Dario,
I believe it also checks for certain HTTP status codes:
private static final int[] DEFAULT_ACCEPTABLE_CODES = new int[] {
HttpURLConnection.HTTP_OK, HttpURLConnection.HTTP_NOT_MODIFIED,
HttpURLConnection.HTTP_MOVED_TEMP, HttpURLConnection.HTTP_MOVED_PERM,
HttpURLConnection.HTTP_ACCEPTED};
Double check that its returning one of those status codes. If you
turn on DEBUG logging for the HttpClient it should tell you. Older
versions of the client were "swallowing" one exception which is now
logged at error level. That may be part of the problem. (the latest
code has the fix).
-Scott
On Nov 29, 2007 10:39 AM, Dario Gallicchio <[EMAIL PROTECTED]>
wrote:
>
> Hello everybody,
>
> I'm developing a virtual desktop system and I want to cas-ify it.
> I'm trying to enable the CAS proxy mechanism, but it seems that I can't
> receive any PGTIOU (and neither PGT). Referring to Proxy CAS walkthrough (
> http://www.ja-sig.org/wiki/display/CAS/Proxy+CAS+Walkthrough), I can
> successfully accomplish step 1 and 2.a. Then, I repeat step 1 and
> successfully generate a new ticket, but when I try step 2.b I can only get
> a partial response.
>
> Here are the steps in more details:
>
>
> - Step 1
> - *URL* https://cas.zenvoo.ch:8443/cas/login?
> http://www.zenvoo.ch
> - *Received ticket* ST-15-M2JUs3V7pVubJMOt7RC
> - Step 2.b
> - *URL:*
>
> https://cas.zenvoo.ch:8443/cas/serviceValidate?ticket=ST-15-M2JUs3V7pVubJMOt7RCb&service=http://www.zenvoo.ch&pgtUrl=https://voot.zenvoo.ch/help.php
> *, *where voot.zenvoo.ch is a server with a correct
> certificate.
> - *Received XML*:
>
> <cas:serviceResponse
> xmlns:cas='http://www.yale.edu/tp/cas'<http://www.yale.edu/tp/cas%27>
> >
> <cas:authenticationSuccess>
> <cas:user>dariog</cas:user>
>
>
> </cas:authenticationSuccess>
> </cas:serviceResponse>
>
>
> As you can see, PGTIOU is missing.
>
> - The *CAS server log file* gives me the following error:
>
> 2007-11-29 15:25:18,731 INFO [
> org.jasig.cas.authentication.AuthenticationManagerImpl] -
> <AuthenticationHandler:
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandlerfailed
> to authenticate the user which provided the following credentials:
> https://voot.zenvoo.ch/help.php>
> 2007-11-29 15:25:18,731 ERROR [org.jasig.cas.web.ServiceValidateController]
> - <TicketException generating ticket for: https://voot.zenvoo.ch/help.php>
> org.jasig.cas.ticket.TicketCreationException:
> error.authentication.credentials.bad
> at
> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
> (CentralAuthenticationServiceImpl.java:271)
> at
> org.jasig.cas.web.ServiceValidateController.handleRequestInternal(
> ServiceValidateController.java:125)
> at
> org.springframework.web.servlet.mvc.AbstractController.handleRequest(
> AbstractController.java:153)
> at
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(
> SimpleControllerHandlerAdapter.java:48)
> at org.springframework.web.servlet.DispatcherServlet.doDispatch(
> DispatcherServlet.java:857)
> at org.springframework.web.servlet.DispatcherServlet.doService(
> DispatcherServlet.java:792)
> at org.springframework.web.servlet.FrameworkServlet.processRequest
> (FrameworkServlet.java:475)
> at org.springframework.web.servlet.FrameworkServlet.doGet(
> FrameworkServlet.java:430)
> at javax.servlet.http.HttpServlet.service(Unknown Source)
> at javax.servlet.http.HttpServlet.service(Unknown Source)
> at org.jasig.cas.web.init.SafeDispatcherServlet.service(
> SafeDispatcherServlet.java:115)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Unknown
> Source)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(Unknown
> Source)
> at org.apache.catalina.core.StandardWrapperValve.invoke(Unknown
> Source)
> at org.apache.catalina.core.StandardContextValve.invoke(Unknown
> Source)
> at org.apache.catalina.core.StandardHostValve.invoke(Unknown
> Source)
> at org.apache.catalina.valves.ErrorReportValve.invoke(Unknown
> Source)
> at org.apache.catalina.core.StandardEngineValve.invoke(Unknown
> Source)
> at org.apache.catalina.connector.CoyoteAdapter.service(Unknown
> Source)
> at org.apache.coyote.http11.Http11Processor.process(Unknown
> Source)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Unknown
> Source)
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(Unknown
> Source)
> at java.lang.Thread.run(Thread.java:595)
> Caused by: error.authentication.credentials.bad
> at
> org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException
> .<clinit>(BadCredentialsAuthenticationException.java:25)
> at
> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(
> AuthenticationManagerImpl.java:108)
> at
> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket
> (CentralAuthenticationServiceImpl.java:242)
> ... 22 more
>
> Seemingly, we've got a credential problem here, but I've dug a little
> into CAS server source code and found that
> HttpBasedServiceCredentialsAuthenticationHandler.authenticate() calls
> HttpClient.isValidEndPoint( url ), that at the end of the day creates an
> HttpURLConnection object and calls its connect() method. I did the same in a
> litte test servlet, and I can successfully connect to the url
> https://voot.zenvoo.ch/help.php. So my certificate should be ok. Yet, I
> can't make it working in the Proxy mechanism.
> Anybody could help me?
>
> Thanks in advance
>
> Dario Gallicchio
> Zenvoo team
>
>
>
>
>
>
>
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
