Lucas, Try turning on debug mode for org.jasig.cas.util.HttpClient and seeing it it rejects any of the status codes.
I also committed a change to the HttpClient in Subversion which logs if there is an IOException or not (it previously swallowed the exception). -Scott On Nov 7, 2007 5:17 PM, Lucas Rockwell <[EMAIL PROTECTED]> wrote: > Hi Scott and others, > I have recently run into this problem as well, but with a different error > message. We have a cert authority on campus, and some of the dev machines > use them. I have imported all 3 of the certs in the chain into the cacerts > file (I tried with just the root cert, and that didn't work), but I still > get errors like this: > > 2007-11-07 13:57:38,910 INFO [ > org.jasig.cas.authentication.AuthenticationManagerImpl] - > <AuthenticationHandler: > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandlerfailed > to authenticate the user which provided the following credentials: > https://studentsdev.berkeley.edu/OSL/HelloCAS/testcerts.asp> > 2007-11-07 13:57:38,911 ERROR [org.jasig.cas.web.ServiceValidateController] > - <TicketException generating ticket for: > https://studentsdev.berkeley.edu/OSL/HelloCAS/testcerts.asp> > org.jasig.cas.ticket.TicketCreationException: > error.authentication.credentials.bad > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket > (CentralAuthenticationServiceImpl.java:271) > at org.jasig.cas. > web.ServiceValidateController.handleRequestInternal( > ServiceValidateController.java:124) > at org.springframework. > web.servlet.mvc.AbstractController.handleRequest(AbstractController.java > :153) > ... > > I turned on debugging, and got this extra line: > > 2007-11-07 14:12:47,178 DEBUG [ > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler] > - <Attempting to resolve credentials for > https://studentsdev.berkeley.edu/OSL/HelloCAS/testcerts.asp> > > then the same as above: > > 2007-11-07 14:12:52,234 INFO [ > org.jasig.cas.authentication.AuthenticationManagerImpl] - > <AuthenticationHandler: > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandlerfailed > to authenticate the user which provided the following credentials: > https://studentsdev.berkeley.edu/OSL/HelloCAS/testcerts.asp> > 2007-11-07 14:12:52,239 ERROR [org.jasig.cas.web.ServiceValidateController] > - <TicketException generating ticket for: > https://studentsdev.berkeley.edu/OSL/HelloCAS/testcerts.asp> > org.jasig.cas.ticket.TicketCreationException: > error.authentication.credentials.bad > > I have even pointed explicitly to the cacerts file in the tomcat startup > script, using the -Djavax.net.ssl.trustStore= and - > Djavax.net.ssl.trustStorePassword= arguments, and that does not help, > either. I have also tried importing the actual public cert that was issued > to the client, and no go. > > Does anyone have an hints about what I am doing wrong? Am I missing some > xml config somewhere? > > This is with CAS 3.1.0. > > Thanks. > > -lucas > > On Oct 22, 2007, at 6:33 AM, Scott Battaglia wrote: > > Simon, > > If your proxied application is not using a commercial certificate, its > certificate or or the intermediary CA's certificate will need to be added to > the cacerts file of the JVM that CAS is run on. This way CAS will trust the > certificate and issue the proxy ticket. > > -Scott > > On 10/22/07, Simon Rousseau <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > We are wondering about a little details. > > > > When we want to use CAS in proxy mode, do we need to add the certificate > > from the distant server in the CAS cacert? > > > > I'm asking this because at this time, our application can successfully > > connect to the CAS server but when we read the CAS log we see an error in > > it. As you can see a service ticket is granted but in the second part an > > Exception is trowed on creation of the proxy ticket. > > > > 2007-10-17 11:01:17,658 INFO [ > > org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket > > [ST-4-Z9y6r2ny5x1GpHF9nkrRbEtcrt6UlHfhtLZ-20] for service [ > > http://ca-dti-simrou:8080/sakai-login-tool/container] for user [851s555] > > 2007-10-17 11:01:17,716 ERROR [org.jasig.cas.util.UrlUtils] - > > javax.net.ssl.SSLHandshakeException: > > sun.security.validator.ValidatorException: No trusted certificate found > > javax.net.ssl.SSLHandshakeException: > > sun.security.validator.ValidatorException: No trusted certificate found > > at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275) > > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275) > > at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake > > (DashoA12275) > > at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275) > > at sun.net. > > www.protocol.https.AbstractDelegateHttpsURLConnection.connect > > (DashoA12275) > > at sun.net.www.protocol.http.HttpURLConnection.getInputStream( > > HttpURLConnection.java:626) > > at java.net.HttpURLConnection.getResponseCode( > > HttpURLConnection.java:272) > > at sun.net. > > www.protocol.https.HttpsURLConnectionImpl.getResponseCode(DashoA12275) > > at org.jasig.cas.util.UrlUtils.getResponseCodeFromUrl(UrlUtils.java > > :45) > > at > > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler.authenticate > > > > (HttpBasedServiceCredentialsAuthenticationHandler.java:63) > > at > > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate( > > AuthenticationManagerImpl.java:79) > > at > > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket > > (CentralAuthenticationServiceImpl.java:195) > > at org.jasig.cas. > > web.ServiceValidateController.handleRequestInternal( > > ServiceValidateController.java:128) > > at org.springframework. > > web.servlet.mvc.AbstractController.handleRequest(AbstractController.java > > :139) > > at org.springframework. > > web.servlet.mvc.SimpleControllerHandlerAdapter.handle( > > SimpleControllerHandlerAdapter.java:44) > > at org.springframework.web.servlet.DispatcherServlet.doDispatch( > > DispatcherServlet.java:717) > > at org.springframework.web.servlet.DispatcherServlet.doService( > > DispatcherServlet.java:658) > > at org.springframework.web.servlet.FrameworkServlet.processRequest( > > FrameworkServlet.java:392) > > at org.springframework.web.servlet.FrameworkServlet.doGet( > > FrameworkServlet.java:347) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > > at org.jasig.cas.web.init.SafeDispatcherServlet.service( > > SafeDispatcherServlet.java:115) > > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter > > (ApplicationFilterChain.java:252) > > at org.apache.catalina.core.ApplicationFilterChain.doFilter( > > ApplicationFilterChain.java:173) > > at org.apache.catalina.core.StandardWrapperValve.invoke > > (StandardWrapperValvejava:213) > > at org.apache.catalina.core.StandardContextValve.invoke > > (StandardContextValvejava:178) > > at org.apache.catalina.core.StandardHostValve.invoke( > > StandardHostValve.java:126) > > at org.apache.catalina.valves.ErrorReportValve.invoke( > > ErrorReportValve.java:105) > > at org.apache.catalina.core.StandardEngineValve.invoke( > > StandardEngineValve.java:107) > > at org.apache.catalina.connector.CoyoteAdapter.service( > > CoyoteAdapter.java:148) > > at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java > > :199) > > at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java > > :282) > > at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java > > :754) > > at org.apache.jk.common.ChannelSocket.processConnection( > > ChannelSocket.java:684) > > at org.apache.jk.common.ChannelSocket$SocketConnection.runIt( > > ChannelSocket.java:876) > > at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > > ThreadPool.java:684) > > at java.lang.Thread.run(Thread.java:534) > > Caused by: sun.security.validator.ValidatorException: No trusted > > certificate found > > at sun.security.validator.SimpleValidator.buildTrustedChain( > > SimpleValidator.java:304) > > at sun.security.validator.SimpleValidator.engineValidate( > > SimpleValidator.java:107) > > at sun.security.validator.Validator.validate(Validator.java:202) > > at > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted > > (DashoA12275) > > at > > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted > > (DashoA12275) > > ... 41 more > > 2007-10-17 11:01:17,720 INFO [ > > org.jasig.cas.authentication.AuthenticationManagerImpl] - > > AuthenticationHandler: > > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandlerfailed > > to authenticate the user. > > 2007-10-17 11:01:17,720 ERROR [org.jasig.cas. > > web.ServiceValidateController] - TicketException generating ticket for: > > https://ca-dti-simrou:8443/sakai-login-tool/CasProxyServlet > > org.jasig.cas.ticket.TicketCreationException: > > error.authentication.credentials.bad > > at > > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket > > (CentralAuthenticationServiceImpl.java:216) > > at org.jasig.cas. > > web.ServiceValidateController.handleRequestInternal( > > ServiceValidateController.java:128) > > at org.springframework. > > web.servlet.mvc.AbstractController.handleRequest(AbstractController.java > > :139) > > at org.springframework. > > web.servlet.mvc.SimpleControllerHandlerAdapter.handle( > > SimpleControllerHandlerAdapter.java:44) > > at org.springframework.web.servlet.DispatcherServlet.doDispatch( > > DispatcherServlet.java:717) > > at org.springframework.web.servlet.DispatcherServlet.doService( > > DispatcherServlet.java:658) > > at org.springframework.web.servlet.FrameworkServlet.processRequest( > > FrameworkServlet.java:392) > > at org.springframework.web.servlet.FrameworkServlet.doGet( > > FrameworkServlet.java:347) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > > at org.jasig.cas.web.init.SafeDispatcherServlet.service( > > SafeDispatcherServlet.java:115) > > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter > > (ApplicationFilterChain.java:252) > > at org.apache.catalina.core.ApplicationFilterChain.doFilter( > > ApplicationFilterChain.java:173) > > at org.apache.catalina.core.StandardWrapperValve.invoke > > (StandardWrapperValvejava:213) > > at org.apache.catalina.core.StandardContextValve.invoke > > (StandardContextValvejava:178) > > at org.apache.catalina.core.StandardHostValve.invoke( > > StandardHostValve.java:126) > > at org.apache.catalina.valves.ErrorReportValve.invoke( > > ErrorReportValve.java:105) > > at org.apache.catalina.core.StandardEngineValve.invoke( > > StandardEngineValve.java:107) > > at org.apache.catalina.connector.CoyoteAdapter.service( > > CoyoteAdapter.java:148) > > at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java > > :199) > > at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java > > :282) > > at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java > > :754) > > at org.apache.jk.common.ChannelSocket.processConnection( > > ChannelSocket.java:684) > > at org.apache.jk.common.ChannelSocket$SocketConnection.runIt( > > ChannelSocket.java:876) > > at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > > ThreadPool.java:684) > > at java.lang.Thread.run(Thread.java:534) > > Caused by: error.authentication.credentials.bad > > at > > org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException > > .<clinit>(BadCredentialsAuthenticationException.java:25) > > at > > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate( > > AuthenticationManagerImpl.java:101) > > at > > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket > > (CentralAuthenticationServiceImpl.java:195) > > ... 25 more > > > > I hope that you have enough details... If not write me back! > > > > > > Cheer's, > > > > Simon Rousseau > > CSSMI > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > -- > -Scott Battaglia > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
