java 1.6.18
apache 2.2.15
tomcat 6.0.26
Can someone help me understand what this error is all about? I'm setting up
uportal (3.1.2)/cas (3.3.5) on a new server. From what I understand from the
message and what is actually happening, it is failing on ticket validation.
It makes me think that I forgot to use https somewhere but I have double
checked web.xml and security.properties in uportal and all looks good. I can
also hit https://<server>/cas/login and https://<server>/cas/logout and they
work fine...so the problem has to be on the uportal side. I also did remove
the uportal cas validate filter parameter
<init-param>
<param-name>BROKEN_SECURITY_ALLOW_NON_SSL</param-name>
<param-value>NOT_SECURE_DO_NOT_USE_THIS_SETTING_IN_PRODUCTION</param-value>
</init-param>
and set the following bean definition in cas to require https
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient"
p:requireSecure="true" />
I do have a firewall in the mix with http/https open
HTTP Status 500 -
------------------------------
*type* Exception report
*message*
*description* *The server encountered an internal error () that prevented it
from fulfilling this request.*
*exception*
javax.servlet.ServletException:
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://<server>/cas/serviceValidate]
proxyCallbackUrl=[https://<server>/portal/CasProxyServlet]
ticket=[ST-3-kFfezLT3QTXNdVbpDbLd-cas]
service=[https%3A%2F%2F<server>%2Fportal%2FLogin] renew=false]]]
edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:345)
*root cause*
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://<server>/cas/serviceValidate]
proxyCallbackUrl=[https://<server>/portal/CasProxyServlet]
ticket=[ST-3-kFfezLT3QTXNdVbpDbLd-cas]
service=[https%3A%2F%2F<server>%2Fportal%2FLogin] renew=false]]]
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:54)
edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:393)
edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:342)
*root cause*
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:523)
com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1049)
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:91)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:218)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:393)
edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:342)
--
Curtis Garman
Web Programmer
Heartland Community College
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
