=?gb2312?B?tPC4tDogtPC4tDogVGlja2V0RXhjZXBpdG9u?=
=?gb2312?B?1cXP/rfh?=
zhangxiaofeng at bjjdsy.com.cn
Fri Nov 10 11:57:26 EST 2006
Thanks a lot, that¡¯s the key problem.
Problem 1 is solved.
What about problem 2? Any idea?
The following is the debug info
2006-11-11 00:48:09,508 DEBUG [org.apache.commons.httpclient.HttpMethodBase]
- <Resorting to protocol version default close connection policy>
2006-11-11 00:48:09,508 DEBUG [org.apache.commons.httpclient.HttpMethodBase]
- <Should NOT close connection, using HTTP/1.1>
2006-11-11 00:48:09,509 DEBUG [org.apache.commons.httpclient.HttpConnection]
- <Releasing connection back to connection manager.>
2006-11-11 00:48:09,509 DEBUG [org.jasig.cas.authentication.handler.support.
HttpBasedServiceCredentialsAuthenticationHandler] - <Authentication failed
because returned status code was [404]>
2006-11-11 00:48:09,509 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuth
enticationHandler failed to authenticate the user which provided the
following credentials: https://rsserver:8443/contacts-cas/casProxy/receptor>
2006-11-11 00:48:09,509 ERROR [org.jasig.cas.web.ServiceValidateController]
- <TicketException generating ticket for:
https://rsserver:8443/contacts-cas/casProxy/receptor>
org.jasig.cas.ticket.TicketCreationException:
error.authentication.credentials.bad
at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(
CentralAuthenticationServiceImpl.java:215)
at
org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceVal
idateController.java:159)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abstrac
tController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(Si
mpleControllerHandlerAdapter.java:45)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl
et.java:798)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle
t.java:728)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSer
vlet.java:396)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java
:350)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.j
ava:115)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:237)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:157)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:214)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContext
Valve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:152)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137
)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118
)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:109)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.
java:799)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne
ction(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.
java:577)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
a:683)
at java.lang.Thread.run(Thread.java:536)
Caused by: error.authentication.credentials.bad
at
org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException.<
clinit>(BadCredentialsAuthenticationException.java:25)
at
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Authenti
cationManagerImpl.java:105)
at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(
CentralAuthenticationServiceImpl.java:194)
... 34 more
_____
·¢¼þÈË: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] ´ú
±í Scott Battaglia
·¢ËÍʱ¼ä: 2006Äê11ÔÂ11ÈÕ 0:48
ÊÕ¼þÈË: Yale CAS mailing list
Ö÷Ìâ: Re: ´ð¸´: TicketExcepiton
You're attempting to access CAS in an insecure manner (http vs. https). The
cookie that is sent to the browser is only sent over https.
-Scott
On 11/10/06, ÕÅÏþ·á <zhangxiaofeng at bjjdsy.com.cn> wrote:
I read some articles, and noticed that I'm encounting two problems.
1¡¢ It seems that the browser doesn't hold the TGC, every time I go to went
http://10.100.2.6/cas/login , it gives me the casLoginView.
2¡¢ the server got problems when generating PGT, and probably because of
certificate.
Any idea about the two problems.
_____
·¢¼þÈË: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] ´ú
±í Scott Battaglia
·¢ËÍʱ¼ä: 2006 Äê11ÔÂ10ÈÕ 20:41
ÊÕ¼þÈË: Yale CAS mailing list
Ö÷Ìâ: Re: TicketExcepiton
Are you attempting to access the CAS server via SSL? Are cookies enabled?
-Scott
On 11/10/06, ÕÅÏþ·á < <mailto:zhangxiaofeng at bjjdsy.com.cn>
zhangxiaofeng at bjjdsy.com.cn > wrote:
I recently deploy a cas server in 10.100.2.6(it's hostname is rsserver). I
can login successfully to webapp1, but when I try to visit webapp2 ,I has to
login again.
I check the log, and find this error occurs every login action(it doesn't
stop login)
Is this error message the reason why I need to login for every single
webapp?and what can I do with this problem.
2006-11-10 13:44:36,838 ERROR [org.jasig.cas.web.ServiceValidateController]
- <TicketException generating ticket for:
https://10.100.2.6:8443/contacts-cas/casProxy/receptor>
org.jasig.cas.ticket.TicketCreationException:
error.authentication.credentials.bad
at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(
CentralAuthenticationServiceImpl.java:215)
at
org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceVal
idateController.java:159)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abstrac
tController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(Si
mpleControllerHandlerAdapter.java:45)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl
et.java:798)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle
t.java:728)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSer
vlet.java:396)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java
:350)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.j
ava:115)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:237)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:157)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:214)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContext
Valve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:152)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137
)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118
)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:109)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.
java:799)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne
ction(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.
java:577)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
a:683)
at java.lang.Thread.run(Thread.java:536)
Caused by: error.authentication.credentials.bad
at
org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException.<
clinit>(BadCredentialsAuthenticationException.java:25)
at
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Authenti
cationManagerImpl.java:105)
at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(
CentralAuthenticationServiceImpl.java:194)
... 34 more
The following is the keystore assigned in tomcat server.xml
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: tomcat2
Creation date: Nov 10, 2006
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=rsserver, OU=bjjdsy, O=bjjdsy, L=bj, ST=bj, C=cn
Issuer: CN=rsserver, OU=bjjdsy, O=bjjdsy, L=bj, ST=bj, C=cn
Serial number: 4553d8ab
Valid from: Fri Nov 10 09:40:59 CST 2006 until: Thu Feb 08 09:40:59 CST 2007
Certificate fingerprints:
MD5: A7:4F:F5:EE:82:7E:A2:23:3B:D6:E5:38:73:84:51:67
SHA1: E7:B8:C8:98:6D:B8:06:96:E2:C7:2A:EA:DD:C3:99:D9:DE:88:06:30
The following is the keystore in jdk
Alias name: tomcat3
Creation date: Nov 10, 2006
Entry type: trustedCertEntry
Owner: CN=rsserver, OU=bjjdsy, O=bjjdsy, L=bj, ST=bj, C=cn
Issuer: CN=rsserver, OU=bjjdsy, O=bjjdsy, L=bj, ST=bj, C=cn
Serial number: 4553d8ab
Valid from: Fri Nov 10 09:40:59 CST 2006 until: Thu Feb 08 09:40:59 CST 2007
Certificate fingerprints:
MD5: A7:4F:F5:EE:82:7E:A2:23:3B:D6:E5:38:73:84:51:67
SHA1: E7:B8:C8:98:6D:B8:06:96:E2:C7:2A:EA:DD:C3:99:D9:DE:88:06:30
The acegi config
<bean id="casProxyTicketValidator" class="org.acegisecurity.providers.
cas.ticketvalidator.CasProxyTicketValidator">
<property
name="casValidate"><value>https://rsserver:8443/cas/proxyValidate</value></p
roperty>
<property
name="proxyCallbackUrl"><value>http://rsserver:8443/contacts-cas/casProxy/re
ceptor </value></property>
<property name="serviceProperties"><ref
bean="serviceProperties"/></property>
<!-- <property
name="trustStore"><value>/some/path/to/your/lib/security/cacerts</value></pr
operty> -->
</bean>
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20061111/5908017d/attachment.html
More information about the cas
mailing list