Thanks, Marvin.
I changed to Saml11TicketValidator in applicationcontext-security.xml as
below.
<bean id="casAuthenticationProvider"
class="web.security.PMSAuthenticationProvider">
<property name="authenticationUserDetailsService" ref="userService" />
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean class="*org.jasig.cas.client.validation.Saml11TicketValidator*">
<constructor-arg index="0" value="${cas.server.url}" />
</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only" />
</bean>
and now i'm getting following exception.
INFO: Value of the queryURL: /app/
Aug 18, 2010 11:58:45 AM org.apache.catalina.core.StandardWrapperValve
invoke
SEVERE: Servlet.service() for servlet default threw exception
java.lang.ClassNotFoundException:
org.apache.xml.security.c14n.CanonicalizationException
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1484)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1329)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
at
org.jasig.cas.client.validation.Saml11TicketValidator.parseResponseFromServer(Saml11TicketValidator.java:50)
at
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)
at
org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:132)
at
org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:118)
at
org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:121)
at
org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:49)
at
org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:105)
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356)
at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:106)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356)
at
org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:110)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:150)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:110)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:619)
but cas server looks good and find below is the server trace
[8/18/10 11:58:15:994 EDT] 00000028 ServletWrappe I *SRVE0242I*: [rtp_sso]
[/sso] [/WEB-INF/view/jsp/default/ui/casLoginView.jsp]: Initialization
successful.
[8/18/10 11:58:41:161 EDT] 00000029 SystemOut O 2010-08-18 11:58:41,161
DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Attempting to
create TicketGrantingTicket for [username: test_user]>
[8/18/10 11:58:41:942 EDT] 00000029 SystemOut O 2010-08-18 11:58:41,942
INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
authenticated the user which provided the following credentials: [username:
test_user]>
[8/18/10 11:58:41:952 EDT] 00000029 SystemOut O 2010-08-18 11:58:41,952
DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- <Attempting to resolve a principal...>
[8/18/10 11:58:41:952 EDT] 00000029 SystemOut O 2010-08-18 11:58:41,952
DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
- <Attempting to resolve a principal...>
[8/18/10 11:58:41:952 EDT] 00000029 SystemOut O 2010-08-18 11:58:41,952
DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
- <Creating SimplePrincipal for [test_user]>
[8/18/10 11:58:41:962 EDT] 00000029 SystemOut O 2010-08-18 11:58:41,962
DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- <Resolved test_user. Trying LDAP resolve now...>
[8/18/10 11:58:41:962 EDT] 00000029 SystemOut O 2010-08-18 11:58:41,962
DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- <LDAP search with filter "(cn=test_user)">
[8/18/10 11:58:41:962 EDT] 00000029 SystemOut O 2010-08-18 11:58:41,962
DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- <returning searchcontrols: scope=2; search base=ou=users,ou=system;
attributes=[cn]; timeout=1000>
[8/18/10 11:58:42:002 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,002
DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- <Resolved test_user to TEST_USER>
[8/18/10 11:58:42:002 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,002
DEBUG
[org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver]
- <Creating SimplePrincipal for [TEST_USER]>
[8/18/10 11:58:42:022 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,022
DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
<Created seed map='{username=[TEST_USER]}' for uid='TEST_USER'>
[8/18/10 11:58:42:022 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,022
DEBUG [org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao] -
<Constructed argument array '[[TEST_USER]]' from the
defaultAttributeName='username'>
[8/18/10 11:58:42:072 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,072
WARN [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] -
<Converting value 0 of LDAP attribute 'givenname' from byte[] to String>
[8/18/10 11:58:42:072 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,072
DEBUG [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] -
<Added 1 attributes under mapped names '[givenname]' for source attribute
'givenname'>
[8/18/10 11:58:42:072 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,072
WARN [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] -
<Converting value 0 of LDAP attribute 'telephoneNumber' from byte[] to
String>
[8/18/10 11:58:42:072 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,072
DEBUG [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] -
<Added 1 attributes under mapped names '[telephoneNumber]' for source
attribute 'telephoneNumber'>
[8/18/10 11:58:42:072 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,072
WARN [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] -
<Converting value 0 of LDAP attribute 'email' from byte[] to String>
[8/18/10 11:58:42:072 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,072
DEBUG [org.jasig.services.persondir.support.ldap.PersonAttributesMapper] -
<Added 1 attributes under mapped names '[email]' for source attribute
'email'>
[8/18/10 11:58:42:152 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,152
DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[TGT-1-Xwy2IqDZ7PwGz4HAHrU1mL406ufj5Dz1T6fRiH2fccIhygc2ex-cas] to registry.>
[8/18/10 11:58:42:152 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,152
DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Removed
cookie with name [CASPRIVACY]>
[8/18/10 11:58:42:152 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,152
DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added
cookie with name [CASTGC] and value
[TGT-1-Xwy2IqDZ7PwGz4HAHrU1mL406ufj5Dz1T6fRiH2fccIhygc2ex-cas]>
[8/18/10 11:58:42:152 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,152
DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Removing ticket
[TGT-1-RKTfcBKLKZJ9tScXaMi0pgfSMBHCLhqkMDNmVu5Ju9WVambgfS-cas] from
registry.>
[8/18/10 11:58:42:152 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,152
DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket
[TGT-1-RKTfcBKLKZJ9tScXaMi0pgfSMBHCLhqkMDNmVu5Ju9WVambgfS-cas]>
[8/18/10 11:58:42:152 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,152
DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket
[TGT-1-Xwy2IqDZ7PwGz4HAHrU1mL406ufj5Dz1T6fRiH2fccIhygc2ex-cas]>
[8/18/10 11:58:42:152 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,152
DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[TGT-1-Xwy2IqDZ7PwGz4HAHrU1mL406ufj5Dz1T6fRiH2fccIhygc2ex-cas] found in
registry.>
[8/18/10 11:58:42:182 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,182
DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[ST-1-30qXXJ3VjC1KI5d7p4zR-cas] to registry.>
[8/18/10 11:58:42:182 EDT] 00000029 SystemOut O 2010-08-18 11:58:42,182
INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-1-30qXXJ3VjC1KI5d7p4zR-cas] for service [
http://localhost:81//j_spring_cas_security_check] for user [TEST_USER]>
[8/18/10 11:58:43:304 EDT] 00000029 SystemOut O 2010-08-18 11:58:43,304
DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor
generated service for: http://localhost:81//j_spring_cas_security_check>
[8/18/10 11:58:43:304 EDT] 00000029 SystemOut O 2010-08-18 11:58:43,304
DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket [ST-1-30qXXJ3VjC1KI5d7p4zR-cas]>
[8/18/10 11:58:43:304 EDT] 00000029 SystemOut O 2010-08-18 11:58:43,304
DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[ST-1-30qXXJ3VjC1KI5d7p4zR-cas] found in registry.>
[8/18/10 11:58:43:314 EDT] 00000029 SystemOut O 2010-08-18 11:58:43,314
DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing
ticket [ST-1-30qXXJ3VjC1KI5d7p4zR-cas] from registry>
[8/18/10 11:58:43:374 EDT] 00000029 SystemOut O 2010-08-18 11:58:43,374
DEBUG [org.jasig.cas.web.view.Saml10SuccessResponseView] - <Rendering view
with name 'casSamlServiceSuccessView' with model
{assertion=[principals={[[Principal=TEST_USER,
attributes={authenticationMethod=org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler}]]}
for service=http://localhost:81//j_spring_cas_security_check]} and static
attributes {}>
Thanks,
Stephen
On Wed, Aug 18, 2010 at 9:12 AM, Marvin Addison <[email protected]>wrote:
> You have a proxy granting ticket problem that I don't believe is
> related to attribute release:
>
> > [8/17/10 2:09:36:987 EDT] 00000026 SystemOut O 2010-08-17 02:09:36,987
> DEBUG
> >
> [org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler]
> > - <Authentication failed because url was not secure.>
> >
> > [8/17/10 2:09:36:987 EDT] 00000026 SystemOut O 2010-08-17 02:09:36,987
> INFO
> > [org.jasig.cas.authentication.AuthenticationManagerImpl] -
> > <AuthenticationHandler:
> >
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
> > failed to authenticate the user which provided the following credentials:
> > [callbackUrl: http://localhost/secure/receptor]>
>
> Your test page shows you don't have a proxy ticket. It's important to
> note that proxy tickets and attribute release are mutually exclusive.
> The SAML protocol is used to release attributes to clients, but SAML
> 1.1 has no notion of anything like CAS 2.0 protocol proxy. Have you
> configured your client for SAML,
>
> https://wiki.jasig.org/display/CASC/JASIG+Client+SAML+Saml11TicketValidationFilter+Example
> ?
>
> M
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
