CAS Configuration Issues with Tomcat bundle
-------------------------------------------
Key: JBPORTAL-2472
URL:
https://jira.jboss.org/jira/browse/JBPORTAL-2472
Project: JBoss Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Portal Identity
Environment: Ubuntu 8 JDK 1.6 using Tomcat Bundle CR1
Reporter: Art Munro
CAS Configuration Errors
If you follow the guide for configuration then test the implementation you will find that
after authentication via CAS your browser is not returned to the gatein portal.
Changing the following configurations FIXES the issue by adding a "/" at the end
of the URI
<script>
<%=uicomponent.event("Close");%>
window.location =
'http://localhost:8888/cas/login?service=http://localhost:8080/portal/private/
classic/';
</script>
<html>
<head>
<script type="text/javascript">
window.location =
'http://localhost:8888/cas/login?service=http://localhost:8080/portal/
private/classic/';
</script>
</head>
<body>
</body>
BUT now when user thries to authenticate you get the following error (see below error 1)
from Gatein... Even though the ticket is valid (See Log 2)...
Now the reason is the following after the changes one of the classes have this,,,,
javax.servlet.ServletException: org.jasig.cas.client.validation.TicketValidationException:
ticket 'ST-2-jdzloKh5pNNO7WaAiwr3-cas' does not match supplied service. The
original service was 'http://10.10.10.10:8080/portal/private/classic/' and the
supplied service was 'http://10.10.10.10:8080/portal/private/classic'.
******* Error 1
******* ******* ******* *******
Feb 24, 2010 5:02:21 PM org.apache.catalina.authenticator.FormAuthenticator
forwardToLoginPage
WARNING: Unexpected error forwarding to login page
javax.servlet.ServletException: java.lang.RuntimeException: java.net.ConnectException:
Connection refused
at org.gatein.sso.agent.GenericSSOAgent.doGet(GenericSSOAgent.java:72)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at
org.exoplatform.container.web.AbstractHttpServlet.onService(AbstractHttpServlet.java:167)
at
org.exoplatform.container.web.AbstractHttpServlet.service(AbstractHttpServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
at
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
at
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
at
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
at
org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage(FormAuthenticator.java:316)
at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:244)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.RuntimeException: java.net.ConnectException: Connection refused
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:295)
at
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:33)
at
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178)
at org.gatein.sso.agent.cas.CASAgent.validateTicket(CASAgent.java:72)
at org.gatein.sso.agent.GenericSSOAgent.processSSOToken(GenericSSOAgent.java:90)
at org.gatein.sso.agent.GenericSSOAgent.doGet(GenericSSOAgent.java:66)
***** Error 2
******* ******* ******* *******
Feb 24, 2010 2:26:04 PM org.apache.catalina.authenticator.FormAuthenticator
forwardToLoginPage
WARNING: Unexpected error forwarding to login page
javax.servlet.ServletException: org.jasig.cas.client.validation.TicketValidationException:
ticket 'ST-2-jdzloKh5pNNO7WaAiwr3-cas' does not match supplied service. The
original service was 'http://10.10.10.10:8080/portal/private/classic/' and the
supplied service was 'http://10.10.10.10:8080/portal/private/classic'.
at org.gatein.sso.agent.GenericSSOAgent.doGet(GenericSSOAgent.java:72)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at
org.exoplatform.container.web.AbstractHttpServlet.onService(AbstractHttpServlet.java:167)
at
org.exoplatform.container.web.AbstractHttpServlet.service(AbstractHttpServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
at
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
at
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
at
org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage(FormAuthenticator.java:316)
at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:244)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
**** Log 2 CAS Server .. All is good
******* ******* ******* *******
2010-02-24 16:59:24,487 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler: org.gatein.sso.cas.plugin.AuthenticationPlugin successfully
authenticated the user which provided the following credentials: [username: root]>
2010-02-24 16:59:24,487 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
<Granted service ticket [ST-4-BibYsdX7Ydg4vuK0Ru2c-cas] for service
[
http://10.10.10.10:8080/portal/private/classic/] for user [root]>
2010-02-24 17:00:22,469 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] -
<Reloading registered services.>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira