Hello everybody, I'm developing a virtual desktop system and I want to cas-ify it. I'm trying to enable the CAS proxy mechanism, but it seems that I can't receive any PGTIOU (and neither PGT). Referring to Proxy CAS walkthrough (http://www.ja-sig.org/wiki/display/CAS/Proxy+CAS+Walkthrough), I can successfully accomplish step 1 and 2.a. Then, I repeat step 1 and successfully generate a new ticket, but when I try step 2.b I can only get a partial response. Here are the steps in more details:
* Step 1 * URL https://cas.zenvoo.ch:8443/cas/login?http://www.zenvoo.ch * Received ticket ST-15-M2JUs3V7pVubJMOt7RC * Step 2.b * URL: https://cas.zenvoo.ch:8443/cas/serviceValidate?ticket=ST-15-M2JUs3V7pVubJMOt 7RCb <https://cas.zenvoo.ch:8443/cas/serviceValidate?ticket=ST-15-M2JUs3V7pVubJMO t7RCb&service=http://www.zenvoo.ch&pgtUrl=https://voot.zenvoo.ch/help.php> &service=http://www.zenvoo.ch&pgtUrl=https://voot.zenvoo.ch/help.php, where voot.zenvoo.ch is a server with a correct certificate. * Received XML: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user>dariog</cas:user> </cas:authenticationSuccess> </cas:serviceResponse> As you can see, PGTIOU is missing. * The CAS server log file gives me the following error: 2007-11-29 15:25:18,731 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuth enticationHandler failed to authenticate the user which provided the following credentials: https://voot.zenvoo.ch/help.php> 2007-11-29 15:25:18,731 ERROR [org.jasig.cas.web.ServiceValidateController] - <TicketException generating ticket for: https://voot.zenvoo.ch/help.php> org.jasig.cas.ticket.TicketCreationException: error.authentication.credentials.bad at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket( CentralAuthenticationServiceImpl.java:271) at org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceVal idateController.java:125) at org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abstrac tController.java:153) at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(Si mpleControllerHandlerAdapter.java:48) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl et.java:857) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle t.java:792) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSer vlet.java:475) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java :430) at javax.servlet.http.HttpServlet.service(Unknown Source) at javax.servlet.http.HttpServlet.service(Unknown Source) at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.j ava:115) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Unknown Source) at org.apache.catalina.core.ApplicationFilterChain.doFilter(Unknown Source) at org.apache.catalina.core.StandardWrapperValve.invoke(Unknown Source) at org.apache.catalina.core.StandardContextValve.invoke(Unknown Source) at org.apache.catalina.core.StandardHostValve.invoke(Unknown Source) at org.apache.catalina.valves.ErrorReportValve.invoke(Unknown Source) at org.apache.catalina.core.StandardEngineValve.invoke(Unknown Source) at org.apache.catalina.connector.CoyoteAdapter.service(Unknown Source) at org.apache.coyote.http11.Http11Processor.process(Unknown Source) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Unkn own Source) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(Unknown Source) at java.lang.Thread.run(Thread.java:595) Caused by: error.authentication.credentials.bad at org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException.< clinit>(BadCredentialsAuthenticationException.java:25) at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Authenti cationManagerImpl.java:108) at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket( CentralAuthenticationServiceImpl.java:242) ... 22 more Seemingly, we've got a credential problem here, but I've dug a little into CAS server source code and found that HttpBasedServiceCredentialsAuthenticationHandler.authenticate() calls HttpClient.isValidEndPoint( url ), that at the end of the day creates an HttpURLConnection object and calls its connect() method. I did the same in a litte test servlet, and I can successfully connect to the url https://voot.zenvoo.ch/help.php. So my certificate should be ok. Yet, I can't make it working in the Proxy mechanism. Anybody could help me? Thanks in advance Dario Gallicchio Zenvoo team
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
