Are you still getting this error? <cas:authenticationFailure code='INVALID_TICKET'> Ticket failed validation specification. Possible errors could include attempting to validate a Proxy Ticket via a Service Ticket validator, or not complying with the renew true request. </cas:authenticationFailure>
Bill On Wed, Mar 31, 2010 at 9:07 PM, Francisco Estanqueiro <[email protected]> wrote: > Sorry, the error has caused by wrong port name.. But.. I keep having the 500 > internal server error: > > 2010-04-01 02:04:04,089 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] > - Setting path for cookies to: /cas > 2010-04-01 02:04:11,059 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > AuthenticationHandler: > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully > authenticated the user which provided the following credentials: [username: > fwestanqueiro] > 2010-04-01 02:04:11,079 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket > [ST-1-PmUxZCJF64ER7OcGH3QX-cas] for service > [https://winserver.xtanki.local/coa/auth] for user [fwestanqueiro] > 2010-04-01 02:04:11,650 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > AuthenticationHandler: > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler > successfully authenticated the user which provided the following > credentials: [callbackUrl: https://winserver.xtanki.local/coa/proxyCallback] > 2010-04-01 02:04:12,020 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket > [ST-2-kXbdb9tTNycBZKgoMp0x-cas] for service > [https://winserver.xtanki.local:8443/cas/clearPass] for user > [https://winserver.xtanki.local/coa/proxyCallback] > 2010-04-01 02:04:12,161 INFO > [org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl] - No Proxy > Ticket found for > 2010-04-01 02:05:00,750 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading registered > services. > 2010-04-01 02:05:00,760 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - Loaded 0 services. > > Whats wrong?!! Please help me, I'm stuck again. > > Francisco > > Francisco Estanqueiro wrote: >> >> Success!! I imported those handlers by wildcard mapping in IIS 6. >> >> I'm now having a new error after a successful login: >> >> >> /The remote server returned an error: (500) Internal Server Error./ >> >> reader = new StreamReader(new WebClient().OpenRead(clearPassRequest)); >> >> [WebException: The remote server returned an error: (500) Internal Server >> Error.] >> System.Net.WebClient.OpenRead(Uri address) +366 >> System.Net.WebClient.OpenRead(String address) +29 >> CasOwa.CasOwaAuthHandler.ProcessRequest(HttpContext context) in >> C:\Documents and >> Settings\Administrator\Desktop\casowa\CasOwaAuthHandler.cs:149 >> >> [HttpException (0x80004005): Error getting response from clearPass at URL: >> https://winserver.xtanki.local:8443/cas/clearPass?ticket=ST-2-FwvPXe3T4WmxKRTVmkz6-cas&service=https://winserver.xtanki.local:8443/cas/clearPass. >> The remote server returned an error: (500) Internal Server Error.] >> CasOwa.CasOwaAuthHandler.ProcessRequest(HttpContext context) in >> C:\Documents and >> Settings\Administrator\Desktop\casowa\CasOwaAuthHandler.cs:153 >> >> System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() >> +181 >> System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& >> completedSynchronously) +75 >> >> *CAS logs:* >> >> >> 2010-03-31 19:28:00,654 INFO >> [org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading >> registered services. >> 2010-03-31 19:28:00,654 INFO >> [org.jasig.cas.services.DefaultServicesManagerImpl] - Loaded 0 services. >> 2010-03-31 19:29:55,108 DEBUG >> [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated >> service for: https://winserver.xtanki.local/coa/auth >> 2010-03-31 19:29:55,118 DEBUG >> [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated >> service for: https://winserver.xtanki.local/coa/auth >> 2010-03-31 19:30:00,726 DEBUG >> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - Performing >> LDAP bind with credential: CN=fwestanqueiro,CN=Users,DC=xtanki,DC=local >> 2010-03-31 19:30:00,636 INFO >> [org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading >> registered services. >> 2010-03-31 19:30:00,746 INFO >> [org.jasig.cas.services.DefaultServicesManagerImpl] - Loaded 0 services. >> 2010-03-31 19:30:00,807 INFO >> [org.jasig.cas.authentication.AuthenticationManagerImpl] - >> AuthenticationHandler: >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler failed to >> authenticate the user which provided the following credentials: >> [username: fwestanqueiro] >> 2010-03-31 19:30:00,807 DEBUG >> [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated >> service for: https://winserver.xtanki.local/coa/auth >> 2010-03-31 19:30:05,193 DEBUG >> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - Performing >> LDAP bind with credential: CN=fwestanqueiro,CN=Users,DC=xtanki,DC=local >> 2010-03-31 19:30:05,193 INFO >> [org.jasig.cas.authentication.AuthenticationManagerImpl] - >> AuthenticationHandler: >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully >> authenticated the user which provided the following credentials: >> [username: fwestanqueiro] >> 2010-03-31 19:30:05,193 DEBUG >> >> [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] >> - Attempting to resolve a principal... >> 2010-03-31 19:30:05,193 DEBUG >> >> [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] >> - Creating SimplePrincipal for [fwestanqueiro] >> 2010-03-31 19:30:05,193 DEBUG >> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket >> [TGT-3-Ffh0jPrbuC1huEL12LEOUHo2fA7ewP12qraCEkBgzY1Vq0tWws-cas] to >> registry. >> 2010-03-31 19:30:05,193 DEBUG >> [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed >> cookie with name [CASPRIVACY] >> 2010-03-31 19:30:05,193 DEBUG >> [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Added >> cookie with name [CASTGC] and value >> [TGT-3-Ffh0jPrbuC1huEL12LEOUHo2fA7ewP12qraCEkBgzY1Vq0tWws-cas] >> 2010-03-31 19:30:05,193 DEBUG >> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to >> retrieve ticket >> [TGT-3-Ffh0jPrbuC1huEL12LEOUHo2fA7ewP12qraCEkBgzY1Vq0tWws-cas] >> 2010-03-31 19:30:05,193 DEBUG >> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket >> [TGT-3-Ffh0jPrbuC1huEL12LEOUHo2fA7ewP12qraCEkBgzY1Vq0tWws-cas] found in >> registry. >> 2010-03-31 19:30:05,203 DEBUG >> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket >> [ST-3-HBYRJEgeVRBUScLgjn09-cas] to registry. >> 2010-03-31 19:30:05,203 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service >> ticket [ST-3-HBYRJEgeVRBUScLgjn09-cas] for service >> [https://winserver.xtanki.local/coa/auth] for user [fwestanqueiro] >> 2010-03-31 19:30:05,233 DEBUG >> [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated >> service for: https://winserver.xtanki.local/coa/auth >> 2010-03-31 19:30:05,233 DEBUG >> >> [org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler] >> - Attempting to resolve credentials for [callbackUrl: >> https://winserver.xtanki.local/coa/proxyCallback] >> 2010-03-31 19:30:05,443 DEBUG [org.jasig.cas.util.HttpClient] - Response >> code from server matched 200. >> 2010-03-31 19:30:05,453 INFO >> [org.jasig.cas.authentication.AuthenticationManagerImpl] - >> AuthenticationHandler: >> >> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler >> successfully authenticated the user which provided the following >> credentials: [callbackUrl: >> https://winserver.xtanki.local/coa/proxyCallback] >> 2010-03-31 19:30:05,453 DEBUG >> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to >> retrieve ticket [ST-3-HBYRJEgeVRBUScLgjn09-cas] >> 2010-03-31 19:30:05,453 DEBUG >> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket >> [ST-3-HBYRJEgeVRBUScLgjn09-cas] found in registry. >> 2010-03-31 19:30:05,453 DEBUG >> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket >> [TGT-4-scxVp7pf6qmSPaWSJUAeCLZGwEyUEihgun1xW3fYA4jd4hZif0-cas] to >> registry. >> 2010-03-31 19:30:05,453 DEBUG >> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to >> retrieve ticket [ST-3-HBYRJEgeVRBUScLgjn09-cas] >> 2010-03-31 19:30:05,453 DEBUG >> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket >> [ST-3-HBYRJEgeVRBUScLgjn09-cas] found in registry. >> 2010-03-31 19:30:05,453 DEBUG >> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing ticket >> [ST-3-HBYRJEgeVRBUScLgjn09-cas] from registry >> 2010-03-31 19:30:05,463 DEBUG [org.jasig.cas.util.HttpClient] - Response >> code from server matched 200. >> 2010-03-31 19:30:05,463 DEBUG >> [org.jasig.cas.ticket.proxy.support.Cas20ProxyHandler] - Sent ProxyIou >> of PGTIOU-2-eJiqBghiyblIRUpUsvp2-cas for service: [callbackUrl: >> https://winserver.xtanki.local/coa/proxyCallback] >> 2010-03-31 19:30:05,473 DEBUG >> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to >> retrieve ticket >> [TGT-4-scxVp7pf6qmSPaWSJUAeCLZGwEyUEihgun1xW3fYA4jd4hZif0-cas] >> 2010-03-31 19:30:05,473 DEBUG >> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket >> [TGT-4-scxVp7pf6qmSPaWSJUAeCLZGwEyUEihgun1xW3fYA4jd4hZif0-cas] found in >> registry. >> 2010-03-31 19:30:05,473 DEBUG >> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket >> [ST-4-C64VPiXegTyLPKGjVtO5-cas] to registry. >> 2010-03-31 19:30:05,473 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service >> ticket [ST-4-C64VPiXegTyLPKGjVtO5-cas] for service >> [https://winserver.xtanki.local:8443/cas/clearPass] for user >> [https://winserver.xtanki.local/coa/proxyCallback] >> 2010-03-31 19:30:05,483 DEBUG >> >> [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter] >> - Attempting to validate ticket: ST-4-C64VPiXegTyLPKGjVtO5-cas >> 2010-03-31 19:30:05,483 DEBUG [org.jasig.cas.client.util.CommonUtils] - >> serviceUrl generated: https://winserver.xtanki.local:8443/cas/clearPass >> 2010-03-31 19:30:05,483 DEBUG >> [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - Placing >> URL parameters in map. >> 2010-03-31 19:30:05,483 DEBUG >> [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - Calling >> template URL attribute map. >> 2010-03-31 19:30:05,483 DEBUG >> [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - Loading >> custom parameters from configuration. >> 2010-03-31 19:30:05,483 DEBUG >> [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - >> Constructing validation url: >> >> https://winserver.xtanki.local:8443/cas/serviceValidate?pgtUrl=https%3A%2F%2Fwinserver.xtanki.local%3A8443%2Fcoa%2FproxyCallback&ticket=ST-4-C64VPiXegTyLPKGjVtO5-cas&service=https%3A%2F%2Fwinserver.xtanki.local%3A8443%2Fcas%2FclearPass >> 2010-03-31 19:30:05,483 DEBUG >> [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - >> Retrieving response from server. >> 2010-03-31 19:30:05,493 DEBUG >> [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated >> service for: https://winserver.xtanki.local:8443/cas/clearPass >> 2010-03-31 19:30:05,493 DEBUG >> >> [org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler] >> - Attempting to resolve credentials for [callbackUrl: >> https://winserver.xtanki.local:8443/coa/proxyCallback] >> 2010-03-31 19:30:05,503 DEBUG [org.jasig.cas.util.HttpClient] - Response >> Code did not match any of the acceptable response codes. Code returned >> was 404 >> 2010-03-31 19:30:05,503 INFO >> [org.jasig.cas.authentication.AuthenticationManagerImpl] - >> AuthenticationHandler: >> >> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler >> failed to authenticate the user which provided the following >> credentials: [callbackUrl: >> https://winserver.xtanki.local:8443/coa/proxyCallback] >> 2010-03-31 19:30:05,503 ERROR >> [org.jasig.cas.web.ServiceValidateController] - TicketException >> generating ticket for: [callbackUrl: >> https://winserver.xtanki.local:8443/coa/proxyCallback] >> org.jasig.cas.ticket.TicketCreationException: >> error.authentication.credentials.bad >> at >> >> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket_aroundBody6(CentralAuthenticationServiceImpl.java:293) >> at >> >> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket_aroundBody7$advice(CentralAuthenticationServiceImpl.java:44) >> at >> >> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:1) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >> at >> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >> at java.lang.reflect.Method.invoke(Method.java:597) >> at >> >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307) >> at >> >> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) >> at >> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) >> at >> >> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80) >> at >> >> org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspect.java:71) >> at sun.reflect.GeneratedMethodAccessor54.invoke(Unknown Source) >> at >> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >> at java.lang.reflect.Method.invoke(Method.java:597) >> at >> >> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:622) >> at >> >> org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:611) >> at >> >> org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65) >> at >> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161) >> at >> >> org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89) >> at >> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) >> at >> >> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) >> at $Proxy26.delegateTicketGrantingTicket(Unknown Source) >> at >> >> org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:127) >> at >> >> org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153) >> at >> >> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48) >> at >> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:771) >> at >> >> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:716) >> at >> >> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:647) >> at >> >> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:552) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) >> at >> >> org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:115) >> at >> >> org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:44) >> at >> >> org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1) >> at >> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >> at >> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >> at >> >> com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:46) >> at >> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >> at >> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >> at >> >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >> at >> >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) >> at >> >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) >> at >> >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >> at >> >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >> at >> >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) >> at >> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852) >> at >> >> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) >> at >> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) >> at java.lang.Thread.run(Thread.java:619) >> Caused by: error.authentication.credentials.bad >> at >> >> org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException.<clinit>(BadCredentialsAuthenticationException.java:25) >> at >> >> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticateAndObtainPrincipal(AuthenticationManagerImpl.java:103) >> at >> >> org.jasig.cas.authentication.AbstractAuthenticationManager.authenticate_aroundBody0(AbstractAuthenticationManager.java:42) >> at >> >> org.jasig.cas.authentication.AbstractAuthenticationManager.authenticate_aroundBody1$advice(AbstractAuthenticationManager.java:44) >> at >> >> org.jasig.cas.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:1) >> at >> >> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket_aroundBody6(CentralAuthenticationServiceImpl.java:265) >> at >> >> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket_aroundBody7$advice(CentralAuthenticationServiceImpl.java:44) >> at >> >> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:1) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >> at >> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >> at java.lang.reflect.Method.invoke(Method.java:597) >> at >> >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307) >> at >> >> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) >> at >> >> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) >> at >> >> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80) >> at >> >> org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspect.java:71) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >> ... 37 more >> 2010-03-31 19:30:05,503 DEBUG >> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to >> retrieve ticket [ST-4-C64VPiXegTyLPKGjVtO5-cas] >> 2010-03-31 19:30:05,503 DEBUG >> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket >> [ST-4-C64VPiXegTyLPKGjVtO5-cas] found in registry. >> 2010-03-31 19:30:05,503 DEBUG >> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing ticket >> [ST-4-C64VPiXegTyLPKGjVtO5-cas] from registry >> 2010-03-31 19:30:05,503 DEBUG >> [org.jasig.cas.web.ServiceValidateController] - ServiceTicket >> [ST-4-C64VPiXegTyLPKGjVtO5-cas] does not satisfy validation specification. >> 2010-03-31 19:30:05,513 DEBUG >> [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - Server >> response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> >> <cas:authenticationFailure code='INVALID_TICKET'> >> Ticket failed validation specification. Possible errors could >> include attempting to validate a Proxy Ticket via a Service Ticket >> validator, or not complying with the renew true request. >> </cas:authenticationFailure> >> </cas:serviceResponse> >> >> 2010-03-31 19:30:05,513 WARN >> >> [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter] >> - org.jasig.cas.client.validation.TicketValidationException: >> Ticket failed validation specification. Possible errors could >> include attempting to validate a Proxy Ticket via a Service Ticket >> validator, or not complying with the renew true request. >> >> org.jasig.cas.client.validation.TicketValidationException: >> Ticket failed validation specification. Possible errors could >> include attempting to validate a Proxy Ticket via a Service Ticket >> validator, or not complying with the renew true request. >> >> at >> >> org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:73) >> at >> >> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188) >> at >> >> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) >> at >> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >> at >> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >> at >> >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >> at >> >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) >> at >> >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) >> at >> >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >> at >> >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >> at >> >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) >> at >> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852) >> at >> >> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) >> at >> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) >> at java.lang.Thread.run(Thread.java:619) >> >> >> Francisco >> >> William G. Thompson, Jr. wrote: >> >>> >>> On Tue, Mar 30, 2010 at 2:22 PM, Francisco Estanqueiro >>> <[email protected]> wrote: >>> >>> >>>> >>>> I've installed the web app >>>> http://www.ja-sig.org/wiki/display/CASC/JA-SIG+Java+Client+Simple+WebApp+Sample, >>>> and verified that the PT's are being issued correctly. >>>> >>>> I've the ClearPass extension working. >>>> >>>> I've a virtual directory named coa in the Default Web Site tree (the >>>> same as owa), in the DefaultAppPool. >>>> >>>> I've web.config changed to this: (only changed <appSettings> and >>>> <casClientConfig>) >>>> <appSettings> >>>> <add key="CasOwa.ClearPassUrl" >>>> value="https://winserver.xtanki.local:8443/cas/clearPass"/> >>>> <add key="CasOwa.OwaUrl" value="https://winserver.xtanki.local/owa"/> >>>> <add key="CasOwa.skipOwaUrlCertificateValidation" value="false" /> >>>> </appSettings> >>>> >>>> <connectionStrings /> >>>> >>>> <casClientConfig >>>> casServerLoginUrl="https://winserver.xtanki.local:8443/cas/login"; >>>> serverName="https://winserver.xtanki.local:8443"; >>>> secureUriRegex="(?i)/auth" >>>> >>>> casServerUrlPrefix="https://winserver.xtanki.local:8443/cas"; >>>> redirectAfterValidation="false" >>>> useSession="false" >>>> gateway="false" >>>> renew="false" >>>> ticketValidatorName="Cas20" >>>> ticketTimeTolerance="5000" >>>> singleSignOut="false" >>>> proxyGrantingTicketReceptor="true" >>>> >>>> proxyCallbackUrl="https://winserver.xtanki.local/coa/proxyCallback"; >>>> proxyReceptorUrl="/coa/proxyCallback" /> >>>> >>>> >>>> So, now what I'm suppose to see in the link >>>> https://winserver.xtanki.local/coa/. >>>> >>>> >>> >>> The Default.aspx page, which currently just contains the string 'coa'. >>> It could be contain link to the /coa/auth which should redirect you >>> to CAS if you are not yet authenticated, and then to the OWA via the >>> CasOwa.OwaUrl config above. >>> >>> >>> >>>> >>>> Verified also that https://winserver.xtanki.local/coa/auth or >>>> https://winserver.xtanki.local/coa/proxyCallback gives me a 404 IIS error. >>>> >>>> >>> >>> You're almost there...you need the Http Handler Mappings configured >>> for the coa directory. >>> >>> Http Handler Mappings >>> CasOwa requires two HandlerMapping configurations, one for >>> CasOwaAuthHandler and one for the DotNetCasProxyCallback. >>> >>> CasOwaAuthHandler Mapping >>> Request path: auth >>> Type: CasOwa.CasOwaAuthHandler >>> Name: CasOwaAuthHandler >>> >>> DotNetCasProxyCallback Mapping >>> Request path: proxyCallback >>> Type: CasOwa.CasOwaAuthHandler >>> Name: DotNetCasProxyCallback >>> >>> Bill >>> >>> >>> >>> >>> >>>> >>>> Francisco >>>> >>>> >>>> ________________________________________ >>>> De: William G. Thompson, Jr. [[email protected]] >>>> Enviado: terça-feira, 30 de Março de 2010 19:06 >>>> Para: Francisco Estanqueiro >>>> Cc: [email protected] >>>> Assunto: Re: CasOwa - help please >>>> >>>> On Tue, Mar 30, 2010 at 1:49 PM, Francisco Estanqueiro >>>> <[email protected]> wrote: >>>> >>>> >>>>> >>>>> But the handlers arent automaticly configured by having them in the >>>>> web.config on COA Virtual Directory? Or I have to add another handler >>>>> somewhere? I'm not understanding how this works.. how the redirection from >>>>> owa to coa works? The only thing I've done is create a coa virtual >>>>> directory >>>>> and changed the web.config url's. >>>>> >>>>> >>>> >>>> There aren't any step-by-step instructions available for your >>>> configuration. You'll need to understand well how to configure http >>>> modules and handlers in IIS6, I would start there. You'll also need >>>> to understand SSL certs and how to configure them for IIS and Java. >>>> >>>> The current CasOwa distribution doesn't provide any redirection from >>>> owa to coa. Users can authenticated by going directly to the coa Url. >>>> >>>> Cheers, >>>> Bill >>>> >>>> >>>> >>>>> >>>>> Cumprimentos, >>>>> -------------------------------- >>>>> Francisco Estanqueiro (https://www.ci.fc.ul.pt/rh/fwestanqueiro) >>>>> Suporte | Centro Informática | FCUL >>>>> E-mail: [email protected] | Ext: 21248 | Tel: 21 750 00 67 >>>>> -------------------------------- >>>>> Por favor consulte sempre http://www.ci.fc.ul.pt antes de recorrer ao >>>>> nosso Suporte a Utilizadores >>>>> ________________________________________ >>>>> De: William G. Thompson, Jr. [[email protected]] >>>>> Enviado: terça-feira, 30 de Março de 2010 18:44 >>>>> Para: Francisco Estanqueiro >>>>> Cc: [email protected] >>>>> Assunto: Re: CasOwa - help please >>>>> >>>>> On Tue, Mar 30, 2010 at 1:36 PM, Francisco Estanqueiro >>>>> <[email protected]> wrote: >>>>> >>>>> >>>>>>> >>>>>>> 5) Whats the managed pipeline mode and How do I set it to Integrated? >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> Managed Pipeline mode is a new unified request processing pipeline >>>>>> that is exposed to both native and managed components in IIS7. Is is >>>>>> not available on IIS6. >>>>>> >>>>>> http://learn.iis.net/page.aspx/244/how-to-take-advantage-of-the-iis7-integrated-pipeline/ >>>>>> >>>>>> >>>>>> This means I cant use casowa with windows server 2003? (since there's >>>>>> no >>>>>> IIS7 for ws2003) >>>>>> >>>>>> >>>>> >>>>> No. It should work with IIS6 just find. Configuration of the Modules >>>>> and Handlers is a little different though. This might help: >>>>> http://arcware.net/use-a-single-web-config-for-iis6-and-iis7/ >>>>> >>>>> Bill >>>>> >>>>> >>>>> >>>>>> >>>>>> Francisco >>>>>> >>>>>> William G. Thompson, Jr. wrote: >>>>>> >>>>>> >>>>>>> >>>>>>> On Mon, Mar 29, 2010 at 10:32 PM, Francisco Estanqueiro >>>>>>> <[email protected]> wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> Hi, Francisco. I'll respond inline below... >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> I'm trying to figure out a way to casify Outlook Web Access and I >>>>>>>> found >>>>>>>> out >>>>>>>> about this CasOwa. >>>>>>>> >>>>>>>> I read this thread (the few information there is about casowa), >>>>>>>> http://www.mail-archive.com/[email protected]/msg03914.html, >>>>>>>> but >>>>>>>> since I'm really a noob in the IIS bussiness so I have some >>>>>>>> questions. >>>>>>>> >>>>>>>> Here's what I've done: >>>>>>>> _________________________________________________________________ >>>>>>>> clearPass installed in my CAS server (3.4.1) with this Maven's >>>>>>>> dependency: >>>>>>>> >>>>>>>> <artifactId>clearpass-webapp</artifactId> >>>>>>>> <version>1.0.1.GA</version> >>>>>>>> >>>>>>>> in the URL: https://winserver.xtanki.local:8443/cas/clearPass >>>>>>>> _________________________________________________________________ >>>>>>>> >>>>>>>> I have Windows Server 2003 with Exchange 2007, the Outlook Web >>>>>>>> Access is >>>>>>>> running: >>>>>>>> >>>>>>>> OWA: https://winserver.xtanki.local/owa >>>>>>>> >>>>>>>> _________________________________________________________________ >>>>>>>> >>>>>>>> I've downloaded the casowa zip file, changed the web.config beans: >>>>>>>> <appSettings> and <casClientConfig>. >>>>>>>> >>>>>>>> <appSettings> >>>>>>>> <add key="CasOwa.ClearPassUrl" >>>>>>>> value="https://winserver.xtanki.local:8443/cas/clearPass"/> >>>>>>>> <add key="CasOwa.OwaUrl" >>>>>>>> value="https://winserver.xtanki.local/owa"/> >>>>>>>> <add key="CasOwa.skipOwaUrlCertificateValidation" value="false" /> >>>>>>>> </appSettings> >>>>>>>> >>>>>>>> <connectionStrings /> >>>>>>>> >>>>>>>> >>>>>>>> <casClientConfig >>>>>>>> casServerLoginUrl="https://winserver.xtanki.local:8443/cas/login"; >>>>>>>> serverName="https://winserver.xtanki.local:8443"; >>>>>>>> secureUriRegex="(?i)/auth" >>>>>>>> >>>>>>>> casServerUrlPrefix="https://winserver.xtanki.local:8443/cas"; >>>>>>>> redirectAfterValidation="false" >>>>>>>> useSession="false" >>>>>>>> gateway="false" >>>>>>>> renew="false" >>>>>>>> ticketValidatorName="Cas20" >>>>>>>> ticketTimeTolerance="5000" >>>>>>>> singleSignOut="false" >>>>>>>> proxyGrantingTicketReceptor="true" >>>>>>>> >>>>>>>> proxyCallbackUrl="https://winserver.xtanki.local/coa/proxyCallback"; >>>>>>>> proxyReceptorUrl="/coa/proxyCallback" /> >>>>>>>> _________________________________________________________________ >>>>>>>> >>>>>>>> Created a virtual directory in my IIS 6.0 on the Default Web Site >>>>>>>> tree >>>>>>>> with >>>>>>>> the name "coa". >>>>>>>> _________________________________________________________________ >>>>>>>> >>>>>>>> So now here's my questions: >>>>>>>> >>>>>>>> 1) The properties (authentication, httphandlers, etc) in the >>>>>>>> web.config >>>>>>>> file >>>>>>>> supplied in the casowa zip, are to copy to the web.config file in >>>>>>>> the OWA >>>>>>>> virtual directory? Or just leave it like that in the coa Virtual >>>>>>>> Directory? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> They go in the coa virtual directory. Nothing in casowa.zip goes >>>>>>> into >>>>>>> OWA directory. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> 2) The property proxyCallbackUrl in casClientConfig bean.. what does >>>>>>>> it >>>>>>>> mean? Its automatically created by the casowa client? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> This the URL that CAS will use to authenticated and fulfill coa >>>>>>> requests for a ProxyTickets. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> 3) How do I test if clearPass is working? If i go to the address >>>>>>>> https://winserver.xtanki.local:8443/cas/clearPass it redirects me to >>>>>>>> the >>>>>>>> /login servlet.. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> See: http://www.unicon.net/blog/3/deploying_clearpass >>>>>>> >>>>>>> You could also deploy the Java Client Simple WebApp Sample to ensure >>>>>>> ProxyTickets are working properly. >>>>>>> >>>>>>> >>>>>>> http://www.ja-sig.org/wiki/display/CASC/JA-SIG+Java+Client+Simple+WebApp+Sample >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> 4) The Http HandlerMappins / Http Modules are supposed to be >>>>>>>> hardcoded >>>>>>>> into >>>>>>>> the web.config file of owa? Where do I configure that in IIS 6?? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> Handlers and Modules are configured in Web.config either by hand or >>>>>>> using the IIS Manager: >>>>>>> >>>>>>> >>>>>>> http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/b0c14479-83e3-435d-a935-819fe396e7d2.mspx?mfr=true >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> 5) Whats the managed pipeline mode and How do I set it to >>>>>>>> Integrated? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> Managed Pipeline mode is a new unified request processing pipeline >>>>>>> that is exposed to both native and managed components in IIS7. Is is >>>>>>> not available on IIS6. >>>>>>> >>>>>>> >>>>>>> http://learn.iis.net/page.aspx/244/how-to-take-advantage-of-the-iis7-integrated-pipeline/ >>>>>>> >>>>>>> Hope this helps. >>>>>>> >>>>>>> Cheers, >>>>>>> Bill >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> Thanks for your time, >>>>>>>> >>>>>>>> Francisco >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
