CAS 3.0.5 proxy problem
Maja Wolniewicz
Maja.Wolniewicz at uni.torun.pl
Fri Sep 22 06:54:23 EDT 2006
It seems that it is not active:
<property name="authenticationHandlers">
<list>
<!--
| This is the authentication
handler that authenticates services by means of callback via SSL,
thereby validating
| a server side SSL certificate.
+-->
<!-- <bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
/>
-->
<!--
| This is the authentication
handler declaration that every CAS deployer will need to change before
deploying CAS
| into production. The default
SimpleTestUsernamePasswordAuthenticationHandler authenticates
UsernamePasswordCredentials
| where the username equals the
password. You will need to replace this with an AuthenticationHandler
that implements your
| local authentication
strategy. You might accomplish this by coding a new such handler and
declaring
|
edu.someschool.its.cas.MySpecialHandler here, or you might use one of
the handlers provided in the adaptors modules.
+-->
<!--
<bean
class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler"
/>
-->
<bean
class="pl.umk.cas.authentication.handler.support.LDAPAuthenticationHandler"
/>
</list>
</property>
Maja
Scott Battaglia napisał(a):
> By any chance did you remove any
> HttpBasedCredentialsAuthenticationHandler from the
> deployerConfigContext.xml?
>
> -Scott
>
> On 9/22/06, *Maja Wolniewicz* <Maja.Wolniewicz at uni.torun.pl
> <mailto:Maja.Wolniewicz at uni.torun.pl>> wrote:
>
> But while running under 3.0.4 I'm geting a ticket with ST prefix
> as well....
> Maja
> Henrik Genssen napisał(a):
>> Hi,
>>
>> they changed the beginning of the tickets from the proxy-tickets from PT to ST and phpCAS does not deal with this correct.
>> You can change that back in CAS or fix phpCAS...
>>
>> regards
>>
>> Hinnack
>>
>>
>>
>>
>>> reply to message:
>>> date: 22.09.2006 10:58:07
>>> from: "Maja Wolniewicz" <Maja.Wolniewicz at uni.torun.pl>
>>> <mailto:Maja.Wolniewicz at uni.torun.pl>
>>> to: cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>>> subject: CAS 3.0.5 proxy problem
>>>
>>> Recently I have installed a CAS server version 3.0.5.
>>> All CASified applications acting as CAS client are running smoothly, but
>>> unfortunately all proxy CAS applications refuse to work. We are using
>>> phpCAS as CAS clients. First I thought that it is caused by the problem
>>> in phpCAS libraries, you discussed on the list (on August, with the
>>> subject 'proxy use'), but now I'm not sure...
>>> I have a simple example:
>>> <?php
>>> include_once("./CAS/CAS.php");
>>> include_once("./CAS/client.php");
>>> phpCAS::setDebug("/tmp/mgw.log");
>>> phpCAS::proxy(CAS_VERSION_2_0,'
>>> login.umk.pl <http://login.umk.pl>',8443,'');
>>> phpCAS::forceAuthentication();
>>> $username=phpCAS::getUser();
>>> echo $username;
>>> ?>
>>> which doesn't work with CAS 3.0.5.
>>>
>>> After thorough investigations it appears that CAS server doesn't
>>>
>>> response with proxy callback. It receives serviceValidate request with
>>> pgtURL set,
>>> but doesn't respond with URL callback. The callback URL is HTTPS and the
>>> SSL certificate is valid (as the CAS protocol requires). The same
>>>
>>> example running under the same Tomcat and CAS version 3.0.4 has no
>>> problems at all.
>>> In the catalina.out (under 3.0.5) I've found the following error, which
>>> I suspect to be the culprit:
>>>
>>> 2006-09-21 16:21:25,489 INFO
>>>
>>> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
>>> <AuthenticationHandler:
>>> pl.umk.cas.authentication.handler.support.LDAPAuthenticationHandler
>>> successfully authenticated the user which provided the following
>>>
>>> credentials: mgw at umk.pl <mailto:mgw at umk.pl>>
>>> 2006-09-21 16:21:25,491 INFO
>>> [org.jasig.cas.CentralAuthenticationServiceImpl] -
>>>
>>> <Granted service ticket [ST-14-gz20yzZ74fejTqCUFJILgtSM94sGRfb4fbT-20]
>>> for service [https://serwisy.umk.pl/mgw/mgw.php
>>> <https://serwisy.umk.pl/mgw/mgw.php>] for user [mgw at umk.pl <mailto:mgw at umk.pl>]>
>>> 2006-09-21 16:21:25,620 ERROR
>>> [org.jasig.cas.web.ServiceValidateController] - <TicketException
>>>
>>> generating ticket for: https://serwisy.umk.pl/mgw/mgw.php>
>>> org.jasig.cas.ticket.TicketCreationException
>>> :
>>> error.authentication.credentials.unsupported
>>> at
>>> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:215)
>>> at
>>> org.jasig.cas.web.ServiceValidateController.handleRequestInternal
>>> (ServiceValidateController.java:159)
>>> at
>>> org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
>>> at
>>> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle
>>> (SimpleControllerHandlerAdapter.java:45)
>>> at
>>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:798)
>>> at
>>> org.springframework.web.servlet.DispatcherServlet.doService
>>> (DispatcherServlet.java:728)
>>> ...
>>> Caused by: error.authentication.credentials.unsupported
>>> at
>>> org.jasig.cas.authentication.handler.UnsupportedCredentialsException.<clinit>(UnsupportedCredentialsException.java
>>> :21)
>>> at
>>> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:108)
>>> at
>>> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java
>>> :194)
>>>
>>> Is this known problem? When I change in my example the proxy call to the
>>> client call the username is echoed correctly (under 3.0.5 version).
>>>
>>> Maja
>>>
>>> --
>>> Maja Gorecka-Wolniewicz
>>> mgw at umk.pl <mailto:mgw at umk.pl>
>>> http://www.umk.pl/~mgw <http://www.umk.pl/%7Emgw>
>>> PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc <http://www.umk.pl/%7Emgw/pgp_pub_key.asc>
>>> Uczelniane Centrum Information & Communication
>>> Informatyczne Technology Centre
>>> Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University
>>> Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
>>> tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
>>>
>>> _______________________________________________
>>> Yale CAS mailing list
>>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>
>>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>
>
> --
> Maja Gorecka-Wolniewicz mgw at umk.pl <mailto:mgw at umk.pl>
> http://www.umk.pl/~mgw <http://www.umk.pl/%7Emgw>
> PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc <http://www.umk.pl/%7Emgw/pgp_pub_key.asc>
> Uczelniane Centrum Information & Communication
> Informatyczne Technology Centre
> Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University
> Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
> tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
Maja Gorecka-Wolniewicz mgw at umk.pl
http://www.umk.pl/~mgw
PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc
Uczelniane Centrum Information & Communication
Informatyczne Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20060922/fd5f4a40/attachment.html
More information about the cas
mailing list