Hello Im trying to get cas-server and cas-client to work for ldap authentication to MSAD for Shibboleth-IdP/SSO
So far I'm using the package provided here shib.kuleuven.be/docs/idp which is basically what I need Shibboleth with CAS on the back end doing the connection to AD etc. I have set logging on everything to DEBUG and see quite a bit.. I also have things working somewhat as I can see the username being authenticated on the AD server side through logs there. It seems to die at a ticket problem.. Or is this related to certificates ?? Here is the error that I get: == /opt/tomcat5/logs/tomcat.log 13:51:10,199 [TP-Processor6] DEBUG Action 'AuthenticationViaFormAction' beginning execution - org.jasig.cas.web.flow.AuthenticationViaForm Action [20071004] 13:51:10,205 [TP-Processor6] DEBUG Executing bind - org.jasig.cas.web.flow.AuthenticationViaFormAction [20071004] 13:51:10,206 [TP-Processor6] DEBUG Loading new form object - org.jasig.cas.web.flow.AuthenticationViaFormAction [20071004] 13:51:10,207 [TP-Processor6] DEBUG Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswo rdCredentials] - org.jasig.cas.web.flow.AuthenticationViaFormAction[20071004] 13:51:10,208 [TP-Processor6] DEBUG Setting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope [class org.springframework.webflow.ScopeType.Flow (1)] with name 'credentials' - org.jasig.cas.web.flow.AuthenticationViaFormActi on [20071004] 13:51:10,244 [TP-Processor6] DEBUG No property editor registrar set, no custom editors to register - org.jasig.cas.web.flow.Authentication ViaFormAction [20071004] 13:51:10,269 [TP-Processor6] DEBUG Binding allowed request parameters in map['lt' -> '_c025B5288-CE44-A636-26C1-03360144BE32_kDFEE0594-228 5-6890-46C6-8E9398DA2FAF', 'service' -> ' https://k2.cc.iup.edu/shibboleth-idp/SSO?shire=https%3A%2F%2Faktag.cc.iup.edu%2FShibboleth.sso%2F SAML%2FPOST&time=1191519847&target=cookie&providerId=https%3A%2F%2Faktag.cc.iup.edu%2Fshibboleth%2Fk2%2Fsp', '_eventId' -> 'submit', 'pass word' -> 'welcome1', '_currentStateId' -> '', 'username' -> 'testuser'] to form object with name 'credentials', pre-bind formObject toStri ng = null - org.jasig.cas.web.flow.AuthenticationViaFormAction [20071004] 13:51:10,269 [TP-Processor6] DEBUG (Any field is allowed) - org.jasig.cas.web.flow.AuthenticationViaFormAction [20071004] 13:51:10,292 [TP-Processor6] DEBUG Binding completed for form object with name 'credentials', post-bind formObject toString = testuser - o rg.jasig.cas.web.flow.AuthenticationViaFormAction [20071004] 13:51:10,293 [TP-Processor6] DEBUG There are [0] errors, details: [] - org.jasig.cas.web.flow.AuthenticationViaFormAction [20071004] 13:51:10,294 [TP-Processor6] DEBUG Setting form errors instance in scope [class org.springframework.webflow.ScopeType.Request (0)] - org.j asig.cas.web.flow.AuthenticationViaFormAction [20071004] 13:51:10,298 [TP-Processor6] DEBUG Executing validate - org.jasig.cas.web.flow.AuthenticationViaFormAction [20071004] 13:51:10,299 [TP-Processor6] DEBUG Invoking validator [EMAIL PROTECTED] - org.jasig.cas .web.flow.AuthenticationViaFormAction [20071004] 13:51:10,303 [TP-Processor6] DEBUG Validation completed for form object with name 'credentials' - org.jasig.cas.web.flow.AuthenticationVia FormAction [20071004] 13:51:10,304 [TP-Processor6] DEBUG There are [0] errors, details: [] - org.jasig.cas.web.flow.AuthenticationViaFormAction [20071004] 13:51:10,305 [TP-Processor6] DEBUG Action 'AuthenticationViaFormAction' completed execution; result is 'success' - org.jasig.cas.web.flow. AuthenticationViaFormAction [20071004] 13:51:10,305 [TP-Processor6] DEBUG Action 'AuthenticationViaFormAction' beginning execution - org.jasig.cas.web.flow.AuthenticationViaForm Action [20071004] 13:51:10,306 [TP-Processor6] DEBUG Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principa l.UsernamePasswordCredentials] in scope [class org.springframework.webflow.ScopeType.Flow (1)] - org.jasig.cas.web.flow.AuthenticationViaF ormAction [20071004] 13:51:10,365 [TP-Processor6] INFO AuthenticationHandler: org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully authentic ated the user which provided the following credentials: testuser - org.jasig.cas.authentication.AuthenticationManagerImpl [20071004] 13:51:10,365 [TP-Processor6] DEBUG Creating SimplePrincipal for [testuser] - org.jasig.cas.authentication.principal.UsernamePasswordCreden tialsToPrincipalResolver [20071004] 13:51:10,381 [TP-Processor6] DEBUG Added ticket [TGT-2-PFMtLkwBFbFC9ErY2hVFBkSWYSbdNyGpRp6-50] to registry. - org.jasig.cas.ticket.registr y.DefaultTicketRegistry [20071004] 13:51:10,382 [TP-Processor6] DEBUG Action 'AuthenticationViaFormAction' completed execution; result is 'success' - org.jasig.cas.web.flow. AuthenticationViaFormAction [20071004] 13:51:10,383 [TP-Processor6] DEBUG Action 'SendTicketGrantingTicketAction' beginning execution - org.jasig.cas.web.flow.SendTicketGranting TicketAction [20071004] 13:51:10,384 [TP-Processor6] DEBUG Action 'SendTicketGrantingTicketAction' completed execution; result is 'success' - org.jasig.cas.web.fl ow.SendTicketGrantingTicketAction [20071004] 13:51:10,385 [TP-Processor6] DEBUG Action 'HasServiceCheckAction' beginning execution - org.jasig.cas.web.flow.HasServiceCheckAction [2007 1004] 13:51:10,386 [TP-Processor6] DEBUG Action 'HasServiceCheckAction' completed execution; result is 'hasService' - org.jasig.cas.web.flow.Has ServiceCheckAction [20071004] 13:51:10,387 [TP-Processor6] DEBUG Action 'GenerateServiceTicketAction' beginning execution - org.jasig.cas.web.flow.GenerateServiceTicket Action [20071004] 13:51:10,400 [TP-Processor6] DEBUG Attempting to retrieve ticket [TGT-2-PFMtLkwBFbFC9ErY2hVFBkSWYSbdNyGpRp6-50] - org.jasig.cas.ticket.reg istry.DefaultTicketRegistry [20071004] 13:51:10,401 [TP-Processor6] DEBUG Ticket [TGT-2-PFMtLkwBFbFC9ErY2hVFBkSWYSbdNyGpRp6-50] found in registry. - org.jasig.cas.ticket.registr y.DefaultTicketRegistry [20071004] 13:51:10,405 [TP-Processor6] DEBUG Added ticket [ST-2-uaefuYhGGxF2WZO5hpRvNpVY7wwzUEppBeO-20] to registry. - org.jasig.cas.ticket.registry .DefaultTicketRegistry [20071004] 13:51:10,406 [TP-Processor6] INFO Granted service ticket [ST-2-uaefuYhGGxF2WZO5hpRvNpVY7wwzUEppBeO-20] for service [ https://k2.cc.iup.edu /shibboleth-idp/SSO?shire=https%3A%2F%2Faktag.cc.iup.edu%2FShibboleth.sso%2FSAML%2FPOST&time=1191519847&target=cookie&providerId=https%3A% 2F%2Faktag.cc.iup.edu%2Fshibboleth%2Fk2%2Fsp] for user [testuser] - org.jasig.cas.CentralAuthenticationServiceImpl [20071004] 13:51:10,407 [TP-Processor6] DEBUG Action 'GenerateServiceTicketAction' completed execution; result is 'success' - org.jasig.cas.web.flow. GenerateServiceTicketAction [20071004] 13:51:10,407 [TP-Processor6] DEBUG Action 'WarnAction' beginning execution - org.jasig.cas.web.flow.WarnAction [20071004] 13:51:10,408 [TP-Processor6] DEBUG Action 'WarnAction' completed execution; result is 'redirect' - org.jasig.cas.web.flow.WarnAction [2007 1004] 13:51:11,018 [ edu.internet2.middleware.shibboleth.common.provider.SharedMemoryShibHandle.HandleCache.MemoryRepositoryCleaner] DEBUG Memory cache handle cache cleanup thread searching for stale entries. - edu.internet2.middleware.shibboleth.common.provider.HandleCache [20071004] 13:51:11,880 [ edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverCacher.Cleaner] DEBUG Resolver Cache cleanup thread searching cach e for stale entries. - edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverCache [20071004] 13:51:11,948 [TP-Processor5] ERROR edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.ya le.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [ edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[ https://k2.c c.iup.edu/cas/serviceValidate] ticket=[ST-2-uaefuYhGGxF2WZO5hpRvNpVY7wwzUEppBeO-20] service=[https%3A%2F%2Fk2.cc.iup.edu%2Fshibboleth-idp% 2FSSO%3Fshire%3Dhttps%253A%252F%252Faktag.cc.iup.edu%252FShibboleth.sso%252FSAML%252FPOST%26time%3D1191519847%26target%3Dcookie%26provider Id%3Dhttps%253A%252F%252Faktag.cc.iup.edu%252Fshibboleth%252Fk2%252Fsp] renew=false]]] - edu.yale.its.tp.cas.client.CASReceipt [20071004] 13:51:11,949 [TP-Processor5] ERROR edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.ya le.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [ edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[ https://k2.c c.iup.edu/cas/serviceValidate] ticket=[ST-2-uaefuYhGGxF2WZO5hpRvNpVY7wwzUEppBeO-20] service=[https%3A%2F%2Fk2.cc.iup.edu%2Fshibboleth-idp% 2FSSO%3Fshire%3Dhttps%253A%252F%252Faktag.cc.iup.edu%252FShibboleth.sso%252FSAML%252FPOST%26time%3D1191519847%26target%3Dcookie%26provider Id%3Dhttps%253A%252F%252Faktag.cc.iup.edu%252Fshibboleth%252Fk2%252Fsp] renew=false]]] - edu.yale.its.tp.cas.client.filter.CASFilter [2007 1004] 13:51:11,954 [TP-Processor5] ERROR Servlet.service() for servlet IdP threw exception - org.apache.catalina.core.ContainerBase.[Catalina].[ localhost].[/shibboleth-idp].[IdP] [20071004] sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate( ServiceTicketValidator.java:212) at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java :50) at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser( CASFilter.java:455) at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter( CASFilter.java:378) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter( ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke( StandardWrapperValve.java:210) at org.apache.catalina.core.StandardContextValve.invoke( StandardContextValve.java:174) at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke( ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke( StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service( CoyoteAdapter.java:151) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java :200) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java :283) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773) at org.apache.jk.common.ChannelSocket.processConnection( ChannelSocket.java:703) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt( ChannelSocket.java:895) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( ThreadPool.java:685) at java.lang.Thread.run(Unknown Source) 13:51:11,955 [ edu.internet2.middleware.shibboleth.idp.provider.MemoryArtifactMapper..MemoryArtifactCleaner] DEBUG Memory-based artifact ma pper cleanup thread searching for stale entries. - edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper[20071004] 13:51:12,377 [Thread-13] DEBUG Checking for updates to resource (file:/usr/local/shib-idp/etc/my-metadata.xml) - edu.internet2.middleware. shibboleth.common.ResourceWatchdog [20071004] Thanks for any help .. -- :wq! kevin.foote
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
