Recently I have installed a CAS server version 3.0.5.
All CASified applications acting as CAS client are running smoothly, but
unfortunately all proxy CAS applications refuse to work. We are using
phpCAS as CAS clients. First I thought that it is caused by the problem
in phpCAS libraries, you discussed on the list (on August, with the
subject 'proxy use'), but now I'm not sure...
I have a simple example:
<?php
include_once("./CAS/CAS.php");
include_once("./CAS/client.php");
phpCAS::setDebug("/tmp/mgw.log");
phpCAS::proxy(CAS_VERSION_2_0,'login.umk.pl',8443,'');
phpCAS::forceAuthentication();
$username=phpCAS::getUser();
echo $username;
?>
which doesn't work with CAS 3.0.5.
After thorough investigations it appears that CAS server doesn't
response with proxy callback. It receives serviceValidate request with
pgtURL set,
but doesn't respond with URL callback. The callback URL is HTTPS and the
SSL certificate is valid (as the CAS protocol requires). The same
example running under the same Tomcat and CAS version 3.0.4 has no
problems at all.
In the catalina.out (under 3.0.5) I've found the following error, which
I suspect to be the culprit:
2006-09-21 16:21:25,489 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
pl.umk.cas.authentication.handler.support.LDAPAuthenticationHandler
successfully authenticated the user which provided the following
credentials: [EMAIL PROTECTED]>
2006-09-21 16:21:25,491 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] -
<Granted service ticket [ST-14-gz20yzZ74fejTqCUFJILgtSM94sGRfb4fbT-20]
for service [https://serwisy.umk.pl/mgw/mgw.php] for user [EMAIL PROTECTED]>
2006-09-21 16:21:25,620 ERROR
[org.jasig.cas.web.ServiceValidateController] - <TicketException
generating ticket for: https://serwisy.umk.pl/mgw/mgw.php>
org.jasig.cas.ticket.TicketCreationException:
error.authentication.credentials.unsupported
at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:215)
at
org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:159)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:45)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:798)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:728)
....
Caused by: error.authentication.credentials.unsupported
at
org.jasig.cas.authentication.handler.UnsupportedCredentialsException.<clinit>(UnsupportedCredentialsException.java:21)
at
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:108)
at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:194)
Is this known problem? When I change in my example the proxy call to the
client call the username is echoed correctly (under 3.0.5 version).
Maja
--
Maja Gorecka-Wolniewicz [EMAIL PROTECTED]
http://www.umk.pl/~mgw
PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc
Uczelniane Centrum Information & Communication
Informatyczne Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
