CAS 3.0.5 proxy problem
Maja Wolniewicz
Maja.Wolniewicz at uni.torun.pl
Fri Sep 22 08:23:32 EDT 2006
Great! indeed, it works.
Thanks.
Maja
Scott Battaglia napisał(a):
> If you re-enable it, your proxying should work. That
> AuthenticationHandler is the handler that checks SSL certificates.
>
> -Scott
>
> On 9/22/06, *Maja Wolniewicz * <Maja.Wolniewicz at uni.torun.pl
> <mailto:Maja.Wolniewicz at uni.torun.pl>> wrote:
>
> It seems that it is not active:
> <property name="authenticationHandlers">
> <list>
> <!--
> | This is the
> authentication handler that authenticates services by means of
> callback via SSL, thereby validating
> | a server side SSL
> certificate.
> +-->
> <!-- <bean
>
> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> />
> -->
> <!--
> | This is the
> authentication handler declaration that every CAS deployer will
> need to change before deploying CAS
> | into production. The
> default SimpleTestUsernamePasswordAuthenticationHandler
> authenticates UsernamePasswordCredentials
> | where the username
> equals the password. You will need to replace this with an
> AuthenticationHandler that implements your
> | local authentication
> strategy. You might accomplish this by coding a new such handler
> and declaring
> |
> edu.someschool.its.cas.MySpecialHandler here, or you might use one
> of the handlers provided in the adaptors modules.
> +-->
> <!--
> <bean
>
> class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler"
> />
> -->
> <bean
>
> class="pl.umk.cas.authentication.handler.support.LDAPAuthenticationHandler"
> />
>
> </list>
> </property>
>
> Maja
>
> Scott Battaglia napisał(a):
>> By any chance did you remove any
>> HttpBasedCredentialsAuthenticationHandler from the
>> deployerConfigContext.xml?
>>
>> -Scott
>>
>> On 9/22/06, *Maja Wolniewicz* <Maja.Wolniewicz at uni.torun.pl
>> <mailto:Maja.Wolniewicz at uni.torun.pl>> wrote:
>>
>> But while running under 3.0.4 I'm geting a ticket with ST
>> prefix as well....
>> Maja
>> Henrik Genssen napisał(a):
>>> Hi,
>>>
>>> they changed the beginning of the tickets from the proxy-tickets from PT to ST and phpCAS does not deal with this correct.
>>> You can change that back in CAS or fix phpCAS...
>>>
>>> regards
>>>
>>> Hinnack
>>>
>>>
>>>
>>>
>>>
>>>> reply to message:
>>>> date: 22.09.2006 10:58:07
>>>> from: "Maja Wolniewicz" <Maja.Wolniewicz at uni.torun.pl>
>>>>
>>>> <mailto:Maja.Wolniewicz at uni.torun.pl>
>>>> to: cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>>>> subject: CAS 3.0.5 proxy problem
>>>>
>>>> Recently I have installed a CAS server version 3.0.5.
>>>> All CASified applications acting as CAS client are running smoothly, but
>>>> unfortunately all proxy CAS applications refuse to work. We are using
>>>> phpCAS as CAS clients. First I thought that it is caused by the problem
>>>> in phpCAS libraries, you discussed on the list (on August, with the
>>>> subject 'proxy use'), but now I'm not sure...
>>>> I have a simple example:
>>>> <?php
>>>> include_once("./CAS/CAS.php");
>>>> include_once("./CAS/client.php");
>>>> phpCAS::setDebug("/tmp/mgw.log");
>>>> phpCAS::proxy(CAS_VERSION_2_0,'
>>>>
>>>> login.umk.pl <http://login.umk.pl>',8443,'');
>>>> phpCAS::forceAuthentication();
>>>> $username=phpCAS::getUser();
>>>> echo $username;
>>>> ?>
>>>> which doesn't work with CAS 3.0.5.
>>>>
>>>> After thorough investigations it appears that CAS server doesn't
>>>>
>>>>
>>>> response with proxy callback. It receives serviceValidate request with
>>>> pgtURL set,
>>>> but doesn't respond with URL callback. The callback URL is HTTPS and the
>>>> SSL certificate is valid (as the CAS protocol requires). The same
>>>>
>>>>
>>>> example running under the same Tomcat and CAS version 3.0.4 has no
>>>> problems at all.
>>>> In the catalina.out (under 3.0.5) I've found the following error, which
>>>> I suspect to be the culprit:
>>>>
>>>> 2006-09-21 16:21:25,489 INFO
>>>>
>>>>
>>>> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
>>>> <AuthenticationHandler:
>>>> pl.umk.cas.authentication.handler.support.LDAPAuthenticationHandler
>>>> successfully authenticated the user which provided the following
>>>>
>>>>
>>>> credentials: mgw at umk.pl <mailto:mgw at umk.pl>>
>>>> 2006-09-21 16:21:25,491 INFO
>>>> [org.jasig.cas.CentralAuthenticationServiceImpl
>>>> ] -
>>>>
>>>> <Granted service ticket [ST-14-gz20yzZ74fejTqCUFJILgtSM94sGRfb4fbT-20]
>>>> for service [https://serwisy.umk.pl/mgw/mgw.php
>>>>
>>>> <https://serwisy.umk.pl/mgw/mgw.php>] for user [mgw at umk.pl <mailto:mgw at umk.pl>]>
>>>> 2006-09-21 16:21:25,620 ERROR
>>>> [org.jasig.cas.web.ServiceValidateController] - <TicketException
>>>>
>>>>
>>>> generating ticket for: https://serwisy.umk.pl/mgw/mgw.php>
>>>> org.jasig.cas.ticket.TicketCreationException
>>>>
>>>> :
>>>> error.authentication.credentials.unsupported
>>>> at
>>>> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:215)
>>>> at
>>>> org.jasig.cas.web.ServiceValidateController.handleRequestInternal
>>>>
>>>> (ServiceValidateController.java:159)
>>>> at
>>>> org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
>>>> at
>>>> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle
>>>>
>>>> (SimpleControllerHandlerAdapter.java:45)
>>>> at
>>>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:798)
>>>> at
>>>> org.springframework.web.servlet.DispatcherServlet.doService
>>>>
>>>> (DispatcherServlet.java:728)
>>>> ...
>>>> Caused by: error.authentication.credentials.unsupported
>>>> at
>>>> org.jasig.cas.authentication.handler.UnsupportedCredentialsException.<clinit>(UnsupportedCredentialsException.java
>>>>
>>>> :21)
>>>> at
>>>> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:108)
>>>> at
>>>> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(
>>>> CentralAuthenticationServiceImpl.java
>>>> :194)
>>>>
>>>> Is this known problem? When I change in my example the proxy call to the
>>>> client call the username is echoed correctly (under 3.0.5 version).
>>>>
>>>> Maja
>>>>
>>>> --
>>>>
>>>> Maja Gorecka-Wolniewicz
>>>> mgw at umk.pl <mailto:mgw at umk.pl>
>>>> http://www.umk.pl/~mgw <http://www.umk.pl/%7Emgw>
>>>> PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc <http://www.umk.pl/%7Emgw/pgp_pub_key.asc>
>>>> Uczelniane Centrum Information & Communication
>>>> Informatyczne Technology Centre
>>>> Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University
>>>> Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
>>>> tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
>>>>
>>>> _______________________________________________
>>>> Yale CAS mailing list
>>>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>>
>>>>
>>> _______________________________________________
>>> Yale CAS mailing list
>>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>
>>
>>
>> --
>> Maja Gorecka-Wolniewicz mgw at umk.pl <mailto:mgw at umk.pl>
>> http://www.umk.pl/~mgw <http://www.umk.pl/%7Emgw>
>> PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc <http://www.umk.pl/%7Emgw/pgp_pub_key.asc>
>> Uczelniane Centrum Information & Communication
>> Informatyczne Technology Centre
>> Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University
>> Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
>> tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
>>
>>
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>
>
> --
> Maja Gorecka-Wolniewicz mgw at umk.pl <mailto:mgw at umk.pl>
> http://www.umk.pl/~mgw <http://www.umk.pl/%7Emgw>
> PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc <http://www.umk.pl/%7Emgw/pgp_pub_key.asc>
> Uczelniane Centrum Information & Communication
> Informatyczne Technology Centre
> Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University
> Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
> tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
Maja Gorecka-Wolniewicz mgw at umk.pl
http://www.umk.pl/~mgw
PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc
Uczelniane Centrum Information & Communication
Informatyczne Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20060922/6b6b488c/attachment.html
More information about the cas
mailing list