If you're not seeing the Spnego*Actions being run in the log file it means one of two things: 1. You haven't actually deployed your changed Spring Webflow configuration file 2. The Spring Webflow is misconfigured to not actually go to the Spnego actions.
I would confirm that the webflow configuration deployed in CAS (i.e. TOMCAT_HOME/webapps/cas/WEB-INF/) actually contains the correct configuration items. -Scott On 10/22/07, Premkumar Natarajan <[EMAIL PROTECTED]> wrote: > > > Hi Arnold: > > I followed all the steps that are given at : > http://www.ja-sig.org/wiki/display/CASUM/SPNEGO > > - I have a kerberos keytab file that works with Vintela on my desktop. I'm > pointing to the same kerberos keytab file in login.conf. > - Yes, the logger is in debug mode on the class : > org.jasig.cas.support.spnego.web.flow.* . However I couldn't see it > activated when I submit login form. > > - The application works for simple password authentication e.g: demo,demo. > > - But spnego is not activated. > - the keytab file works with vintela > - [i'm curious to know how I can plugin vintela to the configuration, > instead of spnego]. Though I do not prefer using vintela. > > > > To quickly browse through spnego changes in above config file, please > search for "prem" > > > Thank you for your help > > Prem > > > > *"Arnaud Lesueur" <[EMAIL PROTECTED]>* > Sent by: [EMAIL PROTECTED] > > 22/10/2007 03:07 PM Please respond to > Yale CAS mailing list <[email protected]> > > To > "Yale CAS mailing list" <[email protected]> cc > > Subject > Re: CAS Spnego not working > > > > > > > Hi Prem, > > Is the logger is in debug mode on the class : > org.jasig.cas.support.spnego.web.flow.* ? > > Because, there is no reference in your logs so I'm wondering to know if > you have customized your login weblow ? Are you going throught the action > "negociateSpnego" ? I guess the weblow is misconfigured in your case in > fact. > > Regards, > > > Arnaud Lesueur > > > On 10/22/07, *Premkumar Natarajan* <* [EMAIL PROTECTED]<[EMAIL PROTECTED]>> > wrote: > > Hi > > I'm trying to configure CAS with SPNEGO. > > I did all the config shown at : > *http://www.ja-sig.org/wiki/display/CASUM/SPNEGO > * <http://www.ja-sig.org/wiki/display/CASUM/SPNEGO>. However the system > does not use "spnego" while logging in. It only uses the default * > UsernamePasswordCredentials* instead of using spego. > > The following thread of mail that tries to solve this issue is dead half > way : *http://tp.its.yale.edu/pipermail/cas/2006-October/003509.html > *<http://tp.its.yale.edu/pipermail/cas/2006-October/003509.html> > > Please see my log contents. Any help is greately appreciated > > Thanks > Prem > > > > 2007-10-22 13:42:32,234 DEBUG [ > org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - > jcifsServicePrincipal is set to *HTTP/[EMAIL PROTECTED]<HTTP/[EMAIL > PROTECTED]> > 2007-10-22 13:42:32,234 DEBUG [ > org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - > jcifsServicePrincipal is set to *HTTP/[EMAIL PROTECTED]<HTTP/[EMAIL > PROTECTED]> > 2007-10-22 13:42:32,234 DEBUG [ > org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - > kerberosDebug is set to : true > 2007-10-22 13:42:32,234 DEBUG [ > org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - > kerberosDebug is set to : true > 2007-10-22 13:42:32,250 DEBUG [ > org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - > kerberosRealm is set to :*testadsserver.db.com*<http://testadsserver.db.com/> > 2007-10-22 13:42:32,250 DEBUG [ > org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - > kerberosRealm is set to :*testadsserver.db.com*<http://testadsserver.db.com/> > 2007-10-22 13:42:32,250 DEBUG [ > org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - > kerberosKdc is set to : *testnyc.db.com* <http://testnyc.db.com/> > 2007-10-22 13:42:32,250 DEBUG [ > org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - > kerberosKdc is set to : *testnyc.db.com* <http://testnyc.db.com/> > 2007-10-22 13:42:32,265 DEBUG [ > org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - > configured login configuration path : /WEB-INF/login.conf > 2007-10-22 13:42:32,265 DEBUG [ > org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - > configured login configuration path : /WEB-INF/login.conf > 2007-10-22 13:42:33,078 DEBUG [ > org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController] > - Found action method [public org.springframework.web.servlet.ModelAndView > org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController.deleteRegisteredService > (javax.servlet.http.HttpServletRequest, > javax.servlet.http.HttpServletResponse)] > 2007-10-22 13:42:33,078 DEBUG [ > org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController] > - Found action method [public org.springframework.web.servlet.ModelAndView > org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController.manage > (javax.servlet.http.HttpServletRequest, > javax.servlet.http.HttpServletResponse)] > 2007-10-22 13:42:33,187 INFO [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - FormObjectClass not > set. Using default class of > org.jasig.cas.authentication.principal.UsernamePasswordCredentials with > formObjectName credentials and validator > org.jasig.cas.validation.UsernamePasswordCredentialsValidator. > 2007-10-22 13:42:49,640 DEBUG [ > org.jasig.cas.web.flow.InitialFlowSetupAction] - Action > 'InitialFlowSetupAction' beginning execution > 2007-10-22 13:42:49,640 INFO [ > org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting ContextPath for > cookies to: /cas > 2007-10-22 13:42:49,656 DEBUG [ > org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in > FlowScope: > *http://compB-CAClients:8080/servlets-examples/servlet/HelloWorldExample > *<http://compb-caclients:8080/servlets-examples/servlet/HelloWorldExample> > 2007-10-22 13:42:49,671 DEBUG [ > org.jasig.cas.web.flow.InitialFlowSetupAction] - Action > 'InitialFlowSetupAction' completed execution; result is 'success' > 2007-10-22 13:42:49,687 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' beginning execution > 2007-10-22 13:42:49,703 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing setupForm > 2007-10-22 13:42:49,703 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form > object with name 'credentials' > 2007-10-22 13:42:49,703 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new > instance of form object class [class > org.jasig.cas.authentication.principal.UsernamePasswordCredentials] > 2007-10-22 13:42:49,703 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form object > of type [class > org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in > scope Flow with name 'credentials' > 2007-10-22 13:42:49,718 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form > errors for object with name 'credentials' > 2007-10-22 13:42:49,718 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor > registrar set, no custom editors to register > 2007-10-22 13:42:49,734 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors > instance in scope Flash > 2007-10-22 13:42:49,734 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' completed execution; result is 'success' > 2007-10-22 13:42:49,734 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' beginning execution > 2007-10-22 13:42:49,734 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' completed execution; result is 'success' > 2007-10-22 13:42:52,171 INFO [ > org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - > Starting cleaning of expired tickets from ticket registry at [Mon Oct 22 > 13:42:52 EDT 2007] > 2007-10-22 13:42:52,171 INFO [ > org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - 0 > found to be removed. Removing now. > 2007-10-22 13:42:52,171 INFO [ > org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - > Finished cleaning of expired tickets from ticket registry at [Mon Oct 22 > 13:42:52 EDT 2007] > 2007-10-22 13:44:18,031 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' beginning execution > 2007-10-22 13:44:18,031 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing bind > 2007-10-22 13:44:18,031 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing form > object with name 'credentials' of type [class > org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in > scope Flow > 2007-10-22 13:44:18,031 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor > registrar set, no custom editors to register > 2007-10-22 13:44:18,031 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Binding allowed > request parameters in map['lt' -> > '_cEF7140A5-624E-E455-F063-EA90881D6B3D_k432D26F0-AA0E-BDB0-D9E4-F59781DEAD92', > 'service' -> > '*http://compB-CAClients:8080/servlets-examples/servlet/HelloWorldExample > *<http://compb-caclients:8080/servlets-examples/servlet/HelloWorldExample>', > '_eventId' -> 'submit', 'password' -> '123', 'submit' -> 'LOGIN', 'username' > -> 'test'] to form object with name 'credentials', pre-bind formObject > toString = null > 2007-10-22 13:44:18,031 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - (Any field is > allowed) > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Binding completed > for form object with name 'credentials', post-bind formObject toString = > test > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - There are [0] > errors, details: [] > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing validation > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Invoking validator > [EMAIL PROTECTED] > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Validation completed > for form object > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - There are [0] > errors, details: [] > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors > instance in scope Flash > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' completed execution; result is 'success' > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' beginning execution > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing form > object with name 'credentials' of type [class > org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in > scope Flow > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.CentralAuthenticationServiceImpl] - Attempting to create > TicketGrantingTicket for test > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing form > object with name 'credentials' of type [class > org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in > scope Flow > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor > registrar set, no custom editors to register > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' completed execution; result is 'error' > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' beginning execution > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing setupForm > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing form > object with name 'credentials' of type [class > org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in > scope Flow > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor > registrar set, no custom editors to register > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' completed execution; result is 'success' > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' beginning execution > 2007-10-22 13:44:18,046 DEBUG [ > org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' completed execution; result is 'success' > --- > > This e-mail may contain confidential and/or privileged information. If you > > are not the intended recipient (or have received this e-mail in error) > please notify the sender immediately and destroy this e-mail. Any > unauthorized copying, disclosure or distribution of the material in this > e-mail is strictly forbidden. > > _______________________________________________ > Yale CAS mailing list* > [EMAIL PROTECTED] <[email protected]>* > **http://tp.its.yale.edu/mailman/listinfo/cas*<http://tp.its.yale.edu/mailman/listinfo/cas> > > > > > -- > Arnaud Lesueur > > LinkedIn: > *http://www.linkedin.com/in/lesueur*<http://www.linkedin.com/in/lesueur> > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > --- > > This e-mail may contain confidential and/or privileged information. If you > > are not the intended recipient (or have received this e-mail in error) > please notify the sender immediately and destroy this e-mail. Any > unauthorized copying, disclosure or distribution of the material in this > e-mail is strictly forbidden. > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
