TicketValidator Error

Thu Apr 12 08:31:30 EDT 2007

The CAS server on the JA-SIG server is our production server and delegates
authentication to the data store for JIRA so you would use your JIRA
credentials.

-Scott

On 4/12/07, Fawad Rashid <fwdrsd at hotmail.com> wrote:
>
> Hi
>
>
>
> What should be the login that i should use?, i am using guest/guest.
>
> Regards
>
>
> Fawad Rashid
>
> ------------------------------
> From:  *"Scott Battaglia" <scott.battaglia at gmail.com>*
> Reply-To:  *Yale CAS mailing list <cas at tp.its.yale.edu>*
> To:  *"Yale CAS mailing list" <cas at tp.its.yale.edu>*
> Subject:  *Re: TicketValidator Error*
> Date:  *Wed, 11 Apr 2007 07:48:07 -0400*
>
> On 4/11/07, Fawad Rashid <fwdrsd at hotmail.com> wrote:
> >
> >
> <snip />
>
> I am getting a "The credentials you provided cannot be determined to be
> authentic.".
>
>
>
> This means that the username/password you provided to CAS were not
> correct.
>
>
> -Scott
>
>
> My web.xml looks something like this
> >
> > <filter>
> >    <filter-name>CAS Validate Filter</filter-name>
> >
> > <filter-class>edu.yale.its.tp.cas.client.filter.CASValidateFilter
> > </filter-class>
> >    <init-param>
> >      <param-name>edu.yale.its.tp.cas.client.filter.validateUrl
> > </param-name>
> >      <param-value>https://www.ja-sig.org/cas/serviceValidate
> > </param-value>
> >    </init-param>
> >    <init-param>
> >      <param-name>edu.yale.its.tp.cas.client.filter.serverName
> > </param-name>
> >      <param-value>localhost:8088</param-value>
> >    </init-param>
> > </filter>
> >
> > Fawad Rashid
> >
> >
> >
> >
> >
> > >From: Andrew Petro <apetro at unicon.net>
> > >Reply-To: Yale CAS mailing list <cas at tp.its.yale.edu>
> > >To: Yale CAS mailing list <
> > cas at tp.its.yale.edu>
> > >Subject: Re: TicketValidator Error
> > >Date: Tue, 10 Apr 2007 08:44:42 -0700
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >Fawad,
> >
> > >
> > >
> > >
> > >This error almost always turns out to be an SSL certificate issue.
> > >
> > >
> > >
> > >Are you sure your CAS server Tomcat instance is pointing at the server
> > >keystore you intend?  (Configured in the tomcat/conf context
> >
> > >declarations).
> > >
> > >
> > >
> > >Are you sure your CAS-using-application client JVM is pointing at the
> > >client keystore you intend? (Typically overridden by a
> > >system-property-declaring command-line argument at JVM startup.)
> >
> > >
> > >
> > >
> > >Are you able to use test your CAS-using-application against JA-SIG's
> > >CAS server?  https://www.ja-sig.org/cas/ ; uses a real commercial cert
> >
> > >so SSL issues are reduced (though if you are using a nonstandard client
> > >keystore, it is quite possible to not include trust for commercially
> > >vended certs).
> > >
> > >
> > >
> > >Andrew
> > >
> >
> > >http://support.unicon.net/
> > >
> > >
> > >
> > >Fawad Rashid wrote:
> > >
> > >
> > >
> > >
> > >
> > >
> > >Hi
> > >
> > >I am facing a problem which has been repeatiditly reported by many
> >
> > >people but so far i have not been able to solve the issue.
> > >
> > >I have successfully installed CAS under Tomcat 5.5.20 and i have
> > >setup SSL on port 8443 using my self generated certs. The certs
> > >
> > >have been generated using the following commands.
> > >
> > >keytool -genkey -alias tomcat-sv -dname "CN=localhost, OU=ECOM,
> > >O=xib, L=Lahore, S=Punjab, C=PK" -keyalg RSA -keypass 123456 -storepass
> >
> >
> > >changeit -keystore server.keystore
> > >
> > >keytool -export -alias tomcat-sv -storepass 123456 -file
> > >server.cer -keystore server.keystore
> > >
> > >keytool -genkey -alias tomcat-cl -dname "CN=localhost,OU=ECOM,
> >
> > >O=xib, L=Lahore, S=Punjab, C=PK" -keyalg RSA -keypass 123456 -storepass
> > >changeit -keystore client.keystore
> > >
> > >keytool -export -alias tomcat-cl -storepass changeit -file
> > >client.cer -keystore
> > client.keystore
> > >
> > >keytool -import -v -trustcacerts -alias tomcat -file server.cer
> > >-keystore client.keystore -keypass 123456 -storepass changeit
> > >
> > >keytool -import -v -trustcacerts -alias tomcat -file
> > client.cer
> > >-keystore server.keystore -keypass 123456 -storepass changeit
> > >
> > >
> > >
> > >When i access the CAS portal on https://localhost:8443
> > >i get a Log In Successful page. When i try to access the uPortal portal
> >
> >
> > >using
> > >
> > >the url
> > >https://localhost:8443/cas/login?service=http%3A%2F%2Flocalhost:8088%2FuPortal%2FLogin
> >
> >
> > <https://localhost:8443/cas/login?service=http://localhost:8088/uPortal/Login>
> > >i can see the login page. When i submit the login
> > >
> > >I get the following error.
> > >
> > >HTTP Status 500 -
> > >
> > >type Exception report
> > >
> > >message
> > >
> > >description The server encountered an internal error () that
> >
> > >prevented it from fulfilling this request.
> > >
> > >exception
> > >
> > >javax.servlet.ServletException: Unable to validate
> > >ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> > >proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator
> > >casValidateUrl=[https://localhost:8443/cas/serviceValidate]
> > >ticket=[ST-6-mWf3oVDr9HepuwDRk9cSch0J4IqgpZm17pi-20]
> >
> > >service=[http%3A%2F%2Flocalhost%3A8088%2FuPortal%2FLogin]
> > renew=false]]]
> > >
> > >edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(
> > CASValidateFilter.java:292)
> > >
> > >root cause
> > >
> > >edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
> > >validate ProxyTicketValidator
> > >[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> > >[edu.yale.its.tp.cas.client.ServiceTicketValidator
> >
> > >casValidateUrl=[https://localhost:8443/cas/serviceValidate]
> > >ticket=[ST-6-mWf3oVDr9HepuwDRk9cSch0J4IqgpZm17pi-20]
> > >service=[http%3A%2F%2Flocalhost%3A8088%2FuPortal%2FLogin]
> > renew=false]]]
> >
> > >
> > >edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
> > >
> > >
> > edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser
> > (CASValidateFilter.java:339)
> > >
> > >edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter
> > (CASValidateFilter.java:289)
> > >
> > >note The full stack trace of the root cause is available in the
> > >Apache Tomcat/5.5.20 logs.
> > >
> > >The url changes to
> > >
> >
> > http://localhost:8088/uPortal/Login?ticket=ST-6-mWf3oVDr9HepuwDRk9cSch0J4IqgpZm17pi-20
> > ,
> > >I am not sure what i am missing here, kindly guide me through.
> > >
> > >Regards
> > >
> > >Fawad Rashid
> > >
> > >
> > >
> > >
> > >
> > >
> > >   Express yourself instantly with MSN Messenger! MSN
> > >Messenger Download today it's FREE!
> > >
> > >
> > >
> > >_______________________________________________
> >
> > >Yale CAS mailing list
> > >cas at tp.its.yale.edu
> > >http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> >
> > >
> > >
> > >
> > >
> >
> >
> > >_______________________________________________
> > >Yale CAS mailing list
> > >cas at tp.its.yale.edu
> > >
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> > _________________________________________________________________
> > Express yourself instantly with MSN Messenger! Download today it's FREE!
> > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
>
>
>
> --
> -Scott Battaglia
>
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
> >_______________________________________________
> >Yale CAS mailing list
> >cas at tp.its.yale.edu
> >http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> ------------------------------
> Express yourself instantly with MSN Messenger! MSN Messenger<http://g.msn.com/8HMAEN/2731??PS=47575>Download today it's FREE!
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>

-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070412/3d93a059/attachment.html 