Hi, It may depend on how you have configured the casServerPrefixUrl : maybe in your first case, you validate service tickets through a CAS server HTTP url whereas for the services management webapp, you use HTTPS, which causes an issue you haven't seen before. Best regards, Jérôme
2013/10/21 Michael Kromarek <[email protected]> > Hello, > > I have been working on setting up CAS using the WAR overlay method and > have had decent success and can do the following: > > -Authenticate against LDAP for the standard login page > -Perform the authentication over SSL > -Use the phpCAS authentication example successfully > > But what I cannot seem to get to work is the services manager. When I go > to the /cas/services URL, I login and get a huge exception thrown in my log > file (Connection Refused) and a page saying "Cas is unavailable". > > > From my log file (sorry this is going to be long) > > 2013-10-20 22:03:45,547 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ > ST-3-xdtoOzbFRpZwJewccKdj-my_server.highline.edu] for service [ > https://my_server.highline.edu:8443/cas/services/j_acegi_cas_security_check] > for user [my_username]> > 2013-10-20 22:03:45,547 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: my_username > WHAT: ST-3-xdtoOzbFRpZwJewccKdj-my_server.highline.edu for > https://my_server.highline.edu:8443/cas/services/j_acegi_cas_security_check > ACTION: SERVICE_TICKET_CREATED > APPLICATION: CAS > WHEN: Sun Oct 20 22:03:45 PDT 2013 > CLIENT IP ADDRESS: 10.30.100.163 > SERVER IP ADDRESS: 10.100.26.9 > ============================================================= > > > > 2013-10-20 22:03:45,558 ERROR [org.jasig.cas.client.util.CommonUtils] - > <Connection reset> > java.net.SocketException: Connection reset > at java.net.SocketInputStream.read(SocketInputStream.java:185) > at sun.security.ssl.InputRecord.readFully(InputRecord.java:442) > at sun.security.ssl.InputRecord.read(InputRecord.java:480) > at > sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:883) > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1208) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1235) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1219) > at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1139) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) > at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326) > at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305) > at > org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50) > at > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207) > at > org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140) > at > org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126) > at > org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) > at > org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:242) > at > org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) > at > org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) > at > org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) > at > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:581) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579) > at > org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1805) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:679) > 2013-10-20 22:03:45,894 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ > ST-4-UdcVHwi2XJuG6CFSXS9F-my_server.highline.edu] for service [ > https://my_server.highline.edu:8443/cas/services/j_acegi_cas_security_check] > for user [my_username]> > 2013-10-20 22:03:45,895 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: my_username > WHAT: ST-4-UdcVHwi2XJuG6CFSXS9F-my_server.highline.edu for > https://my_server.highline.edu:8443/cas/services/j_acegi_cas_security_check > ACTION: SERVICE_TICKET_CREATED > APPLICATION: CAS > WHEN: Sun Oct 20 22:03:45 PDT 2013 > CLIENT IP ADDRESS: 10.30.100.163 > SERVER IP ADDRESS: 10.100.26.9 > ============================================================= > > > > 2013-10-20 22:03:45,904 ERROR [org.jasig.cas.client.util.CommonUtils] - > <Connection reset> > java.net.SocketException: Connection reset > at java.net.SocketInputStream.read(SocketInputStream.java:185) > at sun.security.ssl.InputRecord.readFully(InputRecord.java:442) > at sun.security.ssl.InputRecord.read(InputRecord.java:480) > at > sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:883) > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1208) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1235) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1219) > at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1139) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) > at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326) > at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305) > at > org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50) > at > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207) > at > org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140) > at > org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126) > at > org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) > at > org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:242) > at > org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) > at > org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) > at > org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) > at > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:581) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579) > at > org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1805) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:679) > > > > Any help you can provide would be most appreciated. I'm completely > confused as to why the regular login form would work just fine, but the > services one would reset the connection. > > If you need any more info, let me know. > > Mike K. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
