CAS proxy mode

Lucas Rockwell lucasrockwell at berkeley.edu
Thu Nov 8 18:15:41 EST 2007 

Hi Scott,

Thanks for the suggestion. I added  
log4j.logger.org.jasig.cas.util.HttpClient=DEBUG (although I had  
already enabled log4j.logger.org.jasig=DEBUG), and I didn't get  
anything new.

I'll look at HttpClient and add the logging statement to my copy for  
now.

-lucas

On Nov 8, 2007, at 2:12 PM, Scott Battaglia wrote:

> Lucas,
>
> Try turning on debug mode for org.jasig.cas.util.HttpClient and  
> seeing it it rejects any of the status codes.
>
> I also committed a change to the HttpClient in Subversion which  
> logs if there is an IOException or not (it previously swallowed the  
> exception).
>
> -Scott
>
> On Nov 7, 2007 5:17 PM, Lucas Rockwell <lucasrockwell at berkeley.edu>  
> wrote:
> Hi Scott and others,
>
> I have recently run into this problem as well, but with a different  
> error message. We have a cert authority on campus, and some of the  
> dev machines use them. I have imported all 3 of the certs in the  
> chain into the cacerts file (I tried with just the root cert, and  
> that didn't work), but I still get errors like this:
>
> 2007-11-07 13:57:38,910 INFO  
> [org.jasig.cas.authentication.AuthenticationManagerImpl] -  
> <AuthenticationHandler:  
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentia 
> lsAuthenticationHandler failed to authenticate the user which  
> provided the following credentials: https:// 
> studentsdev.berkeley.edu/OSL/HelloCAS/testcerts.asp >
> 2007-11-07 13:57:38,911 ERROR  
> [org.jasig.cas.web.ServiceValidateController] - <TicketException  
> generating ticket for: https://studentsdev.berkeley.edu/OSL/ 
> HelloCAS/testcerts.asp>
> org.jasig.cas.ticket.TicketCreationException:  
> error.authentication.credentials.bad
> at  
> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingT 
> icket (CentralAuthenticationServiceImpl.java:271)
>         at  
> org.jasig.cas.web.ServiceValidateController.handleRequestInternal 
> (ServiceValidateController.java :124)
>         at  
> org.springframework.web.servlet.mvc.AbstractController.handleRequest 
> (AbstractController.java:153)
> ...
>
> I turned on debugging, and got this extra line:
>
> 2007-11-07 14:12:47,178 DEBUG  
> [org.jasig.cas.authentication.handler.support.HttpBasedServiceCredenti 
> alsAuthenticationHandler ] - <Attempting to resolve credentials for  
> https://studentsdev.berkeley.edu/OSL/HelloCAS/testcerts.asp>
>
> then the same as above:
>
> 2007-11-07 14:12:52,234 INFO  
> [org.jasig.cas.authentication.AuthenticationManagerImpl] -  
> <AuthenticationHandler:  
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentia 
> lsAuthenticationHandler failed to authenticate the user which  
> provided the following credentials: https:// 
> studentsdev.berkeley.edu/OSL/HelloCAS/testcerts.asp >
> 2007-11-07 14:12:52,239 ERROR  
> [org.jasig.cas.web.ServiceValidateController] - <TicketException  
> generating ticket for: https://studentsdev.berkeley.edu/OSL/ 
> HelloCAS/testcerts.asp>
> org.jasig.cas.ticket.TicketCreationException:  
> error.authentication.credentials.bad
>
> I have even pointed explicitly to the cacerts file in the tomcat  
> startup script, using the - Djavax.net.ssl.trustStore= and - 
> Djavax.net.ssl.trustStorePassword= arguments, and that does not  
> help, either. I have also tried importing the actual public cert  
> that was issued to the client, and no go.
>
> Does anyone have an hints about what I am doing wrong? Am I missing  
> some xml config somewhere?
>
> This is with CAS 3.1.0.
>
> Thanks.
>
> -lucas

More information about the cas mailing list