TicketValidator Error
Scott Battaglia
scott.battaglia at gmail.com
Fri Apr 13 08:09:07 EDT 2007
If you created the appropriate credentials and are being correctly
redirected to the CAS instance on the JA-SIG site, entering your JIRA
credentials should work.
Double check that your application redirects you to
https://www.ja-sig.org/cas/login
Thanks
-Scott
On 4/13/07, Fawad Rashid <fwdrsd at hotmail.com> wrote:
>
> Hi Scott
>
> I have created the llogin on the JA-SIG server and my validateurl in
> web.xml is pointing to https://www.ja-sig.org/cas/serviceValidate . I am
> entering the same credentials that i have created on the server. I am not
> sure what i am missing as i am not being authenticated by the server.
> Regards
>
>
>
>
>
> Fawad Rashid
>
> ------------------------------
> From: *"Scott Battaglia" <scott.battaglia at gmail.com>*
> Reply-To: *Yale CAS mailing list <cas at tp.its.yale.edu>*
> To: *"Yale CAS mailing list" <cas at tp.its.yale.edu>*
> Subject: *Re: TicketValidator Error*
> Date: *Thu, 12 Apr 2007 13:39:42 -0400*
> MIME-Version: *1.0*
> Received: *from pantheon-po13.its.yale.edu ([130.132.50.19]) by
> bay0-mc3-f1.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Thu,
> 12 Apr 2007 10:50:43 -0700*
> Received: *from tp.its.yale.edu (tp.its.yale.edu [130.132.52.34])by
> pantheon-po13.its.yale.edu (8.12.11.20060308/8.12.11) with ESMTP id
> l3CHelQ5000662;Thu, 12 Apr 2007 13:40:49 -0400*
> Received: *from mr6.its.yale.edu (mr6.its.yale.edu [130.132.50.54])by
> tp.its.yale.edu (Postfix) with ESMTP id 524343E856for <cas at tp.its.yale.edu>;
> Thu, 12 Apr 2007 13:40:46 -0400 (EDT)*
> Received: *from nz-out-0506.google.com (nz-out-0506.google.com [
> 64.233.162.228])by mr6.its.yale.edu (8.12.11.20060308/8.12.11) with ESMTP
> idl3CHeht1021616for <cas at tp.its.yale.edu>; Thu, 12 Apr 2007 13:40:43 -0400
> *
> Received: *by nz-out-0506.google.com with SMTP id s18so623695nzefor <
> cas at tp.its.yale.edu>; Thu, 12 Apr 2007 10:39:43 -0700 (PDT)*
> Received: *by 10.114.169.2 with SMTP id r2mr823265wae.1176399583057;Thu,
> 12 Apr 2007 10:39:43 -0700 (PDT)*
> Received: *by 10.114.79.3 with HTTP; Thu, 12 Apr 2007 10:39:42 -0700
> (PDT)*
>
> That error message comes from CAS when you attempt to log in not when you
> validate. So you're entering credentials wrong into the CAS Server form on
> the JA-SIG server.
>
> -Scott
>
> On 4/12/07, Fawad Rashid <fwdrsd at hotmail.com> wrote:
> >
> > Hi Scott
> >
> > I have created the account. After pointing the uPortal to the
> > validateUrl to https://www.ja-sig.org/cas/serviceValidate
> > url i am still getting a "The credentials you provided cannot be
> > determined to be authentic"
> >
> > Regards
> >
> >
> >
> > Fawad Rashid
> >
> > ------------------------------
> > From: *"Scott Battaglia" <scott.battaglia at gmail.com>*
> > Reply-To: *
> > Yale CAS mailing list <cas at tp.its.yale.edu>*
> > To: *"Yale CAS mailing list" <
> > cas at tp.its.yale.edu>*
> > Subject: *Re: TicketValidator Error*
> > Date: *Thu, 12 Apr 2007 11:13:04 -0400*
> > MIME-Version: *1.0*
> > Received: *from
> > pantheon-po14.its.yale.edu ([130.132.50.23]) by
> > bay0-mc9-f15.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
> > Thu, 12 Apr 2007 08:19:35 -0700*
> > Received: *from
> > tp.its.yale.edu (tp.its.yale.edu [
> > 130.132.52.34])by pantheon-po14.its.yale.edu (8.12.11.20060308/8.12.11)
> > with ESMTP id l3CFE809009939;Thu, 12 Apr 2007 11:14:22 -0400
> > *
> > Received: *from mr6.its.yale.edu (
> > mr6.its.yale.edu [130.132.50.54])by
> > tp.its.yale.edu (Postfix) *
> > *with ESMTP id 119173E856for <cas at tp.its.yale.edu>; Thu, 12 Apr 2007
> > 11:14:08 -0400 (EDT)*
> > Received:
> > *from nz-out-0506.google.com (
> > nz-out-0506.google.com [64.233.162.226])by
> > mr6.its.yale.edu (8.12.11.20060308/8.12.11) with ESMTP
> > idl3CFE7Nw024939for <cas at tp.its.yale.edu>; Thu, 12 Apr 2007 11:14:07
> > -0400
> > *
> > Received: *by nz-out-0506.google.com with SMTP id s18so561293nzefor <
> > cas at tp.its.yale.edu>; Thu, 12 Apr 2007 08:13:04 -0700 (PDT)*
> > Received: *by 10.114.111.1 with SMTP id
> > j1mr784001wac.1176390784068;Thu, 12 Apr 2007 08:13:04 -0700 (PDT)*
> > Received: *by 10.114.79.3 with HTTP; Thu, 12 Apr 2007 08:13:04 -0700
> > (PDT)
> > *
> > >You should be able to sign up at <http://www.ja-sig.org/issues>
> > http://www.ja-sig.org/issues
> > >
> > >-Scott
> > >
> > >On 4/12/07, Fawad Rashid <fwdrsd at hotmail.com
> > > wrote:
> > > >
> > >
> > >
> > > > Hi Scott
> > > >
> > > > Where can i signup for the JIRA id?. Sorry for all the foolish
> > questions.
> > > >
> > > > Regards
> > > >
> > > > Fawad Rashid
> > > >
> > > >
> >
> > > >
> > > >
> > > > ________________________________
> > > >
> > > >
> > > > From: "Scott Battaglia" <
> > scott.battaglia at gmail.com>
> > > > Reply-To: Yale CAS mailing list <cas at tp.its.yale.edu>
> > > > To: "Yale CAS mailing list" <cas at tp.its.yale.edu>
> > > > Subject: Re: TicketValidator Error
> >
> > > > Date: Thu, 12 Apr 2007 08:31:30 -0400
> > > >
> > > >
> > > > The CAS server on the JA-SIG server is our production server and
> > delegates
> > > > authentication to the data store for JIRA so you
> > would use your JIRA
> > > > credentials.
> > > >
> > > > -Scott
> > > >
> > > >
> > > > On 4/12/07,
> > > > Fawad Rashid <
> > fwdrsd at hotmail.com> wrote:
> > > >
> > > >
> > > >
> > > >
> > > > Hi
> > > >
> > > >
> > > > What should be the login that i should use?, i am using
> > guest/guest.
> > > >
> >
> > > >
> > > >
> > > > Regards
> > > >
> > > >
> > > > Fawad Rashid
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> >
> > > >
> > > > ________________________________
> > > >
> > > >
> > > >
> > > > From: "Scott Battaglia" <
> > > >
> > > >
> > scott.battaglia at gmail.com>
> > > > Reply-To: Yale CAS mailing
> > list <cas at tp.its.yale.edu
> > > >
> > > > >
> > > > To: "Yale CAS mailing list" <
> > cas at tp.its.yale.edu>
> > > > Subject: Re: TicketValidator Error
> > > >
> > > > Date: Wed, 11 Apr 2007 07:48:07 -0400
> >
> > > >
> > > >
> > > >
> > > > On 4/11/07, Fawad Rashid <
> > > >
> > > > fwdrsd at hotmail.com
> > > wrote:
> > > >
> > > >
> > > >
> > > >
> > > > <snip />
> > > >
> > > > I am getting a "The credentials you provided cannot be determined to
> > be
> > > >
> > > > authentic.".
> >
> > > >
> > > >
> > > >
> > > >
> > > > This means that the username/password you provided to CAS were not
> > correct.
> > > >
> > > > -Scott
> > > >
> > > >
> > > >
> > > >
> >
> > > >
> > > > My
> > web.xml looks something like this
> > > >
> > > > <filter>
> > > >
> > > >
> > > >
> > > > <filter-name>CAS Validate Filter</filter-name>
> > > >
> > > > <filter-class>
> > edu.yale.its.tp.cas.client.filter.CASValidateFilter</filter-class>
> > > > <init-param>
> > > > <param-name>
> > > >
> > > > edu.yale.its.tp.cas.client.filter.validateUrl
> > > >
> >
> > > >
> > > > </param-name>
> > > > <param-value>https://www.ja-sig.org/cas/serviceValidate
> >
> > > >
> > > > </param-value>
> > > > </init-param>
> > > > <init-param>
> > > >
> > > >
> > > >
> > >
> > > <param-name>edu.yale.its.tp.cas.client.filter.serverName
> > </param-name>
> > > > <param-value>localhost:8088</param-value>
> > > > </init-param>
> > > > </filter>
> >
> > > >
> > > > Fawad Rashid
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > >From: Andrew Petro <
> > apetro at unicon.net>
> > > > >Reply-To: Yale CAS mailing list <
> > > >
> > > > cas at tp.its.yale.edu
> > >
> > > > >To: Yale CAS mailing list <
> > > >
> > > >
> > > > cas at tp.its.yale.edu
> > >
> > > > >Subject: Re: TicketValidator Error
> > > > >Date: Tue, 10 Apr 2007 08:44:42 -0700
> > > >
> > > > >
> > > > >
> > > >
> > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >Fawad,
> > > >
> > > >
> > > > >
> > > > >
> > > > >
> > > > >This error almost always turns out to be an SSL certificate issue.
> >
> > > > >
> > > > >
> > > > >
> > > > >Are you sure your CAS server Tomcat instance is pointing at the
> > server
> > > > >keystore you intend? (Configured in the tomcat/conf context
> > > >
> > > >
> > > > >declarations).
> > > > >
> > > > >
> > > > >
> > > > >Are you sure your CAS-using-application client JVM is pointing at
> > the
> > > > >client keystore you intend? (Typically overridden by a
> >
> > > > >system-property-declaring command-line argument at JVM startup.)
> > > >
> > > >
> > > > >
> > >
> > > >
> > > > >
> > > > >Are you able to use test your CAS-using-application against
> > JA-SIG's
> > > > >CAS server?
> > > >
> > > >
> > https://www.ja-sig.org/cas/ ; uses a real commercial cert
> > > >
> > > >
> > > > >so SSL issues are reduced (though if you are using a nonstandard
> > client
> > > > >keystore, it is quite possible to not include trust for
> > commercially
> >
> > > > >vended certs).
> > > > >
> > > > >
> > > > >
> > > > >Andrew
> > > >
> > > > >
> > > >
> > > >
> > > > >
> > http://support.unicon.net/
> > > > >
> > > > >
> > > > >
> > > > >Fawad Rashid wrote:
> > > > >
> > > >
> > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >Hi
> > > >
> > >
> > > > >I am facing a problem which has been repeatiditly reported by many
> > > >
> > > >
> > > > >people but so far i have not been able to solve the issue.
> > > > >
> > > > >I have successfully installed CAS under Tomcat
> > 5.5.20 and i have
> > > > >setup SSL on port 8443 using my self generated certs. The certs
> > > >
> > > >
> > > >
> > > >
> > > > >
> > > > >have been generated using the following commands.
> >
> > > > >
> > > > >keytool -genkey -alias tomcat-sv -dname "CN=localhost, OU=ECOM,
> > > > >O=xib, L=Lahore, S=Punjab, C=PK" -keyalg RSA -keypass 123456
> > -storepass
> > > >
> > > >
> >
> > > > >changeit -keystore server.keystore
> > > > >
> > > > >keytool -export -alias tomcat-sv -storepass 123456 -file
> > > > >server.cer
> > -keystore server.keystore
> > > > >
> > > > >keytool -genkey -alias tomcat-cl -dname "CN=localhost,OU=ECOM,
> > > >
> > > >
> > > > >O=xib, L=Lahore, S=Punjab, C=PK" -keyalg RSA -keypass 123456
> > -storepass
> >
> > > > >changeit -keystore client.keystore
> > > > >
> > > > >keytool -export -alias tomcat-cl -storepass changeit -file
> > > > >client.cer
> > > >
> > > > -keystore
> > > >
> >
> > > >
> > > > client.keystore
> > > > >
> > > > >keytool -import -v -trustcacerts -alias tomcat -file server.cer
> > > > >-keystore client.keystore -keypass 123456 -storepass changeit
> > > > >
> > > > >keytool -import -v -trustcacerts -alias tomcat -file
> > > >
> > > >
> > > > client.cer
> > > > >-keystore server.keystore -keypass 123456 -storepass
> > changeit
> > > > >
> > > > >
> > > > >
> > > > >When i access the CAS portal on
> > > >
> > > >
> > https://localhost:8443
> > > > >i get a Log In Successful page. When i try to access the uPortal
> > portal
> > > >
> > > >
> > > > >using
> > > > >
> > > > >the url
> > > > >
> > https://localhost:8443/cas/login?service=http%3A%2F%2Flocalhost:8088%2FuPortal%2FLogin
> >
> >
> > <https://localhost:8443/cas/login?service=http://localhost:8088/uPortal/Login>
> > > >
> > > >
> > > > >i can see the login page. When i submit the login
> > > > >
> > > > >I get the following error.
> > > > >
> > > > >HTTP Status 500 -
> > > > >
> >
> > > > >type Exception report
> > > > >
> > > > >message
> > > > >
> > > > >description The server encountered an internal error () that
> > > >
> > > >
> > > >
> > >prevented it from fulfilling this request.
> > > > >
> > > > >exception
> > > > >
> > > > >javax.servlet.ServletException: Unable to validate
> > > > >ProxyTicketValidator [[
> > edu.yale.its.tp.cas.client.ProxyTicketValidator
> >
> > > >
> > > >
> > > >
> > > >
> > > > >proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator
> > > > >casValidateUrl=[
> > > >
> > > >
> > https://localhost:8443/cas/serviceValidate]
> > > > >ticket=[ST-6-mWf3oVDr9HepuwDRk9cSch0J4IqgpZm17pi-20]
> > > >
> > > >
> > > > >service=[http%3A%2F%2Flocalhost%3A8088%2FuPortal%2FLogin]
> > renew=false]]]
> >
> > > > >
> > > > >edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(
> > CASValidateFilter.java:292)
> > > > >
> > > > >root cause
> > > >
> > > >
> > >
> > > >
> > > >
> > > >
> > > > >edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
> > > > >validate ProxyTicketValidator
> > > > >[[edu.yale.its.tp.cas.client.ProxyTicketValidator
> > proxyList=[null]
> > > > >[edu.yale.its.tp.cas.client.ServiceTicketValidator
> > > >
> > > >
> > > >
> > > > >casValidateUrl=[
> > https://localhost:8443/cas/serviceValidate]
> > > > >ticket=[ST-6-mWf3oVDr9HepuwDRk9cSch0J4IqgpZm17pi-20]
> > > >
> > > > >service=[http%3A%2F%2Flocalhost%3A8088%2FuPortal%2FLogin]
> > renew=false]]]
> > > >
> > > >
> > > > >
> > > > >edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java
> > :52)
> > > > >
> > > > >
> > edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser
> > (CASValidateFilter.java:339)
> > > >
> > >
> > > >
> > > >
> > > > >edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter
> > > >
> > > >
> > > > (CASValidateFilter.java:289)
> > > > >
> > > > >note The full stack trace of the root cause is available in the
> >
> > > > >Apache Tomcat/5.5.20 logs.
> > > > >
> > > > >The url changes to
> > > > >
> > > >
> > > >
> > > >
> > > >
> >
> > http://localhost:8088/uPortal/Login?ticket=ST-6-mWf3oVDr9HepuwDRk9cSch0J4IqgpZm17pi-20
> > ,
> > > > >I am not sure what i am missing here, kindly guide me through.
> > > > >
> > > > >Regards
> > > > >
> >
> > > > >Fawad Rashid
> > > >
> > > > >
> > > >
> > > >
> > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Express
> > yourself instantly with MSN Messenger! MSN
> > > > >Messenger Download today it's FREE!
> > > > >
> > > > >
> > > > >
> > > > >_______________________________________________
> > > >
> > > >
> > > > >Yale CAS mailing list
> > > > >cas at tp.its.yale.edu
> > > > >
> >
> > > >
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > >
> > > > >
> > > >
> > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > >_______________________________________________
> > > > >Yale CAS mailing list
> >
> > > > >
> > > >
> > > > cas at tp.its.yale.edu
> > > > >
> > > >
> > > >
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > >
> > > >
> > _________________________________________________________________
> > > > Express yourself instantly with MSN Messenger! Download today it's
> > FREE!
> > > >
> > > >
> > > >
> > > >
> > > >
> > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> > > >
> >
> > > > _______________________________________________
> > > > Yale CAS mailing list
> > > >
> > > >
> > > >
> > cas at tp.its.yale.edu
> > > >
> > > >
> > > >
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > -Scott Battaglia
> > > >
> > > > LinkedIn:
> > http://www.linkedin.com/in/scottbattaglia
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > > >_______________________________________________
> > > > >Yale CAS mailing list
> > > > >
> > cas at tp.its.yale.edu
> > > >
> > > > >http://tp.its.yale.edu/mailman/listinfo/cas
> >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > ________________________________
> > > > Express yourself instantly with MSN Messenger!
> >
> > > > MSN Messenger Download today it's FREE!
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Yale CAS mailing list
> > > > <cas at tp.its.yale.edu>
> > cas at tp.its.yale.edu
> > > >
> > > >
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > >
> > -Scott Battaglia
> > > >
> > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >
> > > >
> > > >
> > > >
> > > >
> > > > >_______________________________________________
> > > > >Yale CAS mailing list
> > > > >
> > cas at tp.its.yale.edu
> > > > >http://tp.its.yale.edu/mailman/listinfo/cas
> > > >
> >
> > > >
> > > > ________________________________
> > > > Need a break? Find your escape route with Live Search Maps.
> > >
> > >
> > >--
> > >-Scott Battaglia
> > >
> > >LinkedIn:
> > http://www.linkedin.com/in/scottbattaglia
> > >_______________________________________________
> > >Yale CAS mailing list
> > >
> > cas at tp.its.yale.edu
> > >http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> ------------------------------
> Express yourself instantly with MSN Messenger!
> <http://g.msn.com/8HMBEN/2743??PS=47575>
> MSN Messenger Download today it's FREE!
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
>
> --
> -Scott Battaglia
>
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
> >_______________________________________________
> >Yale CAS mailing list
> >cas at tp.its.yale.edu
> >http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> ------------------------------
> FREE pop-up blocking with the new MSN Toolbar MSN Toolbar<http://g.msn.com/8HMAEN/2755??PS=47575>Get it now!
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070413/262ebb32/attachment.html
More information about the cas
mailing list