I don't really know if between RC1 and RC2 was really the right time to introduce changing the default behavior of the services management tool. I doubt everyone checks all of their services between new local CAS deployments.
On Tue, Oct 22, 2013 at 8:13 AM, Jérôme LELEU <[email protected]> wrote: > Hi, > > Yes, something has changed. Services are now by default not allowed to > proxy (security reasons). So you may need to change that if you want to use > a CAS service as a proxy. > Best regards, > Jérôme > > > > 2013/10/22 tgjorgoski <[email protected]> > >> Thanks for the prompt reply! >> >> We moved to the 4.0.0-RC2-SNAPSHOT in our build, but now, upon the >> initial logging, we get the following message: >> "Authentication Failed: service.not.authorized.proxy" >> >> Are there some additional considerations that we need to take in account >> in RC2 vs. RC1? >> >> In the CAS log there is the following: >> >> [code] >> 2013-10-22 12:00:23,141 INFO >> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - >> Authenticated [email protected] with credentials [[email protected] >> +password]. >> 2013-10-22 12:00:23,145 INFO >> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: supplied credentials: [[email protected]+password] >> ACTION: AUTHENTICATION_SUCCESS >> APPLICATION: CAS >> WHEN: Tue Oct 22 12:00:23 CEST 2013 >> CLIENT IP ADDRESS: 127.0.0.1 >> SERVER IP ADDRESS: 127.0.0.1 >> ============================================================= >> >> >> 2013-10-22 12:00:23,149 INFO >> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: >> TGT-1-nTCToQNaBckEsjMrXd7mSJ5Q55Eow162WiohuFoUNpJbthHVlU-cas01.example.org >> ACTION: TICKET_GRANTING_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Tue Oct 22 12:00:23 CEST 2013 >> CLIENT IP ADDRESS: 127.0.0.1 >> SERVER IP ADDRESS: 127.0.0.1 >> ============================================================= >> >> >> 2013-10-22 12:00:23,155 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ >> ST-1-WagZV4ScHyXSVwWgWpuC-cas01.example.org] for service [ >> https://localhost:8443/foo-service/j_spring_cas_security_check] for user >> [[email protected]] >> 2013-10-22 12:00:23,156 INFO >> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: [email protected] >> WHAT: ST-1-WagZV4ScHyXSVwWgWpuC-cas01.example.org for >> https://localhost:8443/foo-service/j_spring_cas_security_check >> ACTION: SERVICE_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Tue Oct 22 12:00:23 CEST 2013 >> CLIENT IP ADDRESS: 127.0.0.1 >> SERVER IP ADDRESS: 127.0.0.1 >> ============================================================= >> >> >> 2013-10-22 12:00:23,350 WARN >> [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceManagement: >> Service [https://localhost:8443/foo-service/j_spring_cas_security_check] >> attempted to proxy, but is not allowed. >> 2013-10-22 12:00:23,351 INFO >> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: [email protected] >> WHAT: service.not.authorized.proxy >> ACTION: PROXY_GRANTING_TICKET_NOT_CREATED >> APPLICATION: CAS >> WHEN: Tue Oct 22 12:00:23 CEST 2013 >> CLIENT IP ADDRESS: 127.0.0.1 >> SERVER IP ADDRESS: 127.0.0.1 >> ============================================================= >> [/code] >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
