You're never attempting to validate a ticket. -Scott
-Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Thu, Dec 18, 2008 at 5:05 AM, Iikku Mattila <[email protected]>wrote: > Hi again. I changed the log level to DEBUG and got the following log. I > can't find any mentions of errors or failures. The last rows of the log, > from "Action 'InitialFlowSetupAction' beginning execution" to "Action > 'GenerateServiceTicketAction' completed execution; result is 'success'" keep > on repeating (as the browser is redirected, i presume). Could this be caused > by the setup of apps, as I have confluence at root level at > https://www.example.com/ and cas at > https://www.example.com/cas-server-webapp-3.3.1/ ? > > The soulwing/confluence configurations are minimally modified from the ones > presented at soulwing site. Minimally as in I've changed confluence's > web.xml to have casServerUrl->https://example.com/cas-server-webapp-3.3.1and > casServiceUrl-> > https://example.com . > > I might consider using the JASIG Cas Client instead of soulwing, but did > Scott's last message mean it won't work with Jira before the 3.1.5 release? > When is that scheduled to be released? > > The log follows: > > 2008-12-18 11:35:07,710 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action > 'AuthenticationViaFormAction' beginning execution> > 2008-12-18 11:35:07,725 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing bind> > 2008-12-18 11:35:07,725 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Found existing form > object with name 'credentials' of type [class > org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope > Flow> > 2008-12-18 11:35:07,725 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <No property editor > registrar set, no custom editors to register> > 2008-12-18 11:35:07,728 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Binding allowed > request parameters in map['lt' -> > '_c33FDA2F2-B35A-08A2-9490-CE12DA55BBA3_k329C7DD3-0454-C045-3015-90BD89DE9AEB', > 'service' -> 'https://example.com/', '_eventId' -> 'submit', 'password' -> > 'xxxxxx', 'submit' -> 'LOGIN', 'username' -> 'me'] to form object with name > 'credentials', pre-bind formObject toString = [username: null]> > 2008-12-18 11:35:07,728 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <(Any field is > allowed)> > 2008-12-18 11:35:07,752 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Binding completed > for form object with name 'credentials', post-bind formObject toString = > [username: me]> > 2008-12-18 11:35:07,752 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <There are [0] > errors, details: []> > 2008-12-18 11:35:07,752 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing > validation> > 2008-12-18 11:35:07,752 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Invoking validator > org.jasig.cas.validation.usernamepasswordcredentialsvalida...@19bb21f> > 2008-12-18 11:35:07,768 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Validation completed > for form object> > 2008-12-18 11:35:07,768 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <There are [0] > errors, details: []> > 2008-12-18 11:35:07,768 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form errors > instance in scope Flash> > 2008-12-18 11:35:07,768 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action > 'AuthenticationViaFormAction' completed execution; result is 'success'> > 2008-12-18 11:35:07,768 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action > 'AuthenticationViaFormAction' beginning execution> > 2008-12-18 11:35:07,769 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Found existing form > object with name 'credentials' of type [class > org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope > Flow> > 2008-12-18 11:35:07,769 DEBUG > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Attempting to create > TicketGrantingTicket for [username: me]> > 2008-12-18 11:35:07,849 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > <AuthenticationHandler: > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully > authenticated the user which provided the following credentials: [username: > me]> > 2008-12-18 11:35:07,850 DEBUG > [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] > - <Attempting to resolve a principal...> > 2008-12-18 11:35:07,850 DEBUG > [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] > - <Creating SimplePrincipal for [me]> > 2008-12-18 11:35:07,856 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket > [TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas] to registry.> > 2008-12-18 11:35:07,856 DEBUG > [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Removed > cookie with name [CASPRIVACY]> > 2008-12-18 11:35:07,857 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action > 'AuthenticationViaFormAction' completed execution; result is 'success'> > 2008-12-18 11:35:07,857 DEBUG > [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action > 'SendTicketGrantingTicketAction' beginning execution> > 2008-12-18 11:35:07,857 DEBUG > [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added cookie > with name [CASTGC] and value > [TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas]> > 2008-12-18 11:35:07,857 DEBUG > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Removing ticket > [TGT-1-QvrLgnGqZQifCunOZg9PO3K0cDofDsVeEHwtvJQaXqSwxZceLQ-cas] from > registry.> > 2008-12-18 11:35:07,857 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket > [TGT-1-QvrLgnGqZQifCunOZg9PO3K0cDofDsVeEHwtvJQaXqSwxZceLQ-cas]> > 2008-12-18 11:35:07,857 DEBUG > [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action > 'SendTicketGrantingTicketAction' completed execution; result is 'success'> > 2008-12-18 11:35:07,858 DEBUG > [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action > 'GenerateServiceTicketAction' beginning execution> > 2008-12-18 11:35:07,859 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket > [TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas]> > 2008-12-18 11:35:07,859 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket > [TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas] found in > registry.> > 2008-12-18 11:35:07,860 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket > [ST-1-7QoibuQ6y4wZhfEhZZJJ-cas] to registry.> > 2008-12-18 11:35:07,860 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket > [ST-1-7QoibuQ6y4wZhfEhZZJJ-cas] for service [https://example.com/] for > user [me]> > 2008-12-18 11:35:07,860 DEBUG > [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action > 'GenerateServiceTicketAction' completed execution; result is 'success'> > 2008-12-18 11:35:08,172 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action > 'InitialFlowSetupAction' beginning execution> > 2008-12-18 11:35:08,176 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated > service for: https://example.com/> > 2008-12-18 11:35:08,187 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in > FlowScope: https://example.com/> > 2008-12-18 11:35:08,187 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action > 'InitialFlowSetupAction' completed execution; result is 'success'> > 2008-12-18 11:35:08,196 DEBUG > [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action > 'GenerateServiceTicketAction' beginning execution> > 2008-12-18 11:35:08,196 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket > [TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas]> > 2008-12-18 11:35:08,196 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket > [TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas] found in > registry.> > 2008-12-18 11:35:08,208 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket > [ST-2-N6GJpWo5PHWLbucyeKyz-cas] to registry.> > 2008-12-18 11:35:08,208 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket > [ST-2-N6GJpWo5PHWLbucyeKyz-cas] for service [https://example.com/] for > user [me]> > 2008-12-18 11:35:08,212 DEBUG > [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action > 'GenerateServiceTicketAction' completed execution; result is 'success'> > 2008-12-18 11:35:08,340 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action > 'InitialFlowSetupAction' beginning execution> > 2008-12-18 11:35:08,340 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated > service for: https://example.com/> > 2008-12-18 11:35:08,340 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in > FlowScope: https://example.com/> > 2008-12-18 11:35:08,340 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action > 'InitialFlowSetupAction' completed execution; result is 'success'> > 2008-12-18 11:35:08,340 DEBUG > [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action > 'GenerateServiceTicketAction' beginning execution> > 2008-12-18 11:35:08,341 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket > [TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas]> > 2008-12-18 11:35:08,341 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket > [TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas] found in > registry.> > 2008-12-18 11:35:08,341 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket > [ST-3-e1M7LpACeQiGV3cS5mBA-cas] to registry.> > 2008-12-18 11:35:08,341 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket > [ST-3-e1M7LpACeQiGV3cS5mBA-cas] for service [https://example.com/] for > user [me]> > 2008-12-18 11:35:08,341 DEBUG > [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action > 'GenerateServiceTicketAction' completed execution; result is 'success'> > 2008-12-18 11:35:08,417 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action > 'InitialFlowSetupAction' beginning execution> > 2008-12-18 11:35:08,417 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated > service for: https://example.com/> > 2008-12-18 11:35:08,417 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in > FlowScope: https://example.com/> > > > Iikku > > Scott Battaglia wrote: > > Is the ticket validation failing? Turning on DEBUG on the cas server > should indicate what's happening (also on the client side). Your client > might be incorrectly configured and redirecting if there is a ticket > failure. > > -Scott > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > On Wed, Dec 17, 2008 at 10:36 AM, Iikku Mattila <[email protected]>wrote: > >> Thanks for the https tip! I changed my setup a bit, but only encountered >> new problems. I now have Apache frontend with mod_ssl proxying requests >> from https://example.com/ to ajp://localhost:8009/, which is where >> tomcat is answering. >> >> Now https://example.com/jira/ is redirected to the cas login screen, >> where user enters correct username&password and here it gets >> interesting: instead of logging in, the request goes into an endless loop. >> >> Apache access_log alternates between >> >> "GET /jira/?ticket=ST-100-e4BkkUXTd7Dh9VzG1J4j-cas HTTP/1.1" 302 - "... >> "GET >> /cas-server-webapp-3.3.1/login?service=https%3A%2F%2Fexample.com%2Fjira%2F >> HTTP/1.1" 302 - "... >> >> and tomcat's catalina.out says >> INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service >> ticket [ST-22-XKtdk5ZJcraeW1WykFb6-cas] for service >> [https://example.com/jira/] for user [me]> >> about a ten times - which is when firefox stops the redirection cycle. >> >> Retrying https://example.com/jira/ enters the redirection cycle >> immediately. >> >> Is it possible to get CAS working with this setup? Have I made somekind >> of obvious&common setup error, that somebody might have fixed for >> themselves? Any ideas? >> >> Iikku >> >> Scott Battaglia wrote: >> > Are you running CAS over HTTPS or HTTP? If you're running over HTTP, >> > then you won't get SSO. >> > >> > -Scott >> > >> > -Scott Battaglia >> > PGP Public Key Id: 0x383733AA >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia >> > >> > >> > On Tue, Dec 16, 2008 at 9:18 AM, Iikku Mattila <[email protected] >> > <mailto:[email protected]>> wrote: >> > >> > Hi, >> > I have a (seemingly) working CAS installation with >> > BindLdapAuthenticationHandler, setup like >> > http://www.ja-sig.org/wiki/display/CASUM/LDAP . I CASified >> Confluence >> > and Jira with Soulwing as per instructions on >> > http://soulwing.org/confluence-cas.jsp and >> > http://soulwing.org/jira-cas.jsp . When user logs on to either of >> > those >> > apps, he's redirected to CAS login screen, he logs on successfully >> and >> > is redirected to the app. So all is okay with both individual >> > applications. However, after the user has logged on to one of the >> apps >> > and tries to use the other, he is not logged in automatically via >> CAS, >> > but instead redirected to the CAS login screen, where he can login >> > normally with username/password. >> > >> > So there is no single sign on, but instead two individuals logins >> both >> > handled through CAS. I'd rather have the sso. Is there perhaps >> > some kind >> > of a switch that I've missed? >> > >> > Thanks, >> > Iikku Mattila >> > _______________________________________________ >> > Yale CAS mailing list >> > [email protected] <mailto:[email protected]> >> > http://tp.its.yale.edu/mailman/listinfo/cas >> > >> > >> > >> ------------------------------------------------------------------------ >> > >> > _______________________________________________ >> > Yale CAS mailing list >> > [email protected] >> > http://tp.its.yale.edu/mailman/listinfo/cas >> > >> >> >> -- >> ************************************************************************ >> Joulukorttien lähettämisen sijaan olemme tänä vuonna lahjoittaneet >> TAYSin EVA-yksikköön (Erityisen vaikeahoitoisten alaikäisten >> psykiatrinen tutkimus- ja hoitoyksikkö) Wii-pelikonsolin heidän >> toiveidensa mukaisesti. >> Toivotamme teille rauhallista joulunaikaa sekä menestystä alkavalle >> vuodelle 2009! >> ************************************************************************ >> >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> > > ------------------------------ > > _______________________________________________ > Yale CAS mailing > [email protected]http://tp.its.yale.edu/mailman/listinfo/cas > > > > -- > ************************************************************************ > Joulukorttien lähettämisen sijaan olemme tänä vuonna lahjoittaneet > TAYSin EVA-yksikköön (Erityisen vaikeahoitoisten alaikäisten > psykiatrinen tutkimus- ja hoitoyksikkö) Wii-pelikonsolin heidän > toiveidensa mukaisesti. > Toivotamme teille rauhallista joulunaikaa sekä menestystä alkavalle vuodelle > 2009! > ************************************************************************ > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
