It probably means you either don't have something configured at that end point or CAS doesn't trust that certificate.
-Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Tue, Sep 30, 2008 at 2:20 PM, Leena Borle <[EMAIL PROTECTED]> wrote: > Hi Scott, > Sorry to bother you again. I looked at server log and it does throw > TicketException. > > 2008-09-30 11:09:48,524 ERROR [org.jasig.cas.web.ServiceValidateController] > - TicketException generating ticket for: [callbackUrl: > https://localhost:8443/webappA/proxy/receptor] > org.jasig.cas.ticket.TicketCreationException: > error.authentication.credentials.bad > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:291) > at > org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:126) > ........................ > > I'm confused about this url- /proxy/receptor. Is this a physical url that > I need to create in my web-app and what should exist there? I tried to find > the answer in the documentation but still not clear about it. > > Thanks, > Leena > > > On Mon, Sep 29, 2008 at 12:47 PM, Scott Battaglia < > [EMAIL PROTECTED]> wrote: > >> You should look in your CAS server log. >> >> -Scott >> >> -Scott Battaglia >> PGP Public Key Id: 0x383733AA >> LinkedIn: http://www.linkedin.com/in/scottbattaglia >> >> >> On Mon, Sep 29, 2008 at 2:28 PM, Leena Borle <[EMAIL PROTECTED]> wrote: >> >>> Hi, >>> Only thing I see in the Cas client log is that, after I log in as the >>> user, I get following messages, >>> 2008-09-29 11:15:54,158 DEBUG >>> [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] Server >>> response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> >>> <cas:authenticationSuccess> >>> <cas:user>leena</cas:user> >>> >>> >>> </cas:authenticationSuccess> >>> </cas:serviceResponse> >>> >>> *2008-09-29 11:15:54,171 INFO >>> [org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl] No Proxy Ticket >>> found for * >>> It does not display any user name for the message -"*No Proxy Ticket >>> found for". >>> *Then when I try to access* *url using HttpClient, >>> >>> *2008-09-29 11:16:03,322 DEBUG >>> [org.jasig.cas.client.authentication.AttributePrincipalImpl] No >>> ProxyGrantingTicket was supplied, so no Proxy Ticket can be retrieved. >>> * >>> Leena >>> >>> >>> On Sat, Sep 27, 2008 at 7:33 AM, Scott Battaglia < >>> [EMAIL PROTECTED]> wrote: >>> >>>> Have you looked at your CAS log at all in DEBUG level logging to see if >>>> it has any error messages? >>>> -Scott Battaglia >>>> PGP Public Key Id: 0x383733AA >>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>>> >>>> >>>> On Fri, Sep 26, 2008 at 4:21 PM, Leena Borle <[EMAIL PROTECTED]> wrote: >>>> >>>>> >>>>> Hi, >>>>> Sorry, my mistake. As url- /proxy/receptor did not work, I tried >>>>> giving complete url path which should have been >>>>> https://localhost:8443/... >>>>> Even after changing the port, I still get the same message.. >>>>> Leena >>>>> >>>>> On Fri, Sep 26, 2008 at 12:33 PM, Scott Battaglia < >>>>> [EMAIL PROTECTED]> wrote: >>>>> >>>>>> Is 8080 your https or your http port? It seems like its both in the >>>>>> configuration. >>>>>> >>>>>> -Scott >>>>>> >>>>>> -Scott Battaglia >>>>>> PGP Public Key Id: 0x383733AA >>>>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>>>>> >>>>>> >>>>>> On Fri, Sep 26, 2008 at 3:25 PM, Leena Borle <[EMAIL PROTECTED]>wrote: >>>>>> >>>>>>> Hi Scott, >>>>>>> As per your email, I configured web.xml and applicationContext.xml >>>>>>> for proxying. But when I call ..principal.getProxyTicketFor(), I am >>>>>>> getting >>>>>>> error "No ProxyGrantingTicket was supplied, so no Proxy Ticket can be >>>>>>> retrieved". >>>>>>> >>>>>>> >>>>>>> Thanks, >>>>>>> Leena >>>>>>> >>>>>>> Here is snippet from my applicationContext.xml which is similar to >>>>>>> the one provided in cas-sample of spring-security. >>>>>>> <sec:http entry-point-ref="casProcessingFilterEntryPoint" > >>>>>>> <sec:intercept-url pattern="/user/*.action" >>>>>>> access="ROLE_USER" /> >>>>>>> <sec:logout logout-success-url="/cas-logout.jsp"/> >>>>>>> </sec:http> >>>>>>> >>>>>>> <sec:authentication-manager alias="authenticationManager"/> >>>>>>> >>>>>>> <bean id="casProcessingFilter" >>>>>>> class="org.springframework.security.ui.cas.CasProcessingFilter"> >>>>>>> <sec:custom-filter after="CAS_PROCESSING_FILTER"/> >>>>>>> <property name="authenticationManager" >>>>>>> ref="authenticationManager"/> >>>>>>> <property name="authenticationFailureUrl" value=" >>>>>>> http://localhost:8080/cas/authorizationFailure.jsp"/> >>>>>>> <property name="defaultTargetUrl" value="/"/> >>>>>>> <property name="proxyGrantingTicketStorage" >>>>>>> ref="proxyGrantingTicketStorage" /> >>>>>>> <property name="proxyReceptorUrl" value=" >>>>>>> https://localhost:8080/webappA/proxy/receptor"; /> >>>>>>> </bean> >>>>>>> >>>>>>> <bean id="casProcessingFilterEntryPoint" >>>>>>> class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint"> >>>>>>> <property name="loginUrl" value=" >>>>>>> https://localhost:8443/cas/login"/> >>>>>>> <property name="serviceProperties" ref="serviceProperties"/> >>>>>>> </bean> >>>>>>> >>>>>>> <bean id="casAuthenticationProvider" >>>>>>> class="org.springframework.security.providers.cas.CasAuthenticationProvider"> >>>>>>> <sec:custom-authentication-provider /> >>>>>>> <property name="userDetailsService" ref="userCasService"/> >>>>>>> <property name="serviceProperties" ref="serviceProperties" /> >>>>>>> <property name="ticketValidator"> >>>>>>> <bean >>>>>>> class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> >>>>>>> <!-- >>>>>>> tried ProxyTicketValidator too --> >>>>>>> <constructor-arg index="0" value=" >>>>>>> https://localhost:8443/cas"; /> >>>>>>> <property name="proxyGrantingTicketStorage" >>>>>>> ref="proxyGrantingTicketStorage" /> >>>>>>> <property name="proxyCallbackUrl" value=" >>>>>>> https://localhost:8080/webappA/proxy/receptor"; /> >>>>>>> <!-- property name="acceptAnyProxy" value="true" >>>>>>> --> >>>>>>> >>>>>>> </bean> >>>>>>> </property> >>>>>>> <property name="key" >>>>>>> value="an_id_for_this_auth_provider_only"/> >>>>>>> </bean> >>>>>>> >>>>>>> <bean id="proxyGrantingTicketStorage" >>>>>>> class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" /> >>>>>>> >>>>>>> <bean id="serviceProperties" >>>>>>> class="org.springframework.security.ui.cas.ServiceProperties"> >>>>>>> <property name="service" value=" >>>>>>> https://localhost:8443/webappA/j_spring_cas_security_check"/> >>>>>>> <property name="sendRenew" value="false"/> >>>>>>> </bean> >>>>>>> >>>>>>> <bean id="userCasService" class=""> >>>>>>> <property name="dataSource" ref="dataSource" /> >>>>>>> </bean> >>>>>>> >>>>>>> ................ Web.xml of application A --------- >>>>>>> <filter> >>>>>>> <filter-name>springSecurityFilterChain</filter-name> >>>>>>> >>>>>>> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> >>>>>>> </filter> >>>>>>> <filter-mapping> >>>>>>> <filter-name>springSecurityFilterChain</filter-name> >>>>>>> <url-pattern>/*</url-pattern> >>>>>>> </filter-mapping> >>>>>>> >>>>>>> <filter> >>>>>>> <filter-name>CAS Assertion Thread Local Filter</filter-name> >>>>>>> >>>>>>> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> >>>>>>> </filter> >>>>>>> <filter-mapping> >>>>>>> <filter-name>CAS Assertion Thread Local Filter</filter-name> >>>>>>> <url-pattern>/*</url-pattern> >>>>>>> </filter-mapping> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Thu, Sep 25, 2008 at 10:28 PM, Leena Borle <[EMAIL PROTECTED]>wrote: >>>>>>> >>>>>>>> Hello, >>>>>>>> I have 2 webapplications, say webappA and webappB. WebappA has >>>>>>>> Cas-Java client 3.1.3 with spring security-2.0.3 setup. WebappB has >>>>>>>> Cas-java client 3.1.3 configured in web.xml setup. Cas server is >>>>>>>> Cas3.3. All >>>>>>>> these applications work fine when I call them from the browser. >>>>>>>> But actually what I want to do is, in webappA, I have HttpClient, >>>>>>>> that needs to access some data from webappB. This is where I am >>>>>>>> stuck. I >>>>>>>> added proxy-support in web.xml of webappB according to the >>>>>>>> instruction. How >>>>>>>> do I obtain proxy-ticket to pass it to url( >>>>>>>> http://localhost:8080/webappB/...?ticket=...) of webappB? I do >>>>>>>> have access to spring's CasAuthentication Object whose credentials >>>>>>>> contain >>>>>>>> service ticket for webappA. How do I generate proxy-ticket from it? If >>>>>>>> I >>>>>>>> pass this same ticket to the url, I get "Invalid Ticket" message from >>>>>>>> the >>>>>>>> Cas server. >>>>>>>> Is there any proxy example available for Cas-client 3.1. >>>>>>>> >>>>>>>> web.xml for WebAppB is as follows. >>>>>>>> >>>>>>>> <filter> >>>>>>>> <filter-name>CAS Validation Filter</filter-name> >>>>>>>> >>>>>>>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>>>>>>> <init-param> >>>>>>>> <param-name>casServerUrlPrefix</param-name> >>>>>>>> <param-value>https://localhost:8443/cas >>>>>>>> </param-value> >>>>>>>> </init-param> >>>>>>>> <init-param> >>>>>>>> <param-name>serverName</param-name> >>>>>>>> <param-value>http://localhost:8080</param-value> >>>>>>>> </init-param> >>>>>>>> <init-param> >>>>>>>> <param-name>acceptAnyProxy</param-name> >>>>>>>> <param-value>true</param-value> >>>>>>>> </init-param> >>>>>>>> <init-param> >>>>>>>> <param-name>proxyReceptorUrl</param-name> >>>>>>>> <param-value>/proxy/receptor</param-value> >>>>>>>> </init-param> >>>>>>>> <init-param> >>>>>>>> <param-name>proxyCallbackUrl</param-name> >>>>>>>> <param-value> >>>>>>>> https://localhost:8443/WebAppB/proxy/receptor</param-value> >>>>>>>> </init-param> >>>>>>>> <init-param> >>>>>>>> <param-name>redirectAfterValidation</param-name> >>>>>>>> <param-value>true</param-value> >>>>>>>> </init-param> >>>>>>>> </filter> >>>>>>>> >>>>>>>> <filter> >>>>>>>> <filter-name>CAS Authentication Filter</filter-name> >>>>>>>> >>>>>>>> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> >>>>>>>> <init-param> >>>>>>>> <param-name>casServerLoginUrl</param-name> >>>>>>>> <param-value>https://localhost:8443/cas/login >>>>>>>> </param-value> >>>>>>>> </init-param> >>>>>>>> <init-param> >>>>>>>> <param-name>serverName</param-name> >>>>>>>> <param-value>http://localhost:8080</param-value> >>>>>>>> </init-param> >>>>>>>> <init-param> >>>>>>>> <param-name>gatewat</param-name> >>>>>>>> <param-value>true</param-value> >>>>>>>> </init-param> >>>>>>>> >>>>>>>> </filter> >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Leena >>>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Yale CAS mailing list >>>>>>> [email protected] >>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Yale CAS mailing list >>>>>> [email protected] >>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Yale CAS mailing list >>>>> [email protected] >>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Yale CAS mailing list >>>> [email protected] >>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>> >>>> >>> >>> _______________________________________________ >>> Yale CAS mailing list >>> [email protected] >>> http://tp.its.yale.edu/mailman/listinfo/cas >>> >>> >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
