Hi, I have the same exception when i try to get a proxy ticket from my service. do you resolve this problem?
Thanks, 2007/10/9, Bob Rotsted <[EMAIL PROTECTED]>: > > Scott Battaglia wrote: > > Bob, > > > > It looks like it tried to make a proxy granting ticket for > > https://drupal.uoregon.edu/ but was unable to (adding logging for the > > HttpBasedAuthenticationHandler might narrow down the reason. > > > > -Scott > > > > On 10/4/07, Bob Rotsted <[EMAIL PROTECTED]> wrote: > >> Hi all, > >> I am using Tomcat behind Apache with Apache2::AuthCAS for my services. > >> As I understand it, in order to get CAS to authenticate correctly I > must > >> first import my CAS server's SSL certificate into the java keystore. As > >> of now, I have imported my public ssl key into the java keystore with > >> alias 'tomcat' yet I am still getting a "Invalid Service Response" > >> error. This is what shows up in my cas.log when I try to authenticate: > >> > >> 2007-10-04 11:45:03,676 INFO > >> [org.jasig.cas.authentication.AuthenticationManagerImpl] - > >> AuthenticationHandler: > >> > >> > org.jasig.cas.adaptors.radius.authentication.handler.support.RadiusAuthenticationHandler > >> successfully authenticated the user which provided the following > >> credentials: rrotsted > >> 2007-10-04 11:45:03,677 INFO > >> [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service > >> ticket [ST-5-GItdoxQZzuUR0PTfhhO3wy6FZzGXuesRA61-20] for service > >> [https://drupal.uoregon.edu] for user [rrotsted] > >> 2007-10-04 11:45:03,731 INFO > >> [org.jasig.cas.authentication.AuthenticationManagerImpl] - > >> AuthenticationHandler: > >> > >> > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler > >> failed to authenticate the user which provided the following > >> credentials: https://drupal.uoregon.edu/ > >> 2007-10-04 11:45:03,732 ERROR > >> [org.jasig.cas.web.ServiceValidateController] - TicketException > >> generating ticket for: https://drupal.uoregon.edu/ > >> org.jasig.cas.ticket.TicketCreationException: > >> error.authentication.credentials.bad > >> at > >> > >> > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket > >> (CentralAuthenticationServiceImpl.java:271) > >> at > >> org.jasig.cas.web.ServiceValidateController.handleRequestInternal( > >> ServiceValidateController.java:124) > >> at > >> org.springframework.web.servlet.mvc.AbstractController.handleRequest( > >> AbstractController.java:153) > >> at > >> > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle( > >> SimpleControllerHandlerAdapter.java:48) > >> at > >> org.springframework.web.servlet.DispatcherServlet.doDispatch( > >> DispatcherServlet.java:857) > >> at > >> org.springframework.web.servlet.DispatcherServlet.doService( > >> DispatcherServlet.java:792) > >> at > >> org.springframework.web.servlet.FrameworkServlet.processRequest( > >> FrameworkServlet.java:475) > >> at > >> org.springframework.web.servlet.FrameworkServlet.doGet( > >> FrameworkServlet.java:430) > >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) > >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > >> at > >> org.jasig.cas.web.init.SafeDispatcherServlet.service( > >> SafeDispatcherServlet.java:115) > >> at > >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( > >> ApplicationFilterChain.java:269) > >> at > >> org.apache.catalina.core.ApplicationFilterChain.doFilter( > >> ApplicationFilterChain.java:188) > >> at > >> org.apache.catalina.core.StandardWrapperValve.invoke( > >> StandardWrapperValve.java:213) > >> at > >> org.apache.catalina.core.StandardContextValve.invoke( > >> StandardContextValve.java:174) > >> at > >> org.apache.catalina.core.StandardHostValve.invoke( > StandardHostValve.java > >> :127) > >> at > >> org.apache.catalina.valves.ErrorReportValve.invoke( > ErrorReportValve.java > >> :117) > >> at > >> org.apache.catalina.core.StandardEngineValve.invoke( > >> StandardEngineValve.java:108) > >> at > >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java > >> :151) > >> at > >> org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200) > >> at > >> org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) > >> at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java > >> :773) > >> at > >> org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java > >> :703) > >> at > >> org.apache.jk.common.ChannelSocket$SocketConnection.runIt( > >> ChannelSocket.java:895) > >> at > >> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > >> ThreadPool.java:689) > >> at java.lang.Thread.run(Thread.java:619) > >> Caused by: error.authentication.credentials.bad > >> at > >> > org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException > >> .<clinit>(BadCredentialsAuthenticationException.java:25) > >> at > >> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate( > >> AuthenticationManagerImpl.java:108) > >> at > >> > org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket( > >> CentralAuthenticationServiceImpl.java:383) > >> at > >> org.jasig.cas.web.flow.AuthenticationViaFormAction.submit( > >> AuthenticationViaFormAction.java:107) > >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > >> at > >> sun.reflect.NativeMethodAccessorImpl.invoke( > NativeMethodAccessorImpl.java > >> :39) > >> at > >> sun.reflect.DelegatingMethodAccessorImpl.invoke( > >> DelegatingMethodAccessorImpl.java:25) > >> at java.lang.reflect.Method.invoke(Method.java:597) > >> at > >> org.springframework.webflow.util.DispatchMethodInvoker.invoke( > >> DispatchMethodInvoker.java:103) > >> at > >> org.springframework.webflow.action.MultiAction.doExecute( > MultiAction.java > >> :136) > >> at > >> org.springframework.webflow.action.AbstractAction.execute( > >> AbstractAction.java:203) > >> at > >> org.springframework.webflow.engine.AnnotatedAction.execute( > >> AnnotatedAction.java:142) > >> at > >> org.springframework.webflow.engine.ActionExecutor.execute( > >> ActionExecutor.java:61) > >> at > >> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java > >> :180) > >> at org.springframework.webflow.engine.State.enter(State.java > :200) > >> at > >> org.springframework.webflow.engine.Transition.execute(Transition.java > :229) > >> at > >> org.springframework.webflow.engine.TransitionableState.onEvent( > >> TransitionableState.java:112) > >> at org.springframework.webflow.engine.Flow.onEvent(Flow.java > :572) > >> at > >> > >> > org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent > >> (RequestControlContextImpl.java:208) > >> at > >> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java > >> :185) > >> at org.springframework.webflow.engine.State.enter(State.java > :200) > >> at > >> org.springframework.webflow.engine.Transition.execute(Transition.java > :229) > >> at > >> org.springframework.webflow.engine.TransitionableState.onEvent( > >> TransitionableState.java:112) > >> at org.springframework.webflow.engine.Flow.onEvent(Flow.java > :572) > >> at > >> > >> > org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent > >> (RequestControlContextImpl.java:208) > >> at > >> org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent( > >> FlowExecutionImpl.java:214) > >> at > >> org.springframework.webflow.executor.FlowExecutorImpl.resume( > >> FlowExecutorImpl.java:245) > >> at > >> > >> > org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest > >> (FlowRequestHandler.java:115) > >> at > >> > >> > org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal > >> (FlowController.java:172) > >> at > >> org.springframework.web.servlet.mvc.AbstractController.handleRequest( > >> AbstractController.java:153) > >> at > >> > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle( > >> SimpleControllerHandlerAdapter.java:48) > >> at > >> org.springframework.web.servlet.DispatcherServlet.doDispatch( > >> DispatcherServlet.java:857) > >> at > >> org.springframework.web.servlet.DispatcherServlet.doService( > >> DispatcherServlet.java:792) > >> at > >> org.springframework.web.servlet.FrameworkServlet.processRequest( > >> FrameworkServlet.java:475) > >> at > >> org.springframework.web.servlet.FrameworkServlet.doPost( > >> FrameworkServlet.java:440) > >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > >> ... 17 more > >> > >> Any suggestions would be greatly appreciated! > >> > >> Thanks, > >> Bob Rotsted > >> _______________________________________________ > >> Yale CAS mailing list > >> [email protected] > >> http://tp.its.yale.edu/mailman/listinfo/cas > >> > > > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > Scott- > > After turning up logging for the > HttpBasedServiceCredentialsAuthenticationHandler on my CAS server, I was > unable to further diagnose the problem. I did however notice an error > from my AuthCAS service's log file. It appears that the service is > unable to validate service tickets. Any suggestions? > > [Mon Oct 08 09:57:57 2007] [alert] [client 128.223.61.74] CAS(7104): > setHeader: Setting header: Location = > https://slam.uoregon.edu/cas/error/?login_url=https://slam.uoregon.edu: > > 443/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2Fuser&errcode=Invalid > Service Response, referer: > https://slam.uoregon.edu/cas/login?service=https%3A%2F%2Fdrupal.uoregon.e > du%2Fuser > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: Apache Config: > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: DbDataSource => sid=cas;host=localhost;port=3306 > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: DbDriver => mysql > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: DbPass => ****** > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: DbSessionTable => cas_sessions > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: DbUser => cas > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: ErrorUrl => https://slam.uoregon.edu/cas/error/ > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: Host => slam.uoregon.edu > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: LogLevel => 4 > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: LoginUri => /cas/login > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: LogoutUri => /cas/logout > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: NumProxyTickets => 1 > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: Port => 443 > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: PretendBasicAuth => undef > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: ProxyService => false > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: ProxyUri => /cas/proxy > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: ProxyValidateUri => /cas/proxyValidate > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: RemoveTicket => 546548 > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: Service => https://drupal.uoregon.edu/user > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: ServiceValidateUri => /cas/serviceValidate > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: SessionCookieDomain => undef > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: SessionCookieName => APACHECAS > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > getApacheConfig: SessionTimeout => 1800 > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > cleanup: counter=1 > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > delete_expired_sessions: deleting sessions older than '1191835704' > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > delete_expired_sessions: error deleting expired sessions > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > authenticate: authenticated='' > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > parse_query_parameters: PARAM: 'ticket' => > 'ST-3-spLH0qDZlrwr2FTgO9nbY5FHJVwrB12i7IR-20' > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > authenticate: cookie found: > '__utma=32862522.1333826686.1189012244.1189012244.1189012244.1; > __utmz=32862522.1 > 189012244.1.1.utmccn= > (organic)|utmcsr=google|utmctr=microcomputer+services|utmcmd=organic; > PHPSESSID=625f1c99702ad93d9488a5c5a14c6b8b' > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > authenticate: no session id found > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > validate_service_ticket: Validating service ticket > 'ST-3-spLH0qDZlrwr2FTgO9nbY5FHJVwrB12i7IR-20' for service > 'https%3A%2F%2Fdrupal.uoregon.edu%2Fuser' > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > validate_service_ticket: request URL: > '/cas/proxyValidate?pgtUrl=https://drupal.uoregon.edu/user&service=http > > s%3A%2F%2Fdrupal.uoregon.edu%2Fuser&ticket=ST-3-spLH0qDZlrwr2FTgO9nbY5FHJVwrB12i7IR-20' > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > validate_service_ticket: response page: > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > validate_service_ticket: invalid service response > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > redirect: redirecting to url: 'https://slam.uoregon.edu/cas/error/' > service: 'https%3A%2F%2Fdrupal.uoregon.ed > u%2Fuser' > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > setHeader: Setting header: CAS_FILTER_CAS_HOST = slam.uoregon.edu > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > setHeader: Setting header: CAS_FILTER_CAS_PORT = 443 > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > setHeader: Setting header: CAS_FILTER_CAS_LOGIN_URI = /cas/login > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > setHeader: Setting header: CAS_FILTER_SERVICE = > https%3A%2F%2Fdrupal.uoregon.edu%2Fuser > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > redirect: redirecting to error page > [Mon Oct 08 09:58:24 2007] [alert] [client 128.223.61.74] CAS(7106): > setHeader: Setting header: Location = > https://slam.uoregon.edu/cas/error/?login_url=https://slam.uoregon.edu: > > 443/cas/login?service=https%3A%2F%2Fdrupal.uoregon.edu%2Fuser&errcode=Invalid > Service Response > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > -- Zahia IKHTEAH
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
