[cas-user] X509 - Firefox and IE

Fri, 26 Feb 2010 11:05:34 -0800 

Hello,
I'm having very different results in Firefox and I.E. with X509 Authentication. My config is: 


<bean 
class="org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler">

        <property name="trustedIssuerDnPattern" value="CN=Trusted CN..+"/>
       <property name="maxPathLengthAllowUnspecified" value="true" />
        <property name="checkKeyUsage" value="true" />
        <property name="requireKeyUsage" value="true" />
</bean>

In Firefox the authentication runs well:


2010-02-26 18:58:17,030 INFO 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler] 
- <authentication OK; SSL client authentication data meets criteria for 
cert[906603028420276265]>
2010-02-26 18:58:17,030 INFO 
[org.jasig.cas.authentication.AuthenticationManagerImpl] - 
<AuthenticationHandler: 
org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler 
successfully authenticated the user which provided the following 
credentials: 
org.jasig.cas.adaptors.x509.authentication.principal.x509certificatecredenti...@7148e9>
2010-02-26 18:58:17,031 INFO 
[org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentialsToIdentifierPrincipalResolver] 
- <Creating principal for: ....>


In IE with the same cert:


2010-02-26 18:58:34,557 WARN 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler] 
- authentication failed; cert pathLength [3] is more than allowed by 
config [1]
2010-02-26 18:58:34,557 INFO 
[org.jasig.cas.authentication.AuthenticationManagerImpl] - 
AuthenticationHandler: 
org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler 
failed to authenticate the user which provided the following 
credentials: 
org.jasig.cas.adaptors.x509.authentication.principal.x509certificatecredenti...@2f3bf0



It says its an error in config.. but thats weird because it works in 
firefox perfectly. Anyone knows whats happening?


Francisco





--
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user






















					Reply via email to