Re: [cas-dev] Unable to validate ProxyTicketValidator

[Andrew Petro]

> with the familiar warning about the SSL certificate being named differently than localhost > casValidateUrl=[https://localhost:8443/cas/proxyValidate] Here's my hypothesis: The CAS server SSL cert does not authenticate "localhost", but the CASFilter is configured to validate the ticket against a CAS addressed as "localhost".  Since the cert doesn't match, the client JVM does not see an SSL cert it likes for authenticating the callback.  Since the client JVM didn't see a cert it liked on the callback, the callback fails.  Since the callback failed, the CASFilter (via the ProxyTicketValidator) is unable to validate the service ticket.  Yielding the error you're seeing. This thread doesn't seem to be about developing CAS server or the CAS client libraries.  It should probably be moved to the cas@ email list. Andrew http://support.unicon.net/ Uday Kari wrote: Followed the instruction in the following thread and verified that the SSL certification is in JVM cacerts file as required:   http://www.mail-archive.com/[EMAIL PROTECTED]/msg00090.html   However, I am still getting the Unable to validate ProxyTicketValidator error when I finish logging in…   Specifically:   The request https://localhost:8443/ works fine with the familiar warning about the SSL certificate being named differently than localhost.  (so server is up).   https://localhost:8443/app1 leads to the application after the above warning, but immediately redirects to CAS as expected.    I login with the “equal” credentials such as yahoo/yahoo and google/google.    Apparently the ticket generates just fine.   Then on the way back to render the protected (but very simple jsp within the app1 context), I get an HTTP 500 error with the following stack trace on the screen:   exception javax.servlet.ServletException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/proxyValidate] ticket=[ST-6-cDriGKlSaCFOeNf3DWqLyILhIDaWlpW2JG7-20] service=[https%3A%2F%2Flocalhost%3A8443%2Fapp1%2F] renew=false]]]           edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381) root cause edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/proxyValidate] ticket=[ST-6-cDriGKlSaCFOeNf3DWqLyILhIDaWlpW2JG7-20] service=[https%3A%2F%2Flocalhost%3A8443%2Fapp1%2F] renew=false]]]           edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)           edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)           edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)       Specifically, here are the excerpts from my Catalina.2007-04-12.log for the last two login attempts (user/password = yahoo, google)   Apr 12, 2007 3:56:13 PM edu.yale.its.tp.cas.client.CASReceipt getReceipt SEVERE: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/proxyValidate] ticket=[ST-4-P3kihjtft7UGHzY4PynoJkuyBLp7bfLBjD1-20] service=[https%3A%2F%2Flocalhost%3A8443%2Fapp1%2F] renew=false]]] Apr 12, 2007 3:56:13 PM edu.yale.its.tp.cas.client.filter.CASFilter doFilter SEVERE: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/proxyValidate] ticket=[ST-4-P3kihjtft7UGHzY4PynoJkuyBLp7bfLBjD1-20] service=[https%3A%2F%2Flocalhost%3A8443%2Fapp1%2F] renew=false]]] Apr 12, 2007 3:57:53 PM edu.yale.its.tp.cas.client.CASReceipt getReceipt SEVERE: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/proxyValidate] ticket=[ST-5-prfNAfpSop6mcxseBbbEnBVnk7c7S0xwRIt-20] service=[https%3A%2F%2Flocalhost%3A8443%2Fapp1%2F] renew=false]]] Apr 12, 2007 3:57:53 PM edu.yale.its.tp.cas.client.filter.CASFilter doFilter SEVERE: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/proxyValidate] ticket=[ST-5-prfNAfpSop6mcxseBbbEnBVnk7c7S0xwRIt-20] service=[https%3A%2F%2Flocalhost%3A8443%2Fapp1%2F] renew=false]]]     And, the following from my stdout_20070412.log   2007-04-12 15:56:13,099 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler successfully authenticated the user which provided the following credentials: yahoo> 2007-04-12 15:56:13,099 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-4-P3kihjtft7UGHzY4PynoJkuyBLp7bfLBjD1-20] for service [https://localhost:8443/app1/] for user [yahoo]> 2007-04-12 15:57:53,404 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler successfully authenticated the user which provided the following credentials: google> 2007-04-12 15:57:53,404 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-5-prfNAfpSop6mcxseBbbEnBVnk7c7S0xwRIt-20] for service [https://localhost:8443/app1/] for user [google]> _______________________________________________ cas-dev mailing list [EMAIL PROTECTED] http://tp.its.yale.edu/mailman/listinfo/cas-dev

_______________________________________________
cas-dev mailing list
[EMAIL PROTECTED]
http://tp.its.yale.edu/mailman/listinfo/cas-dev