CAS's JVM does not trust your client application's certificate.

If you've added the certificate to CAS's JVM, that most likely means the
hostname does not match the cn.

If you haven't added the certificate, you need to do so :-)

-Scott

On 6/19/07, Bill Bailey <[EMAIL PROTECTED]> wrote:

 Hi,



I am using CAS with ACEGI security and I have the basics working. But when
I try to add the proxyCallbackUrl to the CasProxyTicketValidator (see
below), it only partly works. I am able to still authenticate through CAS,
but the resulting authentication token does not have the PGTIOU set … it is
an empty string.



I have checked the log files on the Tomcat instance hosting the CAS server
and I find the following exceptions which seem to relate to the proxy
callback URL. Any idea what is wrong?



2007-06-19 09:25:58,812 ERROR [
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler]
- <javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated>

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

            at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(Unknown
Source)

            at
org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname
(StrictSSLProtocolSocketFactory.java:280)

            at
org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createSocket
(StrictSSLProtocolSocketFactory.java:223)

            at org.apache.commons.httpclient.HttpConnection.open(
HttpConnection.java:706)

            at
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open
(MultiThreadedHttpConnectionManager.java:1321)

            at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(
HttpMethodDirector.java:386)

            at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(
HttpMethodDirector.java:170)

            at org.apache.commons.httpclient.HttpClient.executeMethod(
HttpClient.java:396)

            at org.apache.commons.httpclient.HttpClient.executeMethod(
HttpClient.java:324)

            at
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler.authenticate
(HttpBasedServiceCredentialsAuthenticationHandler.java:75)

            at
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(
AuthenticationManagerImpl.java:79)

            at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
(CentralAuthenticationServiceImpl.java:194)

            at
org.jasig.cas.web.ServiceValidateController.handleRequestInternal(
ServiceValidateController.java:159)

            at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(
AbstractController.java:153)

            at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(
SimpleControllerHandlerAdapter.java:48)

            at
org.springframework.web.servlet.DispatcherServlet.doDispatch(
DispatcherServlet.java:819)

            at org.springframework.web.servlet.DispatcherServlet.doService
(DispatcherServlet.java:754)

            at
org.springframework.web.servlet.FrameworkServlet.processRequest(
FrameworkServlet.java:399)

            at org.springframework.web.servlet.FrameworkServlet.doGet(
FrameworkServlet.java:354)

            at javax.servlet.http.HttpServlet.service(HttpServlet.java
:690)

            at javax.servlet.http.HttpServlet.service(HttpServlet.java
:803)

            at org.jasig.cas.web.init.SafeDispatcherServlet.service(
SafeDispatcherServlet.java:115)

            at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:290)

            at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:206)

            at org.apache.catalina.core.StandardWrapperValve.invoke(
StandardWrapperValve.java:228)

            at org.apache.catalina.core.StandardContextValve.invoke(
StandardContextValve.java:175)

            at org.apache.catalina.core.StandardHostValve.invoke(
StandardHostValve.java:128)

            at org.apache.catalina.valves.ErrorReportValve.invoke(
ErrorReportValve.java:104)

            at org.apache.catalina.core.StandardEngineValve.invoke(
StandardEngineValve.java:109)

            at org.apache.catalina.connector.CoyoteAdapter.service(
CoyoteAdapter.java:216)

            at org.apache.coyote.http11.Http11Processor.process(
Http11Processor.java:844)

            at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(
Http11Protocol.java:634)

            at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(
JIoEndpoint.java:445)

            at java.lang.Thread.run(Unknown Source)

2007-06-19 09:25:58,812 INFO [
org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandlerfailed
 to authenticate the user which provided the following credentials:
https://nacdnws002l.northlandcc.net:8443/casProxy/receptor>

2007-06-19 09:25:58,812 ERROR [org.jasig.cas.web.ServiceValidateController]
- <TicketException generating ticket for:
https://nacdnws002l.northlandcc.net:8443/casProxy/receptor>

org.jasig.cas.ticket.TicketCreationException:
error.authentication.credentials.bad

            at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
(CentralAuthenticationServiceImpl.java:215)

            at
org.jasig.cas.web.ServiceValidateController.handleRequestInternal(
ServiceValidateController.java:159)

            at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(
AbstractController.java:153)

            at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(
SimpleControllerHandlerAdapter.java:48)

            at
org.springframework.web.servlet.DispatcherServlet.doDispatch(
DispatcherServlet.java:819)

            at org.springframework.web.servlet.DispatcherServlet.doService
(DispatcherServlet.java:754)

            at
org.springframework.web.servlet.FrameworkServlet.processRequest(
FrameworkServlet.java:399)

            at org.springframework.web.servlet.FrameworkServlet.doGet(
FrameworkServlet.java:354)

            at javax.servlet.http.HttpServlet.service(HttpServlet.java
:690)

            at javax.servlet.http.HttpServlet.service(HttpServlet.java
:803)

            at org.jasig.cas.web.init.SafeDispatcherServlet.service(
SafeDispatcherServlet.java:115)

            at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:290)

            at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:206)

            at org.apache.catalina.core.StandardWrapperValve.invoke(
StandardWrapperValve.java:228)

            at org.apache.catalina.core.StandardContextValve.invoke(
StandardContextValve.java:175)

            at org.apache.catalina.core.StandardHostValve.invoke(
StandardHostValve.java:128)

            at org.apache.catalina.valves.ErrorReportValve.invoke(
ErrorReportValve.java:104)

            at org.apache.catalina.core.StandardEngineValve.invoke(
StandardEngineValve.java:109)

            at org.apache.catalina.connector.CoyoteAdapter.service(
CoyoteAdapter.java:216)

            at org.apache.coyote.http11.Http11Processor.process(
Http11Processor.java:844)

            at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(
Http11Protocol.java:634)

            at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(
JIoEndpoint.java:445)

            at java.lang.Thread.run(Unknown Source)

Caused by: error.authentication.credentials.bad

            at
org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException
.<clinit>(BadCredentialsAuthenticationException.java:25)

            at
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(
AuthenticationManagerImpl.java:105)

            at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
(CentralAuthenticationServiceImpl.java:194)

            ... 22 more

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas




--
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to