Re: CAS 3.0.5 proxy problem

Fri, 22 Sep 2006 04:53:43 -0700

If you re-enable it, your proxying should work.  That AuthenticationHandler is the handler that checks SSL certificates.

-Scott

On 9/22/06, Maja Wolniewicz <[EMAIL PROTECTED]> wrote:
It seems that it is not active:
                <property name="authenticationHandlers">
                        <list>
                                <!--
                                        | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
                                        | a server side SSL certificate.
                                        +-->
<!--                            <bean
                                        class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" />
-->
                                <!--
                                        | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
                                        | into production.  The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
                                        | where the username equals the password.  You will need to replace this with an AuthenticationHandler that implements your
                                        | local authentication strategy.  You might accomplish this by coding a new such handler and declaring
                                        | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
                                        +-->
<!--
                                <bean
                                        class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
-->
<bean
                                        class="pl.umk.cas.authentication.handler.support.LDAPAuthenticationHandler" />

                        </list>
                </property>

Maja

Scott Battaglia napisał(a):
By any chance did you remove any HttpBasedCredentialsAuthenticationHandler from the deployerConfigContext.xml?

-Scott

On 9/22/06, Maja Wolniewicz <[EMAIL PROTECTED] > wrote:
But while running under 3.0.4 I'm geting a ticket with ST prefix as well....
Maja
Henrik Genssen napisał(a): 
Hi,

they changed the beginning of the tickets from the proxy-tickets from PT to ST and phpCAS does not deal with this correct.
You can change that back in CAS or fix phpCAS...

regards

Hinnack




  
reply to message:
date: 22.09.2006 10:58:07
from: "Maja Wolniewicz" <[EMAIL PROTECTED]>


to: [email protected]
subject: CAS 3.0.5 proxy problem

Recently I have installed a CAS server version 3.0.5.
All CASified applications acting as CAS client are running smoothly, but
unfortunately all proxy CAS applications refuse to work. We are using
phpCAS as CAS clients.  First I thought that it is caused by the problem
in phpCAS libraries, you discussed on the list (on August, with the
subject 'proxy use'), but now I'm not sure...
I have a simple example:
<?php
include_once("./CAS/CAS.php");
include_once("./CAS/client.php");
phpCAS::setDebug("/tmp/mgw.log");
phpCAS::proxy(CAS_VERSION_2_0,'

login.umk.pl',8443,'');
phpCAS::forceAuthentication();
$username=phpCAS::getUser();
echo $username;
?>
which doesn't work with CAS 3.0.5.

After thorough investigations it appears that CAS server doesn't


response with proxy callback. It receives serviceValidate request with
pgtURL set,
but doesn't respond with URL callback. The callback URL is HTTPS and the
SSL certificate is valid (as the CAS protocol requires). The same


example running under the same Tomcat and CAS version 3.0.4 has no
problems at all.
In the catalina.out (under 3.0.5) I've found the following error, which
I suspect to be the culprit:

2006-09-21 16:21:25,489 INFO


[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
pl.umk.cas.authentication.handler.support.LDAPAuthenticationHandler
successfully authenticated the user which provided the following


credentials: [EMAIL PROTECTED]>
2006-09-21 16:21:25,491 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl
] -

<Granted service ticket [ST-14-gz20yzZ74fejTqCUFJILgtSM94sGRfb4fbT-20]
for service [https://serwisy.umk.pl/mgw/mgw.php

] for user [[EMAIL PROTECTED]]>
2006-09-21 16:21:25,620 ERROR
[org.jasig.cas.web.ServiceValidateController] - <TicketException


generating ticket for: https://serwisy.umk.pl/mgw/mgw.php>
org.jasig.cas.ticket.TicketCreationException

:
error.authentication.credentials.unsupported
       at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:215)
       at
org.jasig.cas.web.ServiceValidateController.handleRequestInternal

(ServiceValidateController.java:159)
       at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
       at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle

(SimpleControllerHandlerAdapter.java:45)
       at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:798)
       at
org.springframework.web.servlet.DispatcherServlet.doService

(DispatcherServlet.java:728)
...
Caused by: error.authentication.credentials.unsupported
       at
org.jasig.cas.authentication.handler.UnsupportedCredentialsException.<clinit>(UnsupportedCredentialsException.java

:21)
       at
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:108)
       at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(
CentralAuthenticationServiceImpl.java
:194)

Is this known problem? When I change in my example the proxy call to the
client call the username is echoed correctly (under 3.0.5 version).

Maja

-- 

Maja Gorecka-Wolniewicz          
[EMAIL PROTECTED]
            http://www.umk.pl/~mgw
            PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc
Uczelniane Centrum               Information & Communication
Informatyczne                    Technology Centre
Uniwersytet Mikolaja Kopernika   Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

    
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
  


-- 
Maja Gorecka-Wolniewicz          [EMAIL PROTECTED]
             http://www.umk.pl/~mgw
             PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc
Uczelniane Centrum               Information & Communication
Informatyczne                    Technology Centre
Uniwersytet Mikolaja Kopernika   Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas




_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
  


-- 
Maja Gorecka-Wolniewicz          [EMAIL PROTECTED]
             http://www.umk.pl/~mgw
             PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc
Uczelniane Centrum               Information & Communication
Informatyczne                    Technology Centre
Uniwersytet Mikolaja Kopernika   Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas



_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to