[jboss-jira] [JBoss JIRA] Created: (JBPORTAL-2472) CAS Configuration Issues with Tomcat bundle

Art Munro (JIRA) jira-events at lists.jboss.org
Wed Feb 24 17:31:00 EST 2010 

CAS Configuration Issues with Tomcat bundle
-------------------------------------------

                 Key: JBPORTAL-2472
                 URL: https://jira.jboss.org/jira/browse/JBPORTAL-2472
             Project: JBoss Portal
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: Portal Identity
         Environment: Ubuntu 8 JDK 1.6 using Tomcat Bundle CR1
            Reporter: Art Munro


CAS Configuration Errors

If you follow the guide for configuration then test the implementation you will find that after authentication via CAS your browser is not returned to the gatein portal.

Changing the following configurations FIXES the issue by adding a "/" at the end of the URI

<script>
<%=uicomponent.event("Close");%>
window.location = 'http://localhost:8888/cas/login?service=http://localhost:8080/portal/private/
classic/';
</script>

<html>
<head>
<script type="text/javascript">
window.location = 'http://localhost:8888/cas/login?service=http://localhost:8080/portal/
private/classic/';
</script>
</head>
<body>
</body>

BUT now when user thries to authenticate you get the following error (see below error 1) from Gatein...  Even though the ticket is valid (See Log 2)...

Now the reason is the following after the changes one of the classes have this,,,,

javax.servlet.ServletException: org.jasig.cas.client.validation.TicketValidationException: 
ticket 'ST-2-jdzloKh5pNNO7WaAiwr3-cas' does not match supplied service. The original service was 'http://10.10.10.10:8080/portal/private/classic/' and the supplied service was 'http://10.10.10.10:8080/portal/private/classic'.



*******    Error 1
******* ******* ******* ******* 
Feb 24, 2010 5:02:21 PM org.apache.catalina.authenticator.FormAuthenticator forwardToLoginPage
WARNING: Unexpected error forwarding to login page
javax.servlet.ServletException: java.lang.RuntimeException: java.net.ConnectException: Connection refused
	at org.gatein.sso.agent.GenericSSOAgent.doGet(GenericSSOAgent.java:72)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
	at org.exoplatform.container.web.AbstractHttpServlet.onService(AbstractHttpServlet.java:167)
	at org.exoplatform.container.web.AbstractHttpServlet.service(AbstractHttpServlet.java:116)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
	at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
	at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
	at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
	at org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage(FormAuthenticator.java:316)
	at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:244)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
	at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.RuntimeException: java.net.ConnectException: Connection refused
	at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:295)
	at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:33)
	at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178)
	at org.gatein.sso.agent.cas.CASAgent.validateTicket(CASAgent.java:72)
	at org.gatein.sso.agent.GenericSSOAgent.processSSOToken(GenericSSOAgent.java:90)
	at org.gatein.sso.agent.GenericSSOAgent.doGet(GenericSSOAgent.java:66)


***** Error 2
******* ******* ******* ******* 

Feb 24, 2010 2:26:04 PM org.apache.catalina.authenticator.FormAuthenticator forwardToLoginPage
WARNING: Unexpected error forwarding to login page
javax.servlet.ServletException: org.jasig.cas.client.validation.TicketValidationException: 
ticket 'ST-2-jdzloKh5pNNO7WaAiwr3-cas' does not match supplied service. The original service was 'http://10.10.10.10:8080/portal/private/classic/' and the supplied service was 'http://10.10.10.10:8080/portal/private/classic'.
 
at org.gatein.sso.agent.GenericSSOAgent.doGet(GenericSSOAgent.java:72)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at org.exoplatform.container.web.AbstractHttpServlet.onService(AbstractHttpServlet.java:167)
at org.exoplatform.container.web.AbstractHttpServlet.service(AbstractHttpServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
at org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage(FormAuthenticator.java:316)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:244)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)






**** Log 2 CAS Server .. All is good
******* ******* ******* ******* 

2010-02-24 16:59:24,487 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.gatein.sso.cas.plugin.AuthenticationPlugin successfully authenticated the user which provided the following credentials: [username: root]>
2010-02-24 16:59:24,487 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-4-BibYsdX7Ydg4vuK0Ru2c-cas] for service [http://10.10.10.10:8080/portal/private/classic/] for user [root]>
2010-02-24 17:00:22,469 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.>




-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list