=?GB2312?B?UmU6ILTwuLQ6ILTwuLQ6IFRpY2tldEV4Y2VwaXRvbg==?=
Scott Battaglia
scott.battaglia at gmail.com
Fri Nov 10 12:07:34 EST 2006
If you go to https://rsserver:8443/contacts-cas/casProxy/receptor in your
browser, what response code does it return?
-Scott
On 11/10/06, ÕÅÏþ·á <zhangxiaofeng at bjjdsy.com.cn> wrote:
>
> Thanks a lot, that's the key problem.
>
>
>
> Problem 1 is solved.
>
>
>
> What about problem 2? Any idea?
>
>
>
> The following is the debug info
>
>
>
> 2006-11-11 00:48:09,508 DEBUG [
> org.apache.commons.httpclient.HttpMethodBase] - <Resorting to protocol
> version default close connection policy>
>
> 2006-11-11 00:48:09,508 DEBUG [
> org.apache.commons.httpclient.HttpMethodBase] - <Should NOT close
> connection, using HTTP/1.1>
>
> 2006-11-11 00:48:09,509 DEBUG [
> org.apache.commons.httpclient.HttpConnection] - <Releasing connection back
> to connection manager.>
>
> 2006-11-11 00:48:09,509 DEBUG [
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler]
> - <Authentication failed because returned status code was [404]>
>
> 2006-11-11 00:48:09,509 INFO [
> org.jasig.cas.authentication.AuthenticationManagerImpl] -
> <AuthenticationHandler:
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandlerfailed to authenticate the user which provided the following credentials:
> https://rsserver:8443/contacts-cas/casProxy/receptor>
>
> 2006-11-11 00:48:09,509 ERROR [org.jasig.cas.web.ServiceValidateController]
> - <TicketException generating ticket for:
> https://rsserver:8443/contacts-cas/casProxy/receptor>
>
> org.jasig.cas.ticket.TicketCreationException:
> error.authentication.credentials.bad
>
> at
> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
> (CentralAuthenticationServiceImpl.java:215)
>
> at
> org.jasig.cas.web.ServiceValidateController.handleRequestInternal(
> ServiceValidateController.java:159)
>
> at
> org.springframework.web.servlet.mvc.AbstractController.handleRequest(
> AbstractController.java:153)
>
> at
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(
> SimpleControllerHandlerAdapter.java:45)
>
> at org.springframework.web.servlet.DispatcherServlet.doDispatch(
> DispatcherServlet.java:798)
>
> at org.springframework.web.servlet.DispatcherServlet.doService(
> DispatcherServlet.java:728)
>
> at org.springframework.web.servlet.FrameworkServlet.processRequest
> (FrameworkServlet.java:396)
>
> at org.springframework.web.servlet.FrameworkServlet.doGet(
> FrameworkServlet.java:350)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>
> at org.jasig.cas.web.init.SafeDispatcherServlet.service(
> SafeDispatcherServlet.java:115)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:237)
>
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:157)
>
> at org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:214)
>
> at org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:104)
>
> at org.apache.catalina.core.StandardPipeline.invoke(
> StandardPipeline.java:520)
>
> at org.apache.catalina.core.StandardContextValve.invokeInternal(
> StandardContextValve.java:198)
>
> at org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:152)
>
> at org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:104)
>
> at org.apache.catalina.core.StandardPipeline.invoke(
> StandardPipeline.java:520)
>
> at org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:137)
>
> at org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:104)
>
> at org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:118)
>
> at org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:102)
>
> at org.apache.catalina.core.StandardPipeline.invoke(
> StandardPipeline.java:520)
>
> at org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:109)
>
> at org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:104)
>
> at org.apache.catalina.core.StandardPipeline.invoke(
> StandardPipeline.java:520)
>
> at org.apache.catalina.core.ContainerBase.invoke(
> ContainerBase.java:929)
>
> at org.apache.coyote.tomcat5.CoyoteAdapter.service(
> CoyoteAdapter.java:160)
>
> at org.apache.coyote.http11.Http11Processor.process(
> Http11Processor.java:799)
>
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection
> (Http11Protocol.java:705)
>
> at org.apache.tomcat.util.net.TcpWorkerThread.runIt(
> PoolTcpEndpoint.java:577)
>
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> ThreadPool.java:683)
>
> at java.lang.Thread.run(Thread.java:536)
>
> Caused by: error.authentication.credentials.bad
>
> at
> org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException
> .<clinit>(BadCredentialsAuthenticationException.java:25)
>
> at
> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(
> AuthenticationManagerImpl.java:105)
>
> at
> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
> (CentralAuthenticationServiceImpl.java:194)
>
> ... 34 more
> ------------------------------
>
> *·¢¼þÈË:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] *´ú±í
> *Scott Battaglia
> *·¢ËÍʱ¼ä:* 2006Äê11ÔÂ11ÈÕ 0:48
> *ÊÕ¼þÈË:* Yale CAS mailing list
> *Ö÷Ìâ:* Re: ´ð¸´: TicketExcepiton
>
>
>
> You're attempting to access CAS in an insecure manner (http vs. https).
> The cookie that is sent to the browser is only sent over https.
>
> -Scott
>
> On 11/10/06, *ÕÅÏþ·á* <zhangxiaofeng at bjjdsy.com.cn> wrote:
>
> I read some articles, and noticed that I'm encounting two problems.
>
> 1¡¢ It seems that the browser doesn't hold the TGC, every time I go to went
> http://10.100.2.6/cas/login , it gives me the casLoginView.
>
> 2¡¢ the server got problems when generating PGT, and probably because of
> certificate.
>
>
>
> Any idea about the two problems.
>
>
> ------------------------------
>
> *·¢¼þÈË:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] *´ú±í
> *Scott Battaglia
> *·¢ËÍʱ¼ä:* 2006 Äê11ÔÂ10ÈÕ 20:41
> *ÊÕ¼þÈË:* Yale CAS mailing list
> *Ö÷Ìâ:* Re: TicketExcepiton
>
>
>
> Are you attempting to access the CAS server via SSL? Are cookies enabled?
>
> -Scott
>
> On 11/10/06, *ÕÅÏþ·á* < zhangxiaofeng at bjjdsy.com.cn > wrote:
>
> I recently deploy a cas server in 10.100.2.6(it's hostname is rsserver). I
> can login successfully to webapp1, but when I try to visit webapp2 ,I has to
> login again.
>
> I check the log, and find this error occurs every login action(it doesn't
> stop login)
>
> Is this error message the reason why I need to login for every single
> webapp?and what can I do with this problem.
>
>
>
> 2006-11-10 13:44:36,838 ERROR [org.jasig.cas.web.ServiceValidateController]
> - <TicketException generating ticket for:
> https://10.100.2.6:8443/contacts-cas/casProxy/receptor>
>
> org.jasig.cas.ticket.TicketCreationException:
> error.authentication.credentials.bad
>
> at
> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
> (CentralAuthenticationServiceImpl.java:215)
>
> at
> org.jasig.cas.web.ServiceValidateController.handleRequestInternal(
> ServiceValidateController.java:159)
>
> at
> org.springframework.web.servlet.mvc.AbstractController.handleRequest(
> AbstractController.java:153)
>
> at
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(
> SimpleControllerHandlerAdapter.java:45)
>
> at org.springframework.web.servlet.DispatcherServlet.doDispatch(
> DispatcherServlet.java:798)
>
> at org.springframework.web.servlet.DispatcherServlet.doService(
> DispatcherServlet.java:728)
>
> at org.springframework.web.servlet.FrameworkServlet.processRequest
> (FrameworkServlet.java:396)
>
> at org.springframework.web.servlet.FrameworkServlet.doGet(
> FrameworkServlet.java:350)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>
> at org.jasig.cas.web.init.SafeDispatcherServlet.service(
> SafeDispatcherServlet.java:115)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:237)
>
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:157)
>
> at org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:214)
>
> at org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:104)
>
> at org.apache.catalina.core.StandardPipeline.invoke(
> StandardPipeline.java:520)
>
> at org.apache.catalina.core.StandardContextValve.invokeInternal(
> StandardContextValve.java:198)
>
> at org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:152)
>
> at org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:104)
>
> at org.apache.catalina.core.StandardPipeline.invoke(
> StandardPipeline.java:520)
>
> at org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:137)
>
> at org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:104)
>
> at org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:118)
>
> at org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:102)
>
> at org.apache.catalina.core.StandardPipeline.invoke(
> StandardPipeline.java:520)
>
> at org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:109)
>
> at org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:104)
>
> at org.apache.catalina.core.StandardPipeline.invoke(
> StandardPipeline.java:520)
>
> at org.apache.catalina.core.ContainerBase.invoke(
> ContainerBase.java:929)
>
> at org.apache.coyote.tomcat5.CoyoteAdapter.service(
> CoyoteAdapter.java:160)
>
> at org.apache.coyote.http11.Http11Processor.process(
> Http11Processor.java:799)
>
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection
> (Http11Protocol.java:705)
>
> at org.apache.tomcat.util.net.TcpWorkerThread.runIt(
> PoolTcpEndpoint.java:577)
>
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> ThreadPool.java:683)
>
> at java.lang.Thread.run(Thread.java:536)
>
> Caused by: error.authentication.credentials.bad
>
> at
> org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException
> .<clinit>(BadCredentialsAuthenticationException.java:25)
>
> at
> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(
> AuthenticationManagerImpl.java:105)
>
> at
> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
> (CentralAuthenticationServiceImpl.java:194)
>
> ... 34 more
>
>
>
> The following is the keystore assigned in tomcat server.xml
>
>
>
> Keystore type: jks
>
> Keystore provider: SUN
>
>
>
> Your keystore contains 1 entry
>
>
>
> Alias name: tomcat2
>
> Creation date: Nov 10, 2006
>
> Entry type: keyEntry
>
> Certificate chain length: 1
>
> Certificate[1]:
>
> Owner: CN=rsserver, OU=bjjdsy, O=bjjdsy, L=bj, ST=bj, C=cn
>
> Issuer: CN=rsserver, OU=bjjdsy, O=bjjdsy, L=bj, ST=bj, C=cn
>
> Serial number: 4553d8ab
>
> Valid from: Fri Nov 10 09:40:59 CST 2006 until: Thu Feb 08 09:40:59 CST
> 2007
>
> Certificate fingerprints:
>
> MD5: A7:4F:F5:EE:82:7E:A2:23:3B:D6:E5:38:73:84:51:67
>
> SHA1: E7:B8:C8:98:6D:B8:06:96:E2:C7:2A:EA:DD:C3:99:D9:DE:88:06:30
>
>
>
> The following is the keystore in jdk
>
> Alias name: tomcat3
>
> Creation date: Nov 10, 2006
>
> Entry type: trustedCertEntry
>
>
>
> Owner: CN=rsserver, OU=bjjdsy, O=bjjdsy, L=bj, ST=bj, C=cn
>
> Issuer: CN=rsserver, OU=bjjdsy, O=bjjdsy, L=bj, ST=bj, C=cn
>
> Serial number: 4553d8ab
>
> Valid from: Fri Nov 10 09:40:59 CST 2006 until: Thu Feb 08 09:40:59 CST
> 2007
>
> Certificate fingerprints:
>
> MD5: A7:4F:F5:EE:82:7E:A2:23:3B:D6:E5:38:73:84:51:67
>
> SHA1: E7:B8:C8:98:6D:B8:06:96:E2:C7:2A:EA:DD:C3:99:D9:DE:88:06:30
>
>
>
> The acegi config
>
> <bean id="casProxyTicketValidator" class="
> org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
>
> <property name="casValidate"><value>
> https://rsserver:8443/cas/proxyValidate</value></property>
>
> <property name="proxyCallbackUrl"><value>http://rsserver:8443/contacts-cas/casProxy/receptor
> </value></property>
>
> <property name="serviceProperties"><ref
> bean="serviceProperties"/></property>
>
> <!-- <property
> name="trustStore"><value>/some/path/to/your/lib/security/cacerts</value></property>
> -->
>
> </bean>
>
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20061110/a9b51047/attachment-0001.html
More information about the cas
mailing list