Hi, Yes, something has changed. Services are now by default not allowed to proxy (security reasons). So you may need to change that if you want to use a CAS service as a proxy. Best regards, Jérôme
2013/10/22 tgjorgoski <[email protected]> > Thanks for the prompt reply! > > We moved to the 4.0.0-RC2-SNAPSHOT in our build, but now, upon the initial > logging, we get the following message: > "Authentication Failed: service.not.authorized.proxy" > > Are there some additional considerations that we need to take in account > in RC2 vs. RC1? > > In the CAS log there is the following: > > [code] > 2013-10-22 12:00:23,141 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > Authenticated [email protected] with credentials [[email protected] > +password]. > 2013-10-22 12:00:23,145 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: supplied credentials: [[email protected]+password] > ACTION: AUTHENTICATION_SUCCESS > APPLICATION: CAS > WHEN: Tue Oct 22 12:00:23 CEST 2013 > CLIENT IP ADDRESS: 127.0.0.1 > SERVER IP ADDRESS: 127.0.0.1 > ============================================================= > > > 2013-10-22 12:00:23,149 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: > TGT-1-nTCToQNaBckEsjMrXd7mSJ5Q55Eow162WiohuFoUNpJbthHVlU-cas01.example.org > ACTION: TICKET_GRANTING_TICKET_CREATED > APPLICATION: CAS > WHEN: Tue Oct 22 12:00:23 CEST 2013 > CLIENT IP ADDRESS: 127.0.0.1 > SERVER IP ADDRESS: 127.0.0.1 > ============================================================= > > > 2013-10-22 12:00:23,155 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ > ST-1-WagZV4ScHyXSVwWgWpuC-cas01.example.org] for service [ > https://localhost:8443/foo-service/j_spring_cas_security_check] for user [ > [email protected]] > 2013-10-22 12:00:23,156 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: [email protected] > WHAT: ST-1-WagZV4ScHyXSVwWgWpuC-cas01.example.org for > https://localhost:8443/foo-service/j_spring_cas_security_check > ACTION: SERVICE_TICKET_CREATED > APPLICATION: CAS > WHEN: Tue Oct 22 12:00:23 CEST 2013 > CLIENT IP ADDRESS: 127.0.0.1 > SERVER IP ADDRESS: 127.0.0.1 > ============================================================= > > > 2013-10-22 12:00:23,350 WARN > [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceManagement: > Service [https://localhost:8443/foo-service/j_spring_cas_security_check] > attempted to proxy, but is not allowed. > 2013-10-22 12:00:23,351 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: [email protected] > WHAT: service.not.authorized.proxy > ACTION: PROXY_GRANTING_TICKET_NOT_CREATED > APPLICATION: CAS > WHEN: Tue Oct 22 12:00:23 CEST 2013 > CLIENT IP ADDRESS: 127.0.0.1 > SERVER IP ADDRESS: 127.0.0.1 > ============================================================= > [/code] > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
