UGH!!! I could just kick myself. I found this in my localhost logs....
Apparently, my service that I entered in cas/services for uPortal wasn't
right because once I just let everything have access, it worked. So, I
guess I just need to fix the service url string for uPortal and it
should work. Thanks.
Nov 18, 2010 10:56:19 AM org.apache.catalina.core.StandardWrapperValve
invoke
SEVERE: Servlet.service() for servlet cas threw exception
org.jasig.cas.services.UnauthorizedServiceException: service.not.authorized
at
org.jasig.cas.CentralAuthenticationServiceImpl.grantServiceTicket_aroundBody2(CentralAuthenticationServiceImpl.java:190)
at
org.jasig.cas.CentralAuthenticationServiceImpl.grantServiceTicket_aroundBody3$advice(CentralAuthenticationServiceImpl.java:44)
at
org.jasig.cas.CentralAuthenticationServiceImpl.grantServiceTicket(CentralAuthenticationServiceImpl.java:1)
at
org.jasig.cas.CentralAuthenticationServiceImpl.grantServiceTicket_aroundBody4(CentralAuthenticationServiceImpl.java:244)
at
org.jasig.cas.CentralAuthenticationServiceImpl.grantServiceTicket_aroundBody5$advice(CentralAuthenticationServiceImpl.java:44)
at
org.jasig.cas.CentralAuthenticationServiceImpl.grantServiceTicket(CentralAuthenticationServiceImpl.java:1)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
at
org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspect.java:71)
at sun.reflect.GeneratedMethodAccessor178.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:622)
at
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:611)
at
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
at
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy128.grantServiceTicket(Unknown Source)
at
org.jasig.cas.web.ProxyController.handleRequestInternal(ProxyController.java:72)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
On 11/18/10 10:43 AM, Scott Battaglia wrote:
> If you're getting a response code of 500 for /proxy then there should
> be a corresponding error on the server side.
>
>
>
> On Thu, Nov 18, 2010 at 11:40 AM, Laura McCord
> <[email protected] <mailto:[email protected]>> wrote:
>
> Nevermind... I'm STILL having a problem with getting the clearPass
> intergrated with uPortal 3.2.2. The specs are listed in my
> original email. NO accounts can get past the guest layout of my
> uportal instance. The problem seems to be stemming from the
> PasswordCachingCasAssertionSecurityContext because if I replace it
> back with the original cas context in my security.properties file
> it works fine.
>
> I'm receiving the following errors:
>
> ERROR [TP-Processor13] Nov/18 10:23:58,641
> provider.UnionSecurityContext.[] - Exception authenticating
> subcontext
>
> org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContext
> assertion:org.jasig.cas.client.validation.assertioni...@427a9f36
> java.lang.RuntimeException: java.io.IOException: Server returned
> HTTP response code: 500 for URL:
>
> https://my-server/cas/proxy?pgt=TGT-2-gdHkBVgLhvri9QTzucfTAfKURJtcp3HK5geQE31TwizFqcGkOt-my-server&targetService=https%3A%2F%2Fmy-server%2Fcas%2FclearPass
>
> <https://my-server/cas/proxy?pgt=TGT-2-gdHkBVgLhvri9QTzucfTAfKURJtcp3HK5geQE31TwizFqcGkOt-my-server&targetService=https%3A%2F%2Fmy-server%2Fcas%2FclearPass>
> at
>
> org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:322)
> at
>
> org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:285)
> at
>
> org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:338)
> at
>
> org.jasig.cas.client.proxy.Cas20ProxyRetriever.getProxyTicketIdFor(Cas20ProxyRetriever.java:65)
> at
>
> org.jasig.cas.client.authentication.AttributePrincipalImpl.getProxyTicketFor(AttributePrincipalImpl.java:87)
> at
>
> org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContext.postAuthenticate(PasswordCachingCasAssertionSecurityContext.java:49)
> at
>
> org.jasig.portal.security.provider.cas.CasAssertionSecurityContext.authenticate(CasAssertionSecurityContext.java:68)
> at
>
> org.jasig.portal.security.provider.ChainingSecurityContext.authenticate(ChainingSecurityContext.java:105)
> at
>
> org.jasig.portal.security.provider.UnionSecurityContext.authenticate(UnionSecurityContext.java:47)
> at
>
> org.jasig.portal.services.Authentication.authenticate(Authentication.java:98)
> at org.jasig.portal.LoginServlet.service(LoginServlet.java:210)
> ....
> Caused by: java.io.IOException: Server returned HTTP response
> code: 500 for URL:
>
> https://my-server/cas/proxy?pgt=TGT-4-KsBFUIPXEfcktwcZbyr6JNQljfRIXyYqyVUkcrsb3itrIUuPGn-my-server&targetService=https%3A%2F%2Fmy-server%2Fcas%2FclearPass
>
> <https://my-server/cas/proxy?pgt=TGT-4-KsBFUIPXEfcktwcZbyr6JNQljfRIXyYqyVUkcrsb3itrIUuPGn-my-server&targetService=https%3A%2F%2Fmy-server%2Fcas%2FclearPass>
> at
>
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1313)
> at
>
> com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204)
> at
>
> org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305)
> ... 46 more
> ERROR [TP-Processor18] Nov/18 10:33:57,641 portal.LoginServlet.[]
> - Exception authenticating the request
> org.jasig.portal.security.PortalSecurityException: One of the
> security subcontexts threw an exception
> at
>
> org.jasig.portal.security.provider.ChainingSecurityContext.authenticate(ChainingSecurityContext.java:123)
> at
>
> org.jasig.portal.security.provider.UnionSecurityContext.authenticate(UnionSecurityContext.java:47)
> at
>
> org.jasig.portal.services.Authentication.authenticate(Authentication.java:98)
> at org.jasig.portal.LoginServlet.service(LoginServlet.java:210)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
>
> org.jasig.services.persondir.support.web.RequestAttributeSourceFilter.doFilter(RequestAttributeSourceFilter.java:316)
> at
>
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
> at
>
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
>
> org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:112)
> at
>
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
>
> org.jasig.portal.security.MaxInactiveFilter.doFilter(MaxInactiveFilter.java:77)
> at
>
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
> at
>
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
>
> org.jasig.cas.client.util.AssertionThreadLocalFilter.doFilter(AssertionThreadLocalFilter.java:40)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
>
> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:196)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
>
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> at
> org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
> at
> org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
> at
> org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:774)
> at
>
> org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
> at
>
> org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:896)
> at
>
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
> at java.lang.Thread.run(Thread.java:619)
> WARN [TP-Processor18] Nov/18 10:33:57,642
> web.RequestAttributeSourceFilter.[] - No username found for
> attribute 'null' among {serverName=[my-server]}
>
> Please help.
>
> Thanks,
> Laura
>
>
>
>
> On 11/12/10 4:00 PM, Laura McCord wrote:
>
> Okay I think I solved my problem. I discovered that there was
> more than one cas-client-core jar file in my cas lib
> directory. Once I removed it I was able to authenticate
> successfully.
>
> Now, I have one more question. How to test for clearPass
> correctly. After I authenticate through cas I go to this url :
> http://mycasserver/cas/clearPass but I get an error "No
> authentication information provided". Am I testing this
> incorrectly? I think it's working because the portlets that
> need the clearPass are working now but just for peace of mind
> I wanted to test it through the clearPass url.
>
> Thanks,
> Laura
>
>
> On 11/12/10 1:42 PM, Laura McCord wrote:
>
> I have a uPortal 3.2.2 install and I removed the bundled
> cas server and I am using an external 3.4.2 cas server now.
>
> The problem that I am seeing is that when I click on the
> "Sign In with CAS" button from uPortal I enter my
> username/password in cas and then I'm redirected to
> uPortal's GUEST unauthenticated layout. I was able to
> authenticate through cas before I made any changes so I
> can confirm that it did work prior to any clearPass
> adjustments.
>
> I can tell that when I change the
>
> root.cas=org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory
> back to the original state I'm at least able to
> authenticate and I'm given my authenticated uPortal
> layout, if that helps.
>
> I'm not sure if I'm having a versioning issue. The
> modifications that I have made are below.
>
> Thank You,
> Laura McCord
>
>
> - In the uportal-source-directory/pom.xml I added the
> following dependencies:
> <casclient.version>3.1.11</casclient.version>
>
> <cas-clearpass.version>1.0.5.GA
> <http://1.0.5.GA></cas-clearpass.version>
> <dependency>
> <groupId>org.jasig.cas.client</groupId>
> <artifactId>cas-client-core</artifactId>
> <version>${casclient.version}</version>
> </dependency>
> <dependency>
> <groupId>org.jasig.cas3.extensions</groupId>
> <artifactId>clearpass-integration-uportal</artifactId>
> <version>${cas-clearpass.version}</version>
> </dependency>
>
> -In uportal-impl/pom.xml
> <!-- ===== Runtime Dependencies
> ======================================= -->
> <dependency>
> <groupId>org.jasig.cas3.extensions</groupId>
> <artifactId>clearpass-integration-uportal</artifactId>
> <scope>runtime</scope>
> </dependency>
> <dependency>
> <groupId>org.jasig.cas.client</groupId>
> <artifactId>cas-client-core</artifactId>
> </dependency>
>
> -In
> uportal-impl/src/main/resources/properties/security.properties
> ## This is the factory that supplies the concrete
> authentication class
>
>
> root=org.jasig.portal.security.provider.UnionSecurityContextFactory
>
>
> root.cas=org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory
>
>
>
> #root.cas=org.jasig.portal.security.provider.cas.CasAssertionSecurityContextFactory
>
>
>
> root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory
>
>
> ## URL of the CAS cleartext password service
>
>
> org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory.clearPassCasUrl=https://myServer/cas/clearPass
>
>
> -In
>
> uportal-impl/src/main/resources/properties/context/portletContainerContext.xml
>
> <bean id="cachedPasswordUserInfoService"
>
> class="org.jasig.portal.portlet.container.services.CachedPasswordUserInfoService">
>
> <property name="userInstanceManager"
> ref="userInstanceManager" />
> <property name="portletWindowRegistry"
> ref="portletWindowRegistry" />
> <property name="portletEntityRegistry"
> ref="portletEntityRegistry" />
> <property name="portletDefinitionRegistry"
> ref="portletDefinitionRegistry" />
> <property name="portalRequestUtils"
> ref="portalRequestUtils" />
> <property name="decryptPassword" value="false" />
> </bean>
>
> - In cas/pom.xml
> <dependency>
> <groupId>org.jasig.cas3.extensions</groupId>
> <artifactId>clearpass-webapp</artifactId>
> <version>1.0.5.GA <http://1.0.5.GA></version>
> <scope>runtime</scope>
> <type>war</type>
> </dependency>
>
> -In cas/src/main/webapp/WEB-INF/deployerConfigContext.xml
> <property name="authenticationMetaDataPopulators">
> <list>
> <bean
>
> class="org.jasig.cas3.extensions.clearpass.CacheCredentialsMetaDataPopulator">
>
> <constructor-arg index="0" ref="credentialsCache" />
> </bean>
> </list>
> </property>
>
> -In cas/src/main/webapp/WEB-INF/web.xml
> <filter>
> <filter-name>CAS Validation Filter</filter-name>
>
> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
>
> <init-param>
> <param-name>casServerUrlPrefix</param-name>
> <param-value>https:/mycas-server/cas</param-value>
> </init-param>
> <init-param>
> <param-name>serverName</param-name>
> <param-value>https://mycas-server</param-value>
> </init-param>
> <init-param>
> <param-name>exceptionOnValidationFailure</param-name>
> <param-value>true</param-value>
> </init-param>
> <init-param>
> <param-name>allowedProxyChains</param-name>
> <param-value>
> https://my-portal-server/uPortal/CasProxyServlet
> </param-value>
> </init-param>
> <init-param>
> <param-name>useSession</param-name>
> <param-value>false</param-value>
> </init-param>
> <init-param>
> <param-name>redirectAfterValidation</param-name>
> <param-value>false</param-value>
> </init-param>
> </filter>
>
> <filter>
> <filter-name>CAS HttpServletRequest Wrapper
> Filter</filter-name>
>
> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
>
> </filter>
>
> <filter-mapping>
> <filter-name>CAS Validation Filter</filter-name>
> <url-pattern>/clearPass</url-pattern>
> </filter-mapping>
>
> <filter-mapping>
> <filter-name>CAS HttpServletRequest Wrapper
> Filter</filter-name>
> <url-pattern>/clearPass</url-pattern>
> </filter-mapping>
>
> <servlet-mapping>
> <servlet-name>cas</servlet-name>
> <url-pattern>/clearPass</url-pattern>
> </servlet-mapping>
>
>
>
>
>
>
> --
> You are currently subscribed to [email protected]
> <mailto:[email protected]> as: [email protected]
> <mailto:[email protected]>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
