Ok, the supports method returns false beacuse the credentials are username/password and not a x.509 credentials.
The question is, why the handler is not executed with the certificate before the login page is shown? This is my login flow <?xml version="1.0" encoding="UTF-8"?> <flow xmlns="http://www.springframework.org/schema/webflow"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation=" http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow-1.0.xsd";> <start-state idref="automaticCookiePathSetter" /> <action-state id="automaticCookiePathSetter"> <action bean="automaticCookiePathSetterAction" /> <transition on="success" to="ticketGrantingTicketExistsCheckAction" /> </action-state> <action-state id="ticketGrantingTicketExistsCheckAction"> <action bean="ticketGrantingTicketExistsAction" /> <transition on="ticketGrantingTicketExists" to="hasServiceCheck" /> <transition on="noTicketGrantingTicketExists" to="gatewayRequestCheck" /> </action-state> <!-- <action-state id="gatewayRequestCheck"> <action bean="gatewayRequestCheckAction" /> <transition on="gateway" to="redirect" /> <transition on="authenticationRequired" to="viewLoginForm" /> </action-state> --> <action-state id="gatewayRequestCheck"> <action bean="gatewayRequestCheckAction" /> <transition on="gateway" to="redirect" /> <transition on="authenticationRequired" to="startAuthenticate" /> </action-state> <action-state id="hasServiceCheck"> <action bean="hasServiceCheckAction" /> <transition on="authenticatedButNoService" to="viewGenericLoginSuccess" /> <transition on="hasService" to="renewRequestCheck" /> </action-state> <!-- <action-state id="renewRequestCheck"> <action bean="renewRequestCheckAction" /> <transition on="authenticationRequired" to="viewLoginForm" /> <transition on="generateServiceTicket" to="generateServiceTicket" /> </action-state> --> <action-state id="renewRequestCheck"> <action bean="renewRequestCheckAction" /> <transition on="authenticationRequired" to="startAuthenticate" /> <transition on="generateServiceTicket" to="generateServiceTicket" /> </action-state> <action-state id="startAuthenticate"> <action bean="x509Check" /> <transition on="success" to="sendTicketGrantingTicket" /> <transition on="error" to="viewLoginForm" /> </action-state> <view-state id="viewLoginForm" view="casLoginView"> <transition on="submit" to="bindAndValidate" /> </view-state> <action-state id="bindAndValidate"> <action bean="authenticationViaFormAction" /> <transition on="success" to="submit" /> <transition on="error" to="viewLoginForm" /> </action-state> <action-state id="submit"> <action bean="authenticationViaFormAction" method="submit" /> <transition on="warn" to="warn" /> <transition on="success" to="sendTicketGrantingTicket" /> <transition on="error" to="viewLoginForm" /> </action-state> <action-state id="sendTicketGrantingTicket"> <action bean="sendTicketGrantingTicketAction" /> <transition on="success" to="serviceCheck" /> </action-state> <action-state id="serviceCheck"> <action bean="hasServiceCheckAction" /> <transition on="authenticatedButNoService" to="viewGenericLoginSuccess" /> <transition on="hasService" to="generateServiceTicket" /> </action-state> <action-state id="generateServiceTicket"> <action bean="generateServiceTicketAction" /> <transition on="success" to="warn" /> <transition on="error" to="viewLoginForm" /> <transition on="gateway" to="redirect" /> </action-state> <!-- The "warn" action makes the determination of whether to redirect directly to the requested service or display the "confirmation" page to go back to the server. --> <action-state id="warn"> <action bean="warnAction" /> <transition on="redirect" to="redirect" /> <transition on="warn" to="showWarningView" /> </action-state> <!-- the "viewGenericLogin" is the end state for when a user attempts to login without coming directly from a service. They have only initialized their single-sign on session. --> <end-state id="viewGenericLoginSuccess" view="casLoginGenericSuccessView" /> <!-- The "showWarningView" end state is the end state for when the user has requested privacy settings (to be "warned") to be turned on. It delegates to a view defines in default_views.properties that display the "Please click here to go to the service." message. --> <end-state id="showWarningView" view="casLoginConfirmView" /> <!-- The "redirect" end state allows CAS to properly end the workflow while still redirecting the user back to the service required. --> <end-state id="redirect" view="externalRedirect:${externalContext.requestParameterMap['service']}${requestScope.ticket == null ? '' : (externalContext.requestParameterMap['service'].indexOf('?') != -1 ? '&' : '?') + 'ticket=' + requestScope.ticket}" /> <global-transitions> <transition to="viewServiceErrorView" on-exception="org.jasig.cas.services.UnauthorizedServiceException" /> </global-transitions> 2010/2/23 Pablo Mosquera Saenz <[email protected]> > I have this line > > 2010-02-23 09:37:56,546 ERROR [org.hibernate.util.JDBCExceptionReporter] - > Cannot create JDBC driver of class '' for connect URL 'null' > > I have another handler that authenticates with a database, so it shouldnt > be the problem (the x.509 handler doesnt connect to db) > > I have imported the CAs to the cacerts of the tomcat jvm. The problem is > that the method authenticate() from the handler is not executed. Perhaps its > something with the support() method, but I am not an expert with > certificates. If I execute in debug mode CAS, the execution doesnt enter > the handler class any moment. > > When the login page is showed, the handler is executed (the support method) > when I enter user and password. The method supports returns FALSE. The id > card uses a X.509 certificate. Why returns false? > > Could it be that login webflow is not well configured? I think that the > login page shouldnt appear, and that the handler should be executed before. > > Sorry for so many questions Marvin, but I need to make this work soon. > > > Thanks > > Pablo Mosquera > > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
