On 4/11/07, Fawad Rashid <[EMAIL PROTECTED]> wrote:
<snip />
I am getting a "The credentials you provided cannot be determined to be
authentic.".
This means that the username/password you provided to CAS were not correct.
-Scott
My web.xml looks something like this
<filter>
<filter-name>CAS Validate Filter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASValidateFilter
</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl
</param-name>
<param-value>https://www.ja-sig.org/cas/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>localhost:8088</param-value>
</init-param>
</filter>
Fawad Rashid
>From: Andrew Petro <[EMAIL PROTECTED]>
>Reply-To: Yale CAS mailing list <[email protected]>
>To: Yale CAS mailing list <[email protected]>
>Subject: Re: TicketValidator Error
>Date: Tue, 10 Apr 2007 08:44:42 -0700
>
>
>
>
>
>
>
>Fawad,
>
>
>
>This error almost always turns out to be an SSL certificate issue.
>
>
>
>Are you sure your CAS server Tomcat instance is pointing at the server
>keystore you intend? (Configured in the tomcat/conf context
>declarations).
>
>
>
>Are you sure your CAS-using-application client JVM is pointing at the
>client keystore you intend? (Typically overridden by a
>system-property-declaring command-line argument at JVM startup.)
>
>
>
>Are you able to use test your CAS-using-application against JA-SIG's
>CAS server? https://www.ja-sig.org/cas/ ; uses a real commercial cert
>so SSL issues are reduced (though if you are using a nonstandard client
>keystore, it is quite possible to not include trust for commercially
>vended certs).
>
>
>
>Andrew
>
>http://support.unicon.net/
>
>
>
>Fawad Rashid wrote:
>
>
>
>
>
>
>Hi
>
>I am facing a problem which has been repeatiditly reported by many
>people but so far i have not been able to solve the issue.
>
>I have successfully installed CAS under Tomcat 5.5.20 and i have
>setup SSL on port 8443 using my self generated certs. The certs
>
>have been generated using the following commands.
>
>keytool -genkey -alias tomcat-sv -dname "CN=localhost, OU=ECOM,
>O=xib, L=Lahore, S=Punjab, C=PK" -keyalg RSA -keypass 123456 -storepass
>changeit -keystore server.keystore
>
>keytool -export -alias tomcat-sv -storepass 123456 -file
>server.cer -keystore server.keystore
>
>keytool -genkey -alias tomcat-cl -dname "CN=localhost,OU=ECOM,
>O=xib, L=Lahore, S=Punjab, C=PK" -keyalg RSA -keypass 123456 -storepass
>changeit -keystore client.keystore
>
>keytool -export -alias tomcat-cl -storepass changeit -file
>client.cer -keystore client.keystore
>
>keytool -import -v -trustcacerts -alias tomcat -file server.cer
>-keystore client.keystore -keypass 123456 -storepass changeit
>
>keytool -import -v -trustcacerts -alias tomcat -file client.cer
>-keystore server.keystore -keypass 123456 -storepass changeit
>
>
>
>When i access the CAS portal on https://localhost:8443
>i get a Log In Successful page. When i try to access the uPortal portal
>using
>
>the url
>
https://localhost:8443/cas/login?service=http%3A%2F%2Flocalhost:8088%2FuPortal%2FLogin
>i can see the login page. When i submit the login
>
>I get the following error.
>
>HTTP Status 500 -
>
>type Exception report
>
>message
>
>description The server encountered an internal error () that
>prevented it from fulfilling this request.
>
>exception
>
>javax.servlet.ServletException: Unable to validate
>ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator
>proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator
>casValidateUrl=[https://localhost:8443/cas/serviceValidate]
>ticket=[ST-6-mWf3oVDr9HepuwDRk9cSch0J4IqgpZm17pi-20]
>service=[http%3A%2F%2Flocalhost%3A8088%2FuPortal%2FLogin] renew=false]]]
>
>edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(
CASValidateFilter.java:292)
>
>root cause
>
>edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
>validate ProxyTicketValidator
>[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
>[edu.yale.its.tp.cas.client.ServiceTicketValidator
>casValidateUrl=[https://localhost:8443/cas/serviceValidate]
>ticket=[ST-6-mWf3oVDr9HepuwDRk9cSch0J4IqgpZm17pi-20]
>service=[http%3A%2F%2Flocalhost%3A8088%2FuPortal%2FLogin] renew=false]]]
>
>edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
>
>edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(
CASValidateFilter.java:339)
>
>edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(
CASValidateFilter.java:289)
>
>note The full stack trace of the root cause is available in the
>Apache Tomcat/5.5.20 logs.
>
>The url changes to
>
http://localhost:8088/uPortal/Login?ticket=ST-6-mWf3oVDr9HepuwDRk9cSch0J4IqgpZm17pi-20
,
>I am not sure what i am missing here, kindly guide me through.
>
>Regards
>
>Fawad Rashid
>
>
>
>
>
>
> Express yourself instantly with MSN Messenger! MSN
>Messenger Download today it's FREE!
>
>
>
>_______________________________________________
>Yale CAS mailing list
>[email protected]
>http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
>
>
>
>_______________________________________________
>Yale CAS mailing list
>[email protected]
>http://tp.its.yale.edu/mailman/listinfo/cas
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
