TicketValidator Error

Scott Battaglia scott.battaglia at gmail.com
Thu Apr 12 13:39:42 EDT 2007 

That error message comes from CAS when you attempt to log in not when you
validate.  So you're entering credentials wrong into the CAS Server form on
the JA-SIG server.

-Scott

On 4/12/07, Fawad Rashid <fwdrsd at hotmail.com> wrote:
>
> Hi Scott
>
> I have created the account. After pointing the uPortal to the validateUrl
> to  https://www.ja-sig.org/cas/serviceValidate url i am still getting a "The
> credentials you provided cannot be determined to be authentic"
>
> Regards
>
>
>
> Fawad Rashid
>
> ------------------------------
> From:  *"Scott Battaglia" <scott.battaglia at gmail.com>*
> Reply-To:  *Yale CAS mailing list <cas at tp.its.yale.edu>*
> To:  *"Yale CAS mailing list" <cas at tp.its.yale.edu>*
> Subject:  *Re: TicketValidator Error*
> Date:  *Thu, 12 Apr 2007 11:13:04 -0400*
> MIME-Version:  *1.0*
> Received:  *from pantheon-po14.its.yale.edu ([130.132.50.23]) by
> bay0-mc9-f15.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Thu,
> 12 Apr 2007 08:19:35 -0700*
> Received:  *from tp.its.yale.edu (tp.its.yale.edu [130.132.52.34])by
> pantheon-po14.its.yale.edu (8.12.11.20060308/8.12.11) with ESMTP id
> l3CFE809009939;Thu, 12 Apr 2007 11:14:22 -0400*
> Received:  *from mr6.its.yale.edu (mr6.its.yale.edu [130.132.50.54])by
> tp.its.yale.edu (Postfix) with ESMTP id 119173E856for <cas at tp.its.yale.edu>;
> Thu, 12 Apr 2007 11:14:08 -0400 (EDT)*
> Received:  *from nz-out-0506.google.com (nz-out-0506.google.com [
> 64.233.162.226])by mr6.its.yale.edu (8.12.11.20060308/8.12.11) with ESMTP
> idl3CFE7Nw024939for <cas at tp.its.yale.edu>; Thu, 12 Apr 2007 11:14:07 -0400
> *
> Received:  *by nz-out-0506.google.com with SMTP id s18so561293nzefor <
> cas at tp.its.yale.edu>; Thu, 12 Apr 2007 08:13:04 -0700 (PDT)*
> Received:  *by 10.114.111.1 with SMTP id j1mr784001wac.1176390784068;Thu,
> 12 Apr 2007 08:13:04 -0700 (PDT)*
> Received:  *by 10.114.79.3 with HTTP; Thu, 12 Apr 2007 08:13:04 -0700
> (PDT)*
> >You should be able to sign up at http://www.ja-sig.org/issues
> >
> >-Scott
> >
> >On 4/12/07, Fawad Rashid <fwdrsd at hotmail.com> wrote:
> > >
> > >
> > > Hi Scott
> > >
> > >  Where can i signup for the JIRA id?. Sorry for all the foolish
> questions.
> > >
> > >  Regards
> > >
> > > Fawad Rashid
> > >
> > >
> > >
> > >
> > >   ________________________________
> > >
> > >
> > > From:  "Scott Battaglia" <scott.battaglia at gmail.com>
> > > Reply-To:  Yale CAS mailing list <cas at tp.its.yale.edu>
> > > To:  "Yale CAS mailing list" <cas at tp.its.yale.edu>
> > > Subject:  Re: TicketValidator Error
> > > Date:  Thu, 12 Apr 2007 08:31:30 -0400
> > >
> > >
> > > The CAS server on the JA-SIG server is our production server and
> delegates
> > > authentication to the data store for JIRA so you would use your JIRA
> > > credentials.
> > >
> > > -Scott
> > >
> > >
> > > On 4/12/07,
> > > Fawad Rashid <fwdrsd at hotmail.com> wrote:
> > >
> > >
> > >
> > >
> > >  Hi
> > >
> > >
> > >  What should be the login that i should use?, i am using guest/guest.
> > >
> > >
> > >
> > > Regards
> > >
> > >
> > > Fawad Rashid
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >  ________________________________
> > >
> > >
> > >
> > > From:  "Scott Battaglia" <
> > >
> > > scott.battaglia at gmail.com>
> > > Reply-To:  Yale CAS mailing list <cas at tp.its.yale.edu
> > >
> > > >
> > > To:  "Yale CAS mailing list" <cas at tp.its.yale.edu>
> > > Subject:  Re: TicketValidator Error
> > >
> > > Date:  Wed, 11 Apr 2007 07:48:07 -0400
> > >
> > >
> > >
> > > On 4/11/07, Fawad Rashid <
> > >
> > > fwdrsd at hotmail.com> wrote:
> > >
> > >
> > >
> > >
> > > <snip />
> > >
> > > I am getting a "The credentials you provided cannot be determined to
> be
> > >
> > > authentic.".
> > >
> > >
> > >
> > >
> > > This means that the username/password you provided to CAS were not
> correct.
> > >
> > > -Scott
> > >
> > >
> > >
> > >
> > >
> > >  My web.xml looks something like this
> > >
> > > <filter>
> > >
> > >
> > >
> > >    <filter-name>CAS Validate Filter</filter-name>
> > >
> > > <filter-class>edu.yale.its.tp.cas.client.filter.CASValidateFilter
> </filter-class>
> > >    <init-param>
> > >      <param-name>
> > >
> > > edu.yale.its.tp.cas.client.filter.validateUrl
> > >
> > >
> > > </param-name>
> > >      <param-value>https://www.ja-sig.org/cas/serviceValidate
> > >
> > > </param-value>
> > >    </init-param>
> > >    <init-param>
> > >
> > >
> > >
> > >      <param-name>edu.yale.its.tp.cas.client.filter.serverName
> </param-name>
> > >      <param-value>localhost:8088</param-value>
> > >    </init-param>
> > > </filter>
> > >
> > > Fawad Rashid
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > >From: Andrew Petro <apetro at unicon.net>
> > > >Reply-To: Yale CAS mailing list <
> > >
> > > cas at tp.its.yale.edu>
> > > >To: Yale CAS mailing list <
> > >
> > >
> > > cas at tp.its.yale.edu>
> > > >Subject: Re: TicketValidator Error
> > > >Date: Tue, 10 Apr 2007 08:44:42 -0700
> > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >Fawad,
> > >
> > >
> > > >
> > > >
> > > >
> > > >This error almost always turns out to be an SSL certificate issue.
> > > >
> > > >
> > > >
> > > >Are you sure your CAS server Tomcat instance is pointing at the
> server
> > > >keystore you intend?  (Configured in the tomcat/conf context
> > >
> > >
> > > >declarations).
> > > >
> > > >
> > > >
> > > >Are you sure your CAS-using-application client JVM is pointing at the
> > > >client keystore you intend? (Typically overridden by a
> > > >system-property-declaring command-line argument at JVM startup.)
> > >
> > >
> > > >
> > > >
> > > >
> > > >Are you able to use test your CAS-using-application against JA-SIG's
> > > >CAS server?
> > >
> > > https://www.ja-sig.org/cas/ ; uses a real commercial cert
> > >
> > >
> > > >so SSL issues are reduced (though if you are using a nonstandard
> client
> > > >keystore, it is quite possible to not include trust for commercially
> > > >vended certs).
> > > >
> > > >
> > > >
> > > >Andrew
> > >
> > > >
> > >
> > >
> > > >http://support.unicon.net/
> > > >
> > > >
> > > >
> > > >Fawad Rashid wrote:
> > > >
> > >
> > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >Hi
> > > >
> > > >I am facing a problem which has been repeatiditly reported by many
> > >
> > >
> > > >people but so far i have not been able to solve the issue.
> > > >
> > > >I have successfully installed CAS under Tomcat 5.5.20 and i have
> > > >setup SSL on port 8443 using my self generated certs. The certs
> > >
> > >
> > >
> > >
> > > >
> > > >have been generated using the following commands.
> > > >
> > > >keytool -genkey -alias tomcat-sv -dname "CN=localhost, OU=ECOM,
> > > >O=xib, L=Lahore, S=Punjab, C=PK" -keyalg RSA -keypass 123456
> -storepass
> > >
> > >
> > > >changeit -keystore server.keystore
> > > >
> > > >keytool -export -alias tomcat-sv -storepass 123456 -file
> > > >server.cer -keystore server.keystore
> > > >
> > > >keytool -genkey -alias tomcat-cl -dname "CN=localhost,OU=ECOM,
> > >
> > >
> > > >O=xib, L=Lahore, S=Punjab, C=PK" -keyalg RSA -keypass 123456
> -storepass
> > > >changeit -keystore client.keystore
> > > >
> > > >keytool -export -alias tomcat-cl -storepass changeit -file
> > > >client.cer
> > >
> > > -keystore
> > >
> > >
> > > client.keystore
> > > >
> > > >keytool -import -v -trustcacerts -alias tomcat -file server.cer
> > > >-keystore client.keystore -keypass 123456 -storepass changeit
> > > >
> > > >keytool -import -v -trustcacerts -alias tomcat -file
> > >
> > >
> > > client.cer
> > > >-keystore server.keystore -keypass 123456 -storepass changeit
> > > >
> > > >
> > > >
> > > >When i access the CAS portal on
> > >
> > > https://localhost:8443
> > > >i get a Log In Successful page. When i try to access the uPortal
> portal
> > >
> > >
> > > >using
> > > >
> > > >the url
> > > >
> https://localhost:8443/cas/login?service=http%3A%2F%2Flocalhost:8088%2FuPortal%2FLogin
> > >
> > >
> > > >i can see the login page. When i submit the login
> > > >
> > > >I get the following error.
> > > >
> > > >HTTP Status 500 -
> > > >
> > > >type Exception report
> > > >
> > > >message
> > > >
> > > >description The server encountered an internal error () that
> > >
> > >
> > > >prevented it from fulfilling this request.
> > > >
> > > >exception
> > > >
> > > >javax.servlet.ServletException: Unable to validate
> > > >ProxyTicketValidator [[
> edu.yale.its.tp.cas.client.ProxyTicketValidator
> > >
> > >
> > >
> > >
> > > >proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator
> > > >casValidateUrl=[
> > >
> > > https://localhost:8443/cas/serviceValidate]
> > > >ticket=[ST-6-mWf3oVDr9HepuwDRk9cSch0J4IqgpZm17pi-20]
> > >
> > >
> > > >service=[http%3A%2F%2Flocalhost%3A8088%2FuPortal%2FLogin]
> renew=false]]]
> > > >
> > > >edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(
> CASValidateFilter.java:292)
> > > >
> > > >root cause
> > >
> > > >
> > >
> > >
> > >
> > > >edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
> > > >validate ProxyTicketValidator
> > > >[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> > > >[edu.yale.its.tp.cas.client.ServiceTicketValidator
> > >
> > >
> > >
> > > >casValidateUrl=[https://localhost:8443/cas/serviceValidate]
> > > >ticket=[ST-6-mWf3oVDr9HepuwDRk9cSch0J4IqgpZm17pi-20]
> > >
> > > >service=[http%3A%2F%2Flocalhost%3A8088%2FuPortal%2FLogin]
> renew=false]]]
> > >
> > >
> > > >
> > > >edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
> > > >
> > > >
> edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(
> CASValidateFilter.java:339)
> > > >
> > >
> > >
> > > >edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter
> > >
> > >
> > > (CASValidateFilter.java:289)
> > > >
> > > >note The full stack trace of the root cause is available in the
> > > >Apache Tomcat/5.5.20 logs.
> > > >
> > > >The url changes to
> > > >
> > >
> > >
> > >
> > >
> http://localhost:8088/uPortal/Login?ticket=ST-6-mWf3oVDr9HepuwDRk9cSch0J4IqgpZm17pi-20
> ,
> > > >I am not sure what i am missing here, kindly guide me through.
> > > >
> > > >Regards
> > > >
> > > >Fawad Rashid
> > >
> > > >
> > >
> > >
> > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >   Express yourself instantly with MSN Messenger! MSN
> > > >Messenger Download today it's FREE!
> > > >
> > > >
> > > >
> > > >_______________________________________________
> > >
> > >
> > > >Yale CAS mailing list
> > > >cas at tp.its.yale.edu
> > > >
> > >
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > >
> > > >
> > >
> > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > > >_______________________________________________
> > > >Yale CAS mailing list
> > > >
> > >
> > > cas at tp.its.yale.edu
> > > >
> > >
> > >
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > > _________________________________________________________________
> > > Express yourself instantly with MSN Messenger! Download today it's
> FREE!
> > >
> > >
> > >
> > >
> > > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > >
> > >
> > > cas at tp.its.yale.edu
> > >
> > >
> > >
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> > >
> > >
> > >
> > > --
> > > -Scott Battaglia
> > >
> > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >  >_______________________________________________
> > > >Yale CAS mailing list
> > > >cas at tp.its.yale.edu
> > >
> > > >http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >  ________________________________
> > >  Express yourself instantly with MSN Messenger!
> > > MSN Messenger Download today it's FREE!
> > >
> > >
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > >
> > >
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> > >
> > >
> > >
> > > --
> > > -Scott Battaglia
> > >
> > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > >
> > >
> > >
> > >
> > > >_______________________________________________
> > > >Yale CAS mailing list
> > > >cas at tp.its.yale.edu
> > > >http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> > > ________________________________
> > >  Need a break? Find your escape route with Live Search Maps.
> >
> >
> >--
> >-Scott Battaglia
> >
> >LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >_______________________________________________
> >Yale CAS mailing list
> >cas at tp.its.yale.edu
> >http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> ------------------------------
> Express yourself instantly with MSN Messenger! MSN Messenger<http://g.msn.com/8HMBEN/2743??PS=47575>Download today it's FREE!
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>


-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070412/ab87b5a5/attachment.html

More information about the cas mailing list