26,879 DEBUG  
[org.jasig.cas.web.flow.HasServiceCheckAction] - Action  
'org.jasig.cas.web.flow.HasServiceCheckAction' beginning execution
2006-06-20 10:51:26,880 DEBUG  
[org.jasig.cas.web.flow.HasServiceCheckAction] - Action  
'org.jasig.cas.web.flow.HasServiceCheckAction' completed execution;  
result event is [Event at 40ece0 source =  
org.jasig.cas.web.flow.HasServiceCheckAction at 7f8922, id =  
'hasService', stateId = [null], parameters = [null]]
2006-06-20 10:51:26,880 DEBUG  
[org.jasig.cas.web.flow.RenewRequestCheckAction] - Action  
'org.jasig.cas.web.flow.RenewRequestCheckAction' beginning execution
2006-06-20 10:51:26,880 DEBUG  
[org.jasig.cas.web.flow.RenewRequestCheckAction] - Action  
'org.jasig.cas.web.flow.RenewRequestCheckAction' completed execution;  
result event is [Event at 1041876 source =  
org.jasig.cas.web.flow.RenewRequestCheckAction at 1e1ec86, id =  
'generateServiceTicket', stateId = [null], parameters = [null]]
2006-06-20 10:51:26,881 DEBUG  
[org.jasig.cas.web.flow.GenerateServiceTicketAction] - Action  
'org.jasig.cas.web.flow.GenerateServiceTicketAction' beginning execution
2006-06-20 10:51:26,883 DEBUG  
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to  
retrieve ticket [TGT-2-YrPewFU2jnKcTCWj4Py00oTdIRjwlgcx5Nc-50]
2006-06-20 10:51:26,884 DEBUG  
[org.jasig.cas.web.flow.GenerateServiceTicketAction] - Action  
'org.jasig.cas.web.flow.GenerateServiceTicketAction' completed  
execution; result event is [Event at 1896a4c source =  
org.jasig.cas.web.flow.GenerateServiceTicketAction at a1aa85, id =  
'error', stateId = [null], parameters = [null]]

More information about the cas mailing list