proxy granting ticket

35 views
Skip to first unread message

Chong Wu

unread,
May 18, 2016, 11:07:40 AM5/18/16
to cas-...@apereo.org
Hello

I have a web application which uses proxy authentification, but CAS (V4.1.1) seems don't want to create PGT:
=============================================================
WHO: xxxx+password
WHAT: supplied credentials: [xxxx+password]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Wed May 18 16:47:38 CEST 2016
CLIENT IP ADDRESS: xxx.xx.xx.xx
SERVER IP ADDRESS: cas.exemple.com
=============================================================

=============================================================
WHO: xxxx+password
WHAT: TGT-6-sb2S7OpchGSIqsKAsaCvd4DJmzebVAbpIeRH4fZulDIytoQMhW-cas.exemple.com
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed May 18 16:47:38 CEST 2016
CLIENT IP ADDRESS: xxx.xx.xx.xx
SERVER IP ADDRESS: cas.exemple.com
=============================================================

>

=============================================================
WHO: xxxx+password
WHAT: supplied credentials: [xxxx+password]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Wed May 18 16:47:38 CEST 2016
CLIENT IP ADDRESS: xxx.xx.xx.xx
SERVER IP ADDRESS: cas.exemple.com
=============================================================

=============================================================
WHO: xxxx
WHAT: ST-7-LD6GkGuApeu5bTbmVkIL-cas.exemple.com for https://xxx.test.com
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed May 18 16:47:38 CEST 2016
CLIENT IP ADDRESS: xxx.xxx.xxx.xxx
SERVER IP ADDRESS: cas.exemple.com
=============================================================

=============================================================
WHO: https://xxx.test.com/CasProxyServlet
WHAT: supplied credentials: [https://xxx.test.com/CasProxyServlet]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Wed May 18 16:47:38 CEST 2016
CLIENT IP ADDRESS: xxx.xxx.xxx.xxx
SERVER IP ADDRESS: cas.exemple.com
=============================================================

=============================================================
WHO: xxxx
WHAT: 0 errors, 0 successes
ACTION: PROXY_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Wed May 18 16:47:38 CEST 2016
CLIENT IP ADDRESS: xxx.xxx.xxx.xxx
SERVER IP ADDRESS: cas.exemple.com
=============================================================


Here is my service config for the moment

{
  "@class" : "org.jasig.cas.services.RegexRegisteredService",
  "serviceId" : "^(https|imaps)://.*",
  "name" : "HTTPS and IMAPS",
  "id" : 10000001,
  "description" : "This service definition authorized all application urls that support HTTPS and IMAPS protocols.",
  "proxyPolicy" : {
    "@class" : "org.jasig.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
    "pattern" : "^https?://.*"
  },
  "evaluationOrder" : 0,
  "usernameAttributeProvider" : {
    "@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
  },
  "logoutType" : "BACK_CHANNEL",
  "attributeReleasePolicy" : {
    "@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy",
    "principalAttributesRepository" : {
      "@class" : "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository"
    },
    "authorizedToReleaseCredentialPassword" : false,
    "authorizedToReleaseProxyGrantingTicket" : true
  },
  "publicKey" : {
    "@class" : "org.jasig.cas.services.RegisteredServicePublicKeyImpl",
    "location" : "classpath:RSA1024Public.key",
    "algorithm" : "RSA"
  },
  "accessStrategy" : {
    "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
    "enabled" : true,
    "ssoEnabled" : true
  }
}

I've imported the certificat of the web app into CAS's truststroe, the CAS server and the web application server can communicate with each other.

Anyone knows how to fix the problem please?

Thanks a lot


Reply all
Reply to author
Forward
0 new messages