This might still be an SSL issue. Proxy tickets require bidirectional trust, which in the CAS world means a synchronous https callback to the Service requesting the Proxy Ticket. CAS must be able to validate the server cert of the service making the Proxy Ticket request.
In other words...does the JVM running CAS trust the SSL cert you have installed in IIS? Bill On Mon, Mar 22, 2010 at 5:34 AM, Shawn Young <[email protected]> wrote: > Hi, > > I've solved the null user exception. It's caused by self signed SSL > certificate. > But another errors happened. I step into the code found it can't get the > proxy ticket : > // Retrieve a Proxy Ticket for ClearPass > var proxyTicket = user.GetProxyTicketFor(ClearPassUri); > > when program runs here ,the user's proxyGrantingTicket is null. > > The cas server also logs error too: > > 2010-03-22 15:52:32,914 INFO [STDOUT] 2010-03-22 15:52:32,914 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > <AuthenticationHandler: > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuth > enticationHandler failed to authenticate the user which provided the > following credentials: [callbackUrl: https://localhost:2009/proxyCallback]> > 2010-03-22 15:52:32,922 INFO [STDOUT] 2010-03-22 15:52:32,919 ERROR > [org.jasig.cas.web.ServiceValidateController] - <TicketException generating > ticket for: [callbackUrl: https://localhost:2009/proxyCallback]> > org.jasig.cas.ticket.TicketCreationException: > error.authentication.credentials.bad > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket( > CentralAuthenticationServiceImpl.java:290) > at > org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceVal > idateController.java:126) > at > org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abstrac > tController.java:153) > at > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(Si > mpleControllerHandlerAdapter.java:48) > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl > et.java:875) > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle > t.java:807) > at > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSer > vlet.java:571) > at > org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java > :501) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > at > org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.j > ava:115) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application > FilterChain.java:290) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh > ain.java:206) > at > org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientI > nfoThreadLocalFilter.java:48) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestF > ilter.java:76) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application > FilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh > ain.java:206) > at > org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.ja > va:96) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application > FilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh > ain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja > va:230) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja > va:175) > at > org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssoci > ationValve.java:182) > at > org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java: > 84) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127 > ) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102 > ) > at > org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnecti > onValve.java:157) > at > org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java > :109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http > 11Protocol.java:583) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) > at java.lang.Thread.run(Thread.java:619) > Caused by: error.authentication.credentials.bad > at > org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException.< > clinit>(BadCredentialsAuthenticationException.java:25) > at > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticateAndObtain > Principal(AuthenticationManagerImpl.java:99) > at > org.jasig.cas.authentication.AbstractAuthenticationManager.authenticate(Abst > ractAuthenticationManager.java:39) > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket( > CentralAuthenticationServiceImpl.java:260) > ... 33 more > > Why it can't get the proxy tickets?? > > -----Original Message----- > From: William G. Thompson, Jr. [mailto:[email protected]] > Sent: Monday, March 22, 2010 2:26 AM > To: [email protected] > Subject: Re: [cas-user] Where can i get the manual of CAS Client For OWA > > Hi Shawn, > > SSL problem? Any thing in the CAS server logs? > > I would turn on debugging in the CAS server and step though the > CasOwa/CasClient on the .NET side of things to determine where it's > failing. > > Bill > > > > > On Sat, Mar 20, 2010 at 2:20 AM, Shawn Young <[email protected]> wrote: >> Hi William, >> >> >> >> I have deployed the casowa, but when I try to access >> http://localhost:2009/auth, it’s can redirect to the cas server, and get > the >> ticket successfully, but then a exception happened: >> >> “HttpContext.Current.User is null. Check that the >> DotNetCasClient is mapped and configured correctly in <web.conf>” >> >> >> >> Can u help me get out of this? >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
