Hi Scott, Thanks for the suggestion. I added log4j.logger.org.jasig.cas.util.HttpClient=DEBUG (although I had already enabled log4j.logger.org.jasig=DEBUG), and I didn't get anything new.
I'll look at HttpClient and add the logging statement to my copy for now. -lucas On Nov 8, 2007, at 2:12 PM, Scott Battaglia wrote: > Lucas, > > Try turning on debug mode for org.jasig.cas.util.HttpClient and > seeing it it rejects any of the status codes. > > I also committed a change to the HttpClient in Subversion which > logs if there is an IOException or not (it previously swallowed the > exception). > > -Scott > > On Nov 7, 2007 5:17 PM, Lucas Rockwell <[EMAIL PROTECTED]> > wrote: > Hi Scott and others, > > I have recently run into this problem as well, but with a different > error message. We have a cert authority on campus, and some of the > dev machines use them. I have imported all 3 of the certs in the > chain into the cacerts file (I tried with just the root cert, and > that didn't work), but I still get errors like this: > > 2007-11-07 13:57:38,910 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > <AuthenticationHandler: > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentia > lsAuthenticationHandler failed to authenticate the user which > provided the following credentials: https:// > studentsdev.berkeley.edu/OSL/HelloCAS/testcerts.asp > > 2007-11-07 13:57:38,911 ERROR > [org.jasig.cas.web.ServiceValidateController] - <TicketException > generating ticket for: https://studentsdev.berkeley.edu/OSL/ > HelloCAS/testcerts.asp> > org.jasig.cas.ticket.TicketCreationException: > error.authentication.credentials.bad > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingT > icket (CentralAuthenticationServiceImpl.java:271) > at > org.jasig.cas.web.ServiceValidateController.handleRequestInternal > (ServiceValidateController.java :124) > at > org.springframework.web.servlet.mvc.AbstractController.handleRequest > (AbstractController.java:153) > ... > > I turned on debugging, and got this extra line: > > 2007-11-07 14:12:47,178 DEBUG > [org.jasig.cas.authentication.handler.support.HttpBasedServiceCredenti > alsAuthenticationHandler ] - <Attempting to resolve credentials for > https://studentsdev.berkeley.edu/OSL/HelloCAS/testcerts.asp> > > then the same as above: > > 2007-11-07 14:12:52,234 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > <AuthenticationHandler: > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentia > lsAuthenticationHandler failed to authenticate the user which > provided the following credentials: https:// > studentsdev.berkeley.edu/OSL/HelloCAS/testcerts.asp > > 2007-11-07 14:12:52,239 ERROR > [org.jasig.cas.web.ServiceValidateController] - <TicketException > generating ticket for: https://studentsdev.berkeley.edu/OSL/ > HelloCAS/testcerts.asp> > org.jasig.cas.ticket.TicketCreationException: > error.authentication.credentials.bad > > I have even pointed explicitly to the cacerts file in the tomcat > startup script, using the - Djavax.net.ssl.trustStore= and - > Djavax.net.ssl.trustStorePassword= arguments, and that does not > help, either. I have also tried importing the actual public cert > that was issued to the client, and no go. > > Does anyone have an hints about what I am doing wrong? Am I missing > some xml config somewhere? > > This is with CAS 3.1.0. > > Thanks. > > -lucas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
