Nevermind... I'm STILL having a problem with getting the clearPass
intergrated with uPortal 3.2.2. The specs are listed in my original
email. NO accounts can get past the guest layout of my uportal instance.
The problem seems to be stemming from the
PasswordCachingCasAssertionSecurityContext because if I replace it back
with the original cas context in my security.properties file it works fine.
I'm receiving the following errors:
ERROR [TP-Processor13] Nov/18 10:23:58,641
provider.UnionSecurityContext.[] - Exception authenticating subcontext
org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContext
assertion:org.jasig.cas.client.validation.assertioni...@427a9f36
java.lang.RuntimeException: java.io.IOException: Server returned HTTP
response code: 500 for URL:
https://my-server/cas/proxy?pgt=TGT-2-gdHkBVgLhvri9QTzucfTAfKURJtcp3HK5geQE31TwizFqcGkOt-my-server&targetService=https%3A%2F%2Fmy-server%2Fcas%2FclearPass
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:322)
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:285)
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:338)
at
org.jasig.cas.client.proxy.Cas20ProxyRetriever.getProxyTicketIdFor(Cas20ProxyRetriever.java:65)
at
org.jasig.cas.client.authentication.AttributePrincipalImpl.getProxyTicketFor(AttributePrincipalImpl.java:87)
at
org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContext.postAuthenticate(PasswordCachingCasAssertionSecurityContext.java:49)
at
org.jasig.portal.security.provider.cas.CasAssertionSecurityContext.authenticate(CasAssertionSecurityContext.java:68)
at
org.jasig.portal.security.provider.ChainingSecurityContext.authenticate(ChainingSecurityContext.java:105)
at
org.jasig.portal.security.provider.UnionSecurityContext.authenticate(UnionSecurityContext.java:47)
at
org.jasig.portal.services.Authentication.authenticate(Authentication.java:98)
at org.jasig.portal.LoginServlet.service(LoginServlet.java:210)
....
Caused by: java.io.IOException: Server returned HTTP response code: 500
for URL:
https://my-server/cas/proxy?pgt=TGT-4-KsBFUIPXEfcktwcZbyr6JNQljfRIXyYqyVUkcrsb3itrIUuPGn-my-server&targetService=https%3A%2F%2Fmy-server%2Fcas%2FclearPass
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1313)
at
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204)
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305)
... 46 more
ERROR [TP-Processor18] Nov/18 10:33:57,641 portal.LoginServlet.[] -
Exception authenticating the request
org.jasig.portal.security.PortalSecurityException: One of the security
subcontexts threw an exception
at
org.jasig.portal.security.provider.ChainingSecurityContext.authenticate(ChainingSecurityContext.java:123)
at
org.jasig.portal.security.provider.UnionSecurityContext.authenticate(UnionSecurityContext.java:47)
at
org.jasig.portal.services.Authentication.authenticate(Authentication.java:98)
at org.jasig.portal.LoginServlet.service(LoginServlet.java:210)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.jasig.services.persondir.support.web.RequestAttributeSourceFilter.doFilter(RequestAttributeSourceFilter.java:316)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:112)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.jasig.portal.security.MaxInactiveFilter.doFilter(MaxInactiveFilter.java:77)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.jasig.cas.client.util.AssertionThreadLocalFilter.doFilter(AssertionThreadLocalFilter.java:40)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:196)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:774)
at
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
at
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:896)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
at java.lang.Thread.run(Thread.java:619)
WARN [TP-Processor18] Nov/18 10:33:57,642
web.RequestAttributeSourceFilter.[] - No username found for attribute
'null' among {serverName=[my-server]}
Please help.
Thanks,
Laura
On 11/12/10 4:00 PM, Laura McCord wrote:
Okay I think I solved my problem. I discovered that there was more
than one cas-client-core jar file in my cas lib directory. Once I
removed it I was able to authenticate successfully.
Now, I have one more question. How to test for clearPass correctly.
After I authenticate through cas I go to this url :
http://mycasserver/cas/clearPass but I get an error "No authentication
information provided". Am I testing this incorrectly? I think it's
working because the portlets that need the clearPass are working now
but just for peace of mind I wanted to test it through the clearPass url.
Thanks,
Laura
On 11/12/10 1:42 PM, Laura McCord wrote:
I have a uPortal 3.2.2 install and I removed the bundled cas server
and I am using an external 3.4.2 cas server now.
The problem that I am seeing is that when I click on the "Sign In
with CAS" button from uPortal I enter my username/password in cas and
then I'm redirected to uPortal's GUEST unauthenticated layout. I was
able to authenticate through cas before I made any changes so I can
confirm that it did work prior to any clearPass adjustments.
I can tell that when I change the
root.cas=org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory
back to the original state I'm at least able to authenticate and I'm
given my authenticated uPortal layout, if that helps.
I'm not sure if I'm having a versioning issue. The modifications that
I have made are below.
Thank You,
Laura McCord
- In the uportal-source-directory/pom.xml I added the following
dependencies:
<casclient.version>3.1.11</casclient.version>
<cas-clearpass.version>1.0.5.GA</cas-clearpass.version>
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>${casclient.version}</version>
</dependency>
<dependency>
<groupId>org.jasig.cas3.extensions</groupId>
<artifactId>clearpass-integration-uportal</artifactId>
<version>${cas-clearpass.version}</version>
</dependency>
-In uportal-impl/pom.xml
<!-- ===== Runtime Dependencies
======================================= -->
<dependency>
<groupId>org.jasig.cas3.extensions</groupId>
<artifactId>clearpass-integration-uportal</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
</dependency>
-In uportal-impl/src/main/resources/properties/security.properties
## This is the factory that supplies the concrete authentication
class
root=org.jasig.portal.security.provider.UnionSecurityContextFactory
root.cas=org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory
#root.cas=org.jasig.portal.security.provider.cas.CasAssertionSecurityContextFactory
root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory
## URL of the CAS cleartext password service
org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory.clearPassCasUrl=https://myServer/cas/clearPass
-In
uportal-impl/src/main/resources/properties/context/portletContainerContext.xml
<bean id="cachedPasswordUserInfoService"
class="org.jasig.portal.portlet.container.services.CachedPasswordUserInfoService">
<property name="userInstanceManager" ref="userInstanceManager" />
<property name="portletWindowRegistry" ref="portletWindowRegistry" />
<property name="portletEntityRegistry" ref="portletEntityRegistry" />
<property name="portletDefinitionRegistry"
ref="portletDefinitionRegistry" />
<property name="portalRequestUtils" ref="portalRequestUtils" />
<property name="decryptPassword" value="false" />
</bean>
- In cas/pom.xml
<dependency>
<groupId>org.jasig.cas3.extensions</groupId>
<artifactId>clearpass-webapp</artifactId>
<version>1.0.5.GA</version>
<scope>runtime</scope>
<type>war</type>
</dependency>
-In cas/src/main/webapp/WEB-INF/deployerConfigContext.xml
<property name="authenticationMetaDataPopulators">
<list>
<bean
class="org.jasig.cas3.extensions.clearpass.CacheCredentialsMetaDataPopulator">
<constructor-arg index="0" ref="credentialsCache" />
</bean>
</list>
</property>
-In cas/src/main/webapp/WEB-INF/web.xml
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https:/mycas-server/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://mycas-server</param-value>
</init-param>
<init-param>
<param-name>exceptionOnValidationFailure</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>allowedProxyChains</param-name>
<param-value>
https://my-portal-server/uPortal/CasProxyServlet
</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/clearPass</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/clearPass</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/clearPass</url-pattern>
</servlet-mapping>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
