CAS proxy mode
Scott Battaglia
scott.battaglia at gmail.com
Thu Nov 8 22:59:07 EST 2007
I'm guessing there has to be an IOException...it was the only thing that
doesn't appear to be logged at DEBUG level. Let me know if it tells you
what the problem is.
-Scott
On Nov 8, 2007 6:15 PM, Lucas Rockwell <lucasrockwell at berkeley.edu> wrote:
> Hi Scott,
>
> Thanks for the suggestion. I added
> log4j.logger.org.jasig.cas.util.HttpClient=DEBUG (although I had
> already enabled log4j.logger.org.jasig=DEBUG), and I didn't get
> anything new.
>
> I'll look at HttpClient and add the logging statement to my copy for
> now.
>
> -lucas
>
> On Nov 8, 2007, at 2:12 PM, Scott Battaglia wrote:
>
> > Lucas,
> >
> > Try turning on debug mode for org.jasig.cas.util.HttpClient and
> > seeing it it rejects any of the status codes.
> >
> > I also committed a change to the HttpClient in Subversion which
> > logs if there is an IOException or not (it previously swallowed the
> > exception).
> >
> > -Scott
> >
> > On Nov 7, 2007 5:17 PM, Lucas Rockwell <lucasrockwell at berkeley.edu>
> > wrote:
> > Hi Scott and others,
> >
> > I have recently run into this problem as well, but with a different
> > error message. We have a cert authority on campus, and some of the
> > dev machines use them. I have imported all 3 of the certs in the
> > chain into the cacerts file (I tried with just the root cert, and
> > that didn't work), but I still get errors like this:
> >
> > 2007-11-07 13:57:38,910 INFO
> > [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> > <AuthenticationHandler:
> > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentia
> > lsAuthenticationHandler failed to authenticate the user which
> > provided the following credentials: https://
> > studentsdev.berkeley.edu/OSL/HelloCAS/testcerts.asp >
> > 2007-11-07 13:57:38,911 ERROR
> > [org.jasig.cas.web.ServiceValidateController] - <TicketException
> > generating ticket for: https://studentsdev.berkeley.edu/OSL/
> > HelloCAS/testcerts.asp>
> > org.jasig.cas.ticket.TicketCreationException:
> > error.authentication.credentials.bad
> > at
> > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingT
> > icket (CentralAuthenticationServiceImpl.java:271)
> > at
> > org.jasig.cas.web.ServiceValidateController.handleRequestInternal
> > (ServiceValidateController.java :124)
> > at
> > org.springframework.web.servlet.mvc.AbstractController.handleRequest
> > (AbstractController.java:153)
> > ...
> >
> > I turned on debugging, and got this extra line:
> >
> > 2007-11-07 14:12:47,178 DEBUG
> > [org.jasig.cas.authentication.handler.support.HttpBasedServiceCredenti
> > alsAuthenticationHandler ] - <Attempting to resolve credentials for
> > https://studentsdev.berkeley.edu/OSL/HelloCAS/testcerts.asp>
> >
> > then the same as above:
> >
> > 2007-11-07 14:12:52,234 INFO
> > [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> > <AuthenticationHandler:
> > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentia
> > lsAuthenticationHandler failed to authenticate the user which
> > provided the following credentials: https://
> > studentsdev.berkeley.edu/OSL/HelloCAS/testcerts.asp >
> > 2007-11-07 14:12:52,239 ERROR
> > [org.jasig.cas.web.ServiceValidateController] - <TicketException
> > generating ticket for: https://studentsdev.berkeley.edu/OSL/
> > HelloCAS/testcerts.asp>
> > org.jasig.cas.ticket.TicketCreationException:
> > error.authentication.credentials.bad
> >
> > I have even pointed explicitly to the cacerts file in the tomcat
> > startup script, using the - Djavax.net.ssl.trustStore= and -
> > Djavax.net.ssl.trustStorePassword= arguments, and that does not
> > help, either. I have also tried importing the actual public cert
> > that was issued to the client, and no go.
> >
> > Does anyone have an hints about what I am doing wrong? Am I missing
> > some xml config somewhere?
> >
> > This is with CAS 3.1.0.
> >
> > Thanks.
> >
> > -lucas
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071108/027fae2b/attachment.html
More information about the cas
mailing list