CAS's JVM does not trust your client application's certificate.
If you've added the certificate to CAS's JVM, that most likely means the
hostname does not match the cn.
If you haven't added the certificate, you need to do so :-)
-Scott
On 6/19/07, Bill Bailey <[EMAIL PROTECTED]> wrote:
Hi,
I am using CAS with ACEGI security and I have the basics working. But when
I try to add the proxyCallbackUrl to the CasProxyTicketValidator (see
below), it only partly works. I am able to still authenticate through CAS,
but the resulting authentication token does not have the PGTIOU set … it is
an empty string.
I have checked the log files on the Tomcat instance hosting the CAS server
and I find the following exceptions which seem to relate to the proxy
callback URL. Any idea what is wrong?
2007-06-19 09:25:58,812 ERROR [
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler]
- <javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated>
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(Unknown
Source)
at
org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname
(StrictSSLProtocolSocketFactory.java:280)
at
org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createSocket
(StrictSSLProtocolSocketFactory.java:223)
at org.apache.commons.httpclient.HttpConnection.open(
HttpConnection.java:706)
at
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open
(MultiThreadedHttpConnectionManager.java:1321)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(
HttpMethodDirector.java:386)
at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(
HttpMethodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMethod(
HttpClient.java:396)
at org.apache.commons.httpclient.HttpClient.executeMethod(
HttpClient.java:324)
at
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler.authenticate
(HttpBasedServiceCredentialsAuthenticationHandler.java:75)
at
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(
AuthenticationManagerImpl.java:79)
at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
(CentralAuthenticationServiceImpl.java:194)
at
org.jasig.cas.web.ServiceValidateController.handleRequestInternal(
ServiceValidateController.java:159)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(
AbstractController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(
SimpleControllerHandlerAdapter.java:48)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(
DispatcherServlet.java:819)
at org.springframework.web.servlet.DispatcherServlet.doService
(DispatcherServlet.java:754)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(
FrameworkServlet.java:399)
at org.springframework.web.servlet.FrameworkServlet.doGet(
FrameworkServlet.java:354)
at javax.servlet.http.HttpServlet.service(HttpServlet.java
:690)
at javax.servlet.http.HttpServlet.service(HttpServlet.java
:803)
at org.jasig.cas.web.init.SafeDispatcherServlet.service(
SafeDispatcherServlet.java:115)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(
StandardWrapperValve.java:228)
at org.apache.catalina.core.StandardContextValve.invoke(
StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke(
StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(
ErrorReportValve.java:104)
at org.apache.catalina.core.StandardEngineValve.invoke(
StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(
CoyoteAdapter.java:216)
at org.apache.coyote.http11.Http11Processor.process(
Http11Processor.java:844)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(
Http11Protocol.java:634)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(
JIoEndpoint.java:445)
at java.lang.Thread.run(Unknown Source)
2007-06-19 09:25:58,812 INFO [
org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandlerfailed
to authenticate the user which provided the following credentials:
https://nacdnws002l.northlandcc.net:8443/casProxy/receptor>
2007-06-19 09:25:58,812 ERROR [org.jasig.cas.web.ServiceValidateController]
- <TicketException generating ticket for:
https://nacdnws002l.northlandcc.net:8443/casProxy/receptor>
org.jasig.cas.ticket.TicketCreationException:
error.authentication.credentials.bad
at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
(CentralAuthenticationServiceImpl.java:215)
at
org.jasig.cas.web.ServiceValidateController.handleRequestInternal(
ServiceValidateController.java:159)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(
AbstractController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(
SimpleControllerHandlerAdapter.java:48)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(
DispatcherServlet.java:819)
at org.springframework.web.servlet.DispatcherServlet.doService
(DispatcherServlet.java:754)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(
FrameworkServlet.java:399)
at org.springframework.web.servlet.FrameworkServlet.doGet(
FrameworkServlet.java:354)
at javax.servlet.http.HttpServlet.service(HttpServlet.java
:690)
at javax.servlet.http.HttpServlet.service(HttpServlet.java
:803)
at org.jasig.cas.web.init.SafeDispatcherServlet.service(
SafeDispatcherServlet.java:115)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(
StandardWrapperValve.java:228)
at org.apache.catalina.core.StandardContextValve.invoke(
StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke(
StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(
ErrorReportValve.java:104)
at org.apache.catalina.core.StandardEngineValve.invoke(
StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(
CoyoteAdapter.java:216)
at org.apache.coyote.http11.Http11Processor.process(
Http11Processor.java:844)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(
Http11Protocol.java:634)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(
JIoEndpoint.java:445)
at java.lang.Thread.run(Unknown Source)
Caused by: error.authentication.credentials.bad
at
org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException
.<clinit>(BadCredentialsAuthenticationException.java:25)
at
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(
AuthenticationManagerImpl.java:105)
at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
(CentralAuthenticationServiceImpl.java:194)
... 22 more
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas