I finally got a chance to collect the logging you requested. I think my problem might have something to do with this line:
2010-05-28 16:39:09,385 WARN [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - found login config in system property, may overide : c:\glassfishv3\glassfish\domains\domain1\applications\cas-server-webapp-3.3.5\WEB-INF\login.conf I don't understand what it means by system property. Here is the rest of the output: org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler is only to be used in a testing environment. NEVER enable this in a production environment. 2010-05-28 16:39:08,964 INFO [org.jasig.cas.util.AutowiringSchedulerFactoryBean] - Starting Quartz Scheduler now 2010-05-28 16:39:09,385 WARN [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - found login config in system property, may overide : c:\glassfishv3\glassfish\domains\domain1\applications\cas-server-webapp-3.3.5\WEB-INF\login.conf 2010-05-28 16:39:11,023 INFO [org.jasig.cas.web.flow.AuthenticationViaFormAction] - FormObjectClass not set. Using default class of org.jasig.cas.authentication.principal.UsernamePasswordCredentials with formObjectName credentials and validator org.jasig.cas.validation.UsernamePasswordCredentialsValidator. 2010-05-28 16:39:22,895 INFO [org.jasig.cas.web.flow.AuthenticationViaFormAction] - FormObjectClass not set. Using default class of org.jasig.cas.authentication.principal.UsernamePasswordCredentials with formObjectName credentials and validator org.jasig.cas.validation.UsernamePasswordCredentialsValidator. 2010-05-28 16:39:23,254 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action 'InitialFlowSetupAction' beginning execution 2010-05-28 16:39:23,254 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting path for cookies to: /cas 2010-05-28 16:39:23,269 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action 'InitialFlowSetupAction' completed execution; result is 'success' 2010-05-28 16:39:23,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution 2010-05-28 16:39:23,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing setupForm 2010-05-28 16:39:23,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form object with name 'credentials' 2010-05-28 16:39:23,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] 2010-05-28 16:39:23,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials' 2010-05-28 16:39:23,301 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form errors for object with name 'credentials' 2010-05-28 16:39:23,316 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor registrar set, no custom editors to register 2010-05-28 16:39:23,332 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors instance in scope Flash 2010-05-28 16:39:23,332 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2010-05-28 16:39:23,332 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution 2010-05-28 16:39:23,332 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2010-05-28 16:39:25,906 INFO [org.jasig.cas.web.flow.AuthenticationViaFormAction] - FormObjectClass not set. Using default class of org.jasig.cas.authentication.principal.UsernamePasswordCredentials with formObjectName credentials and validator org.jasig.cas.validation.UsernamePasswordCredentialsValidator. 2010-05-28 16:39:25,921 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action 'InitialFlowSetupAction' beginning execution 2010-05-28 16:39:25,921 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting path for cookies to: /cas 2010-05-28 16:39:25,921 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action 'InitialFlowSetupAction' completed execution; result is 'success' 2010-05-28 16:39:26,046 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution 2010-05-28 16:39:26,046 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing setupForm 2010-05-28 16:39:26,046 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form object with name 'credentials' 2010-05-28 16:39:26,046 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] 2010-05-28 16:39:26,062 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials' 2010-05-28 16:39:26,062 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form errors for object with name 'credentials' 2010-05-28 16:39:26,062 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor registrar set, no custom editors to register 2010-05-28 16:39:26,062 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors instance in scope Flash 2010-05-28 16:39:26,062 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2010-05-28 16:39:26,062 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution 2010-05-28 16:39:26,062 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2010-05-28 16:39:28,386 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - Starting cleaning of expired tickets from ticket registry at [Fri May 28 16:39:28 PDT 2010] 2010-05-28 16:39:28,386 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - 0 found to be removed. Removing now. 2010-05-28 16:39:28,386 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - Finished cleaning of expired tickets from ticket registry at [Fri May 28 16:39:28 PDT 2010] 2010-05-28 16:40:23,095 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading registered services. 2010-05-28 16:40:23,095 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - Loaded 0 services. 2010-05-28 16:41:08,460 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading registered services. 2010-05-28 16:41:08,460 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - Loaded 0 services. On 5/15/10 6:19 AM, William Markmann wrote: > Brian, > > It would be helpful to see what's actually happening on the CAS webapp > side. In particular, the logging from > the org/jasig/cas/support/spnego/web/flow/* classes can be helpful to > see what's going on. Have you changed the CAS webapp's > log4j.properties so you're getting DEBUG output from those classes? > > - Bill > > On Sat, May 15, 2010 at 12:53 AM, Brian Shacklett > <[email protected] <mailto:[email protected]>> wrote: > > I'm currently running CAS 3.3.5 and attempting to get SPNEGO > authentication working. I'm planning to use CAS as an intermediary > between JAMWiki and Active directory. > > I've gone through the guide at > http://www.ja-sig.org/wiki/display/CASUM/SPNEGO and it appears > that CAS is attempting to perform a kerberos login for me, but I > eventually get thrown back to the forms-based login screen. > > I've been following the cas.log file, but it doesn't seem to have > anything interesting in it. Glassfish's server.log and jvm.log > files don't have anything of interest either. > > > Here is my partially sanitised jcifsConfig. I'm a bit unsure about > the loginConf directive: > > <bean name="jcifsConfig" > > class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig"> > <property name="jcifsServicePrincipal" > value="HTTP/[email protected]" /> > <property name="jcifsServicePassword" value="password" /> > <property name="kerberosDebug" value="true" /> > <property name="kerberosRealm" value="KERBEROS.REALM" /> > <property name="kerberosKdc" value="192.168.1.25" /> > <property name="loginConf" > > value="c:\glassfishv3\glassfish\domains\domain1\applications\cas-server-webapp-3.3.5\WEB-INF\login.conf" > /> > </bean> > > > > Here are the relevant headers captured from a login attempt: > > http://dublin:8080/cas/login > > GET /cas/login HTTP/1.1 > Host: dublin:8080 > User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; > rv:1.9.2.4) Gecko/20100503 Firefox/3.6.4 AutoPager/0.6.0.28 > <http://0.6.0.28> AutoPager/0.6.0.28 <http://0.6.0.28> > Accept: > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 115 > Connection: keep-alive > X-AutoPager: 0.6.0.28 > Cookie: JSESSIONID=a39183b8d223cff15fd6e5b099fa; > treeForm:tree-hi=treeForm:tree:applications; > JSESSIONID=a07370534c602d94f15d3c49e883 > Cache-Control: max-age=0 > > HTTP/1.1 401 Unauthorized > X-Powered-By: JSP/2.1 > Server: GlassFish v3 > Pragma: no-cache > Expires: Thu, 01 Jan 1970 00:00:00 GMT > Cache-Control: no-cache, no-store > WWW-Authenticate: Negotiate > Set-Cookie: JSESSIONID=a451bfdb7fa1827c6c85fba528a4; Path=/cas > Content-Type: text/html;charset=UTF-8 > Content-Language: en-US > Transfer-Encoding: chunked > Date: Sat, 15 May 2010 04:42:20 GMT > ---------------------------------------------------------- > http://dublin:8080/cas/login > > GET /cas/login HTTP/1.1 > Host: dublin:8080 > User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; > rv:1.9.2.4) Gecko/20100503 Firefox/3.6.4 AutoPager/0.6.0.28 > <http://0.6.0.28> AutoPager/0.6.0.28 <http://0.6.0.28> > AutoPager/0.6.0.28 <http://0.6.0.28> > Accept: > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 115 > Connection: keep-alive > X-AutoPager: 0.6.0.28 > Cookie: JSESSIONID=a451bfdb7fa1827c6c85fba528a4; > treeForm:tree-hi=treeForm:tree:applications; > JSESSIONID=a07370534c602d94f15d3c49e883 > Cache-Control: max-age=0, max-age=0 > Authorization: Negotiate > [BIG LONG KEY HERE] > > HTTP/1.1 401 Unauthorized > X-Powered-By: JSP/2.1 > Server: GlassFish v3 > Pragma: no-cache > Expires: Thu, 01 Jan 1970 00:00:00 GMT > Cache-Control: no-cache, no-store > Content-Type: text/html;charset=UTF-8 > Content-Language: en-US > Transfer-Encoding: chunked > Date: Sat, 15 May 2010 04:42:20 GMT > > -- > <BR> > You are currently subscribed to [email protected] > <mailto:[email protected]> as: > [email protected] > <mailto:[email protected]> > <BR> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > -- > Bill Markmann > > Counterpoint Consulting, Inc. > (p) 571-338-2455 > (f) 202-403-3425 > (e) [email protected] > <mailto:[email protected]> > (w) http://www.counterpointconsulting.com/ > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- <BR> You are currently subscribed to [email protected] as: [email protected] <BR> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
