ACEGI, proxyValidate and PGTIOU

Tue Jun 19 09:33:07 EDT 2007

Hi,

I am using CAS with ACEGI security and I have the basics working. But
when I try to add the proxyCallbackUrl to the CasProxyTicketValidator
(see below), it only partly works. I am able to still authenticate
through CAS, but the resulting authentication token does not have the
PGTIOU set ... it is an empty string.

I have checked the log files on the Tomcat instance hosting the CAS
server and I find the following exceptions which seem to relate to the
proxy callback URL. Any idea what is wrong?

2007-06-19 09:25:58,812 ERROR
[org.jasig.cas.authentication.handler.support.HttpBasedServiceCredential
sAuthenticationHandler] - <javax.net.ssl.SSLPeerUnverifiedException:
peer not authenticated>

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

            at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(Unkn
own Source)

            at
org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory
.verifyHostname(StrictSSLProtocolSocketFactory.java:280)

            at
org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory
.createSocket(StrictSSLProtocolSocketFactory.java:223)

            at
org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:70
6)

            at
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpCon
nectionAdapter.open(MultiThreadedHttpConnectionManager.java:1321)

            at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMe
thodDirector.java:386)

            at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMetho
dDirector.java:170)

            at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:3
96)

            at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:3
24)

            at
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentials
AuthenticationHandler.authenticate(HttpBasedServiceCredentialsAuthentica
tionHandler.java:75)

            at
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Auth
enticationManagerImpl.java:79)

            at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTic
ket(CentralAuthenticationServiceImpl.java:194)

            at
org.jasig.cas.web.ServiceValidateController.handleRequestInternal(Servic
eValidateController.java:159)

            at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abs
tractController.java:153)

            at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handl
e(SimpleControllerHandlerAdapter.java:48)

            at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherS
ervlet.java:819)

            at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherSe
rvlet.java:754)

            at
org.springframework.web.servlet.FrameworkServlet.processRequest(Framewor
kServlet.java:399)

            at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.
java:354)

            at
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)

            at
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)

            at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServl
et.java:115)

            at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:290)

            at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:206)

            at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:228)

            at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
e.java:175)

            at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:128)

            at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:104)

            at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:109)

            at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:2
16)

            at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:84
4)

            at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(
Http11Protocol.java:634)

            at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445)

            at java.lang.Thread.run(Unknown Source)

2007-06-19 09:25:58,812 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentials
AuthenticationHandler failed to authenticate the user which provided the
following credentials:
https://nacdnws002l.northlandcc.net:8443/casProxy/receptor>

2007-06-19 09:25:58,812 ERROR
[org.jasig.cas.web.ServiceValidateController] - <TicketException
generating ticket for:
https://nacdnws002l.northlandcc.net:8443/casProxy/receptor>

org.jasig.cas.ticket.TicketCreationException:
error.authentication.credentials.bad

            at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTic
ket(CentralAuthenticationServiceImpl.java:215)

            at
org.jasig.cas.web.ServiceValidateController.handleRequestInternal(Servic
eValidateController.java:159)

            at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abs
tractController.java:153)

            at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handl
e(SimpleControllerHandlerAdapter.java:48)

            at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherS
ervlet.java:819)

            at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherSe
rvlet.java:754)

            at
org.springframework.web.servlet.FrameworkServlet.processRequest(Framewor
kServlet.java:399)

            at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.
java:354)

            at
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)

            at
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)

            at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServl
et.java:115)

            at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:290)

            at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:206)

            at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:228)

            at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
e.java:175)

            at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:128)

            at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:104)

            at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:109)

            at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:2
16)

            at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:84
4)

            at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(
Http11Protocol.java:634)

            at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445)

            at java.lang.Thread.run(Unknown Source)

Caused by: error.authentication.credentials.bad

            at
org.jasig.cas.authentication.handler.BadCredentialsAuthenticationExcepti
on.<clinit>(BadCredentialsAuthenticationException.java:25)

            at
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Auth
enticationManagerImpl.java:105)

            at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTic
ket(CentralAuthenticationServiceImpl.java:194)

            ... 22 more

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070619/ebe52e04/attachment.html 