I believe its usually the CN on the cert that needs to match (but I could be remembering wrong). The alias in the keystore doesn't really matter.
On Thu, Mar 11, 2010 at 3:40 PM, Dean Heisey <[email protected]>wrote: > > I am having proxy callback issues. I had this working in version 3.3.2. > I > upgraded to 3.3.5 and started getting the following error: > > Caused by: error.authentication.credentials.bad at > > org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException.<clinit>(BadCredentialsAuthenticationException.java:25) > > I turn on ssl debug and see that I am indeed finding a trusted Cert: > > ***Found trusted certificate:[[ Version: V3 Subject: CN=<my cn>, OU=<my > ou>, O=<my O>, L=<my L>,ST=<my ST>, C=US Signature Algorithm: SHA1withRSA, > OID = 1.2.840.113549.1.1.5 > > How is CAS validating my callback URL? > In this case my proxyCallbackUrl does not match the alias on the key, > there > is a port number attached i.e. > > Keystore alias my.machine.com > Proxy Callback URL my.machine.com:8843/my-service/secure/receptor. > > Is that mis-match causing me problems? > > Here is the snippet from the CAS log > > 2010-03-11 11:16:45,896 INFO > [org.jasig.cas.authentication.AuthenticationManager > Impl] - > > <AuthenticationHandler:org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler > failed to authenticate the user which provided the following credentials: > [callbackUrl: https://my.machine.com:8843/ibpm-ws-sample/secure/receptor]> > 2010-03-11 11:16:45,896 ERROR [org.jasig.cas.web.ServiceValidateController] > - <TicketException generating ticket for: [callbackUrl: > https://my.machine.com:8843/ibpm-ws-sample/secure/receptor]> > org.jasig.cas.ticket.TicketCreationException: > error.authentication.credentials.bad > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGranting > Ticket(CentralAuthenticationServiceImpl.java:290) > > Thanks, > > Dean > -- > View this message in context: > http://n4.nabble.com/Proxy-Callback-Issues-tp1589635p1589635.html > Sent from the CAS Users mailing list archive at Nabble.com. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
