web flow problem?
Scott Battaglia
scott.battaglia at gmail.com
Fri Jun 8 07:55:42 EDT 2007
If you look in the log, it states that you're missing the groovy jar for
some reason:
java.lang.NoClassDefFoundError:
org/codehaus/groovy/control/CompilationFailedException
-Scott
On 6/7/07, bozhe <jsalvaggio at norwoodma.gov> wrote:
>
>
> Scott,
>
> Thank you for the reply.
> I did as you said and the associated error notice went away. However, I'm
> still not redirected to the webmail application. I've attached my cas.login
> DEBUG mode. I appreciate any assistance you can provide.
>
> Thanks
>
> - http://www.nabble.com/file/p11019876/cas.log cas.log Joe
>
>
>
> Scott Battaglia-2 wrote:
> >
> > Joe,
> >
> > You attempted to get a ProxyGrantingTicket for the Webmail service and
> the
> > JVM that the CAS server is running in is unable to validate the
> > certificate
> > of the Webmail server.
> >
> > [org.jasig.cas.authentication
> > .handler.support.HttpBasedServiceCredentialsAuthenticationHandler]
> > - javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> > at
> > com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(
> > SSLSessionImpl.java:401)
> >
> > Is it a non-commercial certificate? If so, it will need to be added to
> > the
> > CAS JVM.
> >
> > -Scott
> >
> >
> > On 6/6/07, bozhe <jsalvaggio at norwoodma.gov> wrote:
> >>
> >>
> >> Scott,
> >> Thanks for the quick reply. Here is the cas.log in debug mode from
> the
> >> actions outlined in my previous email ("web flow problem?"):
> >>
> >> I turned tomcat off, deleted cas.log, and turned tomcat back on. That
> >> gave
> >> me this:
> >>
> >> 2007-06-06 17:28:24,494 WARN
> >> [org.springframework.ldap.support.LdapContextSource] - Property
> >> 'userName'
> >> not set - anonymous context will be used for read-write operations
> >> 2007-06-06 17:28:24,501 INFO
> >> [org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler] - No
> >> PasswordEncoder set. Using default:
> >> org.jasig.cas.authentication.handler.PlainTextPasswordEncoder
> >> 2007-06-06 17:28:24,501 INFO
> >> [org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler] - No
> >> Class
> >> to Support set. Using default:
> >> org.jasig.cas.authentication.principal.UsernamePasswordCredentials
> >> 2007-06-06 17:28:24,518 INFO
> >> [org.jasig.cas.ticket.proxy.support.Cas20ProxyHandler] - No
> >> UniqueTicketIdGenerator specified for
> >> org.jasig.cas.ticket.proxy.support.Cas20ProxyHandler. Using
> >> org.jasig.cas.util.DefaultUniqueTicketIdGenerator
> >> 2007-06-06 17:28:24,988 INFO
> >> [org.jasig.cas.web.ServiceValidateController]
> >> -
> >> No authentication specification class set. Defaulting to
> >> org.jasig.cas.validation.Cas20ProtocolValidationSpecification
> >> 2007-06-06 17:28:24,988 INFO
> >> [org.jasig.cas.web.ServiceValidateController]
> >> -
> >> No successView specified. Using default of casServiceSuccessView
> >> 2007-06-06 17:28:24,988 INFO
> >> [org.jasig.cas.web.ServiceValidateController]
> >> -
> >> No failureView specified. Using default of casServiceFailureView
> >> 2007-06-06 17:28:24,997 INFO
> >> [org.jasig.cas.web.ServiceValidateController]
> >> -
> >> No successView specified. Using default of casServiceSuccessView
> >> 2007-06-06 17:28:24,997 INFO
> >> [org.jasig.cas.web.ServiceValidateController]
> >> -
> >> No failureView specified. Using default of casServiceFailureView
> >> 2007-06-06 17:28:25,035 INFO
> >> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - FormObjectClass
> >> not
> >> set. Using default class of
> >> org.jasig.cas.authentication.principal.UsernamePasswordCredentials with
> >> formObjectName credentials and validator
> >> org.jasig.cas.validation.UsernamePasswordCredentialsValidator.
> >> 2007-06-06 17:28:44,580 INFO
> >> [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
> >> Starting cleaning of expired tickets from ticket registry at [Wed Jun
> 06
> >> 17:28:44 EDT 2007]
> >> 2007-06-06 17:28:44,580 INFO
> >> [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
> 0
> >> found to be removed. Removing now.
> >> 2007-06-06 17:28:44,580 INFO
> >> [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
> >> Finished cleaning of expired tickets from ticket registry at [Wed Jun
> 06
> >> 17:28:44 EDT 2007]
> >>
> >>
> >> Then I logged successfully into CAS by itself (at
> >> https://www.norwood-ma.gov/cas):
> >>
> >> 2007-06-06 17:37:04,178 INFO
> >> [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
> >> Starting cleaning of expired tickets from ticket registry at [Wed Jun
> 06
> >> 17:37:04 EDT 2007]
> >> 2007-06-06 17:37:04,178 INFO
> >> [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
> 0
> >> found to be removed. Removing now.
> >> 2007-06-06 17:37:04,178 INFO
> >> [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
> >> Finished cleaning of expired tickets from ticket registry at [Wed Jun
> 06
> >> 17:37:04 EDT 2007]
> >> 2007-06-06 17:37:59,453 INFO
> >> [org.jasig.cas.web.flow.AutomaticCookiePathSetterAction] - Setting
> >> ContextPath for cookies to: /cas
> >> 2007-06-06 17:38:09,424 INFO
> >> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> >> AuthenticationHandler:
> >> org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler
> >> successfully
> >> authenticated the user which provided the following credentials:
> >> jsalvaggio
> >>
> >> Then I closed and reopened my browser and attempted to log in to
> >> webmail.norwood-ma.gov:
> >>
> >> 2007-06-06 17:41:56,850 INFO
> >> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> >> AuthenticationHandler:
> >> org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler
> >> successfully
> >> authenticated the user which provided the following credentials:
> >> jsalvaggio
> >> 2007-06-06 17:41:56,857 INFO
> >> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service
> ticket
> >> [ST-2-IFs6D3RnhK0B2Ud92c1JifcYLfVthnARypg-20] for service
> >> [http://webmail.norwood-ma.gov/src/login.php] for user [jsalvaggio]
> >> 2007-06-06 17:41:57,352 ERROR
> >> [
> >>
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
> >> ]
> >> - javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> >> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> >> at
> >> com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(
> >> SSLSessionImpl.java:401)
> >> at
> >>
> >>
> org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname
> >> (StrictSSLProtocolSocketFactory.java:280)
> >> at
> >>
> >>
> org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createSocket
> >> (StrictSSLProtocolSocketFactory.java:223)
> >> at
> >> org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java
> :706)
> >> at
> >>
> >>
> org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open
> >> (MultiThreadedHttpConnectionManager.java:1321)
> >> at
> >> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(
> >> HttpMethodDirector.java:386)
> >> at
> >> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(
> >> HttpMethodDirector.java:170)
> >> at
> >> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java
> >> :396)
> >> at
> >> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java
> >> :324)
> >> at
> >>
> >>
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler.authenticate
> >> (HttpBasedServiceCredentialsAuthenticationHandler.java:75)
> >> at
> >> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(
> >> AuthenticationManagerImpl.java:79)
> >> at
> >>
> >>
> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
> >> (CentralAuthenticationServiceImpl.java:194)
> >> at
> >> org.jasig.cas.web.ServiceValidateController.handleRequestInternal(
> >> ServiceValidateController.java:159)
> >> at
> >> org.springframework.web.servlet.mvc.AbstractController.handleRequest(
> >> AbstractController.java:153)
> >> at
> >>
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(
> >> SimpleControllerHandlerAdapter.java:48)
> >> at
> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(
> >> DispatcherServlet.java:819)
> >> at
> >> org.springframework.web.servlet.DispatcherServlet.doService(
> >> DispatcherServlet.java:754)
> >> at
> >> org.springframework.web.servlet.FrameworkServlet.processRequest(
> >> FrameworkServlet.java:399)
> >> at
> >> org.springframework.web.servlet.FrameworkServlet.doGet(
> >> FrameworkServlet.java:354)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >> at
> >> org.jasig.cas.web.init.SafeDispatcherServlet.service(
> >> SafeDispatcherServlet.java:115)
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> >> ApplicationFilterChain.java:290)
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(
> >> ApplicationFilterChain.java:206)
> >> at
> >> org.apache.catalina.core.StandardWrapperValve.invoke(
> >> StandardWrapperValve.java:228)
> >> at
> >> org.apache.catalina.core.StandardContextValve.invoke(
> >> StandardContextValve.java:175)
> >> at
> >> org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java
> >> :128)
> >> at
> >> org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java
> >> :104)
> >> at
> >> org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java
> >> :393)
> >> at
> >> org.apache.catalina.core.StandardEngineValve.invoke(
> >> StandardEngineValve.java:109)
> >> at
> >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
> >> :216)
> >> at
> >> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
> :844)
> >> at
> >> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process
> (
> >> Http11Protocol.java:634)
> >> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(
> >> JIoEndpoint.java:445)
> >> at java.lang.Thread.run(Thread.java:619)
> >> 2007-06-06 17:41:57,354 INFO
> >> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> >> AuthenticationHandler:
> >>
> >>
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
> >> failed to authenticate the user which provided the following
> credentials:
> >> https://webmail.norwood-ma.gov/src/login.php
> >> 2007-06-06 17:41:57,354 ERROR
> >> [org.jasig.cas.web.ServiceValidateController
> >> ]
> >> - TicketException generating ticket for:
> >> https://webmail.norwood-ma.gov/src/login.php
> >> org.jasig.cas.ticket.TicketCreationException:
> >> error.authentication.credentials.bad
> >> at
> >>
> >>
> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
> >> (CentralAuthenticationServiceImpl.java:215)
> >> at
> >> org.jasig.cas.web.ServiceValidateController.handleRequestInternal(
> >> ServiceValidateController.java:159)
> >> at
> >> org.springframework.web.servlet.mvc.AbstractController.handleRequest(
> >> AbstractController.java:153)
> >> at
> >>
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(
> >> SimpleControllerHandlerAdapter.java:48)
> >> at
> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(
> >> DispatcherServlet.java:819)
> >> at
> >> org.springframework.web.servlet.DispatcherServlet.doService(
> >> DispatcherServlet.java:754)
> >> at
> >> org.springframework.web.servlet.FrameworkServlet.processRequest(
> >> FrameworkServlet.java:399)
> >> at
> >> org.springframework.web.servlet.FrameworkServlet.doGet(
> >> FrameworkServlet.java:354)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> >> at
> >> org.jasig.cas.web.init.SafeDispatcherServlet.service(
> >> SafeDispatcherServlet.java:115)
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> >> ApplicationFilterChain.java:290)
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(
> >> ApplicationFilterChain.java:206)
> >> at
> >> org.apache.catalina.core.StandardWrapperValve.invoke(
> >> StandardWrapperValve.java:228)
> >> at
> >> org.apache.catalina.core.StandardContextValve.invoke(
> >> StandardContextValve.java:175)
> >> at
> >> org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java
> >> :128)
> >> at
> >> org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java
> >> :104)
> >> at
> >> org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java
> >> :393)
> >> at
> >> org.apache.catalina.core.StandardEngineValve.invoke(
> >> StandardEngineValve.java:109)
> >> at
> >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
> >> :216)
> >> at
> >> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
> :844)
> >> at
> >> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process
> (
> >> Http11Protocol.java:634)
> >> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(
> >> JIoEndpoint.java:445)
> >> at java.lang.Thread.run(Thread.java:619)
> >> Caused by: error.authentication.credentials.bad
> >> at
> >>
> org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException
> >> .<clinit>(BadCredentialsAuthenticationException.java:25)
> >> at
> >> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(
> >> AuthenticationManagerImpl.java:105)
> >> at
> >>
> >>
> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
> >> (CentralAuthenticationServiceImpl.java:194)
> >> ... 23 more
> >>
> >>
> >> Thank you, Scott, or anyone else, who can help me figure this out.
> >>
> >>
> >> Joe Salvaggio
> >>
> >>
> >> Scott Battaglia-2 wrote:
> >> >
> >> > You should be able to tell in the CAS log file if the ticket was
> >> > authenticated successfully or not (if you can't see it, try turning
> the
> >> > logging level to DEBUG)
> >> >
> >> > Your "You are not authenticated" message is coming from squirrelmail
> >> not
> >> > CAS.
> >> >
> >> > -Scott
> >> >
> >> > On 6/6/07, jsalvaggio at ci.norwood.ma.us <jsalvaggio at ci.norwood.ma.us>
> >> > wrote:
> >> >>
> >> >> I'll replicate the problem in steps:
> >> >>
> >> >> Background: CAS Server 3.0.7
> >> >> CAS Clients installed: esup-phpcas-0.5.1-1
> >> >>
> >> Pam_cas-
> >> >> 2.0.11-esup-2.0.4
> >> >>
> >> >> I've followed a document on cas-ifying squirrelmail. It includes a
> >> >> downloadable squirrelmail login.php modified with CAS .
> >> >> When I put the url "webmail.norwood-ma.gov" in the url and hit enter
> >> it
> >> >> takes me to the CAS login page with the following in the url:"
> >> >>
> >>
> https://www.norwood-ma.gov/cas/login?service=http%3A%2F%2Fwebmail.norwood-ma.gov%2Fsrc%2Flogin.php
> >> >> I enter my username and password (I set it up with ldap-fastbind)
> hit
> >> >> enter and it takes me to:
> >> >> CAS Authentication failed!
> >> >>
> >> >> You were not authenticated.
> >> >>
> >> >> You may submit your request again by clicking
> >> >> here<http://webmail.norwood-ma.gov/src/login.php>
> >> >> .
> >> >>
> >> >> If the problem persists, you may contact the administrator of this
> >> >> site<jsalvaggio at ci.norwood.ma.us>
> >> >> .
> >> >> ------------------------------
> >> >> phpCAS 0.5.1-1 using server
> >> >> https://www.norwood-ma.gov:443/cas/<https://www.norwood-ma.gov/cas/
> >> >(CAS
> >> >> 2.0)
> >> >>
> >> >> --with a url of "
> >> >>
> >>
> http://webmail.norwood-ma.gov/src/login.php?ticket=ST-3-aBnEtPuMqqWdyat97ywctFPe7pkHXlcgW6C-20
> >> >> "
> >> >>
> >> >> When I the click the link on the bottom it takes me to this:
> >> >> Log In Successful
> >> >>
> >> >> You have successfully logged into the Central Authentication
> Service.
> >> >>
> >> >> -with the url of "https://www.norwood-ma.gov/cas/login?null"
> >> >> When I go to the CAS login page by itself
> >> >> (https://www.norwood-ma.gov/cas)
> >> >> I can log on with no problem .
> >> >> Joe Salvaggio
> >> >> _______________________________________________
> >> >> Yale CAS mailing list
> >> >> cas at tp.its.yale.edu
> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >> >>
> >> >>
> >> >
> >> >
> >> > --
> >> > -Scott Battaglia
> >> >
> >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >> >
> >> > _______________________________________________
> >> > Yale CAS mailing list
> >> > cas at tp.its.yale.edu
> >> > http://tp.its.yale.edu/mailman/listinfo/cas
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >> http://www.nabble.com/web-flow-problem--tf3879194.html#a10997918
> >> Sent from the CAS Users mailing list archive at Nabble.com.
> >>
> >> _______________________________________________
> >> Yale CAS mailing list
> >> cas at tp.its.yale.edu
> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >>
> >
> >
> >
> > --
> > -Scott Battaglia
> >
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/web-flow-problem--tf3879194.html#a11019876
> Sent from the CAS Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070608/33d3f00f/attachment-0001.html
More information about the cas
mailing list