Matt,

Your validation class is for non proxy config. See 
https://github.com/apereo/java-cas-client#orgjasigcasclientvalidationcas20proxyreceivingticketvalidationfilter.

Ray

On Mon, 2017-08-07 at 14:54 -0700, Matt Stacey wrote:
I switched the client to use https, but get the same error. Using the debugger 
I've tracked down where it makes the call to the client with the 
/j_spring_cas_security_proxyreceptor and it comes back with a 404.

My client side configuration is done with cas 3.2 and has the following in the 
context.xml file.


<beans:bean id="casAuthenticationProvider"
   
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
   <beans:property name="authenticationUserDetailsService">
      <beans:bean
         
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
         <beans:constructor-arg ref="userService" />
      </beans:bean>
   </beans:property>
   <beans:property name="serviceProperties" ref="serviceProperties" />
   <beans:property name="ticketValidator">
      <beans:bean
         class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
         <beans:constructor-arg index="0" value="${system.casServerUrl}/cas" />
         <beans:property name="proxyCallbackUrl" 
value="${system.serverUrl}/bind/j_spring_cas_security_proxyreceptor" />
         <beans:property name="proxyGrantingTicketStorage" ref="pgtStorage" />
      </beans:bean>
   </beans:property>
   <beans:property name="key"
               value="bind_auth_provider"/>
</beans:bean>

On Friday, August 4, 2017 at 9:33:17 AM UTC-6, rbon wrote:
This line

<Authentication has failed. Credentials may be incorrect or CAS cannot find 
authentication handler that supports 
[http://localhost:8080/bind/j_spring_cas_security_proxyreceptor] of type

CAS expects the proxy callback to be https (at least by default). Change client 
to use https.

Ray

On Fri, 2017-08-04 at 08:39 -0600, Matt Stacey wrote:
Hello,

I'm migrating from Cas 3 to Cas 5.1.2. So far I have been succesful with 
everything up to the point of the proxy policy. I'm getting the following error.

[org.apereo.cas.web.AbstractServiceValidateController] - <Failed to 
authenticate service credential 
[http://localhost:8080/bind/j_spring_cas_security_proxyreceptor]

Here are the last few lines of my cas server output.

2017-08-04 08:03:03,590 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN
=============================================================
WHO: CLYTLE
WHAT: TGT-**********************************************ofMbwcwxY3-W000008983
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Fri Aug 04 08:03:03 MDT 2017
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
[ INFO] [04 Aug 2017 08:03:03,678] USER: (UNAUTHENTICATED); METHOD: (com....); 
ARGS(s): clytle; returned value(s): cly...@blah.com<javascript:> in 84 msecs 
[LoggingAspect:77]
[ INFO] [04 Aug 2017 08:03:04,270] USER: (UNAUTHENTICATED); METHOD: (com....); 
ARGS(s): clytle; returned value(s): false in 587 msecs [LoggingAspect:77]
2017-08-04 08:03:04,306 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN
=============================================================
WHO: CLYTLE
WHAT: ST-1-QAuzbUq0cPRqpyE0WaDc-W000008983 for 
http://localhost:8080/bind/j_spring_cas_security_check
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Fri Aug 04 08:03:04 MDT 2017
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
2017-08-04 08:03:04,362 WARN 
[org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler]
 - <Proxy policy for service 
[^http://localhost:8080/bind/j_spring_cas_security_check] cannot authorize the 
requested callback url 
[http://localhost:8080/bind/j_spring_cas_security_proxyreceptor]<http://localhost:8080/bind/j_spring_cas_security_proxyreceptor%5D>.>
2017-08-04 08:03:04,363 WARN 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<Authentication has failed. Credentials may be incorrect or CAS cannot find 
authentication handler that supports 
[http://localhost:8080/bind/j_spring_cas_security_proxyreceptor] of type 
[HttpBasedServiceCredential], which suggests a configuration problem.>
2017-08-04 08:03:04,366 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN
=============================================================
WHO: http://localhost:8080/bind/j_spring_cas_security_proxyreceptor
WHAT: Supplied credentials: 
[http://localhost:8080/bind/j_spring_cas_security_proxyreceptor]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Aug 04 08:03:04 MDT 2017
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================


The client is still using Cas version 3 and I'm wondering if that is the 
problem. My client is configured as follows, and I'm not sure if this has 
something to do with the Cas20ServiceTicketValidator (seeing as it no longer 
exists in Cas 5.1.2) or something else. Any help would be greatly appreciated.



<!-- Handles the CAS ticket processing. -->
<beans:bean id="casAuthenticationProvider"
   
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
   <beans:property name="authenticationUserDetailsService">
      <beans:bean
         
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
         <beans:constructor-arg ref="userService" />
      </beans:bean>
   </beans:property>
   <beans:property name="serviceProperties" ref="serviceProperties" />
   <beans:property name="ticketValidator">
      <beans:bean
         class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
         <beans:constructor-arg index="0" value="${system.casServerUrl}/cas" />
         <beans:property name="proxyCallbackUrl" 
value="${system.serverUrl}/bind/j_spring_cas_security_proxyreceptor" />
         <beans:property name="proxyGrantingTicketStorage" ref="pgtStorage" />
      </beans:bean>
   </beans:property>
   <beans:property name="key"
               value="bind_auth_provider"/>
</beans:bean>


Thanks
[https://lh6.googleusercontent.com/proxy/bmXRV8U_rvsrPro4DPGFB69kd64mPUlaHL87vQtq_GAuJjcmUkNXeaKyEx7hvg1C5Tift0qXrd0-iJixautq_siUL9GltfUhIT6ggIHnlQ=w5000-h5000]
Matt

--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 023 | rb...@uvic.ca<javascript:>


--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 023 | r...@uvic.ca

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1502204843.2390.2.camel%40uvic.ca.

Reply via email to