Try turning up logging for Spring Security to DEBUG or TRACE. It will give you a good idea about what's going on.
On Thu, Jul 15, 2010 at 1:38 PM, German <[email protected]> wrote: > Hi: > > We have been able to configure spnego succesfully (we think) and we get > through the login page. We are able then to access the /cas/services page, > which shows the splash screen with the info on how to add the services > management as a CAS service, but any link we try on the page, just returns > back to the same splash screen. Here are the relevant config and log > entries: > > deployerConfigContext.xml > > <sec:user-service id="userDetailsService"> > <sec:user name="user6" authorities="notused,ROLE_ADMIN" /> > <sec:user name="casadmin" password="casadmin" > authorities="notused,ROLE_ADMIN" /> > </sec:user-service > > user6 is an AD user. > > cas.properties > > cas.securityContext.serviceProperties.service= > https://CAS123:8443/cas/services/j_acegi_cas_security_check > cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN > cas.securityContext.casProcessingFilterEntryPoint.loginUrl= > https://CAS123:8443/cas/login > cas.securityContext.ticketValidator.casServerUrlPrefix= > https://CAS123:8443/cas > cas.securityContext.casProxyTicketValidator.casValidate= > https://CAS123:8443/cas/proxyValidate > > cas.themeResolver.defaultThemeName=default > cas.viewResolver.basename=default_views > > host.name=CAS123 > > database.hibernate.dialect=org.hibernate.dialect.MySQLDialect > > > Log: > > > 2010-07-15 12:25:56,548 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated > service for: https://CAS123:8443/cas/services/j_acegi_cas_security_check > > 2010-07-15 12:25:56,548 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in > FlowScope: https://CAS123:8443/cas/services/j_acegi_cas_security_check > > 2010-07-15 12:25:56,548 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in > FlowScope: https://CAS123:8443/cas/services/j_acegi_cas_security_check > > 2010-07-15 12:25:56,548 DEBUG > [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - > Authorization header not found. Sending WWW-Authenticate header > > 2010-07-15 12:25:56,563 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated > service for: https://CAS123:8443/cas/services/j_acegi_cas_security_check > > 2010-07-15 12:25:56,595 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated > service for: https://CAS123:8443/cas/services/j_acegi_cas_security_check > > 2010-07-15 12:25:56,595 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in > FlowScope: https://CAS123:8443/cas/services/j_acegi_cas_security_check > > 2010-07-15 12:25:56,595 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in > FlowScope: https://CAS123:8443/cas/services/j_acegi_cas_security_check > > 2010-07-15 12:25:56,595 DEBUG > [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - SPNEGO > Authorization header found with 3672 bytes > > 2010-07-15 12:25:56,595 DEBUG > [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Obtained > token: ********* > > 2010-07-15 12:25:56,704 DEBUG > [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler] > - Setting nextToken in credentials > > 2010-07-15 12:25:56,704 DEBUG > [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler] > - Kerberos Credentials is valid for user [[email protected]] > > 2010-07-15 12:25:56,704 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > AuthenticationHandler: > org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler > successfully authenticated the user which provided the following > credentials: user6 > > 2010-07-15 12:25:56,704 DEBUG > [org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver] > - Attempting to resolve a principal... > > 2010-07-15 12:25:56,704 DEBUG > [org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver] > - Creating SimplePrincipal for [user6] > > 2010-07-15 12:25:56,735 DEBUG > [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Obtained > output token: ***** > > 2010-07-15 12:25:56,735 DEBUG > [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Added cookie > with name [CASTGC] and value > [TGT-3-AleuHTi6W40Vae4fhz3nQeM46D5rwGoMwQ7JHbLS15bsMHhiBS-CAS123] > > 2010-07-15 12:25:56,751 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket > [ST-2-emUdlBfMKMkW3z7MAvLh-CAS123] for service [ > https://CAS123:8443/cas/services/j_acegi_cas_security_check] for user > [user6] > > 2010-07-15 12:25:56,798 DEBUG > [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - Placing URL > parameters in map. > > 2010-07-15 12:25:56,798 DEBUG > [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - Calling > template URL attribute map. > > 2010-07-15 12:25:56,798 DEBUG > [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - Loading > custom parameters from configuration. > > 2010-07-15 12:25:56,798 DEBUG > [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - Constructing > validation url: > https://CAS123:8443/cas/serviceValidate?ticket=ST-2-emUdlBfMKMkW3z7MAvLh-CAS123&service=https%3A%2F%2FCAS123%3A8443%2Fcas%2Fservices%2Fj_acegi_cas_security_check > > 2010-07-15 12:25:56,798 DEBUG > [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - Retrieving > response from server. > > 2010-07-15 12:25:56,813 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated > service for: https://CAS123:8443/cas/services/j_acegi_cas_security_check > > 2010-07-15 12:25:56,845 DEBUG > [org.jasig.cas.ticket.registry.JpaTicketRegistry] - Removing Ticket > >ST-2-emUdlBfMKMkW3z7MAvLh-CAS123< created: Thu Jul 15 12:25:56 CDT 2010 > > 2010-07-15 12:25:56,891 DEBUG > [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - Server > response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> > <cas:authenticationSuccess> > <cas:user>user6</cas:user> > > > </cas:authenticationSuccess> > </cas:serviceResponse> > > > These sets of log entries repeat every time we click a link on the services > management splash page. > > Please advise. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
