_cas_stateful_ gets passed to me as a username from Acegi - throws exception

Scott Battaglia scott.battaglia at gmail.com
Fri May 23 15:50:20 EDT 2008 

It looks like you've configured a proxy receptor endpoint on your client
side and you're passing it to the CAS server via ticket validation.  By
default the CAS server will attempt to "authenticate" the endpoint during
ticket validation if its provided.  It will fail by default if the URL is
not an https url.  You either need to use SSL at your proxy receptor
endpoint, or configure CAS (via the
HttpBasedServiceCredentialsAuthenticationHandler) to accept non-SSL proxy
receptor urls.

-Scott

On Fri, May 23, 2008 at 3:20 PM, doahh <gavin at prodia.co.uk> wrote:

>
> Hi Scott and thank you for replying.
>
> My authenticationHandlers are defined as:
>
> <property name="authenticationHandlers">
> <list>
>
> <bean
>
> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> p:httpClient-ref="httpClient" >
> </bean>
>
> <bean id="SearchModeSearchDatabaseAuthenticationHandler"
>
>
> class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler"
>          abstract="false" lazy-init="default" autowire="default"
> dependency-check="default">
>
>    <property  name="tableUsers">
>        <value>rolleruser</value>
>    </property>
>    <property name="fieldUser">
>       <value>username</value>
>    </property>
>    <property name="fieldPassword">
>      <value>passphrase</value>
>    </property>
>    <property name="dataSource" ref="dataSource" />
>
> </bean>
>
> </list>
> </property>
>
> This is the bit of the log file directly before the exception is thrown:
>
> <Found existing form object with name 'credentials' of type [class
> org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in
> scope
> Flow>
> [org.jasig.cas.CentralAuthenticationServiceImpl] - <Attempting to create
> TicketGrantingTicket for gavin>
> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> <AuthenticationHandler:
> org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler
> successfully authenticated the user which provided the following
> credentials: gavin>
>
> [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
> - <Attempting to resolve a principal...>
>
> [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
> - <Creating SimplePrincipal for [gavin]>
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
> [TGT-1-qTUiiFxh33utcpWM5qX4rtBwc9vkxuedCxxrjhICOv2MSjzIJs-cas] to
> registry.>
> [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Removed
> cookie with name [CASPRIVACY]>
> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action
> 'AuthenticationViaFormAction' completed execution; result is 'success'>
> [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action
> 'SendTicketGrantingTicketAction' beginning execution>
> [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added cookie
> with name [CASTGC] and value
> [TGT-1-qTUiiFxh33utcpWM5qX4rtBwc9vkxuedCxxrjhICOv2MSjzIJs-cas]>
> [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action
> 'SendTicketGrantingTicketAction' completed execution; result is 'success'>
> [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
> 'GenerateServiceTicketAction' beginning execution>
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
> retrieve ticket
> [TGT-1-qTUiiFxh33utcpWM5qX4rtBwc9vkxuedCxxrjhICOv2MSjzIJs-cas]>
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
> [TGT-1-qTUiiFxh33utcpWM5qX4rtBwc9vkxuedCxxrjhICOv2MSjzIJs-cas] found in
> registry.>
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
> [ST-1-nmsSNhUwzIr5nKT0xpKG-cas] to registry.>
> [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket
> [ST-1-nmsSNhUwzIr5nKT0xpKG-cas] for service
> [http://localhost:8080/tootired.net/forum/j_security_check] for user
> [gavin]>
> [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
> 'GenerateServiceTicketAction' completed execution; result is 'success'>
> [net.tootired.security.login.AcegiUserDetailsService] USERNAME
> [_cas_stateful_]
> [net.tootired.security.login.AcegiUserDetailsService] USER WAS NULL
> [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated
> service for: http://localhost:8080/tootired.net/forum/j_security_check>
>
> [org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler]
> - <Authentication failed because url was not secure.>
> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> <AuthenticationHandler:
>
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
> failed to authenticate the user which provided the following credentials:
> http://localhost:8080/tootired.net/forum/casProxy/receptor>
> [org.jasig.cas.web.ServiceValidateController] - <TicketException generating
> ticket for: http://localhost:8080/tootired.net/forum/casProxy/receptor>
> org.jasig.cas.ticket.TicketCreationException:
> error.authentication.credentials.bad
>         at
>
> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:294)
> --
> View this message in context:
> http://www.nabble.com/_cas_stateful_-gets-passed-to-me-as-a-username-from-Acegi---throws-exception-tp17428160p17433667.html
> Sent from the CAS Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>



-- 
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080523/b1cd587a/attachment.html

More information about the cas mailing list