=?gb2312?B?tPC4tDogVGlja2V0RXhjZXBpdG9u?=

Fri Nov 10 08:47:02 EST 2006

3x for you reply.

¡¯m tring to access the CAS server via SSL, isn¡¯t it right?

How to enable cookie on the server side?

Sorry, I¡¯m a newbie .

  _____  

·¢¼þÈË: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] ´ú
±í Scott Battaglia
·¢ËÍÊ±¼ä: 2006Äê11ÔÂ10ÈÕ 20:41
ÊÕ¼þÈË: Yale CAS mailing list
Ö÷Ìâ: Re: TicketExcepiton

Are you attempting to access the CAS server via SSL?  Are cookies enabled?

-Scott

On 11/10/06, ÕÅÏþ·á < zhangxiaofeng at bjjdsy.com.cn
<mailto:zhangxiaofeng at bjjdsy.com.cn> > wrote:

I recently deploy a cas server in 10.100.2.6(it's hostname is rsserver). I
can login successfully to webapp1, but when I try to visit webapp2 ,I has to
login again.

I check the log, and find this error occurs every login action(it doesn't
stop login) 

Is this error message the reason why I need to login for every single
webapp?and what can I do with this problem.

2006-11-10 13:44:36,838 ERROR [org.jasig.cas.web.ServiceValidateController]
- <TicketException generating ticket for:
https://10.100.2.6:8443/contacts-cas/casProxy/receptor>

org.jasig.cas.ticket.TicketCreationException:
error.authentication.credentials.bad

        at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(
CentralAuthenticationServiceImpl.java:215)

        at
org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceVal
idateController.java:159)

        at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abstrac
tController.java:153)

        at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(Si
mpleControllerHandlerAdapter.java:45)

        at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl
et.java:798)

        at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle
t.java:728)

        at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSer
vlet.java:396)

        at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java
:350)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

        at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.j
ava:115)

        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:237)

        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:157)

        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:214)

        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)

        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

        at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContext
Valve.java:198)

        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:152)

        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)

        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137
)

        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)

        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118
)

        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:102)

        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:109)

        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)

        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

        at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)

        at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)

        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.
java:799)

        at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne
ction(Http11Protocol.java:705)

        at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.
java:577)

        at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
a:683)

        at java.lang.Thread.run(Thread.java:536)

Caused by: error.authentication.credentials.bad

        at
org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException.<
clinit>(BadCredentialsAuthenticationException.java:25)

        at
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Authenti
cationManagerImpl.java:105)

        at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(
CentralAuthenticationServiceImpl.java:194)

        ... 34 more

The following is the keystore assigned in tomcat server.xml 

Keystore type: jks

Keystore provider: SUN

Your keystore contains 1 entry

Alias name: tomcat2

Creation date: Nov 10, 2006

Entry type: keyEntry

Certificate chain length: 1

Certificate[1]:

Owner: CN=rsserver, OU=bjjdsy, O=bjjdsy, L=bj, ST=bj, C=cn

Issuer: CN=rsserver, OU=bjjdsy, O=bjjdsy, L=bj, ST=bj, C=cn

Serial number: 4553d8ab

Valid from: Fri Nov 10 09:40:59 CST 2006 until: Thu Feb 08 09:40:59 CST 2007

Certificate fingerprints:

         MD5:  A7:4F:F5:EE:82:7E:A2:23:3B:D6:E5:38:73:84:51:67

         SHA1: E7:B8:C8:98:6D:B8:06:96:E2:C7:2A:EA:DD:C3:99:D9:DE:88:06:30

The following is the keystore in jdk 

Alias name: tomcat3

Creation date: Nov 10, 2006

Entry type: trustedCertEntry

Owner: CN=rsserver, OU=bjjdsy, O=bjjdsy, L=bj, ST=bj, C=cn

Issuer: CN=rsserver, OU=bjjdsy, O=bjjdsy, L=bj, ST=bj, C=cn

Serial number: 4553d8ab

Valid from: Fri Nov 10 09:40:59 CST 2006 until: Thu Feb 08 09:40:59 CST 2007

Certificate fingerprints:

         MD5:  A7:4F:F5:EE:82:7E:A2:23:3B:D6:E5:38:73:84:51:67

         SHA1: E7:B8:C8:98:6D:B8:06:96:E2:C7:2A:EA:DD:C3:99:D9:DE:88:06:30

The acegi config 

      <bean id="casProxyTicketValidator" class="org.acegisecurity.providers.
cas.ticketvalidator.CasProxyTicketValidator">

          <property
name="casValidate"><value>https://rsserver:8443/cas/proxyValidate</value></p
roperty> 

          <property
name="proxyCallbackUrl"><value>http://rsserver:8443/contacts-cas/casProxy/re
ceptor </value></property>

          <property name="serviceProperties"><ref
bean="serviceProperties"/></property>

          <!-- <property
name="trustStore"><value>/some/path/to/your/lib/security/cacerts</value></pr
operty> -->

        </bean>

_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20061110/7077fd74/attachment-0001.html