HttpBasedServiceCredentialsAuthenticationHandler Query
Scott Battaglia
scott.battaglia at gmail.com
Thu Mar 8 09:05:08 EST 2007
Generally that handler only fails for one of three reasons:
1. Invalid/missing certificate/mismatched host name.
2. Bad status code returned. By default the following status codes are
okay:
HttpURLConnection.HTTP_OK, HttpURLConnection.HTTP_NOT_MODIFIED,
HttpURLConnection.HTTP_MOVED_TEMP, HttpURLConnection.HTTP_MOVED_PERM
,
HttpURLConnection.HTTP_ACCEPTED
3. Insecure URL when its expecting a secure url.
-Scott
On 3/7/07, Luke McLean <luke.mclean at boundless.co.nz> wrote:
>
>
> Hello,
>
> I'm working through the process of setting up a proxied webservice. I
> have
> the ProxyTicketReceptor setup on the Webapp, have created a new
> certificate
> on the Webapp machine and imported that certificate to the cacert file on
> the CAS machine. I have also added the proxyCallbackUrl in the web.xml on
> the Webapp.
>
> When I login to the Webapp I get the following stdout:
>
> 2007-03-08 15:53:53,109 DEBUG
> [org.jasig.cas.CentralAuthenticationServiceImpl] - <Attempting to create
> TicketGrantingTicket for nz.g
> ovt.nzfsa.raac.authentication.principle.RaacUserCredential at 1dea382
> [userName=TestUser8]>
> 2007-03-08 15:53:53,125 INFO
> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> <AuthenticationHandler: nz.govt.nzfsa.raac.a
> uthentication.handler.RaacUserAuthenticationHandler successfully
> authenticated the user.>
> 2007-03-08 15:53:53,140 DEBUG
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
> [TGT-2-KK4ujg3934SNLySmzhjDnVF5i
> jn0Qac5RdMb9BfBFHHWaR4HDb] to registry.>
> 2007-03-08 15:53:53,140 DEBUG
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
> retrieve ticket [TGT-2-KK4ujg39
> 34SNLySmzhjDnVF5ijn0Qac5RdMb9BfBFHHWaR4HDb]>
> 2007-03-08 15:53:53,140 DEBUG
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
> [TGT-2-KK4ujg3934SNLySmzhjDnVF5ijn0Qac
> 5RdMb9BfBFHHWaR4HDb] found in registry.>
> 2007-03-08 15:53:53,156 DEBUG
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
> [ST-2-qPh92whZrsiwRPs3BdLq] to r
> egistry.>
> 2007-03-08 15:53:53,156 INFO
> [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket
> [ST-2-qPh92whZrsiwRPs3BdLq] for service [http://vadctm07:8080/portal/] for
> user [TestUser8]>
> 2007-03-08 15:53:53,375 DEBUG
> [
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
> ]
> - <Attempting to resolve credentials for
> https://vadctm07:8443/CasProxyServlet>
> 2007-03-08 15:53:53,468 INFO
> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> <AuthenticationHandler:
>
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
> failed to authenticate the user.>
> 2007-03-08 15:53:53,468 ERROR [org.jasig.cas.web.ServiceValidateController
> ]
> - <TicketException generating ticket for:
> https://vadctm07:8443/CasProxyServlet>
> org.jasig.cas.ticket.TicketCreationException:
> error.authentication.credentials.bad
> at
>
> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
> (CentralAuthenticationServiceImpl.java:223)
> at
> org.jasig.cas.web.ServiceValidateController.handleRequestInternal(
> ServiceValidateController.java:132)
> at
> org.springframework.web.servlet.mvc.AbstractController.handleRequest(
> AbstractController.java:128)
> at
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(
> SimpleControllerHandlerAdapter.java:44)
> at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(
> DispatcherServlet.java:684)
> at
> org.springframework.web.servlet.DispatcherServlet.doService(
> DispatcherServlet.java:625)
> at
> org.springframework.web.servlet.FrameworkServlet.serviceWrapper(
> FrameworkServlet.java:386)
> at
> org.springframework.web.servlet.FrameworkServlet.doGet(
> FrameworkServlet.java:346)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> at
> org.jasig.cas.web.init.SafeDispatcherServlet.service(
> SafeDispatcherServlet.java:115)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:237)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:157)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:214)
> at
> org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:104)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java
> :520)
> at
> org.apache.catalina.core.StandardContextValve.invokeInternal(
> StandardContextValve.java:198)
> at
> org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:152)
> at
> org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:104)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java
> :520)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
> :137)
> at
> org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:104)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
> :118)
> at
> org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:102)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java
> :520)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:109)
> at
> org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:104)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java
> :520)
> at
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
> at
> org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
> at
>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection
> (Http11Protocol.java:705)
> at
> org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
> at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> ThreadPool.java:683)
> at java.lang.Thread.run(Thread.java:534)
> Caused by: error.authentication.credentials.bad
> at
> org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException
> .<clinit>(BadCredentialsAuthenticationException
> .java:25)
> at
> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(
> AuthenticationManagerImpl.java:96)
> at
>
> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
> (CentralAuthenticationServiceImpl.java:200)
> ... 34 more
> 2007-03-08 15:53:53,562 DEBUG
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
> retrieve ticket [ST-2-qPh92whZr
> siwRPs3BdLq]>
> 2007-03-08 15:53:53,562 DEBUG
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
> [ST-2-qPh92whZrsiwRPs3BdLq] found in r
> egistry.>
> 2007-03-08 15:53:53,562 DEBUG
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket
> [ST-2-qPh92whZrsiwRPs3BdLq] f
> rom registry>
> The ServiceValidateController go to successView....
>
>
> My reading of this (little knowledge) is that the
> RaacUserAuthenticationHandler has successfully authenticated the user but
> that HttpBasedServiceCredentialsAuthenticationHandler failed to
> authenticate
> the user... I thought that the
> HttpBasedServiceCredentialsAuthenticationHandler was just to verify that
> the
> https connection was correct? I'm a bit lost here, any help/explanation
> appreciated. Where do I look to correct this error?
>
> Thanks,
> Luke.
> --
> View this message in context:
> http://www.nabble.com/HttpBasedServiceCredentialsAuthenticationHandler-Query-tf3366911.html#a9367474
> Sent from the CAS Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070308/08b4d29c/attachment.html
More information about the cas
mailing list