Scott Battaglia wrote: > Bob, > > It looks like it tried to make a proxy granting ticket for > https://drupal.uoregon.edu/ but was unable to (adding logging for the > HttpBasedAuthenticationHandler might narrow down the reason. > > -Scott > > On 10/4/07, Bob Rotsted <[EMAIL PROTECTED]> wrote: >> Hi all, >> I am using Tomcat behind Apache with Apache2::AuthCAS for my services. >> As I understand it, in order to get CAS to authenticate correctly I must >> first import my CAS server's SSL certificate into the java keystore. As >> of now, I have imported my public ssl key into the java keystore with >> alias 'tomcat' yet I am still getting a "Invalid Service Response" >> error. This is what shows up in my cas.log when I try to authenticate: >> >> 2007-10-04 11:45:03,676 INFO >> [org.jasig.cas.authentication.AuthenticationManagerImpl] - >> AuthenticationHandler: >> >> org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler >> successfully authenticated the user which provided the following >> credentials: rrotsted >> 2007-10-04 11:45:03,677 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service >> ticket [ST-5-GItdoxQZzuUR0PTfhhO3wy6FZzGXuesRA61-20] for service >> [https://drupal.uoregon.edu] for user [rrotsted] >> 2007-10-04 11:45:03,731 INFO >> [org.jasig.cas.authentication.AuthenticationManagerImpl] - >> AuthenticationHandler: >> >> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler >> failed to authenticate the user which provided the following >> credentials: https://drupal.uoregon.edu/ >> 2007-10-04 11:45:03,732 ERROR >> [org.jasig.cas.web.ServiceValidateController] - TicketException >> generating ticket for: https://drupal.uoregon.edu/ >> org.jasig.cas.ticket.TicketCreationException: >> error.authentication.credentials.bad >> at >> >> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket >> (CentralAuthenticationServiceImpl.java:271) >> at >> org.jasig.cas.web.ServiceValidateController.handleRequestInternal( >> ServiceValidateController.java:124) >> at >> org.springframework.web.servlet.mvc.AbstractController.handleRequest( >> AbstractController.java:153) >> at >> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle( >> SimpleControllerHandlerAdapter.java:48) >> at >> org.springframework.web.servlet.DispatcherServlet.doDispatch( >> DispatcherServlet.java:857) >> at >> org.springframework.web.servlet.DispatcherServlet.doService( >> DispatcherServlet.java:792) >> at >> org.springframework.web.servlet.FrameworkServlet.processRequest( >> FrameworkServlet.java:475) >> at >> org.springframework.web.servlet.FrameworkServlet.doGet( >> FrameworkServlet.java:430) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >> at >> org.jasig.cas.web.init.SafeDispatcherServlet.service( >> SafeDispatcherServlet.java:115) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( >> ApplicationFilterChain.java:269) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter( >> ApplicationFilterChain.java:188) >> at >> org.apache.catalina.core.StandardWrapperValve.invoke( >> StandardWrapperValve.java:213) >> at >> org.apache.catalina.core.StandardContextValve.invoke( >> StandardContextValve.java:174) >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java >> :127) >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java >> :117) >> at >> org.apache.catalina.core.StandardEngineValve.invoke( >> StandardEngineValve.java:108) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java >> :151) >> at >> org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200) >> at >> org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) >> at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java >> :773) >> at >> org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java >> :703) >> at >> org.apache.jk.common.ChannelSocket$SocketConnection.runIt( >> ChannelSocket.java:895) >> at >> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( >> ThreadPool.java:689) >> at java.lang.Thread.run(Thread.java:619) >> Caused by: error.authentication.credentials.bad >> at >> org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException >> .<clinit>(BadCredentialsAuthenticationException.java:25) >> at >> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate( >> AuthenticationManagerImpl.java:108) >> at >> org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket( >> CentralAuthenticationServiceImpl.java:383) >> at >> org.jasig.cas.web.flow.AuthenticationViaFormAction.submit( >> AuthenticationViaFormAction.java:107) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java >> :39) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke( >> DelegatingMethodAccessorImpl.java:25) >> at java.lang.reflect.Method.invoke(Method.java:597) >> at >> org.springframework.webflow.util.DispatchMethodInvoker.invoke( >> DispatchMethodInvoker.java:103) >> at >> org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java >> :136) >> at >> org.springframework.webflow.action.AbstractAction.execute( >> AbstractAction.java:203) >> at >> org.springframework.webflow.engine.AnnotatedAction.execute( >> AnnotatedAction.java:142) >> at >> org.springframework.webflow.engine.ActionExecutor.execute( >> ActionExecutor.java:61) >> at >> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java >> :180) >> at org.springframework.webflow.engine.State.enter(State.java:200) >> at >> org.springframework.webflow.engine.Transition.execute(Transition.java:229) >> at >> org.springframework.webflow.engine.TransitionableState.onEvent( >> TransitionableState.java:112) >> at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572) >> at >> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent >> (RequestControlContextImpl.java:208) >> at >> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java >> :185) >> at org.springframework.webflow.engine.State.enter(State.java:200) >> at >> org.springframework.webflow.engine.Transition.execute(Transition.java:229) >> at >> org.springframework.webflow.engine.TransitionableState.onEvent( >> TransitionableState.java:112) >> at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572) >> at >> >> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent >> (RequestControlContextImpl.java:208) >> at >> org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent( >> FlowExecutionImpl.java:214) >> at >> org.springframework.webflow.executor.FlowExecutorImpl.resume( >> FlowExecutorImpl.java:245) >> at >> >> org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest >> (FlowRequestHandler.java:115) >> at >> >> org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal >> (FlowController.java:172) >> at >> org.springframework.web.servlet.mvc.AbstractController.handleRequest( >> AbstractController.java:153) >> at >> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle( >> SimpleControllerHandlerAdapter.java:48) >> at >> org.springframework.web.servlet.DispatcherServlet.doDispatch( >> DispatcherServlet.java:857) >> at >> org.springframework.web.servlet.DispatcherServlet.doService( >> DispatcherServlet.java:792) >> at >> org.springframework.web.servlet.FrameworkServlet.processRequest( >> FrameworkServlet.java:475) >> at >> org.springframework.web.servlet.FrameworkServlet.doPost( >> FrameworkServlet.java:440) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) >> ... 17 more >> >> Any suggestions would be greatly appreciated! >> >> Thanks, >> Bob Rotsted >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas
Scott- After turning up logging for the HttpBasedServiceCredentialsAuthenticationHandler on my CAS server, I was unable to further diagnose the problem. I did however notice an error from my AuthCAS service's log file. It appears that the service is unable to validate service tickets. Any suggestions? [Mon Oct 08 09:57:57 2007] [alert] [client 128.223.61.74] CAS(7104): setHeader: Setting header: Location = https://slam.uoregon.edu/cas/error/?login_url=https://slam.uoregon.edu: 443/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2Fuser&errcode=Invalid Service Response, referer: https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.e du%2Fuser [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: Apache Config: [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: DbDataSource => sid=cas;host=localhost;port=3306 [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: DbDriver => mysql [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: DbPass => ****** [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: DbSessionTable => cas_sessions [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: DbUser => cas [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: ErrorUrl => https://slam.uoregon.edu/cas/error/ [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: Host => slam.uoregon.edu [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: LogLevel => 4 [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: LoginUri => /cas/login [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: LogoutUri => /cas/logout [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: NumProxyTickets => 1 [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: Port => 443 [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: PretendBasicAuth => undef [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: ProxyService => false [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: ProxyUri => /cas/proxy [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: ProxyValidateUri => /cas/proxyValidate [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: RemoveTicket => 546548 [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: Service => https://drupal.uoregon.edu/user [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: ServiceValidateUri => /cas/serviceValidate [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: SessionCookieDomain => undef [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: SessionCookieName => APACHECAS [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): getApacheConfig: SessionTimeout => 1800 [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): cleanup: counter=1 [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): delete_expired_sessions: deleting sessions older than '1191835704' [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): delete_expired_sessions: error deleting expired sessions [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): authenticate: authenticated='' [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): parse_query_parameters: PARAM: 'ticket' => 'ST-3-spLH0qDZlrwr2FTgO9nbY5FHJVwrB12i7IR-20' [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): authenticate: cookie found: '__utma=32862522.1333826686.1189012244.1189012244.1189012244.1; __utmz=32862522.1 189012244.1.1.utmccn=(organic)|utmcsr=google|utmctr=microcomputer+services|utmcmd=organic; PHPSESSID=625f1c99702ad93d9488a5c5a14c6b8b' [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): authenticate: no session id found [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): validate_service_ticket: Validating service ticket 'ST-3-spLH0qDZlrwr2FTgO9nbY5FHJVwrB12i7IR-20' for service 'https%3A%2F%2Fdrupal.uoregon.edu%2Fuser' [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): validate_service_ticket: request URL: '/cas/proxyValidate?pgtUrl=https://drupal.uoregon.edu/user&service=http s%3A%2F%2Fdrupal.uoregon.edu%2Fuser&ticket=ST-3-spLH0qDZlrwr2FTgO9nbY5FHJVwrB12i7IR-20' [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): validate_service_ticket: response page: [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): validate_service_ticket: invalid service response [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): redirect: redirecting to url: 'https://slam.uoregon.edu/cas/error/' service: 'https%3A%2F%2Fdrupal.uoregon.ed u%2Fuser' [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): setHeader: Setting header: CAS_FILTER_CAS_HOST = slam.uoregon.edu [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): setHeader: Setting header: CAS_FILTER_CAS_PORT = 443 [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): setHeader: Setting header: CAS_FILTER_CAS_LOGIN_URI = /cas/login [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): setHeader: Setting header: CAS_FILTER_SERVICE = https%3A%2F%2Fdrupal.uoregon.edu%2Fuser [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): redirect: redirecting to error page [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): setHeader: Setting header: Location = https://slam.uoregon.edu/cas/error/?login_url=https://slam.uoregon.edu: 443/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2Fuser&errcode=Invalid Service Response _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
