After i submit the CAS login form with userid (marissa) and password (koala) i am taken to the following url, https://localhost:8443/cas/login?service=https%3A%2F%2Flocalhost%3A8443%2Fconcas%2Fj_acegi_cas_security_check%3Bjsessionid%3D7E955BB3FE75C5304EEE044A32E4156B
Browser gave the message 'The webpage cannot be found ' Here is the log 2007-02-27 15:26:46,651 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Attempting to create TicketGrantingTicket for [EMAIL PROTECTED]> 2007-02-27 15:26:46,666 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.acegisecurity.adapters.cas3.CasAuthenticationHandler successfully authenticated the user.> 2007-02-27 15:26:46,666 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - <Creating SimplePrincipal for [marissa]> 2007-02-27 15:26:46,666 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket [TGT-2-aT3IHY2CdfSlv5B1FglSNhxcG51fXuacvPF-50] to registry.> 2007-02-27 15:26:46,666 DEBUG [org.jasig.cas.web.util.SecureCookieGenerator] - <Removed cookie with name [CASPRIVACY]> 2007-02-27 15:26:46,666 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'org.jasig.cas.web.flow.AuthenticationViaFormAction' completed execution; result event is [EMAIL PROTECTED] source = [EMAIL PROTECTED], id = 'success', stateId = [null], parameters = [null]]> 2007-02-27 15:26:46,666 DEBUG [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action 'org.jasig.cas.web.flow.SendTicketGrantingTicketAction' beginning execution> 2007-02-27 15:26:46,666 DEBUG [org.jasig.cas.web.util.SecureCookieGenerator] - <Added cookie with name [CASTGC] and value [TGT-2-aT3IHY2CdfSlv5B1FglSNhxcG51fXuacvPF-50]> 2007-02-27 15:26:46,666 DEBUG [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action 'org.jasig.cas.web.flow.SendTicketGrantingTicketAction' completed execution; result event is [EMAIL PROTECTED] source = [EMAIL PROTECTED], id = 'success', stateId = [null], parameters = [null]]> 2007-02-27 15:26:46,666 DEBUG [org.jasig.cas.web.flow.HasServiceCheckAction] - <Action 'org.jasig.cas.web.flow.HasServiceCheckAction' beginning execution> 2007-02-27 15:26:46,666 DEBUG [org.jasig.cas.web.flow.HasServiceCheckAction] - <Action 'org.jasig.cas.web.flow.HasServiceCheckAction' completed execution; result event is [EMAIL PROTECTED] source = [EMAIL PROTECTED], id = 'hasService', stateId = [null], parameters = [null]]> 2007-02-27 15:26:46,666 DEBUG [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action 'org.jasig.cas.web.flow.GenerateServiceTicketAction' beginning execution> 2007-02-27 15:26:46,666 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [TGT-2-aT3IHY2CdfSlv5B1FglSNhxcG51fXuacvPF-50]> 2007-02-27 15:26:46,666 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [TGT-2-aT3IHY2CdfSlv5B1FglSNhxcG51fXuacvPF-50] found in registry.> 2007-02-27 15:26:46,666 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket [ST-2-04e6CDK7deL9JL9F7IlsDtN0MkyULkrGe6I-20] to registry.> 2007-02-27 15:26:46,666 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-2-04e6CDK7deL9JL9F7IlsDtN0MkyULkrGe6I-20] for service [https://localhost:8443/concas/j_acegi_cas_security_check;jsessionid=A5F7591668AC1D411D7ACD8BF6F68E07] for user [marissa]> 2007-02-27 15:26:46,682 DEBUG [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action 'org.jasig.cas.web.flow.GenerateServiceTicketAction' completed execution; result event is [EMAIL PROTECTED] source = [EMAIL PROTECTED], id = 'success', stateId = [null], parameters = [null]]> 2007-02-27 15:26:46,682 DEBUG [org.jasig.cas.web.flow.WarnAction] - <Action 'org.jasig.cas.web.flow.WarnAction' beginning execution> 2007-02-27 15:26:46,682 DEBUG [org.jasig.cas.web.flow.WarnAction] - <Action 'org.jasig.cas.web.flow.WarnAction' completed execution; result event is [EMAIL PROTECTED] source = [EMAIL PROTECTED], id = 'redirect', stateId = [null], parameters = [null]]> 2007-02-27 15:26:46,807 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-2-04e6CDK7deL9JL9F7IlsDtN0MkyULkrGe6I-20]> 2007-02-27 15:26:46,807 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [ST-2-04e6CDK7deL9JL9F7IlsDtN0MkyULkrGe6I-20] found in registry.> 2007-02-27 15:26:46,807 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket [ST-2-04e6CDK7deL9JL9F7IlsDtN0MkyULkrGe6I-20] from registry> 2007-02-27 15:26:46,807 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ST-2-04e6CDK7deL9JL9F7IlsDtN0MkyULkrGe6I-20] does not match supplied service.> =========================================================================================== applicationContext-acegi-security.xml <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd";> <!-- - Application context containing authentication, channel - security and web URI beans. - - Only used by "cas" artifact. - - $Id: applicationContext-acegi-security.xml 1409 2006-04-26 23:36:03Z benalex $ --> <beans> <!-- ======================== FILTER CHAIN ======================= --> <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=channelProcessingFilter,httpSessionContextIntegrationFilter,logoutFilter,casProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor </value> </property> </bean> <!-- ======================== AUTHENTICATION ======================= --> <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref local="casAuthenticationProvider"/> </list> </property> </bean> <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> <property name="userMap"> <value> marissa=koala,ROLES_IGNORED_BY_CAS dianne=emu,ROLES_IGNORED_BY_CAS scott=wombat,ROLES_IGNORED_BY_CAS peter=opal,disabled,ROLES_IGNORED_BY_CAS </value> </property> </bean> <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"> </bean> <bean id="casAuthenticationProvider" class="org.acegisecurity.providers.cas.CasAuthenticationProvider"> <property name="casAuthoritiesPopulator"><ref local="casAuthoritiesPopulator"/></property> <property name="casProxyDecider"><ref local="casProxyDecider"/></property> <property name="ticketValidator"><ref local="casProxyTicketValidator"/></property> <property name="statelessTicketCache"><ref local="statelessTicketCache"/></property> <property name="key"><value>password</value></property> </bean> <bean id="casProxyTicketValidator" class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator"> <property name="casValidate"><value>https://localhost:8443/cas/proxyValidate</value></property> <!--<property name="proxyCallbackUrl"><value>https://localhost:8443/contacts-cas/casProxy/receptor</value></property>--> <property name="serviceProperties"><ref local="serviceProperties"/></property> <!-- <property name="trustStore"><value>/some/path/to/your/lib/security/cacerts</value></property> --> </bean> <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"> <property name="configLocation"> <value>classpath:/ehcache-failsafe.xml</value> </property> </bean> <bean id="ticketCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean"> <property name="cacheManager"> <ref local="cacheManager"/> </property> <property name="cacheName"> <value>ticketCache</value> </property> </bean> <bean id="statelessTicketCache" class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache"> <property name="cache"><ref local="ticketCacheBackend"/></property> </bean> <bean id="casAuthoritiesPopulator" class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator"> <property name="userDetailsService"><ref bean="inMemoryDaoImpl"/></property> </bean> <bean id="casProxyDecider" class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets"> </bean> <bean id="serviceProperties" class="org.acegisecurity.ui.cas.ServiceProperties"> <property name="service"><value>https://localhost:8443/concas/j_acegi_cas_security_check</value></property> <property name="sendRenew"><value>false</value></property> </bean> <!-- note logout has little impact, due to CAS reauthentication functionality (it will cause a refresh of the authentication though) --> <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter"> <constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout --> <constructor-arg> <list> <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/> </list> </constructor-arg> </bean> <!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== --> <!-- Enabled by default for CAS, as a CAS deployment uses HTTPS --> <bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter"> <property name="channelDecisionManager"><ref local="channelDecisionManager"/></property> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON \A/secure/.*\Z=REQUIRES_SECURE_CHANNEL \A/j_acegi_cas_security_check.*\Z=REQUIRES_SECURE_CHANNEL \A.*\Z=REQUIRES_INSECURE_CHANNEL </value> </property> </bean> <bean id="channelDecisionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl"> <property name="channelProcessors"> <list> <ref local="secureChannelProcessor"/> <ref local="insecureChannelProcessor"/> </list> </property> </bean> <bean id="secureChannelProcessor" class="org.acegisecurity.securechannel.SecureChannelProcessor"/> <bean id="insecureChannelProcessor" class="org.acegisecurity.securechannel.InsecureChannelProcessor"/> <!-- ===================== HTTP REQUEST SECURITY ==================== --> <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"><ref local="casProcessingFilterEntryPoint"/></property> </bean> <bean id="casProcessingFilter" class="org.acegisecurity.ui.cas.CasProcessingFilter"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/casfailed.jsp</value></property> <property name="defaultTargetUrl"><value>/</value></property> <property name="filterProcessesUrl"><value>/j_acegi_cas_security_check</value></property> </bean> <bean id="casProcessingFilterEntryPoint" class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint"> <property name="loginUrl"><value>https://localhost:8443/cas/login</value></property> <property name="serviceProperties"><ref local="serviceProperties"/></property> </bean> <bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions"><value>false</value></property> <property name="decisionVoters"> <list> <ref bean="roleVoter"/> </list> </property> </bean> <!-- Note the order that entries are placed against the objectDefinitionSource is critical. The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL. Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last --> <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON \A/secure/super.*\Z=ROLE_WE_DONT_HAVE \A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_TELLER </value> </property> </bean> </beans> =========================================================================================== Cas server deployerConfigContext.xml <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd";> <beans> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <property name="credentialsToPrincipalResolvers"> <list> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property> <property name="authenticationHandlers"> <list> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" /> <bean class="org.acegisecurity.adapters.cas3.CasAuthenticationHandler"> <property name="authenticationManager" ref="acegiAuthenticationManager" /> </bean> </list> </property> </bean> <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> <property name="userMap"> <value> marissa=koala,ROLES_IGNORED_BY_CAS dianne=emu,ROLES_IGNORED_BY_CAS scott=wombat,ROLES_IGNORED_BY_CAS peter=opal,disabled,ROLES_IGNORED_BY_CAS </value> </property> </bean> <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> <property name="userDetailsService"><ref bean="inMemoryDaoImpl"/></property> </bean> <bean id="acegiAuthenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref bean="daoAuthenticationProvider"/> </list> </property> </bean> </beans> Thanks. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
