I thought the problem I was having while on WebSphere was related to SSO. The problem was I am using the CAS 3.1.3 filter. The proxyCallbackUrl doesn't exist. It appears that the class Cas20ProxyReceivingTicketValidationFilter, looks for a URL pattern to the value of the proxyReceptorUrl field. If found it handles the callback, thus never sending the data to the proxyCallbackUrl is this correct?
On the tomcat server, the Application Server allowed CAS to send the callback to the application even though the proxyCallbackUrl didn't exist. When I ran the same configuration on a Web Sphere environment, the Application Server never sent the callback to the application, so the filter never intercepted the callback. What I had to do was to create a servlet so the application server could send the request to my application. It worked after that. Summary: To get a casifyied application to work on WebSphere, make sure that the proxyCallbackUrl exists. -----Original Message----- From: Randy Baiad [mailto:[email protected]] Sent: Monday, August 10, 2009 5:11 PM To: [email protected] Subject: [cas-user] WebSphere and SSL I am having a problem with configuring CAS 3.3.1 on Websphere 6.1. I believe the problem has to do with the SSL keys. I deploy on tomcat successfully. When deploying on WebSphere, the callback URL is not being hit. It gives me the standard ... ... Caused by: error.authentication.credentials.bad at org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException.<clinit>(BadCredentialsAuthenticationException.java:25) at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:113) at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:262) at org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:126) ... ... Which I believe to be an SSL issue, Can someone confirm if my steps below are accurate? 1.) Configure WebSphere to be secure. Accessing my application and CAS can be done via https. 2.) View the certificate in a browser and export the certificate as DER encoded. 3.) import the cert into the java keystore used by WebSphere. (This is a Solaris box). 4.) Bounce WebShpere. -- Am I missing any steps? -- Is there more information I should provide to help isolate this issue? -- Any other debugging tricks that come to mind? Thanks for all your help! -Randy -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
