Re: [cas-user] X509 - Firefox and IE

Mon, 01 Mar 2010 12:05:51 -0800 

Ok, here are the debug logs for exactly the same certificate in both 
browsers (I attached the cert path).

trustedIssuerDnPattern="CN=ECRaizEstado, O=SCEE, C=PT"

*With Firefox:*

2010-03-01 19:58:01,811 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <--examining cert[76737990220905268465551302139258801052] C=PT, O=SCEE 
- Sistema de Certificação Electrónica do Estado, OU=ECEstado, 
CN=Cartão de Cidadão 001" from issuer "CN=ECRaizEstado, O=SCEE, C=PT">
2010-03-01 19:58:01,812 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <certificate is valid>
2010-03-01 19:58:01,812 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <Pattern Match: true [CN=ECRaizEstado, O=SCEE, C=PT] against 
[CN=ECRaizEstado, O=SCEE, C=PT].>
2010-03-01 19:58:01,812 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <certificate was issued by trusted issuer>
2010-03-01 19:58:01,812 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <this is a CA certificate>
2010-03-01 19:58:01,812 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <--examining cert[7196419480743688086] CN=EC de Autenticação do 
Cartão de Cidadão 0003, OU=subECEstado, O=Cartão de Cidadão, C=PT" 
from issuer "C=PT, O=SCEE - Sistema de Certificação Electrónica do 
Estado, OU=ECEstado, CN=Cartão de Cidadão 001">
2010-03-01 19:58:01,812 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <certificate is valid>
2010-03-01 19:58:01,812 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <Pattern Match: false [C=PT, O=SCEE - Sistema de Certificação 
Electrónica do Estado, OU=ECEstado, CN=Cartão de Cidadão 001] against 
[CN=ECRaizEstado, O=SCEE, C=PT].>
2010-03-01 19:58:01,812 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <this is a CA certificate>
2010-03-01 19:58:01,813 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <--examining cert[906603028420276265] CN=***, SERIALNUMBER=***, 
GIVENNAME=***, SURNAME=***, OU=Cidadão Português, OU=Autenticação do 
Cidadão, O=Cartão de Cidadão, C=PT" from issuer "CN=EC de 
Autenticação do Cartão de Cidadão 0003, OU=subECEstado, O=Cartão de 
Cidadão, C=PT">
2010-03-01 19:58:01,813 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <certificate is valid>
2010-03-01 19:58:01,813 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <Pattern Match: false [CN=EC de Autenticação do Cartão de Cidadão 
0003, OU=subECEstado, O=Cartão de Cidadão, C=PT] against 
[CN=ECRaizEstado, O=SCEE, C=PT].>
2010-03-01 19:58:01,813 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <this is an end-user certificate>
2010-03-01 19:58:01,813 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <Pattern Match: true [CN=***, SERIALNUMBER=BI129650986, GIVENNAME=***, 
OU=Cidadão Português, OU=Autenticação do Cidadão, O=Cartão de 
Cidadão, C=PT] against [.*].>
2010-03-01 19:58:01,813 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <cert[906603028420276265] ok, setting as credentials candidate>
2010-03-01 19:58:01,813 INFO 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <authentication OK; SSL client authentication data meets criteria for 
cert[906603028420276265]>
2010-03-01 19:58:01,814 INFO 
[org.jasig.cas.authentication.AuthenticationManagerImpl] - 
<AuthenticationHandler: 
org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler
 
successfully authenticated the user which provided the following 
credentials: 
org.jasig.cas.adaptors.x509.authentication.principal.x509certificatecredenti...@1e6385e>
2010-03-01 19:58:01,815 INFO 
[org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentialsToIdentifierPrincipalResolver]
 
- <Creating principal for: CN=******, SERIALNUMBER=*****, 
GIVENNAME=******, OU=Cidadão Português, OU=Autenticação do Cidadão, 
O=Cartão de Cidadão, C=PT>


*With I.E.:*

2010-03-01 19:56:39,017 INFO 
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Setting path for 
cookies to: /cas>
2010-03-01 19:56:39,120 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <--examining cert[120005025] CN=ECRaizEstado, O=SCEE, C=PT" from 
issuer "CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, 
Inc.", O=GTE Corporation, C=US">
2010-03-01 19:56:39,121 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <certificate is valid>
2010-03-01 19:56:39,121 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <Pattern Match: false [CN=GTE CyberTrust Global Root, OU="GTE 
CyberTrust Solutions, Inc.", O=GTE Corporation, C=US] against 
[CN=ECRaizEstado, O=SCEE, C=PT].>
2010-03-01 19:56:39,121 DEBUG 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <this is a CA certificate>
2010-03-01 19:56:39,121 WARN 
[org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler]
 
- <authentication failed; cert pathLength [3] is more than allowed by 
config [1]>
2010-03-01 19:56:39,121 INFO 
[org.jasig.cas.authentication.AuthenticationManagerImpl] - 
<AuthenticationHandler: 
org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler
 
failed to authenticate the user which provided the following 
credentials: 
org.jasig.cas.adaptors.x509.authentication.principal.x509certificatecredenti...@3e48f2>

-----------------------------------------------------


Marvin Addison wrote:
>> I can setup DEBUG level by doing this, right?
>> log4j.logger.org.jasig.cas.authentication=DEBUG
>>     
>
> log4j.logger.org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler=DEBUG
> is what you want
>
> M
>
>   


-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

<<inline: cert_path.png>>

Reply via email to