If you're getting a response code of 500 for /proxy then there should be a corresponding error on the server side.
On Thu, Nov 18, 2010 at 11:40 AM, Laura McCord <[email protected]>wrote: > Nevermind... I'm STILL having a problem with getting the clearPass > intergrated with uPortal 3.2.2. The specs are listed in my original email. > NO accounts can get past the guest layout of my uportal instance. The > problem seems to be stemming from the > PasswordCachingCasAssertionSecurityContext because if I replace it back with > the original cas context in my security.properties file it works fine. > > I'm receiving the following errors: > > ERROR [TP-Processor13] Nov/18 10:23:58,641 provider.UnionSecurityContext.[] > - Exception authenticating subcontext > org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContext > assertion:org.jasig.cas.client.validation.assertioni...@427a9f36 > java.lang.RuntimeException: java.io.IOException: Server returned HTTP > response code: 500 for URL: > https://my-server/cas/proxy?pgt=TGT-2-gdHkBVgLhvri9QTzucfTAfKURJtcp3HK5geQE31TwizFqcGkOt-my-server&targetService=https%3A%2F%2Fmy-server%2Fcas%2FclearPass > at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:322) > at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:285) > at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:338) > at > org.jasig.cas.client.proxy.Cas20ProxyRetriever.getProxyTicketIdFor(Cas20ProxyRetriever.java:65) > at > org.jasig.cas.client.authentication.AttributePrincipalImpl.getProxyTicketFor(AttributePrincipalImpl.java:87) > at > org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContext.postAuthenticate(PasswordCachingCasAssertionSecurityContext.java:49) > at > org.jasig.portal.security.provider.cas.CasAssertionSecurityContext.authenticate(CasAssertionSecurityContext.java:68) > at > org.jasig.portal.security.provider.ChainingSecurityContext.authenticate(ChainingSecurityContext.java:105) > at > org.jasig.portal.security.provider.UnionSecurityContext.authenticate(UnionSecurityContext.java:47) > at > org.jasig.portal.services.Authentication.authenticate(Authentication.java:98) > at org.jasig.portal.LoginServlet.service(LoginServlet.java:210) > .... > Caused by: java.io.IOException: Server returned HTTP response code: 500 for > URL: > https://my-server/cas/proxy?pgt=TGT-4-KsBFUIPXEfcktwcZbyr6JNQljfRIXyYqyVUkcrsb3itrIUuPGn-my-server&targetService=https%3A%2F%2Fmy-server%2Fcas%2FclearPass > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1313) > at > com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204) > at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305) > ... 46 more > ERROR [TP-Processor18] Nov/18 10:33:57,641 portal.LoginServlet.[] - > Exception authenticating the request > org.jasig.portal.security.PortalSecurityException: One of the security > subcontexts threw an exception > at > org.jasig.portal.security.provider.ChainingSecurityContext.authenticate(ChainingSecurityContext.java:123) > at > org.jasig.portal.security.provider.UnionSecurityContext.authenticate(UnionSecurityContext.java:47) > at > org.jasig.portal.services.Authentication.authenticate(Authentication.java:98) > at org.jasig.portal.LoginServlet.service(LoginServlet.java:210) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.jasig.services.persondir.support.web.RequestAttributeSourceFilter.doFilter(RequestAttributeSourceFilter.java:316) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:112) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.jasig.portal.security.MaxInactiveFilter.doFilter(MaxInactiveFilter.java:77) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.jasig.cas.client.util.AssertionThreadLocalFilter.doFilter(AssertionThreadLocalFilter.java:40) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:196) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) > at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) > at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) > at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:774) > at > org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703) > at > org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:896) > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) > at java.lang.Thread.run(Thread.java:619) > WARN [TP-Processor18] Nov/18 10:33:57,642 > web.RequestAttributeSourceFilter.[] - No username found for attribute 'null' > among {serverName=[my-server]} > > Please help. > > Thanks, > Laura > > > > > On 11/12/10 4:00 PM, Laura McCord wrote: > >> Okay I think I solved my problem. I discovered that there was more than >> one cas-client-core jar file in my cas lib directory. Once I removed it I >> was able to authenticate successfully. >> >> Now, I have one more question. How to test for clearPass correctly. After >> I authenticate through cas I go to this url : >> http://mycasserver/cas/clearPass but I get an error "No authentication >> information provided". Am I testing this incorrectly? I think it's working >> because the portlets that need the clearPass are working now but just for >> peace of mind I wanted to test it through the clearPass url. >> >> Thanks, >> Laura >> >> >> On 11/12/10 1:42 PM, Laura McCord wrote: >> >>> I have a uPortal 3.2.2 install and I removed the bundled cas server and I >>> am using an external 3.4.2 cas server now. >>> >>> The problem that I am seeing is that when I click on the "Sign In with >>> CAS" button from uPortal I enter my username/password in cas and then I'm >>> redirected to uPortal's GUEST unauthenticated layout. I was able to >>> authenticate through cas before I made any changes so I can confirm that it >>> did work prior to any clearPass adjustments. >>> >>> I can tell that when I change the >>> root.cas=org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory >>> back to the original state I'm at least able to authenticate and I'm given >>> my authenticated uPortal layout, if that helps. >>> >>> I'm not sure if I'm having a versioning issue. The modifications that I >>> have made are below. >>> >>> Thank You, >>> Laura McCord >>> >>> >>> - In the uportal-source-directory/pom.xml I added the following >>> dependencies: >>> <casclient.version>3.1.11</casclient.version> >>> >>> <cas-clearpass.version>1.0.5.GA</cas-clearpass.version> >>> <dependency> >>> <groupId>org.jasig.cas.client</groupId> >>> <artifactId>cas-client-core</artifactId> >>> <version>${casclient.version}</version> >>> </dependency> >>> <dependency> >>> <groupId>org.jasig.cas3.extensions</groupId> >>> <artifactId>clearpass-integration-uportal</artifactId> >>> <version>${cas-clearpass.version}</version> >>> </dependency> >>> >>> -In uportal-impl/pom.xml >>> <!-- ===== Runtime Dependencies ======================================= >>> --> >>> <dependency> >>> <groupId>org.jasig.cas3.extensions</groupId> >>> <artifactId>clearpass-integration-uportal</artifactId> >>> <scope>runtime</scope> >>> </dependency> >>> <dependency> >>> <groupId>org.jasig.cas.client</groupId> >>> <artifactId>cas-client-core</artifactId> >>> </dependency> >>> >>> -In uportal-impl/src/main/resources/properties/security.properties >>> ## This is the factory that supplies the concrete authentication class >>> root=org.jasig.portal.security.provider.UnionSecurityContextFactory >>> >>> >>> root.cas=org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory >>> >>> >>> >>> #root.cas=org.jasig.portal.security.provider.cas.CasAssertionSecurityContextFactory >>> >>> >>> root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory >>> >>> >>> ## URL of the CAS cleartext password service >>> >>> >>> org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory.clearPassCasUrl= >>> https://myServer/cas/clearPass >>> >>> -In >>> uportal-impl/src/main/resources/properties/context/portletContainerContext.xml >>> >>> <bean id="cachedPasswordUserInfoService" >>> class="org.jasig.portal.portlet.container.services.CachedPasswordUserInfoService"> >>> >>> <property name="userInstanceManager" ref="userInstanceManager" /> >>> <property name="portletWindowRegistry" ref="portletWindowRegistry" /> >>> <property name="portletEntityRegistry" ref="portletEntityRegistry" /> >>> <property name="portletDefinitionRegistry" >>> ref="portletDefinitionRegistry" /> >>> <property name="portalRequestUtils" ref="portalRequestUtils" /> >>> <property name="decryptPassword" value="false" /> >>> </bean> >>> >>> - In cas/pom.xml >>> <dependency> >>> <groupId>org.jasig.cas3.extensions</groupId> >>> <artifactId>clearpass-webapp</artifactId> >>> <version>1.0.5.GA</version> >>> <scope>runtime</scope> >>> <type>war</type> >>> </dependency> >>> >>> -In cas/src/main/webapp/WEB-INF/deployerConfigContext.xml >>> <property name="authenticationMetaDataPopulators"> >>> <list> >>> <bean >>> class="org.jasig.cas3.extensions.clearpass.CacheCredentialsMetaDataPopulator"> >>> >>> <constructor-arg index="0" ref="credentialsCache" /> >>> </bean> >>> </list> >>> </property> >>> >>> -In cas/src/main/webapp/WEB-INF/web.xml >>> <filter> >>> <filter-name>CAS Validation Filter</filter-name> >>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>> >>> <init-param> >>> <param-name>casServerUrlPrefix</param-name> >>> <param-value>https:/mycas-server/cas</param-value> >>> </init-param> >>> <init-param> >>> <param-name>serverName</param-name> >>> <param-value>https://mycas-server</param-value> >>> </init-param> >>> <init-param> >>> <param-name>exceptionOnValidationFailure</param-name> >>> <param-value>true</param-value> >>> </init-param> >>> <init-param> >>> <param-name>allowedProxyChains</param-name> >>> <param-value> >>> >>> https://my-portal-server/uPortal/CasProxyServlet >>> </param-value> >>> </init-param> >>> <init-param> >>> <param-name>useSession</param-name> >>> <param-value>false</param-value> >>> </init-param> >>> <init-param> >>> <param-name>redirectAfterValidation</param-name> >>> <param-value>false</param-value> >>> </init-param> >>> </filter> >>> >>> <filter> >>> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> >>> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> >>> >>> </filter> >>> >>> <filter-mapping> >>> <filter-name>CAS Validation Filter</filter-name> >>> <url-pattern>/clearPass</url-pattern> >>> </filter-mapping> >>> >>> <filter-mapping> >>> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> >>> <url-pattern>/clearPass</url-pattern> >>> </filter-mapping> >>> >>> <servlet-mapping> >>> <servlet-name>cas</servlet-name> >>> <url-pattern>/clearPass</url-pattern> >>> </servlet-mapping> >>> >>> >>> >>> >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
