Generally that handler only fails for one of three reasons:
1. Invalid/missing certificate/mismatched host name.
2. Bad status code returned. By default the following status codes are
okay:
HttpURLConnection.HTTP_OK, HttpURLConnection.HTTP_NOT_MODIFIED,
HttpURLConnection.HTTP_MOVED_TEMP, HttpURLConnection.HTTP_MOVED_PERM
,
HttpURLConnection.HTTP_ACCEPTED
3. Insecure URL when its expecting a secure url.
-Scott
On 3/7/07, Luke McLean <[EMAIL PROTECTED]> wrote:
Hello,
I'm working through the process of setting up a proxied webservice. I
have
the ProxyTicketReceptor setup on the Webapp, have created a new
certificate
on the Webapp machine and imported that certificate to the cacert file on
the CAS machine. I have also added the proxyCallbackUrl in the web.xml on
the Webapp.
When I login to the Webapp I get the following stdout:
2007-03-08 15:53:53,109 DEBUG
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Attempting to create
TicketGrantingTicket for nz.g
[EMAIL PROTECTED]
[userName=TestUser8]>
2007-03-08 15:53:53,125 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler: nz.govt.nzfsa.raac.a
uthentication.handler.RaacUserAuthenticationHandler successfully
authenticated the user.>
2007-03-08 15:53:53,140 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[TGT-2-KK4ujg3934SNLySmzhjDnVF5i
jn0Qac5RdMb9BfBFHHWaR4HDb] to registry.>
2007-03-08 15:53:53,140 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket [TGT-2-KK4ujg39
34SNLySmzhjDnVF5ijn0Qac5RdMb9BfBFHHWaR4HDb]>
2007-03-08 15:53:53,140 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[TGT-2-KK4ujg3934SNLySmzhjDnVF5ijn0Qac
5RdMb9BfBFHHWaR4HDb] found in registry.>
2007-03-08 15:53:53,156 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[ST-2-qPh92whZrsiwRPs3BdLq] to r
egistry.>
2007-03-08 15:53:53,156 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket
[ST-2-qPh92whZrsiwRPs3BdLq] for service [http://vadctm07:8080/portal/] for
user [TestUser8]>
2007-03-08 15:53:53,375 DEBUG
[
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
]
- <Attempting to resolve credentials for
https://vadctm07:8443/CasProxyServlet>
2007-03-08 15:53:53,468 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
failed to authenticate the user.>
2007-03-08 15:53:53,468 ERROR [org.jasig.cas.web.ServiceValidateController
]
- <TicketException generating ticket for:
https://vadctm07:8443/CasProxyServlet>
org.jasig.cas.ticket.TicketCreationException:
error.authentication.credentials.bad
at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
(CentralAuthenticationServiceImpl.java:223)
at
org.jasig.cas.web.ServiceValidateController.handleRequestInternal(
ServiceValidateController.java:132)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(
AbstractController.java:128)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(
SimpleControllerHandlerAdapter.java:44)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(
DispatcherServlet.java:684)
at
org.springframework.web.servlet.DispatcherServlet.doService(
DispatcherServlet.java:625)
at
org.springframework.web.servlet.FrameworkServlet.serviceWrapper(
FrameworkServlet.java:386)
at
org.springframework.web.servlet.FrameworkServlet.doGet(
FrameworkServlet.java:346)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.jasig.cas.web.init.SafeDispatcherServlet.service(
SafeDispatcherServlet.java:115)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:237)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:157)
at
org.apache.catalina.core.StandardWrapperValve.invoke(
StandardWrapperValve.java:214)
at
org.apache.catalina.core.StandardValveContext.invokeNext(
StandardValveContext.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java
:520)
at
org.apache.catalina.core.StandardContextValve.invokeInternal(
StandardContextValve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(
StandardContextValve.java:152)
at
org.apache.catalina.core.StandardValveContext.invokeNext(
StandardValveContext.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java
:520)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:137)
at
org.apache.catalina.core.StandardValveContext.invokeNext(
StandardValveContext.java:104)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:118)
at
org.apache.catalina.core.StandardValveContext.invokeNext(
StandardValveContext.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java
:520)
at
org.apache.catalina.core.StandardEngineValve.invoke(
StandardEngineValve.java:109)
at
org.apache.catalina.core.StandardValveContext.invokeNext(
StandardValveContext.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java
:520)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection
(Http11Protocol.java:705)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:534)
Caused by: error.authentication.credentials.bad
at
org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException
.<clinit>(BadCredentialsAuthenticationException
.java:25)
at
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(
AuthenticationManagerImpl.java:96)
at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
(CentralAuthenticationServiceImpl.java:200)
... 34 more
2007-03-08 15:53:53,562 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket [ST-2-qPh92whZr
siwRPs3BdLq]>
2007-03-08 15:53:53,562 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[ST-2-qPh92whZrsiwRPs3BdLq] found in r
egistry.>
2007-03-08 15:53:53,562 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket
[ST-2-qPh92whZrsiwRPs3BdLq] f
rom registry>
The ServiceValidateController go to successView....
My reading of this (little knowledge) is that the
RaacUserAuthenticationHandler has successfully authenticated the user but
that HttpBasedServiceCredentialsAuthenticationHandler failed to
authenticate
the user... I thought that the
HttpBasedServiceCredentialsAuthenticationHandler was just to verify that
the
https connection was correct? I'm a bit lost here, any help/explanation
appreciated. Where do I look to correct this error?
Thanks,
Luke.
--
View this message in context:
http://www.nabble.com/HttpBasedServiceCredentialsAuthenticationHandler-Query-tf3366911.html#a9367474
Sent from the CAS Users mailing list archive at Nabble.com.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
