CAS 3.0.5 proxy problem
Scott Battaglia
scott.battaglia at gmail.com
Fri Sep 22 07:50:23 EDT 2006
If you re-enable it, your proxying should work. That AuthenticationHandler
is the handler that checks SSL certificates.
-Scott
On 9/22/06, Maja Wolniewicz <Maja.Wolniewicz at uni.torun.pl> wrote:
>
> It seems that it is not active:
> <property name="authenticationHandlers">
> <list>
> <!--
> | This is the authentication
> handler that authenticates services by means of callback via SSL, thereby
> validating
> | a server side SSL certificate.
> +-->
> <!-- <bean
> class="
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> />
> -->
> <!--
> | This is the authentication
> handler declaration that every CAS deployer will need to change before
> deploying CAS
> | into production. The default
> SimpleTestUsernamePasswordAuthenticationHandler authenticates
> UsernamePasswordCredentials
> | where the username equals the
> password. You will need to replace this with an AuthenticationHandler that
> implements your
> | local authentication strategy.
> You might accomplish this by coding a new such handler and declaring
> |
> edu.someschool.its.cas.MySpecialHandler here, or you might use one of the
> handlers provided in the adaptors modules.
> +-->
> <!--
> <bean
> class="
> org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler"
> />
> -->
> <bean
> class="
> pl.umk.cas.authentication.handler.support.LDAPAuthenticationHandler" />
>
> </list>
> </property>
>
> Maja
>
> Scott Battaglia napisał(a):
>
> By any chance did you remove any HttpBasedCredentialsAuthenticationHandler
> from the deployerConfigContext.xml?
>
> -Scott
>
> On 9/22/06, Maja Wolniewicz <Maja.Wolniewicz at uni.torun.pl> wrote:
> >
> > But while running under 3.0.4 I'm geting a ticket with ST prefix as
> > well....
> > Maja
> > Henrik Genssen napisał(a):
> >
> > Hi,
> >
> > they changed the beginning of the tickets from the proxy-tickets from PT to ST and phpCAS does not deal with this correct.
> > You can change that back in CAS or fix phpCAS...
> >
> > regards
> >
> > Hinnack
> >
> >
> >
> > reply to message:
> > date: 22.09.2006 10:58:07
> > from: "Maja Wolniewicz" <Maja.Wolniewicz at uni.torun.pl>
> > <Maja.Wolniewicz at uni.torun.pl>
> > to: cas at tp.its.yale.edu
> > subject: CAS 3.0.5 proxy problem
> >
> > Recently I have installed a CAS server version 3.0.5.
> > All CASified applications acting as CAS client are running smoothly, but
> > unfortunately all proxy CAS applications refuse to work. We are using
> > phpCAS as CAS clients. First I thought that it is caused by the problem
> > in phpCAS libraries, you discussed on the list (on August, with the
> > subject 'proxy use'), but now I'm not sure...
> > I have a simple example:
> > <?php
> > include_once("./CAS/CAS.php");
> > include_once("./CAS/client.php");
> > phpCAS::setDebug("/tmp/mgw.log");
> > phpCAS::proxy(CAS_VERSION_2_0,'
> > login.umk.pl',8443,'');
> > phpCAS::forceAuthentication();
> > $username=phpCAS::getUser();
> > echo $username;
> > ?>
> > which doesn't work with CAS 3.0.5.
> >
> > After thorough investigations it appears that CAS server doesn't
> >
> > response with proxy callback. It receives serviceValidate request with
> > pgtURL set,
> > but doesn't respond with URL callback. The callback URL is HTTPS and the
> > SSL certificate is valid (as the CAS protocol requires). The same
> >
> > example running under the same Tomcat and CAS version 3.0.4 has no
> > problems at all.
> > In the catalina.out (under 3.0.5) I've found the following error, which
> > I suspect to be the culprit:
> >
> > 2006-09-21 16:21:25,489 INFO
> >
> > [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> > <AuthenticationHandler:
> > pl.umk.cas.authentication.handler.support.LDAPAuthenticationHandler
> > successfully authenticated the user which provided the following
> >
> > credentials: mgw at umk.pl>
> > 2006-09-21 16:21:25,491 INFO
> > [org.jasig.cas.CentralAuthenticationServiceImpl] -
> >
> > <Granted service ticket [ST-14-gz20yzZ74fejTqCUFJILgtSM94sGRfb4fbT-20]
> > for service [https://serwisy.umk.pl/mgw/mgw.php
> > ] for user [mgw at umk.pl]>
> > 2006-09-21 16:21:25,620 ERROR
> > [org.jasig.cas.web.ServiceValidateController] - <TicketException
> >
> > generating ticket for: https://serwisy.umk.pl/mgw/mgw.php>
> > org.jasig.cas.ticket.TicketCreationException
> > :
> > error.authentication.credentials.unsupported
> > at
> > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:215)
> > at
> > org.jasig.cas.web.ServiceValidateController.handleRequestInternal
> > (ServiceValidateController.java:159)
> > at
> > org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
> > at
> > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle
> > (SimpleControllerHandlerAdapter.java:45)
> > at
> > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:798)
> > at
> > org.springframework.web.servlet.DispatcherServlet.doService
> > (DispatcherServlet.java:728)
> > ...
> > Caused by: error.authentication.credentials.unsupported
> > at
> > org.jasig.cas.authentication.handler.UnsupportedCredentialsException.<clinit>(UnsupportedCredentialsException.java
> > :21)
> > at
> > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:108)
> > at
> > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java
> > :194)
> >
> > Is this known problem? When I change in my example the proxy call to the
> > client call the username is echoed correctly (under 3.0.5 version).
> >
> > Maja
> >
> > --
> > Maja Gorecka-Wolniewicz
> > mgw at umk.pl
> > http://www.umk.pl/~mgw <http://www.umk.pl/%7Emgw>
> > PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc <http://www.umk.pl/%7Emgw/pgp_pub_key.asc>
> > Uczelniane Centrum Information & Communication
> > Informatyczne Technology Centre
> > Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University
> > Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
> > tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.eduhttp://tp.its.yale.edu/mailman/listinfo/cas
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.eduhttp://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> >
> > --
> > Maja Gorecka-Wolniewicz mgw at umk.pl
> > http://www.umk.pl/~mgw <http://www.umk.pl/%7Emgw>
> > PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc <http://www.umk.pl/%7Emgw/pgp_pub_key.asc>
> > Uczelniane Centrum Information & Communication
> > Informatyczne Technology Centre
> > Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University
> > Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
> > tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
> >
> >
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> >
> ------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.eduhttp://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
> --
> Maja Gorecka-Wolniewicz mgw at umk.pl
> http://www.umk.pl/~mgw <http://www.umk.pl/%7Emgw>
> PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc <http://www.umk.pl/%7Emgw/pgp_pub_key.asc>
> Uczelniane Centrum Information & Communication
> Informatyczne Technology Centre
> Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University
> Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
> tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20060922/7575991d/attachment.html
More information about the cas
mailing list