Re: [cas-user] Cas 5 Proxy Error

2017-08-07 Thread Matt Stacey 
I switched the client to use https, but get the same error. Using the 
debugger I've tracked down where it makes the call to the client with the 
/j_spring_cas_security_proxyreceptor and it comes back with a 404. 

My client side configuration is done with cas 3.2 and has the following in 
the context.xml file.


   
  
 
  
   
   
   
  
 
 
   
  
   
   



On Friday, August 4, 2017 at 9:33:17 AM UTC-6, rbon wrote:
>
> This line
>
>  find authentication handler that supports [
> http://localhost:8080/bind/j_spring_cas_security_proxyreceptor] of type 
>
>
> CAS expects the proxy callback to be https (at least by default). Change 
> client to use https.
>
> Ray
>
> On Fri, 2017-08-04 at 08:39 -0600, Matt Stacey wrote:
>
> Hello, 
>
> I'm migrating from Cas 3 to Cas 5.1.2. So far I have been succesful with 
> everything up to the point of the proxy policy. I'm getting the following 
> error.
>
> [org.apereo.cas.web.AbstractServiceValidateController] -  authenticate service credential [
> http://localhost:8080/bind/j_spring_cas_security_proxyreceptor]
>
> Here are the last few lines of my cas server output.
>
> 2017-08-04 08:03:03,590 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: CLYTLE
> WHAT: 
> TGT-**ofMbwcwxY3-W08983
> ACTION: TICKET_GRANTING_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Fri Aug 04 08:03:03 MDT 2017
> CLIENT IP ADDRESS: 127.0.0.1
> SERVER IP ADDRESS: 127.0.0.1
> =
>
> >
> [ INFO] [04 Aug 2017 08:03:03,678] USER: (UNAUTHENTICATED); METHOD: 
> (com); ARGS(s): clytle; returned value(s): cly...@blah.com 
>  in 84 msecs [LoggingAspect:77]
> [ INFO] [04 Aug 2017 08:03:04,270] USER: (UNAUTHENTICATED); METHOD: 
> (com); ARGS(s): clytle; returned value(s): false in 587 msecs 
> [LoggingAspect:77]
> 2017-08-04 08:03:04,306 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: CLYTLE
> WHAT: ST-1-QAuzbUq0cPRqpyE0WaDc-W08983 for 
> http://localhost:8080/bind/j_spring_cas_security_check
> ACTION: SERVICE_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Fri Aug 04 08:03:04 MDT 2017
> CLIENT IP ADDRESS: 127.0.0.1
> SERVER IP ADDRESS: 127.0.0.1
> =
>
> >
> 2017-08-04 08:03:04,362 WARN 
> [org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler]
>  
> -  http://localhost:8080/bind/j_spring_cas_security_check] cannot authorize 
> the requested callback url [
> http://localhost:8080/bind/j_spring_cas_security_proxyreceptor].>
> 2017-08-04 08:03:04,363 WARN 
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
>  authentication handler that supports [
> http://localhost:8080/bind/j_spring_cas_security_proxyreceptor] of type 
> [HttpBasedServiceCredential], which suggests a configuration problem.>
> 2017-08-04 08:03:04,366 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: http://localhost:8080/bind/j_spring_cas_security_proxyreceptor
> WHAT: Supplied credentials: [
> http://localhost:8080/bind/j_spring_cas_security_proxyreceptor]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Fri Aug 04 08:03:04 MDT 2017
> CLIENT IP ADDRESS: 127.0.0.1
> SERVER IP ADDRESS: 127.0.0.1
> =
>
>
> The client is still using Cas version 3 and I'm wondering if that is the 
> problem. My client is configured as follows, and I'm not sure if this has 
> something to do with the Cas20ServiceTicketValidator (seeing as it no 
> longer exists in Cas 5.1.2) or something else. Any help would be greatly 
> appreciated.
>
>
> 
> 
> class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
>
> 
> class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
>  
>   
>
>
>
> class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
>   />
>   value="${system.serverUrl}/bind/j_spring_cas_security_proxyreceptor" />
>   />  
>   
>
>value="bind_auth_provider"/>
> 
>
>
>
> Thanks
> Matt
>
> -- 
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 023 | rb...@uvic.ca 
>
>

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because

Re: [cas-user] Cas 5 Proxy Error

2017-08-04 Thread Ray Bon 
This line

http://localhost:8080/bind/j_spring_cas_security_proxyreceptor] of type

CAS expects the proxy callback to be https (at least by default). Change client 
to use https.

Ray

On Fri, 2017-08-04 at 08:39 -0600, Matt Stacey wrote:
Hello,

I'm migrating from Cas 3 to Cas 5.1.2. So far I have been succesful with 
everything up to the point of the proxy policy. I'm getting the following error.

[org.apereo.cas.web.AbstractServiceValidateController] - http://localhost:8080/bind/j_spring_cas_security_proxyreceptor]

Here are the last few lines of my cas server output.

2017-08-04 08:03:03,590 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
[ INFO] [04 Aug 2017 08:03:03,678] USER: (UNAUTHENTICATED); METHOD: (com); 
ARGS(s): clytle; returned value(s): cly...@blah.com in 
84 msecs [LoggingAspect:77]
[ INFO] [04 Aug 2017 08:03:04,270] USER: (UNAUTHENTICATED); METHOD: (com); 
ARGS(s): clytle; returned value(s): false in 587 msecs [LoggingAspect:77]
2017-08-04 08:03:04,306 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - http://localhost:8080/bind/j_spring_cas_security_check
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Fri Aug 04 08:03:04 MDT 2017
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=

>
2017-08-04 08:03:04,362 WARN 
[org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler]
 - http://localhost:8080/bind/j_spring_cas_security_check] cannot authorize the 
requested callback url 
[http://localhost:8080/bind/j_spring_cas_security_proxyreceptor].>
2017-08-04 08:03:04,363 WARN 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
http://localhost:8080/bind/j_spring_cas_security_proxyreceptor] of type 
[HttpBasedServiceCredential], which suggests a configuration problem.>
2017-08-04 08:03:04,366 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - http://localhost:8080/bind/j_spring_cas_security_proxyreceptor
WHAT: Supplied credentials: 
[http://localhost:8080/bind/j_spring_cas_security_proxyreceptor]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Fri Aug 04 08:03:04 MDT 2017
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=


The client is still using Cas version 3 and I'm wondering if that is the 
problem. My client is configured as follows, and I'm not sure if this has 
something to do with the Cas20ServiceTicketValidator (seeing as it no longer 
exists in Cas 5.1.2) or something else. Any help would be greatly appreciated.





   
  
 
  
   
   
   
  
 
 
 
  
   
   



Thanks
[https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif]
Matt

--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 023 | r...@uvic.ca

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1501860793.2269.47.camel%40uvic.ca.