You only need proxy authentication of your client needs to access another CASified resource on behalf of the user. Imagine a portal attempting to access a grades web service to display grades in the portal for a user.
Cheers, Scott On Fri, Jul 30, 2010 at 11:38 AM, Jiangpeng Shi < [email protected]> wrote: > Thanks a lot Scott! You give me a lot of help on understanding CAS. For now > I have set up a very default cas, and several applications are using it as > authentication server. The first step seems pretty good! > I think I am still not quite clear about proxy ticket, so in all my client > app, I just comment out the "proxyCallback" settings and exceptions are > gone. But I really want to understand the concept of proxy ticket. Is it > something about an application using a proxy server or so? What's this proxy > tickets for? I read the article "Proxy CAS Walkthrough", but I guess I > am not smart enough to understand all the ideas. Could you please give me > some reference about the proxy ticket? Thanks a lot. > > >>> Scott Battaglia <[email protected]> 7/29/2010 9:41 PM >>> > You're attempting to call back to the CAS client to send a proxy ticket. > Your CAS server is having trouble contacting the client. > > > On Thu, Jul 29, 2010 at 2:43 PM, Jiangpeng Shi < > [email protected]> wrote: > > > I got this "java.net.SocketTimeoutException: Read timed out" error from > > the server log. It is kind of very weird that seems it only happens each > > time after I restart the cas server: every time if I restart cas server > and > > open a client app, then I got those exception: > > > > 2010-07-29 13:39:26,918 ERROR [org.jasig.cas.util.HttpClient] - > > <java.net.SocketTimeoutException: Read timed out> > > java.net.SocketTimeoutException: Read timed out > > at jrockit.net.SocketNativeIO.readBytesPinned(Native Method) > > at jrockit.net.SocketNativeIO.socketRead(SocketNativeIO.java:46) > > at java.net.SocketInputStream.socketRead0(SocketInputStream.java) > > at java.net.SocketInputStream.read(SocketInputStream.java:129) > > at > > weblogic.utils.io.ChunkedInputStream.read(ChunkedInputStream.java:159) > > at java.io.InputStream.read(InputStream.java:85) > > at com.certicom.tls.record.ReadHandler.readFragment(Unknown > Source) > > at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source) > > at > > com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown > > Source) > > at > > > com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown > > Source) > > at com.certicom.tls.record.WriteHandler.write(Unknown Source) > > at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source) > > at > > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66) > > at > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124) > > at java.io.FilterOutputStream.flush(FilterOutputStream.java:124) > > at > > > weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154) > > at > > > weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358) > > at > > > weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37) > > at > > > weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:947) > > at > > org.jasig.cas.util.HttpClient.isValidEndPoint(HttpClient.java:111) > > at > > > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler.authenticate(HttpBasedServiceCredentialsAuthenticationHandler.java:59) > > at > > > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticateAndObtainPrincipal(AuthenticationManagerImpl.java:74) > > at > > > org.jasig.cas.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:39) > > at > > > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:260) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > > at java.lang.reflect.Method.invoke(Method.java:597) > > at > > > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307) > > at > > > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182) > > at > > > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149) > > at > > > org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106) > > at > > > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) > > at > > > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) > > at $Proxy75.delegateTicketGrantingTicket(Unknown Source) > > at > > > org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:126) > > at > > > org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153) > > at > > > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48) > > at > > > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875) > > at > > > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807) > > at > > > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571) > > at > > > org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:502) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:821) > > at > > > org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115) > > at > > > weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) > > at > > > weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) > > at > > > weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) > > at > weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27) > > at > > > weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57) > > at > > > org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48) > > at > > > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) > > at > > > weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57) > > at > > > weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) > > at > > > weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) > > at > > weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) > > at > > > weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) > > at > > > weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) > > at > > > weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) > > at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) > > at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) > > 2010-07-29 13:39:26,918 INFO > > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > > <AuthenticationHandler: > > > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler > > failed to authenticate the user which provided the following credentials: > > [callbackUrl: > https://casServer.mydomain.com:7002/casClient/proxyCallback > > ]> > > 2010-07-29 13:39:26,934 ERROR > [org.jasig.cas.web.ServiceValidateController] > > - <TicketException generating ticket for: [callbackUrl: > > https://casServer.mydomain.com:7002/casClient/proxyCallback]> > > org.jasig.cas.ticket.TicketCreationException: > > error.authentication.credentials.bad > > at > > > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:290) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > > at java.lang.reflect.Method.invoke(Method.java:597) > > at > > > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307) > > at > > > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182) > > at > > > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149) > > at > > > org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106) > > at > > > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) > > at > > > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) > > at $Proxy75.delegateTicketGrantingTicket(Unknown Source) > > at > > > org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:126) > > at > > > org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153) > > at > > > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48) > > at > > > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875) > > at > > > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807) > > at > > > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571) > > at > > > org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) > > at > > > org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115) > > at > > > weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) > > at > > > weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) > > at > > > weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) > > at > weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) > > at > > > weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) > > at > > > org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48) > > at > > > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) > > at > > > weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) > > at > > > weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) > > at > > > weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) > > at > > weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) > > at > > > weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) > > at > > > weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) > > at > > > weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) > > at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) > > at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) > > Caused by: error.authentication.credentials.bad > > at > > > org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException.<clinit>(BadCredentialsAuthenticationException.java:25) > > at > > > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticateAndObtainPrincipal(AuthenticationManagerImpl.java:99) > > at > > > org.jasig.cas.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:39) > > at > > > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:260) > > ... 37 more > > > > > > Although there are exceptions like this, but the login still works well. > > Any suggestion? Thanks. > > > > --Jerry > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
