It looks like you've configured a proxy receptor endpoint on your client side and you're passing it to the CAS server via ticket validation. By default the CAS server will attempt to "authenticate" the endpoint during ticket validation if its provided. It will fail by default if the URL is not an https url. You either need to use SSL at your proxy receptor endpoint, or configure CAS (via the HttpBasedServiceCredentialsAuthenticationHandler) to accept non-SSL proxy receptor urls.
-Scott On Fri, May 23, 2008 at 3:20 PM, doahh <[EMAIL PROTECTED]> wrote: > > Hi Scott and thank you for replying. > > My authenticationHandlers are defined as: > > <property name="authenticationHandlers"> > <list> > > <bean > > class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" > p:httpClient-ref="httpClient" > > </bean> > > <bean id="SearchModeSearchDatabaseAuthenticationHandler" > > > class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler" > abstract="false" lazy-init="default" autowire="default" > dependency-check="default"> > > <property name="tableUsers"> > <value>rolleruser</value> > </property> > <property name="fieldUser"> > <value>username</value> > </property> > <property name="fieldPassword"> > <value>passphrase</value> > </property> > <property name="dataSource" ref="dataSource" /> > > </bean> > > </list> > </property> > > This is the bit of the log file directly before the exception is thrown: > > <Found existing form object with name 'credentials' of type [class > org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in > scope > Flow> > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Attempting to create > TicketGrantingTicket for gavin> > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > <AuthenticationHandler: > org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler > successfully authenticated the user which provided the following > credentials: gavin> > > [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] > - <Attempting to resolve a principal...> > > [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] > - <Creating SimplePrincipal for [gavin]> > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket > [TGT-1-qTUiiFxh33utcpWM5qX4rtBwc9vkxuedCxxrjhICOv2MSjzIJs-cas] to > registry.> > [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Removed > cookie with name [CASPRIVACY]> > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action > 'AuthenticationViaFormAction' completed execution; result is 'success'> > [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action > 'SendTicketGrantingTicketAction' beginning execution> > [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added cookie > with name [CASTGC] and value > [TGT-1-qTUiiFxh33utcpWM5qX4rtBwc9vkxuedCxxrjhICOv2MSjzIJs-cas]> > [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action > 'SendTicketGrantingTicketAction' completed execution; result is 'success'> > [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action > 'GenerateServiceTicketAction' beginning execution> > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket > [TGT-1-qTUiiFxh33utcpWM5qX4rtBwc9vkxuedCxxrjhICOv2MSjzIJs-cas]> > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket > [TGT-1-qTUiiFxh33utcpWM5qX4rtBwc9vkxuedCxxrjhICOv2MSjzIJs-cas] found in > registry.> > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket > [ST-1-nmsSNhUwzIr5nKT0xpKG-cas] to registry.> > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket > [ST-1-nmsSNhUwzIr5nKT0xpKG-cas] for service > [http://localhost:8080/tootired.net/forum/j_security_check] for user > [gavin]> > [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action > 'GenerateServiceTicketAction' completed execution; result is 'success'> > [net.tootired.security.login.AcegiUserDetailsService] USERNAME > [_cas_stateful_] > [net.tootired.security.login.AcegiUserDetailsService] USER WAS NULL > [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated > service for: http://localhost:8080/tootired.net/forum/j_security_check> > > [org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler] > - <Authentication failed because url was not secure.> > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > <AuthenticationHandler: > > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler > failed to authenticate the user which provided the following credentials: > http://localhost:8080/tootired.net/forum/casProxy/receptor> > [org.jasig.cas.web.ServiceValidateController] - <TicketException generating > ticket for: http://localhost:8080/tootired.net/forum/casProxy/receptor> > org.jasig.cas.ticket.TicketCreationException: > error.authentication.credentials.bad > at > > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:294) > -- > View this message in context: > http://www.nabble.com/_cas_stateful_-gets-passed-to-me-as-a-username-from-Acegi---throws-exception-tp17428160p17433667.html > Sent from the CAS Users mailing list archive at Nabble.com. > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
