Was your client running under WebSphere previously? If you are trying to get the Callback to work on WebSphere, the callback needs to exist. WebSphere will not even pass the request to the Filter in the callback doesn't exist, whereas Tomcat did. If this my.machine.com:8843/my-service/secure/receptor<http://my.machine.com:8843/my-service/secure/receptor> exists, then you still may have an issue you have to look at. If the receptor doesn't exist, create an empty page or something.
From: Scott Battaglia [mailto:[email protected]] Sent: Sunday, March 14, 2010 10:46 PM To: [email protected] Subject: Re: [cas-user] Proxy Callback Issues I believe its usually the CN on the cert that needs to match (but I could be remembering wrong). The alias in the keystore doesn't really matter. On Thu, Mar 11, 2010 at 3:40 PM, Dean Heisey <[email protected]<mailto:[email protected]>> wrote: I am having proxy callback issues. I had this working in version 3.3.2. I upgraded to 3.3.5 and started getting the following error: Caused by: error.authentication.credentials.bad at org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException.<clinit>(BadCredentialsAuthenticationException.java:25) I turn on ssl debug and see that I am indeed finding a trusted Cert: ***Found trusted certificate:[[ Version: V3 Subject: CN=<my cn>, OU=<my ou>, O=<my O>, L=<my L>,ST=<my ST>, C=US Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 How is CAS validating my callback URL? In this case my proxyCallbackUrl does not match the alias on the key, there is a port number attached i.e. Keystore alias my.machine.com<http://my.machine.com> Proxy Callback URL my.machine.com:8843/my-service/secure/receptor<http://my.machine.com:8843/my-service/secure/receptor>. Is that mis-match causing me problems? Here is the snippet from the CAS log 2010-03-11 11:16:45,896 INFO [org.jasig.cas.authentication.AuthenticationManager Impl] - <AuthenticationHandler:org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler failed to authenticate the user which provided the following credentials: [callbackUrl: https://my.machine.com:8843/ibpm-ws-sample/secure/receptor]> 2010-03-11 11:16:45,896 ERROR [org.jasig.cas.web.ServiceValidateController] - <TicketException generating ticket for: [callbackUrl: https://my.machine.com:8843/ibpm-ws-sample/secure/receptor]> org.jasig.cas.ticket.TicketCreationException: error.authentication.credentials.bad at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGranting Ticket(CentralAuthenticationServiceImpl.java:290) Thanks, Dean -- View this message in context: http://n4.nabble.com/Proxy-Callback-Issues-tp1589635p1589635.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
